From 36e94dc5bac047676e52d6d94a07db1b31c653e3 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Wed, 26 Nov 2014 12:54:34 -0800 Subject: [PATCH] Import OpenSSH-6.7p1. --- crypto/openssh/PROTOCOL | 117 +- crypto/openssh/PROTOCOL.agent | 4 +- crypto/openssh/PROTOCOL.chacha20poly1305 | 105 + crypto/openssh/PROTOCOL.key | 68 + crypto/openssh/PROTOCOL.krl | 164 + crypto/openssh/README | 4 +- crypto/openssh/README.DELETED | 5 +- crypto/openssh/acss.c | 267 -- crypto/openssh/acss.h | 47 - crypto/openssh/addrmatch.c | 10 +- crypto/openssh/atomicio.c | 4 + crypto/openssh/auth-bsdauth.c | 9 +- crypto/openssh/auth-chall.c | 26 +- crypto/openssh/auth-krb5.c | 31 +- crypto/openssh/auth-options.c | 95 +- crypto/openssh/auth-pam.c | 48 +- crypto/openssh/auth-passwd.c | 3 +- crypto/openssh/auth-rh-rsa.c | 3 +- crypto/openssh/auth-rhosts.c | 4 +- crypto/openssh/auth-rsa.c | 50 +- crypto/openssh/auth.c | 139 +- crypto/openssh/auth.h | 34 +- crypto/openssh/auth1.c | 59 +- crypto/openssh/auth2-chall.c | 53 +- crypto/openssh/auth2-gss.c | 34 +- crypto/openssh/auth2-hostbased.c | 25 +- crypto/openssh/auth2-jpake.c | 563 --- crypto/openssh/auth2-kbdint.c | 7 +- crypto/openssh/auth2-none.c | 6 +- crypto/openssh/auth2-passwd.c | 11 +- crypto/openssh/auth2-pubkey.c | 311 +- crypto/openssh/auth2.c | 300 +- crypto/openssh/authfd.c | 91 +- crypto/openssh/authfile.c | 1501 +++----- .../bsd-cygwin_util.h => authfile.h} | 55 +- crypto/openssh/blocks.c | 248 ++ crypto/openssh/bufaux.c | 575 ++- crypto/openssh/bufbn.c | 326 +- crypto/openssh/bufec.c | 220 +- crypto/openssh/buffer.c | 370 +- crypto/openssh/buffer.h | 62 +- crypto/openssh/canohost.c | 37 +- crypto/openssh/chacha.c | 219 ++ crypto/openssh/chacha.h | 35 + crypto/openssh/channels.c | 864 +++-- crypto/openssh/channels.h | 36 +- crypto/openssh/cipher-3des1.c | 65 +- crypto/openssh/cipher-acss.c | 86 - crypto/openssh/cipher-aes.c | 5 +- crypto/openssh/{platform.h => cipher-aesctr.h} | 30 +- crypto/openssh/cipher-chachapoly.c | 119 + crypto/openssh/cipher-chachapoly.h | 41 + crypto/openssh/cipher-ctr.c | 8 +- crypto/openssh/cipher.c | 556 ++- crypto/openssh/cipher.h | 62 +- crypto/openssh/clientloop.c | 328 +- crypto/openssh/clientloop.h | 2 +- crypto/openssh/compat.c | 82 +- crypto/openssh/compat.h | 5 +- crypto/openssh/crypto_api.h | 44 + crypto/openssh/defines.h | 81 +- crypto/openssh/dh.c | 125 +- crypto/openssh/dh.h | 3 +- crypto/openssh/digest-libc.c | 239 ++ crypto/openssh/digest-openssl.c | 182 + crypto/openssh/digest.h | 65 + crypto/openssh/dns.c | 17 +- crypto/openssh/dns.h | 5 +- crypto/openssh/ed25519.c | 144 + crypto/openssh/entropy.c | 13 +- crypto/openssh/fe25519.c | 337 ++ crypto/openssh/fe25519.h | 70 + crypto/openssh/ge25519.c | 321 ++ crypto/openssh/ge25519.h | 43 + crypto/openssh/ge25519_base.data | 858 +++++ crypto/openssh/groupaccess.c | 9 +- crypto/openssh/gss-genr.c | 18 +- crypto/openssh/gss-serv-krb5.c | 49 +- crypto/openssh/gss-serv.c | 30 +- crypto/openssh/hash.c | 76 + crypto/openssh/hmac.c | 197 + crypto/openssh/hmac.h | 38 + crypto/openssh/hostfile.c | 66 +- crypto/openssh/hostfile.h | 4 +- crypto/openssh/includes.h | 8 +- crypto/openssh/jpake.c | 456 --- crypto/openssh/jpake.h | 114 - crypto/openssh/kex.c | 257 +- crypto/openssh/kex.h | 51 +- crypto/openssh/{kexecdh.c => kexc25519.c} | 75 +- crypto/openssh/{kexecdhc.c => kexc25519c.c} | 99 +- crypto/openssh/{kexecdhs.c => kexc25519s.c} | 113 +- crypto/openssh/kexdh.c | 17 +- crypto/openssh/kexdhc.c | 12 +- crypto/openssh/kexdhs.c | 24 +- crypto/openssh/kexecdh.c | 36 +- crypto/openssh/kexecdhc.c | 19 +- crypto/openssh/kexecdhs.c | 32 +- crypto/openssh/kexgex.c | 24 +- crypto/openssh/kexgexc.c | 16 +- crypto/openssh/kexgexs.c | 23 +- crypto/openssh/key.c | 2752 +++----------- crypto/openssh/key.h | 263 +- crypto/openssh/krl.c | 1240 +++++++ crypto/openssh/krl.h | 63 + crypto/openssh/log.c | 37 +- crypto/openssh/log.h | 5 +- crypto/openssh/loginrec.c | 17 +- crypto/openssh/mac.c | 174 +- crypto/openssh/mac.h | 3 +- crypto/openssh/match.c | 19 +- crypto/openssh/misc.c | 146 +- crypto/openssh/misc.h | 34 +- crypto/openssh/moduli | 397 +- crypto/openssh/moduli.5 | 13 +- crypto/openssh/moduli.c | 114 +- crypto/openssh/monitor.c | 510 +-- crypto/openssh/monitor.h | 75 +- crypto/openssh/monitor_fdpass.c | 11 +- crypto/openssh/monitor_mm.c | 45 +- crypto/openssh/monitor_mm.h | 4 +- crypto/openssh/monitor_wrap.c | 256 +- crypto/openssh/monitor_wrap.h | 22 +- crypto/openssh/mux.c | 399 +- crypto/openssh/myproposal.h | 141 +- crypto/openssh/openbsd-compat/arc4random.c | 294 ++ crypto/openssh/openbsd-compat/bcrypt_pbkdf.c | 170 + crypto/openssh/openbsd-compat/blf.h | 88 + crypto/openssh/openbsd-compat/blowfish.c | 694 ++++ crypto/openssh/openbsd-compat/bsd-cygwin_util.h | 25 +- crypto/openssh/openbsd-compat/bsd-misc.c | 31 +- crypto/openssh/openbsd-compat/bsd-misc.h | 22 +- crypto/openssh/openbsd-compat/bsd-setres_id.c | 100 + .../bsd-setres_id.h} | 16 +- crypto/openssh/openbsd-compat/bsd-statvfs.h | 11 +- crypto/openssh/openbsd-compat/chacha_private.h | 222 ++ crypto/openssh/openbsd-compat/explicit_bzero.c | 40 + crypto/openssh/openbsd-compat/getopt.h | 74 + crypto/openssh/openbsd-compat/getopt_long.c | 532 +++ crypto/openssh/openbsd-compat/kludge-fd_set.c | 28 + crypto/openssh/openbsd-compat/openbsd-compat.h | 55 +- crypto/openssh/openbsd-compat/openssl-compat.c | 226 +- crypto/openssh/openbsd-compat/openssl-compat.h | 232 +- crypto/openssh/openbsd-compat/strtoull.c | 110 + crypto/openssh/openbsd-compat/sys-queue.h | 53 +- crypto/openssh/openbsd-compat/sys-tree.h | 114 +- crypto/openssh/packet.c | 305 +- crypto/openssh/packet.h | 10 +- crypto/openssh/pathnames.h | 24 +- crypto/openssh/pkcs11.h | 18 +- crypto/openssh/platform.c | 33 +- crypto/openssh/platform.h | 6 +- crypto/openssh/poly1305.c | 160 + crypto/openssh/poly1305.h | 22 + crypto/openssh/progressmeter.c | 12 +- crypto/openssh/readconf.c | 1029 ++++-- crypto/openssh/readconf.h | 69 +- crypto/openssh/readpass.c | 10 +- crypto/openssh/rijndael.c | 170 +- crypto/openssh/rijndael.h | 25 +- crypto/openssh/roaming_client.c | 30 +- crypto/openssh/roaming_common.c | 18 +- crypto/openssh/rsa.c | 113 +- crypto/openssh/rsa.h | 6 +- .../{sandbox-rlimit.c => sandbox-capsicum.c} | 49 +- crypto/openssh/sandbox-rlimit.c | 4 +- crypto/openssh/sc25519.c | 308 ++ crypto/openssh/sc25519.h | 80 + crypto/openssh/schnorr.c | 675 ---- crypto/openssh/schnorr.h | 60 - crypto/openssh/scp.1 | 26 +- crypto/openssh/scp.c | 105 +- crypto/openssh/servconf.c | 308 +- crypto/openssh/servconf.h | 33 +- crypto/openssh/serverloop.c | 176 +- crypto/openssh/session.c | 245 +- crypto/openssh/session.h | 3 +- crypto/openssh/sftp-client.c | 337 +- crypto/openssh/sftp-client.h | 16 +- crypto/openssh/sftp-common.c | 12 +- crypto/openssh/sftp-glob.c | 9 +- crypto/openssh/sftp-server.8 | 62 +- crypto/openssh/sftp-server.c | 544 +-- crypto/openssh/sftp.1 | 82 +- crypto/openssh/sftp.c | 485 ++- crypto/openssh/smult_curve25519_ref.c | 265 ++ crypto/openssh/ssh-add.1 | 19 +- crypto/openssh/ssh-add.c | 103 +- crypto/openssh/ssh-agent.1 | 52 +- crypto/openssh/ssh-agent.c | 309 +- crypto/openssh/ssh-dss.c | 246 +- crypto/openssh/ssh-ecdsa.c | 361 +- crypto/openssh/ssh-ed25519.c | 166 + crypto/openssh/ssh-gss.h | 15 +- crypto/openssh/ssh-keygen.1 | 191 +- crypto/openssh/ssh-keygen.c | 702 +++- crypto/openssh/ssh-keyscan.1 | 43 +- crypto/openssh/ssh-keyscan.c | 40 +- crypto/openssh/ssh-keysign.8 | 8 +- crypto/openssh/ssh-keysign.c | 41 +- crypto/openssh/ssh-pkcs11-client.c | 12 +- crypto/openssh/ssh-pkcs11-helper.8 | 6 +- crypto/openssh/ssh-pkcs11-helper.c | 33 +- crypto/openssh/ssh-pkcs11.c | 171 +- crypto/openssh/ssh-pkcs11.h | 6 +- crypto/openssh/ssh-rsa.c | 533 ++- crypto/openssh/ssh-sandbox.h | 3 +- crypto/openssh/ssh.1 | 203 +- crypto/openssh/ssh.c | 613 +++- crypto/openssh/ssh2.h | 8 +- crypto/openssh/ssh_config | 3 +- crypto/openssh/ssh_config.5 | 346 +- crypto/openssh/sshbuf-getput-basic.c | 421 +++ crypto/openssh/sshbuf-getput-crypto.c | 237 ++ crypto/openssh/sshbuf-misc.c | 135 + crypto/openssh/sshbuf.c | 406 +++ crypto/openssh/sshbuf.h | 336 ++ crypto/openssh/sshconnect.c | 419 ++- crypto/openssh/sshconnect.h | 8 +- crypto/openssh/sshconnect1.c | 74 +- crypto/openssh/sshconnect2.c | 543 +-- crypto/openssh/sshd.8 | 60 +- crypto/openssh/sshd.c | 348 +- crypto/openssh/sshd_config | 17 +- crypto/openssh/sshd_config.5 | 391 +- crypto/openssh/ssherr.c | 131 + crypto/openssh/ssherr.h | 80 + crypto/openssh/sshkey.c | 3856 ++++++++++++++++++++ crypto/openssh/sshkey.h | 232 ++ crypto/openssh/sshlogin.c | 5 +- crypto/openssh/sshlogin.h | 2 +- crypto/openssh/sshpty.c | 13 - crypto/openssh/uidswap.c | 47 +- crypto/openssh/umac.c | 135 +- crypto/openssh/umac.h | 14 +- crypto/openssh/uuencode.c | 7 +- crypto/openssh/verify.c | 49 + crypto/openssh/version.h | 6 + crypto/openssh/xmalloc.c | 20 +- crypto/openssh/xmalloc.h | 3 +- 240 files changed, 27606 insertions(+), 13487 deletions(-) create mode 100644 crypto/openssh/PROTOCOL.chacha20poly1305 create mode 100644 crypto/openssh/PROTOCOL.key create mode 100644 crypto/openssh/PROTOCOL.krl delete mode 100644 crypto/openssh/acss.c delete mode 100644 crypto/openssh/acss.h delete mode 100644 crypto/openssh/auth2-jpake.c rewrite crypto/openssh/authfile.c (80%) copy crypto/openssh/{openbsd-compat/bsd-cygwin_util.h => authfile.h} (57%) create mode 100644 crypto/openssh/blocks.c rewrite crypto/openssh/bufaux.c (76%) rewrite crypto/openssh/bufbn.c (86%) rewrite crypto/openssh/bufec.c (63%) rewrite crypto/openssh/buffer.c (86%) create mode 100644 crypto/openssh/chacha.c create mode 100644 crypto/openssh/chacha.h delete mode 100644 crypto/openssh/cipher-acss.c copy crypto/openssh/{platform.h => cipher-aesctr.h} (55%) create mode 100644 crypto/openssh/cipher-chachapoly.c create mode 100644 crypto/openssh/cipher-chachapoly.h create mode 100644 crypto/openssh/crypto_api.h create mode 100644 crypto/openssh/digest-libc.c create mode 100644 crypto/openssh/digest-openssl.c create mode 100644 crypto/openssh/digest.h create mode 100644 crypto/openssh/ed25519.c create mode 100644 crypto/openssh/fe25519.c create mode 100644 crypto/openssh/fe25519.h create mode 100644 crypto/openssh/ge25519.c create mode 100644 crypto/openssh/ge25519.h create mode 100644 crypto/openssh/ge25519_base.data create mode 100644 crypto/openssh/hash.c create mode 100644 crypto/openssh/hmac.c create mode 100644 crypto/openssh/hmac.h delete mode 100644 crypto/openssh/jpake.c delete mode 100644 crypto/openssh/jpake.h copy crypto/openssh/{kexecdh.c => kexc25519.c} (57%) copy crypto/openssh/{kexecdhc.c => kexc25519c.c} (60%) copy crypto/openssh/{kexecdhs.c => kexc25519s.c} (54%) rewrite crypto/openssh/key.c (97%) rewrite crypto/openssh/key.h (63%) create mode 100644 crypto/openssh/krl.c create mode 100644 crypto/openssh/krl.h create mode 100644 crypto/openssh/openbsd-compat/arc4random.c create mode 100644 crypto/openssh/openbsd-compat/bcrypt_pbkdf.c create mode 100644 crypto/openssh/openbsd-compat/blf.h create mode 100644 crypto/openssh/openbsd-compat/blowfish.c create mode 100644 crypto/openssh/openbsd-compat/bsd-setres_id.c copy crypto/openssh/{ssh-pkcs11.h => openbsd-compat/bsd-setres_id.h} (73%) create mode 100644 crypto/openssh/openbsd-compat/chacha_private.h create mode 100644 crypto/openssh/openbsd-compat/explicit_bzero.c create mode 100644 crypto/openssh/openbsd-compat/getopt.h create mode 100644 crypto/openssh/openbsd-compat/getopt_long.c create mode 100644 crypto/openssh/openbsd-compat/kludge-fd_set.c rewrite crypto/openssh/openbsd-compat/openssl-compat.c (62%) rewrite crypto/openssh/openbsd-compat/openssl-compat.h (60%) create mode 100644 crypto/openssh/openbsd-compat/strtoull.c create mode 100644 crypto/openssh/poly1305.c create mode 100644 crypto/openssh/poly1305.h copy crypto/openssh/{sandbox-rlimit.c => sandbox-capsicum.c} (60%) create mode 100644 crypto/openssh/sc25519.c create mode 100644 crypto/openssh/sc25519.h delete mode 100644 crypto/openssh/schnorr.c delete mode 100644 crypto/openssh/schnorr.h create mode 100644 crypto/openssh/smult_curve25519_ref.c rewrite crypto/openssh/ssh-ecdsa.c (61%) create mode 100644 crypto/openssh/ssh-ed25519.c rewrite crypto/openssh/ssh-rsa.c (63%) create mode 100644 crypto/openssh/sshbuf-getput-basic.c create mode 100644 crypto/openssh/sshbuf-getput-crypto.c create mode 100644 crypto/openssh/sshbuf-misc.c create mode 100644 crypto/openssh/sshbuf.c create mode 100644 crypto/openssh/sshbuf.h create mode 100644 crypto/openssh/ssherr.c create mode 100644 crypto/openssh/ssherr.h create mode 100644 crypto/openssh/sshkey.c create mode 100644 crypto/openssh/sshkey.h create mode 100644 crypto/openssh/verify.c create mode 100644 crypto/openssh/version.h diff --git a/crypto/openssh/PROTOCOL b/crypto/openssh/PROTOCOL index c281960113..aa59f584ee 100644 --- a/crypto/openssh/PROTOCOL +++ b/crypto/openssh/PROTOCOL @@ -51,6 +51,57 @@ and ecdsa-sha2-nistp521 curves over GF(p) are supported. Elliptic curve points encoded using point compression are NOT accepted or generated. +1.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms + +OpenSSH supports MAC algorithms, whose names contain "-etm", that +perform the calculations in a different order to that defined in RFC +4253. These variants use the so-called "encrypt then MAC" ordering, +calculating the MAC over the packet ciphertext rather than the +plaintext. This ordering closes a security flaw in the SSH transport +protocol, where decryption of unauthenticated ciphertext provided a +"decryption oracle" that could, in conjunction with cipher flaws, reveal +session plaintext. + +Specifically, the "-etm" MAC algorithms modify the transport protocol +to calculate the MAC over the packet ciphertext and to send the packet +length unencrypted. This is necessary for the transport to obtain the +length of the packet and location of the MAC tag so that it may be +verified without decrypting unauthenticated data. + +As such, the MAC covers: + + mac = MAC(key, sequence_number || packet_length || encrypted_packet) + +where "packet_length" is encoded as a uint32 and "encrypted_packet" +contains: + + byte padding_length + byte[n1] payload; n1 = packet_length - padding_length - 1 + byte[n2] random padding; n2 = padding_length + +1.6 transport: AES-GCM + +OpenSSH supports the AES-GCM algorithm as specified in RFC 5647. +Because of problems with the specification of the key exchange +the behaviour of OpenSSH differs from the RFC as follows: + +AES-GCM is only negotiated as the cipher algorithms +"aes128-gcm@openssh.com" or "aes256-gcm@openssh.com" and never as +an MAC algorithm. Additionally, if AES-GCM is selected as the cipher +the exchanged MAC algorithms are ignored and there doesn't have to be +a matching MAC. + +1.7 transport: chacha20-poly1305@openssh.com authenticated encryption + +OpenSSH supports authenticated encryption using ChaCha20 and Poly1305 +as described in PROTOCOL.chacha20poly1305. + +1.8 transport: curve25519-sha256@libssh.org key exchange algorithm + +OpenSSH supports the use of ECDH in Curve25519 for key exchange as +described at: +http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519 + 2. Connection protocol changes 2.1. connection: Channel write close extension "eow@openssh.com" @@ -181,6 +232,56 @@ The contents of the "data" field for layer 2 packets is: The "frame" field contains an IEEE 802.3 Ethernet frame, including header. +2.4. connection: Unix domain socket forwarding + +OpenSSH supports local and remote Unix domain socket forwarding +using the "streamlocal" extension. Forwarding is initiated as per +TCP sockets but with a single path instead of a host and port. + +Similar to direct-tcpip, direct-streamlocal is sent by the client +to request that the server make a connection to a Unix domain socket. + + byte SSH_MSG_CHANNEL_OPEN + string "direct-streamlocal@openssh.com" + uint32 sender channel + uint32 initial window size + uint32 maximum packet size + string socket path + string reserved for future use + +Similar to forwarded-tcpip, forwarded-streamlocal is sent by the +server when the client has previously send the server a streamlocal-forward +GLOBAL_REQUEST. + + byte SSH_MSG_CHANNEL_OPEN + string "forwarded-streamlocal@openssh.com" + uint32 sender channel + uint32 initial window size + uint32 maximum packet size + string socket path + string reserved for future use + +The reserved field is not currently defined and is ignored on the +remote end. It is intended to be used in the future to pass +information about the socket file, such as ownership and mode. +The client currently sends the empty string for this field. + +Similar to tcpip-forward, streamlocal-forward is sent by the client +to request remote forwarding of a Unix domain socket. + + byte SSH2_MSG_GLOBAL_REQUEST + string "streamlocal-forward@openssh.com" + boolean TRUE + string socket path + +Similar to cancel-tcpip-forward, cancel-streamlocal-forward is sent +by the client cancel the forwarding of a Unix domain socket. + + byte SSH2_MSG_GLOBAL_REQUEST + string "cancel-streamlocal-forward@openssh.com" + boolean FALSE + string socket path + 3. SFTP protocol changes 3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK @@ -291,4 +392,18 @@ link(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.17 2010/12/04 00:18:01 djm Exp $ +10. sftp: Extension request "fsync@openssh.com" + +This request asks the server to call fsync(2) on an open file handle. + + uint32 id + string "fsync@openssh.com" + string handle + +One receiving this request, a server will call fsync(handle_fd) and will +respond with a SSH_FXP_STATUS message. + +This extension is advertised in the SSH_FXP_VERSION hello with version +"1". + +$OpenBSD: PROTOCOL,v 1.24 2014/07/15 15:54:14 millert Exp $ diff --git a/crypto/openssh/PROTOCOL.agent b/crypto/openssh/PROTOCOL.agent index de94d037d8..3fcaa14d41 100644 --- a/crypto/openssh/PROTOCOL.agent +++ b/crypto/openssh/PROTOCOL.agent @@ -152,7 +152,7 @@ fully specified using just rsa_q, rsa_p and rsa_e at the cost of extra computation. "key_constraints" may only be present if the request type is -SSH_AGENTC_ADD_RSA_IDENTITY. +SSH_AGENTC_ADD_RSA_ID_CONSTRAINED. The agent will reply with a SSH_AGENT_SUCCESS if the key has been successfully added or a SSH_AGENT_FAILURE if an error occurred. @@ -557,4 +557,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys. SSH_AGENT_CONSTRAIN_LIFETIME 1 SSH_AGENT_CONSTRAIN_CONFIRM 2 -$OpenBSD: PROTOCOL.agent,v 1.6 2010/08/31 11:54:45 djm Exp $ +$OpenBSD: PROTOCOL.agent,v 1.7 2013/01/02 00:33:49 djm Exp $ diff --git a/crypto/openssh/PROTOCOL.chacha20poly1305 b/crypto/openssh/PROTOCOL.chacha20poly1305 new file mode 100644 index 0000000000..9cf73a926b --- /dev/null +++ b/crypto/openssh/PROTOCOL.chacha20poly1305 @@ -0,0 +1,105 @@ +This document describes the chacha20-poly1305@openssh.com authenticated +encryption cipher supported by OpenSSH. + +Background +---------- + +ChaCha20 is a stream cipher designed by Daniel Bernstein and described +in [1]. It operates by permuting 128 fixed bits, 128 or 256 bits of key, +a 64 bit nonce and a 64 bit counter into 64 bytes of output. This output +is used as a keystream, with any unused bytes simply discarded. + +Poly1305[2], also by Daniel Bernstein, is a one-time Carter-Wegman MAC +that computes a 128 bit integrity tag given a message and a single-use +256 bit secret key. + +The chacha20-poly1305@openssh.com combines these two primitives into an +authenticated encryption mode. The construction used is based on that +proposed for TLS by Adam Langley in [3], but differs in the layout of +data passed to the MAC and in the addition of encyption of the packet +lengths. + +Negotiation +----------- + +The chacha20-poly1305@openssh.com offers both encryption and +authentication. As such, no separate MAC is required. If the +chacha20-poly1305@openssh.com cipher is selected in key exchange, +the offered MAC algorithms are ignored and no MAC is required to be +negotiated. + +Detailed Construction +--------------------- + +The chacha20-poly1305@openssh.com cipher requires 512 bits of key +material as output from the SSH key exchange. This forms two 256 bit +keys (K_1 and K_2), used by two separate instances of chacha20. + +The instance keyed by K_1 is a stream cipher that is used only +to encrypt the 4 byte packet length field. The second instance, +keyed by K_2, is used in conjunction with poly1305 to build an AEAD +(Authenticated Encryption with Associated Data) that is used to encrypt +and authenticate the entire packet. + +Two separate cipher instances are used here so as to keep the packet +lengths confidential but not create an oracle for the packet payload +cipher by decrypting and using the packet length prior to checking +the MAC. By using an independently-keyed cipher instance to encrypt the +length, an active attacker seeking to exploit the packet input handling +as a decryption oracle can learn nothing about the payload contents or +its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure). + +The AEAD is constructed as follows: for each packet, generate a Poly1305 +key by taking the first 256 bits of ChaCha20 stream output generated +using K_2, an IV consisting of the packet sequence number encoded as an +uint64 under the SSH wire encoding rules and a ChaCha20 block counter of +zero. The K_2 ChaCha20 block counter is then set to the little-endian +encoding of 1 (i.e. {1, 0, 0, 0, 0, 0, 0, 0}) and this instance is used +for encryption of the packet payload. + +Packet Handling +--------------- + +When receiving a packet, the length must be decrypted first. When 4 +bytes of ciphertext length have been received, they may be decrypted +using the K_1 key, a nonce consisting of the packet sequence number +encoded as a uint64 under the usual SSH wire encoding and a zero block +counter to obtain the plaintext length. + +Once the entire packet has been received, the MAC MUST be checked +before decryption. A per-packet Poly1305 key is generated as described +above and the MAC tag calculated using Poly1305 with this key over the +ciphertext of the packet length and the payload together. The calculated +MAC is then compared in constant time with the one appended to the +packet and the packet decrypted using ChaCha20 as described above (with +K_2, the packet sequence number as nonce and a starting block counter of +1). + +To send a packet, first encode the 4 byte length and encrypt it using +K_1. Encrypt the packet payload (using K_2) and append it to the +encrypted length. Finally, calculate a MAC tag and append it. + +Rekeying +-------- + +ChaCha20 must never reuse a {key, nonce} for encryption nor may it be +used to encrypt more than 2^70 bytes under the same {key, nonce}. The +SSH Transport protocol (RFC4253) recommends a far more conservative +rekeying every 1GB of data sent or received. If this recommendation +is followed, then chacha20-poly1305@openssh.com requires no special +handling in this area. + +References +---------- + +[1] "ChaCha, a variant of Salsa20", Daniel Bernstein + http://cr.yp.to/chacha/chacha-20080128.pdf + +[2] "The Poly1305-AES message-authentication code", Daniel Bernstein + http://cr.yp.to/mac/poly1305-20050329.pdf + +[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley + http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 + +$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ + diff --git a/crypto/openssh/PROTOCOL.key b/crypto/openssh/PROTOCOL.key new file mode 100644 index 0000000000..959bd7aeec --- /dev/null +++ b/crypto/openssh/PROTOCOL.key @@ -0,0 +1,68 @@ +This document describes the private key format for OpenSSH. + +1. Overall format + +The key consists of a header, a list of public keys, and +an encrypted list of matching private keys. + +#define AUTH_MAGIC "openssh-key-v1" + + byte[] AUTH_MAGIC + string ciphername + string kdfname + string kdfoptions + int number of keys N + string publickey1 + string publickey2 + ... + string publickeyN + string encrypted, padded list of private keys + +2. KDF options for kdfname "bcrypt" + +The options: + + string salt + uint32 rounds + +are concatenated and represented as a string. + +3. Unencrypted list of N private keys + +The list of privatekey/comment pairs is padded with the +bytes 1, 2, 3, ... until the total length is a multiple +of the cipher block size. + + uint32 checkint + uint32 checkint + string privatekey1 + string comment1 + string privatekey2 + string comment2 + ... + string privatekeyN + string commentN + char 1 + char 2 + char 3 + ... + char padlen % 255 + +Before the key is encrypted, a random integer is assigned +to both checkint fields so successful decryption can be +quickly checked by verifying that both checkint fields +hold the same value. + +4. Encryption + +The KDF is used to derive a key, IV (and other values required by +the cipher) from the passphrase. These values are then used to +encrypt the unencrypted list of private keys. + +5. No encryption + +For unencrypted keys the cipher "none" and the KDF "none" +are used with empty passphrases. The options if the KDF "none" +are the empty string. + +$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ diff --git a/crypto/openssh/PROTOCOL.krl b/crypto/openssh/PROTOCOL.krl new file mode 100644 index 0000000000..e8caa4527a --- /dev/null +++ b/crypto/openssh/PROTOCOL.krl @@ -0,0 +1,164 @@ +This describes the key/certificate revocation list format for OpenSSH. + +1. Overall format + +The KRL consists of a header and zero or more sections. The header is: + +#define KRL_MAGIC 0x5353484b524c0a00ULL /* "SSHKRL\n\0" */ +#define KRL_FORMAT_VERSION 1 + + uint64 KRL_MAGIC + uint32 KRL_FORMAT_VERSION + uint64 krl_version + uint64 generated_date + uint64 flags + string reserved + string comment + +Where "krl_version" is a version number that increases each time the KRL +is modified, "generated_date" is the time in seconds since 1970-01-01 +00:00:00 UTC that the KRL was generated, "comment" is an optional comment +and "reserved" an extension field whose contents are currently ignored. +No "flags" are currently defined. + +Following the header are zero or more sections, each consisting of: + + byte section_type + string section_data + +Where "section_type" indicates the type of the "section_data". An exception +to this is the KRL_SECTION_SIGNATURE section, that has a slightly different +format (see below). + +The available section types are: + +#define KRL_SECTION_CERTIFICATES 1 +#define KRL_SECTION_EXPLICIT_KEY 2 +#define KRL_SECTION_FINGERPRINT_SHA1 3 +#define KRL_SECTION_SIGNATURE 4 + +3. Certificate serial section + +These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by +serial number or key ID. The consist of the CA key that issued the +certificates to be revoked and a reserved field whose contents is currently +ignored. + + string ca_key + string reserved + +Followed by one or more sections: + + byte cert_section_type + string cert_section_data + +The certificate section types are: + +#define KRL_SECTION_CERT_SERIAL_LIST 0x20 +#define KRL_SECTION_CERT_SERIAL_RANGE 0x21 +#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 +#define KRL_SECTION_CERT_KEY_ID 0x23 + +2.1 Certificate serial list section + +This section is identified as KRL_SECTION_CERT_SERIAL_LIST. It revokes +certificates by listing their serial numbers. The cert_section_data in this +case contains: + + uint64 revoked_cert_serial + uint64 ... + +This section may appear multiple times. + +2.2. Certificate serial range section + +These sections use type KRL_SECTION_CERT_SERIAL_RANGE and hold +a range of serial numbers of certificates: + + uint64 serial_min + uint64 serial_max + +All certificates in the range serial_min <= serial <= serial_max are +revoked. + +This section may appear multiple times. + +2.3. Certificate serial bitmap section + +Bitmap sections use type KRL_SECTION_CERT_SERIAL_BITMAP and revoke keys +by listing their serial number in a bitmap. + + uint64 serial_offset + mpint revoked_keys_bitmap + +A bit set at index N in the bitmap corresponds to revocation of a keys with +serial number (serial_offset + N). + +This section may appear multiple times. + +2.4. Revoked key ID sections + +KRL_SECTION_CERT_KEY_ID sections revoke particular certificate "key +ID" strings. This may be useful in revoking all certificates +associated with a particular identity, e.g. a host or a user. + + string key_id[0] + ... + +This section must contain at least one "key_id". This section may appear +multiple times. + +3. Explicit key sections + +These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys +(not certificates). They are less space efficient than serial numbers, +but are able to revoke plain keys. + + string public_key_blob[0] + .... + +This section must contain at least one "public_key_blob". The blob +must be a raw key (i.e. not a certificate). + +This section may appear multiple times. + +4. SHA1 fingerprint sections + +These sections, identified as KRL_SECTION_FINGERPRINT_SHA1, revoke +plain keys (i.e. not certificates) by listing their SHA1 hashes: + + string public_key_hash[0] + .... + +This section must contain at least one "public_key_hash". The hash blob +is obtained by taking the SHA1 hash of the public key blob. Hashes in +this section must appear in numeric order, treating each hash as a big- +endian integer. + +This section may appear multiple times. + +5. KRL signature sections + +The KRL_SECTION_SIGNATURE section serves a different purpose to the +preceeding ones: to provide cryptographic authentication of a KRL that +is retrieved over a channel that does not provide integrity protection. +Its format is slightly different to the previously-described sections: +in order to simplify the signature generation, it includes as a "body" +two string components instead of one. + + byte KRL_SECTION_SIGNATURE + string signature_key + string signature + +The signature is calculated over the entire KRL from the KRL_MAGIC +to this subsection's "signature_key", including both and using the +signature generation rules appropriate for the type of "signature_key". + +This section must appear last in the KRL. If multiple signature sections +appear, they must appear consecutively at the end of the KRL file. + +Implementations that retrieve KRLs over untrusted channels must verify +signatures. Signature sections are optional for KRLs distributed by +trusted means. + +$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $ diff --git a/crypto/openssh/README b/crypto/openssh/README index 81cb922be0..b21441ae06 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-6.1 for the release notes. +See http://www.openssh.com/txt/release-6.7 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.81 2012/08/22 11:57:13 djm Exp $ +$Id: README,v 1.87 2014/08/10 01:35:06 djm Exp $ diff --git a/crypto/openssh/README.DELETED b/crypto/openssh/README.DELETED index 4a44fd2e0a..b185d7d4d4 100644 --- a/crypto/openssh/README.DELETED +++ b/crypto/openssh/README.DELETED @@ -8,12 +8,14 @@ TODO aclocal.m4 audit-linux.c buildpkg.sh.in +cipher-aesctr.c config.guess config.h.in config.sub configure configure.ac contrib/ +fixalgorithms fixpaths fixprogs install-sh @@ -27,7 +29,6 @@ openbsd-compat/Makefile.in openbsd-compat/base64.c openbsd-compat/basename.c openbsd-compat/bindresvport.c -openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-asprintf.c openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cray.c @@ -44,7 +45,6 @@ openbsd-compat/dirname.c openbsd-compat/fake-rfc2553.c openbsd-compat/getcwd.c openbsd-compat/getgrouplist.c -openbsd-compat/getopt.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/inet_aton.c openbsd-compat/inet_ntoa.c @@ -98,4 +98,3 @@ ssh_config.0 sshd.0 sshd_config.0 survey.sh.in -version.h diff --git a/crypto/openssh/acss.c b/crypto/openssh/acss.c deleted file mode 100644 index 86e2c01a8c..0000000000 --- a/crypto/openssh/acss.c +++ /dev/null @@ -1,267 +0,0 @@ -/* $Id: acss.c,v 1.4 2006/07/24 04:51:01 djm Exp $ */ -/* - * Copyright (c) 2004 The OpenBSD project - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include - -#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L) - -#include "acss.h" - -/* decryption sbox */ -static unsigned char sboxdec[] = { - 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, - 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, - 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, - 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, - 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, - 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, - 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, - 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, - 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, - 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, - 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, - 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, - 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, - 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, - 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, - 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, - 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, - 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, - 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, - 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, - 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, - 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, - 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, - 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, - 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, - 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, - 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, - 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, - 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, - 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, - 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, - 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff -}; - -/* encryption sbox */ -static unsigned char sboxenc[] = { - 0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75, - 0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b, - 0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21, - 0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f, - 0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5, - 0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab, - 0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0, - 0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2, - 0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74, - 0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76, - 0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20, - 0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22, - 0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4, - 0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6, - 0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1, - 0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf, - 0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25, - 0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b, - 0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71, - 0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f, - 0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5, - 0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb, - 0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0, - 0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2, - 0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24, - 0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26, - 0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70, - 0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72, - 0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4, - 0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6, - 0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1, - 0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff -}; - -static unsigned char reverse[] = { - 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, - 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, - 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, - 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, - 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, - 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, - 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, - 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, - 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, - 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, - 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, - 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, - 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, - 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, - 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, - 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, - 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, - 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, - 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, - 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, - 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, - 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, - 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, - 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, - 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, - 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, - 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, - 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, - 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, - 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, - 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, - 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff -}; - -/* - * Two linear feedback shift registers are used: - * - * lfsr17: polynomial of degree 17, primitive modulo 2 (listed in Schneier) - * x^15 + x + 1 - * lfsr25: polynomial of degree 25, not know if primitive modulo 2 - * x^13 + x^5 + x^4 + x^1 + 1 - * - * Output bits are discarded, instead the feedback bits are added to produce - * the cipher stream. Depending on the mode, feedback bytes may be inverted - * bit-wise before addition. - * - * The lfsrs are seeded with bytes from the raw key: - * - * lfsr17: byte 0[0:7] at bit 9 - * byte 1[0:7] at bit 0 - * - * lfsr25: byte 2[0:4] at bit 16 - * byte 2[5:7] at bit 22 - * byte 3[0:7] at bit 8 - * byte 4[0:7] at bit 0 - * - * To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in - * lfsr25. - * - */ - -int -acss(ACSS_KEY *key, unsigned long len, const unsigned char *in, - unsigned char *out) -{ - unsigned long i; - unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp; - - lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0; - - /* keystream is sum of lfsrs */ - for (i = 0; i < len; i++) { - lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14); - key->lfsr17 = (key->lfsr17 >> 8) - ^ (lfsr17tmp << 9) - ^ (lfsr17tmp << 12) - ^ (lfsr17tmp << 15); - key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */ - - lfsr25tmp = key->lfsr25 - ^ (key->lfsr25 >> 3) - ^ (key->lfsr25 >> 4) - ^ (key->lfsr25 >> 12); - key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17); - key->lfsr25 &= 0x1ffffff; /* 25 bit LFSR */ - - lfsrsumtmp = key->lfsrsum; - - /* addition */ - switch (key->mode) { - case ACSS_AUTHENTICATE: - case ACSS_DATA: - key->lfsrsum = 0xff & ~(key->lfsr17 >> 9); - key->lfsrsum += key->lfsr25 >> 17; - break; - case ACSS_SESSIONKEY: - key->lfsrsum = key->lfsr17 >> 9; - key->lfsrsum += key->lfsr25 >> 17; - break; - case ACSS_TITLEKEY: - key->lfsrsum = key->lfsr17 >> 9; - key->lfsrsum += 0xff & ~(key->lfsr25 >> 17); - break; - default: - return 1; - } - key->lfsrsum += (lfsrsumtmp >> 8); - - if (key->encrypt) { - out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff]; - } else { - out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff; - } - } - - return 0; -} - -static void -acss_seed(ACSS_KEY *key) -{ - int i; - - /* if available, mangle with subkey */ - if (key->subkey_avilable) { - for (i = 0; i < ACSS_KEYSIZE; i++) - key->seed[i] = reverse[key->data[i] ^ key->subkey[i]]; - } else { - for (i = 0; i < ACSS_KEYSIZE; i++) - key->seed[i] = reverse[key->data[i]]; - } - - /* seed lfsrs */ - key->lfsr17 = key->seed[1] - | (key->seed[0] << 9) - | (1 << 8); /* inject 1 at bit 9 */ - key->lfsr25 = key->seed[4] - | (key->seed[3] << 8) - | ((key->seed[2] & 0x1f) << 16) - | ((key->seed[2] & 0xe0) << 17) - | (1 << 21); /* inject 1 at bit 22 */ - - key->lfsrsum = 0; -} - -void -acss_setkey(ACSS_KEY *key, const unsigned char *data, int enc, int mode) -{ - memcpy(key->data, data, sizeof(key->data)); - memset(key->subkey, 0, sizeof(key->subkey)); - - if (enc != -1) - key->encrypt = enc; - key->mode = mode; - key->subkey_avilable = 0; - - acss_seed(key); -} - -void -acss_setsubkey(ACSS_KEY *key, const unsigned char *subkey) -{ - memcpy(key->subkey, subkey, sizeof(key->subkey)); - key->subkey_avilable = 1; - acss_seed(key); -} -#endif diff --git a/crypto/openssh/acss.h b/crypto/openssh/acss.h deleted file mode 100644 index 91b4895423..0000000000 --- a/crypto/openssh/acss.h +++ /dev/null @@ -1,47 +0,0 @@ -/* $Id: acss.h,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */ -/* - * Copyright (c) 2004 The OpenBSD project - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _ACSS_H_ -#define _ACSS_H_ - -/* 40bit key */ -#define ACSS_KEYSIZE 5 - -/* modes of acss */ -#define ACSS_AUTHENTICATE 0 -#define ACSS_SESSIONKEY 1 -#define ACSS_TITLEKEY 2 -#define ACSS_DATA 3 - -typedef struct acss_key_st { - unsigned int lfsr17; /* current state of lfsrs */ - unsigned int lfsr25; - unsigned int lfsrsum; - unsigned char seed[ACSS_KEYSIZE]; - unsigned char data[ACSS_KEYSIZE]; - unsigned char subkey[ACSS_KEYSIZE]; - int encrypt; /* XXX make these bit flags? */ - int mode; - int seeded; - int subkey_avilable; -} ACSS_KEY; - -void acss_setkey(ACSS_KEY *, const unsigned char *, int, int); -void acss_setsubkey(ACSS_KEY *, const unsigned char *); -int acss(ACSS_KEY *, unsigned long, const unsigned char *, unsigned char *); - -#endif /* ifndef _ACSS_H_ */ diff --git a/crypto/openssh/addrmatch.c b/crypto/openssh/addrmatch.c index 388603cae6..c443146323 100644 --- a/crypto/openssh/addrmatch.c +++ b/crypto/openssh/addrmatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.9 2014/01/19 11:21:51 dtucker Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller @@ -88,13 +88,13 @@ addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa) switch (sa->sa_family) { case AF_INET: - if (slen < sizeof(*in4)) + if (slen < (socklen_t)sizeof(*in4)) return -1; xa->af = AF_INET; memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4)); break; case AF_INET6: - if (slen < sizeof(*in6)) + if (slen < (socklen_t)sizeof(*in6)) return -1; xa->af = AF_INET6; memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6)); @@ -420,7 +420,7 @@ addr_match_list(const char *addr, const char *_list) goto foundit; } } - xfree(o); + free(o); return ret; } @@ -494,7 +494,7 @@ addr_match_cidr_list(const char *addr, const char *_list) continue; } } - xfree(o); + free(o); return ret; } diff --git a/crypto/openssh/atomicio.c b/crypto/openssh/atomicio.c index 601b3c371c..2bac36c91c 100644 --- a/crypto/openssh/atomicio.c +++ b/crypto/openssh/atomicio.c @@ -56,8 +56,10 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, ssize_t res; struct pollfd pfd; +#ifndef BROKEN_READ_COMPARISON pfd.fd = fd; pfd.events = f == read ? POLLIN : POLLOUT; +#endif while (n > pos) { res = (f) (fd, s + pos, n - pos); switch (res) { @@ -65,7 +67,9 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, if (errno == EINTR) continue; if (errno == EAGAIN || errno == EWOULDBLOCK) { +#ifndef BROKEN_READ_COMPARISON (void)poll(&pfd, 1, -1); +#endif continue; } return 0; diff --git a/crypto/openssh/auth-bsdauth.c b/crypto/openssh/auth-bsdauth.c index 0b3262b49f..37ff893e69 100644 --- a/crypto/openssh/auth-bsdauth.c +++ b/crypto/openssh/auth-bsdauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-bsdauth.c,v 1.11 2007/09/21 08:15:29 djm Exp $ */ +/* $OpenBSD: auth-bsdauth.c,v 1.13 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -26,6 +26,8 @@ #include "includes.h" #include +#include +#include #include @@ -54,6 +56,11 @@ bsdauth_query(void *ctx, char **name, char **infotxt, Authctxt *authctxt = ctx; char *challenge = NULL; + *infotxt = NULL; + *numprompts = 0; + *prompts = NULL; + *echo_on = NULL; + if (authctxt->as != NULL) { debug2("bsdauth_query: try reuse session"); challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); diff --git a/crypto/openssh/auth-chall.c b/crypto/openssh/auth-chall.c index 919b1eaa43..5c26a403df 100644 --- a/crypto/openssh/auth-chall.c +++ b/crypto/openssh/auth-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth-chall.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -26,6 +26,9 @@ #include "includes.h" #include +#include +#include +#include #include @@ -34,6 +37,7 @@ #include "hostfile.h" #include "auth.h" #include "log.h" +#include "misc.h" #include "servconf.h" /* limited protocol v1 interface to kbd-interactive authentication */ @@ -69,11 +73,11 @@ get_challenge(Authctxt *authctxt) fatal("get_challenge: numprompts < 1"); challenge = xstrdup(prompts[0]); for (i = 0; i < numprompts; i++) - xfree(prompts[i]); - xfree(prompts); - xfree(name); - xfree(echo_on); - xfree(info); + free(prompts[i]); + free(prompts); + free(name); + free(echo_on); + free(info); return (challenge); } @@ -102,11 +106,11 @@ verify_response(Authctxt *authctxt, const char *response) authenticated = 1; for (i = 0; i < numprompts; i++) - xfree(prompts[i]); - xfree(prompts); - xfree(name); - xfree(echo_on); - xfree(info); + free(prompts[i]); + free(prompts); + free(name); + free(echo_on); + free(info); break; } device->free_ctx(authctxt->kbdintctxt); diff --git a/crypto/openssh/auth-krb5.c b/crypto/openssh/auth-krb5.c index 922c66c669..0089b18440 100644 --- a/crypto/openssh/auth-krb5.c +++ b/crypto/openssh/auth-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */ /* * Kerberos v5 authentication and ticket-passing routines. * @@ -40,6 +40,7 @@ #include "packet.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "uidswap.h" #include "key.h" @@ -79,6 +80,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_ccache ccache = NULL; int len; char *client, *platform_client; + const char *errmsg; /* get platform-specific kerberos client principal name (if it exists) */ platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); @@ -96,7 +98,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password) goto out; #ifdef HEIMDAL +# ifdef HAVE_KRB5_CC_NEW_UNIQUE + problem = krb5_cc_new_unique(authctxt->krb5_ctx, + krb5_mcc_ops.prefix, NULL, &ccache); +# else problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); +# endif if (problem) goto out; @@ -115,8 +122,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; +# ifdef HAVE_KRB5_CC_NEW_UNIQUE + problem = krb5_cc_new_unique(authctxt->krb5_ctx, + krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache); +# else problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &authctxt->krb5_fwd_ccache); +# endif if (problem) goto out; @@ -146,7 +158,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; - if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) { + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + authctxt->pw->pw_name)) { problem = -1; goto out; } @@ -181,17 +194,19 @@ auth_krb5_password(Authctxt *authctxt, const char *password) out: restore_uid(); - if (platform_client != NULL) - xfree(platform_client); + free(platform_client); if (problem) { if (ccache) krb5_cc_destroy(authctxt->krb5_ctx, ccache); - if (authctxt->krb5_ctx != NULL && problem!=-1) - debug("Kerberos password authentication failed: %s", - krb5_get_err_text(authctxt->krb5_ctx, problem)); - else + if (authctxt->krb5_ctx != NULL && problem!=-1) { + errmsg = krb5_get_error_message(authctxt->krb5_ctx, + problem); + debug("Kerberos password authentication failed: %s", + errmsg); + krb5_free_error_message(authctxt->krb5_ctx, errmsg); + } else debug("Kerberos password authentication failed: %d", problem); diff --git a/crypto/openssh/auth-options.c b/crypto/openssh/auth-options.c index 0e67bd8c09..f3d9c9df82 100644 --- a/crypto/openssh/auth-options.c +++ b/crypto/openssh/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.64 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -26,17 +26,13 @@ #include "log.h" #include "canohost.h" #include "buffer.h" +#include "misc.h" #include "channels.h" #include "servconf.h" -#include "misc.h" #include "key.h" #include "auth-options.h" #include "hostfile.h" #include "auth.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" /* Flags set authorized_keys flags */ int no_port_forwarding_flag = 0; @@ -72,15 +68,15 @@ auth_clear_options(void) while (custom_environment) { struct envstring *ce = custom_environment; custom_environment = ce->next; - xfree(ce->s); - xfree(ce); + free(ce->s); + free(ce); } if (forced_command) { - xfree(forced_command); + free(forced_command); forced_command = NULL; } if (authorized_principals) { - xfree(authorized_principals); + free(authorized_principals); authorized_principals = NULL; } forced_tun_device = -1; @@ -149,7 +145,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (strncasecmp(opts, cp, strlen(cp)) == 0) { opts += strlen(cp); if (forced_command != NULL) - xfree(forced_command); + free(forced_command); forced_command = xmalloc(strlen(opts) + 1); i = 0; while (*opts) { @@ -167,7 +163,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) file, linenum); auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); - xfree(forced_command); + free(forced_command); forced_command = NULL; goto bad_option; } @@ -180,7 +176,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (strncasecmp(opts, cp, strlen(cp)) == 0) { opts += strlen(cp); if (authorized_principals != NULL) - xfree(authorized_principals); + free(authorized_principals); authorized_principals = xmalloc(strlen(opts) + 1); i = 0; while (*opts) { @@ -198,7 +194,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) file, linenum); auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); - xfree(authorized_principals); + free(authorized_principals); authorized_principals = NULL; goto bad_option; } @@ -232,14 +228,14 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) file, linenum); auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); - xfree(s); + free(s); goto bad_option; } s[i] = '\0'; auth_debug_add("Adding to environment: %.900s", s); debug("Adding to environment: %.900s", s); opts++; - new_envstring = xmalloc(sizeof(struct envstring)); + new_envstring = xcalloc(1, sizeof(struct envstring)); new_envstring->s = s; new_envstring->next = custom_environment; custom_environment = new_envstring; @@ -269,7 +265,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) file, linenum); auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); - xfree(patterns); + free(patterns); goto bad_option; } patterns[i] = '\0'; @@ -277,7 +273,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) switch (match_host_and_ip(remote_host, remote_ip, patterns)) { case 1: - xfree(patterns); + free(patterns); /* Host name matches. */ goto next_option; case -1: @@ -287,7 +283,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) "invalid criteria", file, linenum); /* FALLTHROUGH */ case 0: - xfree(patterns); + free(patterns); logit("Authentication tried for %.100s with " "correct key but not from a permitted " "host (host=%.200s, ip=%.200s).", @@ -323,12 +319,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) file, linenum); auth_debug_add("%.100s, line %lu: missing " "end quote", file, linenum); - xfree(patterns); + free(patterns); goto bad_option; } patterns[i] = '\0'; opts++; p = patterns; + /* XXX - add streamlocal support */ host = hpdelim(&p); if (host == NULL || strlen(host) >= NI_MAXHOST) { debug("%.100s, line %lu: Bad permitopen " @@ -337,7 +334,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) auth_debug_add("%.100s, line %lu: " "Bad permitopen specification", file, linenum); - xfree(patterns); + free(patterns); goto bad_option; } host = cleanhostname(host); @@ -346,12 +343,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) "<%.100s>", file, linenum, p ? p : ""); auth_debug_add("%.100s, line %lu: " "Bad permitopen port", file, linenum); - xfree(patterns); + free(patterns); goto bad_option; } - if (options.allow_tcp_forwarding) + if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) channel_add_permitted_opens(host, port); - xfree(patterns); + free(patterns); goto next_option; } cp = "tunnel=\""; @@ -370,13 +367,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) file, linenum); auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); - xfree(tun); + free(tun); forced_tun_device = -1; goto bad_option; } tun[i] = '\0'; forced_tun_device = a2tun(tun, NULL); - xfree(tun); + free(tun); if (forced_tun_device == SSH_TUNID_ERR) { debug("%.100s, line %lu: invalid tun device", file, linenum); @@ -432,10 +429,11 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, { char *command, *allowed; const char *remote_ip; - u_char *name = NULL, *data_blob = NULL; + char *name = NULL; + u_char *data_blob = NULL; u_int nlen, dlen, clen; Buffer c, data; - int ret = -1, found; + int ret = -1, result, found; buffer_init(&data); @@ -484,7 +482,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, if (*cert_forced_command != NULL) { error("Certificate has multiple " "force-command options"); - xfree(command); + free(command); goto out; } *cert_forced_command = command; @@ -500,15 +498,16 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, if ((*cert_source_address_done)++) { error("Certificate has multiple " "source-address options"); - xfree(allowed); + free(allowed); goto out; } remote_ip = get_remote_ipaddr(); - switch (addr_match_cidr_list(remote_ip, - allowed)) { + result = addr_match_cidr_list(remote_ip, + allowed); + free(allowed); + switch (result) { case 1: /* accepted */ - xfree(allowed); break; case 0: /* no match */ @@ -521,12 +520,11 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "is not permitted to use this " "certificate for login.", remote_ip); - xfree(allowed); goto out; case -1: + default: error("Certificate source-address " "contents invalid"); - xfree(allowed); goto out; } found = 1; @@ -548,9 +546,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, goto out; } buffer_clear(&data); - xfree(name); - xfree(data_blob); - name = data_blob = NULL; + free(name); + free(data_blob); + name = NULL; + data_blob = NULL; } /* successfully parsed all options */ ret = 0; @@ -559,13 +558,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, if (ret != 0 && cert_forced_command != NULL && *cert_forced_command != NULL) { - xfree(*cert_forced_command); + free(*cert_forced_command); *cert_forced_command = NULL; } if (name != NULL) - xfree(name); + free(name); if (data_blob != NULL) - xfree(data_blob); + free(data_blob); buffer_free(&data); buffer_free(&c); return ret; @@ -588,8 +587,8 @@ auth_cert_options(Key *k, struct passwd *pw) if (key_cert_is_legacy(k)) { /* All options are in the one field for v00 certs */ - if (parse_option_list(buffer_ptr(&k->cert->critical), - buffer_len(&k->cert->critical), pw, + if (parse_option_list(buffer_ptr(k->cert->critical), + buffer_len(k->cert->critical), pw, OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1, &cert_no_port_forwarding_flag, &cert_no_agent_forwarding_flag, @@ -601,14 +600,14 @@ auth_cert_options(Key *k, struct passwd *pw) return -1; } else { /* Separate options and extensions for v01 certs */ - if (parse_option_list(buffer_ptr(&k->cert->critical), - buffer_len(&k->cert->critical), pw, + if (parse_option_list(buffer_ptr(k->cert->critical), + buffer_len(k->cert->critical), pw, OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL, &cert_forced_command, &cert_source_address_done) == -1) return -1; - if (parse_option_list(buffer_ptr(&k->cert->extensions), - buffer_len(&k->cert->extensions), pw, + if (parse_option_list(buffer_ptr(k->cert->extensions), + buffer_len(k->cert->extensions), pw, OPTIONS_EXTENSIONS, 1, &cert_no_port_forwarding_flag, &cert_no_agent_forwarding_flag, @@ -627,7 +626,7 @@ auth_cert_options(Key *k, struct passwd *pw) /* CA-specified forced command supersedes key option */ if (cert_forced_command != NULL) { if (forced_command != NULL) - xfree(forced_command); + free(forced_command); forced_command = cert_forced_command; } return 0; diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c index 675006e6fb..d789bad7b9 100644 --- a/crypto/openssh/auth-pam.c +++ b/crypto/openssh/auth-pam.c @@ -412,10 +412,9 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, fail: for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - xfree(reply[i].resp); + free(reply[i].resp); } - xfree(reply); + free(reply); buffer_free(&buffer); return (PAM_CONV_ERR); } @@ -439,8 +438,10 @@ sshpam_thread(void *ctxtp) const char **ptr_pam_user = &pam_user; char *tz = getenv("TZ"); - pam_get_item(sshpam_handle, PAM_USER, + sshpam_err = pam_get_item(sshpam_handle, PAM_USER, (sshpam_const void **)ptr_pam_user); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; environ[0] = NULL; if (tz != NULL) @@ -586,10 +587,9 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg, fail: for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - xfree(reply[i].resp); + free(reply[i].resp); } - xfree(reply); + free(reply); return (PAM_CONV_ERR); } @@ -693,7 +693,7 @@ sshpam_init_ctx(Authctxt *authctxt) /* Start the authentication thread */ if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { error("PAM: failed create sockets: %s", strerror(errno)); - xfree(ctxt); + free(ctxt); return (NULL); } ctxt->pam_psock = socks[0]; @@ -703,7 +703,7 @@ sshpam_init_ctx(Authctxt *authctxt) strerror(errno)); close(socks[0]); close(socks[1]); - xfree(ctxt); + free(ctxt); return (NULL); } cleanup_ctxt = ctxt; @@ -742,7 +742,7 @@ sshpam_query(void *ctx, char **name, char **info, strlcpy(**prompts + plen, msg, len - plen); plen += mlen; **echo_on = (type == PAM_PROMPT_ECHO_ON); - xfree(msg); + free(msg); return (0); case PAM_ERROR_MSG: case PAM_TEXT_INFO: @@ -753,7 +753,7 @@ sshpam_query(void *ctx, char **name, char **info, plen += mlen; strlcat(**prompts + plen, "\n", len - plen); plen++; - xfree(msg); + free(msg); break; case PAM_ACCT_EXPIRED: sshpam_account_status = 0; @@ -766,7 +766,7 @@ sshpam_query(void *ctx, char **name, char **info, *num = 0; **echo_on = 0; ctxt->pam_done = -1; - xfree(msg); + free(msg); return 0; } /* FALLTHROUGH */ @@ -776,7 +776,7 @@ sshpam_query(void *ctx, char **name, char **info, debug("PAM: %s", **prompts); buffer_append(&loginmsg, **prompts, strlen(**prompts)); - xfree(**prompts); + free(**prompts); **prompts = NULL; } if (type == PAM_SUCCESS) { @@ -790,7 +790,7 @@ sshpam_query(void *ctx, char **name, char **info, *num = 0; **echo_on = 0; ctxt->pam_done = 1; - xfree(msg); + free(msg); return (0); } error("PAM: %s for %s%.100s from %.100s", msg, @@ -801,7 +801,7 @@ sshpam_query(void *ctx, char **name, char **info, default: *num = 0; **echo_on = 0; - xfree(msg); + free(msg); ctxt->pam_done = -1; return (-1); } @@ -852,7 +852,7 @@ sshpam_free_ctx(void *ctxtp) debug3("PAM: %s entering", __func__); sshpam_thread_cleanup(); - xfree(ctxt); + free(ctxt); /* * We don't call sshpam_cleanup() here because we may need the PAM * handle at a later stage, e.g. when setting up a session. It's @@ -1006,10 +1006,9 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg, fail: for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - xfree(reply[i].resp); + free(reply[i].resp); } - xfree(reply); + free(reply); return (PAM_CONV_ERR); } @@ -1081,7 +1080,7 @@ do_pam_putenv(char *name, char *value) snprintf(compound, len, "%s=%s", name, value); ret = pam_putenv(sshpam_handle, compound); - xfree(compound); + free(compound); #endif return (ret); @@ -1108,8 +1107,8 @@ free_pam_environment(char **env) return; for (envp = env; *envp; envp++) - xfree(*envp); - xfree(env); + free(*envp); + free(env); } /* @@ -1165,10 +1164,9 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, fail: for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - xfree(reply[i].resp); + free(reply[i].resp); } - xfree(reply); + free(reply); return (PAM_CONV_ERR); } diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index 68bbd18ddd..63ccf3cabe 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.43 2007/09/21 08:15:29 djm Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,6 +48,7 @@ #include "packet.h" #include "buffer.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "key.h" #include "hostfile.h" diff --git a/crypto/openssh/auth-rh-rsa.c b/crypto/openssh/auth-rh-rsa.c index b21a0f4a2f..b7fd064e7d 100644 --- a/crypto/openssh/auth-rh-rsa.c +++ b/crypto/openssh/auth-rh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rh-rsa.c,v 1.43 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: auth-rh-rsa.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -24,6 +24,7 @@ #include "uidswap.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "key.h" #include "hostfile.h" diff --git a/crypto/openssh/auth-rhosts.c b/crypto/openssh/auth-rhosts.c index 06ae7f0b9e..b5bedee8d4 100644 --- a/crypto/openssh/auth-rhosts.c +++ b/crypto/openssh/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.44 2010/03/07 11:57:13 dtucker Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.45 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,12 +34,12 @@ #include "uidswap.h" #include "pathnames.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "canohost.h" #include "key.h" #include "hostfile.h" #include "auth.h" -#include "misc.h" /* import */ extern ServerOptions options; diff --git a/crypto/openssh/auth-rsa.c b/crypto/openssh/auth-rsa.c index 4ab46cd516..e9f4ede26a 100644 --- a/crypto/openssh/auth-rsa.c +++ b/crypto/openssh/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.80 2011/05/23 03:30:07 djm Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.88 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -20,7 +20,6 @@ #include #include -#include #include #include @@ -36,6 +35,7 @@ #include "buffer.h" #include "pathnames.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "key.h" #include "auth-options.h" @@ -46,7 +46,8 @@ #endif #include "monitor_wrap.h" #include "ssh.h" -#include "misc.h" + +#include "digest.h" /* import */ extern ServerOptions options; @@ -91,12 +92,13 @@ int auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) { u_char buf[32], mdbuf[16]; - MD5_CTX md; + struct ssh_digest_ctx *md; int len; /* don't allow short keys */ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits", + error("%s: RSA modulus too small: %d < minimum %d bits", + __func__, BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); return (0); } @@ -104,13 +106,15 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); if (len <= 0 || len > 32) - fatal("auth_rsa_verify_response: bad challenge length %d", len); + fatal("%s: bad challenge length %d", __func__, len); memset(buf, 0, 32); BN_bn2bin(challenge, buf + 32 - len); - MD5_Init(&md); - MD5_Update(&md, buf, 32); - MD5_Update(&md, session_id, 16); - MD5_Final(mdbuf, &md); + if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || + ssh_digest_update(md, buf, 32) < 0 || + ssh_digest_update(md, session_id, 16) < 0 || + ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) + fatal("%s: md5 failed", __func__); + ssh_digest_free(md); /* Verify that the response is the original challenge. */ if (timingsafe_bcmp(response, mdbuf, 16) != 0) { @@ -140,7 +144,8 @@ auth_rsa_challenge_dialog(Key *key) challenge = PRIVSEP(auth_rsa_generate_challenge(key)); /* Encrypt the challenge with the public key. */ - rsa_public_encrypt(encrypted_challenge, challenge, key->rsa); + if (rsa_public_encrypt(encrypted_challenge, challenge, key->rsa) != 0) + fatal("%s: rsa_public_encrypt failed", __func__); /* Send the encrypted challenge to the client. */ packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); @@ -164,9 +169,8 @@ static int rsa_key_allowed_in_file(struct passwd *pw, char *file, const BIGNUM *client_n, Key **rkey) { - char line[SSH_MAX_PUBKEY_BYTES]; - int allowed = 0; - u_int bits; + char *fp, line[SSH_MAX_PUBKEY_BYTES]; + int allowed = 0, bits; FILE *f; u_long linenum = 0; Key *key; @@ -227,11 +231,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, /* check the real bits */ keybits = BN_num_bits(key->rsa->n); - if (keybits < 0 || bits != (u_int)keybits) + if (keybits < 0 || bits != keybits) logit("Warning: %s, line %lu: keysize mismatch: " "actual %d vs. announced %d.", file, linenum, BN_num_bits(key->rsa->n), bits); + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + debug("matching key found: file %s, line %lu %s %s", + file, linenum, key_type(key), fp); + free(fp); + /* Never accept a revoked key */ if (auth_key_is_revoked(key)) break; @@ -276,10 +285,12 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) temporarily_use_uid(pw); for (i = 0; !allowed && i < options.num_authkeys_files; i++) { + if (strcasecmp(options.authorized_keys_files[i], "none") == 0) + continue; file = expand_authorized_keys( options.authorized_keys_files[i], pw); allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); - xfree(file); + free(file); } restore_uid(); @@ -296,7 +307,6 @@ int auth_rsa(Authctxt *authctxt, BIGNUM *client_n) { Key *key; - char *fp; struct passwd *pw = authctxt->pw; /* no user given */ @@ -326,11 +336,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) * options; this will be reset if the options cause the * authentication to be rejected. */ - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); - verbose("Found matching %s key: %s", - key_type(key), fp); - xfree(fp); - key_free(key); + pubkey_auth_info(authctxt, key, NULL); packet_send_debug("RSA authentication accepted."); return (1); diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index a8cffd5c1e..5e60682ce2 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.96 2012/05/13 01:42:32 dtucker Exp $ */ +/* $OpenBSD: auth.c,v 1.106 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -56,6 +56,7 @@ #include "groupaccess.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "key.h" #include "hostfile.h" @@ -63,7 +64,6 @@ #include "auth-options.h" #include "canohost.h" #include "uidswap.h" -#include "misc.h" #include "packet.h" #include "loginrec.h" #ifdef GSSAPI @@ -71,6 +71,8 @@ #endif #include "authfile.h" #include "monitor_wrap.h" +#include "krl.h" +#include "compat.h" /* import */ extern ServerOptions options; @@ -164,17 +166,17 @@ allowed_user(struct passwd * pw) if (stat(shell, &st) != 0) { logit("User %.100s not allowed because shell %.100s " "does not exist", pw->pw_name, shell); - xfree(shell); + free(shell); return 0; } if (S_ISREG(st.st_mode) == 0 || (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { logit("User %.100s not allowed because shell %.100s " "is not executable", pw->pw_name, shell); - xfree(shell); + free(shell); return 0; } - xfree(shell); + free(shell); } if (options.num_deny_users > 0 || options.num_allow_users > 0 || @@ -251,7 +253,25 @@ allowed_user(struct passwd * pw) } void -auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) +auth_info(Authctxt *authctxt, const char *fmt, ...) +{ + va_list ap; + int i; + + free(authctxt->info); + authctxt->info = NULL; + + va_start(ap, fmt); + i = vasprintf(&authctxt->info, fmt, ap); + va_end(ap); + + if (i < 0 || authctxt->info == NULL) + fatal("vasprintf failed"); +} + +void +auth_log(Authctxt *authctxt, int authenticated, int partial, + const char *method, const char *submethod) { void (*authlog) (const char *fmt,...) = verbose; char *authmsg; @@ -268,17 +288,24 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) if (authctxt->postponed) authmsg = "Postponed"; + else if (partial) + authmsg = "Partial"; else authmsg = authenticated ? "Accepted" : "Failed"; - authlog("%s %s for %s%.100s from %.200s port %d%s", + authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", authmsg, method, + submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, authctxt->valid ? "" : "invalid user ", authctxt->user, get_remote_ipaddr(), get_remote_port(), - info); + compat20 ? "ssh2" : "ssh1", + authctxt->info != NULL ? ": " : "", + authctxt->info != NULL ? authctxt->info : ""); + free(authctxt->info); + authctxt->info = NULL; #ifdef CUSTOM_FAILED_LOGIN if (authenticated == 0 && !authctxt->postponed && @@ -299,11 +326,25 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) #endif } + +void +auth_maxtries_exceeded(Authctxt *authctxt) +{ + packet_disconnect("Too many authentication failures for " + "%s%.100s from %.200s port %d %s", + authctxt->valid ? "" : "invalid user ", + authctxt->user, + get_remote_ipaddr(), + get_remote_port(), + compat20 ? "ssh2" : "ssh1"); + /* NOTREACHED */ +} + /* * Check whether root logins are disallowed. */ int -auth_root_allowed(char *method) +auth_root_allowed(const char *method) { switch (options.permit_root_login) { case PERMIT_YES: @@ -350,7 +391,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw) i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); if (i < 0 || (size_t)i >= sizeof(ret)) fatal("expand_authorized_keys: path too long"); - xfree(file); + free(file); return (xstrdup(ret)); } @@ -392,7 +433,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, load_hostkeys(hostkeys, host, user_hostfile); restore_uid(); } - xfree(user_hostfile); + free(user_hostfile); } host_status = check_key_in_hostkeys(hostkeys, key, &found); if (host_status == HOST_REVOKED) @@ -409,41 +450,42 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, return host_status; } - /* - * Check a given file for security. This is defined as all components + * Check a given path for security. This is defined as all components * of the path to the file must be owned by either the owner of * of the file or root and no directories must be group or world writable. * * XXX Should any specific check be done for sym links ? * - * Takes an open file descriptor, the file name, a uid and and + * Takes a file name, its stat information (preferably from fstat() to + * avoid races), the uid of the expected owner, their home directory and an * error buffer plus max size as arguments. * * Returns 0 on success and -1 on failure */ -static int -secure_filename(FILE *f, const char *file, struct passwd *pw, - char *err, size_t errlen) +int +auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, + uid_t uid, char *err, size_t errlen) { - uid_t uid = pw->pw_uid; char buf[MAXPATHLEN], homedir[MAXPATHLEN]; char *cp; int comparehome = 0; struct stat st; - if (realpath(file, buf) == NULL) { - snprintf(err, errlen, "realpath %s failed: %s", file, + if (realpath(name, buf) == NULL) { + snprintf(err, errlen, "realpath %s failed: %s", name, strerror(errno)); return -1; } - if (realpath(pw->pw_dir, homedir) != NULL) + if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL) comparehome = 1; - /* check the open file to avoid races */ - if (fstat(fileno(f), &st) < 0 || - (st.st_uid != 0 && st.st_uid != uid) || - (st.st_mode & 022) != 0) { + if (!S_ISREG(stp->st_mode)) { + snprintf(err, errlen, "%s is not a regular file", buf); + return -1; + } + if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || + (stp->st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for file %s", buf); return -1; @@ -458,7 +500,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, strlcpy(buf, cp, sizeof(buf)); if (stat(buf, &st) < 0 || - (st.st_uid != 0 && st.st_uid != uid) || + (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || (st.st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for directory %s", buf); @@ -479,6 +521,27 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, return 0; } +/* + * Version of secure_path() that accepts an open file descriptor to + * avoid races. + * + * Returns 0 on success and -1 on failure + */ +static int +secure_filename(FILE *f, const char *file, struct passwd *pw, + char *err, size_t errlen) +{ + struct stat st; + + /* check the open file to avoid races */ + if (fstat(fileno(f), &st) < 0) { + snprintf(err, errlen, "cannot stat file %s: %s", + file, strerror(errno)); + return -1; + } + return auth_secure_path(file, &st, pw->pw_dir, pw->pw_uid, err, errlen); +} + static FILE * auth_openfile(const char *file, struct passwd *pw, int strict_modes, int log_missing, char *file_type) @@ -610,11 +673,22 @@ getpwnamallow(const char *user) int auth_key_is_revoked(Key *key) { +#ifdef WITH_OPENSSL char *key_fp; if (options.revoked_keys_file == NULL) return 0; - + switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) { + case 0: + return 0; /* Not revoked */ + case -2: + break; /* Not a KRL */ + default: + goto revoked; + } +#endif + debug3("%s: treating %s as a key list", __func__, + options.revoked_keys_file); switch (key_in_file(key, options.revoked_keys_file, 0)) { case 0: /* key not revoked */ @@ -624,13 +698,16 @@ auth_key_is_revoked(Key *key) error("Revoked keys file is unreadable: refusing public key " "authentication"); return 1; +#ifdef WITH_OPENSSL case 1: + revoked: /* Key revoked */ key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); error("WARNING: authentication attempt with a revoked " "%s key %s ", key_type(key), key_fp); - xfree(key_fp); + free(key_fp); return 1; +#endif } fatal("key_in_file returned junk"); } @@ -660,7 +737,7 @@ auth_debug_send(void) while (buffer_len(&auth_debug)) { msg = buffer_get_string(&auth_debug, NULL); packet_send_debug("%s", msg); - xfree(msg); + free(msg); } } @@ -684,10 +761,12 @@ fakepw(void) fake.pw_name = "NOUSER"; fake.pw_passwd = "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS fake.pw_gecos = "NOUSER"; +#endif fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; -#ifdef HAVE_PW_CLASS_IN_PASSWD +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS fake.pw_class = ""; #endif fake.pw_dir = "/nonexist"; diff --git a/crypto/openssh/auth.h b/crypto/openssh/auth.h index 0d786c4d53..d081c94a6f 100644 --- a/crypto/openssh/auth.h +++ b/crypto/openssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.69 2011/05/23 03:30:07 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -60,10 +60,12 @@ struct Authctxt { struct passwd *pw; /* set if 'valid' */ char *style; void *kbdintctxt; - void *jpake_ctx; + char *info; /* Extra info for next auth_log */ #ifdef BSD_AUTH auth_session_t *as; #endif + char **auth_methods; /* modified from server config */ + u_int num_auth_methods; #ifdef KRB5 krb5_context krb5_ctx; krb5_ccache krb5_fwd_ccache; @@ -119,6 +121,12 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); int user_key_allowed(struct passwd *, Key *); +void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) + __attribute__((__format__ (printf, 3, 4))); + +struct stat; +int auth_secure_path(const char *, struct stat *, const char *, uid_t, + char *, size_t); #ifdef KRB5 int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); @@ -142,12 +150,21 @@ void disable_forwarding(void); void do_authentication(Authctxt *); void do_authentication2(Authctxt *); -void auth_log(Authctxt *, int, char *, char *); -void userauth_finish(Authctxt *, int, char *); +void auth_info(Authctxt *authctxt, const char *, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); +void auth_log(Authctxt *, int, int, const char *, const char *); +void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); +void userauth_finish(Authctxt *, int, const char *, const char *); +int auth_root_allowed(const char *); + void userauth_send_banner(const char *); -int auth_root_allowed(char *); char *auth2_read_banner(void); +int auth2_methods_valid(const char *, int); +int auth2_update_methods_lists(Authctxt *, const char *, const char *); +int auth2_setup_methods_lists(Authctxt *); +int auth2_method_allowed(Authctxt *, const char *, const char *); void privsep_challenge_enable(void); @@ -158,9 +175,6 @@ int bsdauth_respond(void *, u_int, char **); int skey_query(void *, char **, char **, u_int *, char ***, u_int **); int skey_respond(void *, u_int, char **); -void auth2_jpake_get_pwdata(Authctxt *, BIGNUM **, char **, char **); -void auth2_jpake_stop(Authctxt *); - int allowed_user(struct passwd *); struct passwd * getpwnamallow(const char *user); @@ -181,10 +195,12 @@ check_key_in_hostfiles(struct passwd *, Key *, const char *, /* hostkey handling */ Key *get_hostkey_by_index(int); +Key *get_hostkey_public_by_index(int); Key *get_hostkey_public_by_type(int); Key *get_hostkey_private_by_type(int); int get_hostkey_index(Key *); int ssh1_session_key(BIGNUM *); +void sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int); /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); @@ -195,8 +211,6 @@ struct passwd *fakepw(void); int sys_auth_passwd(Authctxt *, const char *); -#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" - #define SKEY_PROMPT "\nS/Key Password: " #if defined(KRB5) && !defined(HEIMDAL) diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c index cc85aec740..50388285ce 100644 --- a/crypto/openssh/auth1.c +++ b/crypto/openssh/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.75 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -27,6 +27,7 @@ #include "packet.h" #include "buffer.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "compat.h" #include "key.h" @@ -45,11 +46,11 @@ extern ServerOptions options; extern Buffer loginmsg; -static int auth1_process_password(Authctxt *, char *, size_t); -static int auth1_process_rsa(Authctxt *, char *, size_t); -static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t); -static int auth1_process_tis_challenge(Authctxt *, char *, size_t); -static int auth1_process_tis_response(Authctxt *, char *, size_t); +static int auth1_process_password(Authctxt *); +static int auth1_process_rsa(Authctxt *); +static int auth1_process_rhosts_rsa(Authctxt *); +static int auth1_process_tis_challenge(Authctxt *); +static int auth1_process_tis_response(Authctxt *); static char *client_user = NULL; /* Used to fill in remote user for PAM */ @@ -57,7 +58,7 @@ struct AuthMethod1 { int type; char *name; int *enabled; - int (*method)(Authctxt *, char *, size_t); + int (*method)(Authctxt *); }; const struct AuthMethod1 auth1_methods[] = { @@ -112,7 +113,7 @@ get_authname(int type) /*ARGSUSED*/ static int -auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_password(Authctxt *authctxt) { int authenticated = 0; char *password; @@ -129,15 +130,15 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) /* Try authentication with the password. */ authenticated = PRIVSEP(auth_password(authctxt, password)); - memset(password, 0, dlen); - xfree(password); + explicit_bzero(password, dlen); + free(password); return (authenticated); } /*ARGSUSED*/ static int -auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_rsa(Authctxt *authctxt) { int authenticated = 0; BIGNUM *n; @@ -155,7 +156,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) /*ARGSUSED*/ static int -auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_rhosts_rsa(Authctxt *authctxt) { int keybits, authenticated = 0; u_int bits; @@ -187,14 +188,14 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) client_host_key); key_free(client_host_key); - snprintf(info, infolen, " ruser %.100s", client_user); + auth_info(authctxt, "ruser %.100s", client_user); return (authenticated); } /*ARGSUSED*/ static int -auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_tis_challenge(Authctxt *authctxt) { char *challenge; @@ -204,7 +205,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) debug("sending challenge '%s'", challenge); packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); packet_put_cstring(challenge); - xfree(challenge); + free(challenge); packet_send(); packet_write_wait(); @@ -213,7 +214,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) /*ARGSUSED*/ static int -auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_tis_response(Authctxt *authctxt) { int authenticated = 0; char *response; @@ -222,8 +223,8 @@ auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) response = packet_get_string(&dlen); packet_check_eom(); authenticated = verify_response(authctxt, response); - memset(response, 'r', dlen); - xfree(response); + explicit_bzero(response, dlen); + free(response); return (authenticated); } @@ -236,7 +237,6 @@ static void do_authloop(Authctxt *authctxt) { int authenticated = 0; - char info[1024]; int prev = 0, type = 0; const struct AuthMethod1 *meth; @@ -253,7 +253,8 @@ do_authloop(Authctxt *authctxt) if (options.use_pam && (PRIVSEP(do_pam_account()))) #endif { - auth_log(authctxt, 1, "without authentication", ""); + auth_log(authctxt, 1, 0, "without authentication", + NULL); return; } } @@ -267,7 +268,6 @@ do_authloop(Authctxt *authctxt) /* default to fail */ authenticated = 0; - info[0] = '\0'; /* Get a packet from the client. */ prev = type; @@ -297,7 +297,7 @@ do_authloop(Authctxt *authctxt) goto skip; } - authenticated = meth->method(authctxt, info, sizeof(info)); + authenticated = meth->method(authctxt); if (authenticated == -1) continue; /* "postponed" */ @@ -352,12 +352,10 @@ do_authloop(Authctxt *authctxt) skip: /* Log before sending the reply */ - auth_log(authctxt, authenticated, get_authname(type), info); + auth_log(authctxt, authenticated, 0, get_authname(type), NULL); - if (client_user != NULL) { - xfree(client_user); - client_user = NULL; - } + free(client_user); + client_user = NULL; if (authenticated) return; @@ -366,7 +364,7 @@ do_authloop(Authctxt *authctxt) #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); #endif - packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + auth_maxtries_exceeded(authctxt); } packet_start(SSH_SMSG_FAILURE); @@ -406,6 +404,11 @@ do_authentication(Authctxt *authctxt) authctxt->pw = fakepw(); } + /* Configuration may have changed as a result of Match */ + if (options.num_auth_methods != 0) + fatal("AuthenticationMethods is not supported with SSH " + "protocol 1"); + setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); diff --git a/crypto/openssh/auth2-chall.c b/crypto/openssh/auth2-chall.c index e6dbffe22b..ea4eb6952f 100644 --- a/crypto/openssh/auth2-chall.c +++ b/crypto/openssh/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.34 2008/12/09 04:32:22 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.41 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -41,6 +41,7 @@ #include "packet.h" #include "dispatch.h" #include "log.h" +#include "misc.h" #include "servconf.h" /* import */ @@ -111,7 +112,7 @@ kbdint_alloc(const char *devs) remove_kbdint_device("pam"); #endif - kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); + kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { buffer_init(&b); for (i = 0; devices[i]; i++) { @@ -147,15 +148,13 @@ kbdint_free(KbdintAuthctxt *kbdintctxt) { if (kbdintctxt->device) kbdint_reset_device(kbdintctxt); - if (kbdintctxt->devices) { - xfree(kbdintctxt->devices); - kbdintctxt->devices = NULL; - } - xfree(kbdintctxt); + free(kbdintctxt->devices); + explicit_bzero(kbdintctxt, sizeof(*kbdintctxt)); + free(kbdintctxt); } /* get next device */ static int -kbdint_next_device(KbdintAuthctxt *kbdintctxt) +kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) { size_t len; char *t; @@ -169,12 +168,16 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt) if (len == 0) break; - for (i = 0; devices[i]; i++) + for (i = 0; devices[i]; i++) { + if (!auth2_method_allowed(authctxt, + "keyboard-interactive", devices[i]->name)) + continue; if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) kbdintctxt->device = devices[i]; + } t = kbdintctxt->devices; kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; - xfree(t); + free(t); debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? kbdintctxt->devices : ""); } while (kbdintctxt->devices && !kbdintctxt->device); @@ -221,7 +224,7 @@ auth2_challenge_start(Authctxt *authctxt) debug2("auth2_challenge_start: devices %s", kbdintctxt->devices ? kbdintctxt->devices : ""); - if (kbdint_next_device(kbdintctxt) == 0) { + if (kbdint_next_device(authctxt, kbdintctxt) == 0) { auth2_challenge_stop(authctxt); return 0; } @@ -268,11 +271,11 @@ send_userauth_info_request(Authctxt *authctxt) packet_write_wait(); for (i = 0; i < kbdintctxt->nreq; i++) - xfree(prompts[i]); - xfree(prompts); - xfree(echo_on); - xfree(name); - xfree(instr); + free(prompts[i]); + free(prompts); + free(echo_on); + free(name); + free(instr); return 1; } @@ -283,7 +286,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) KbdintAuthctxt *kbdintctxt; int authenticated = 0, res; u_int i, nresp; - char **response = NULL, *method; + const char *devicename = NULL; + char **response = NULL; if (authctxt == NULL) fatal("input_userauth_info_response: no authctxt"); @@ -309,11 +313,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); for (i = 0; i < nresp; i++) { - memset(response[i], 'r', strlen(response[i])); - xfree(response[i]); + explicit_bzero(response[i], strlen(response[i])); + free(response[i]); } - if (response) - xfree(response); + free(response); switch (res) { case 0: @@ -329,9 +332,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) /* Failure! */ break; } - - xasprintf(&method, "keyboard-interactive/%s", kbdintctxt->device->name); - + devicename = kbdintctxt->device->name; if (!authctxt->postponed) { if (authenticated) { auth2_challenge_stop(authctxt); @@ -341,8 +342,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) auth2_challenge_start(authctxt); } } - userauth_finish(authctxt, authenticated, method); - xfree(method); + userauth_finish(authctxt, authenticated, "keyboard-interactive", + devicename); } void diff --git a/crypto/openssh/auth2-gss.c b/crypto/openssh/auth2-gss.c index 0d59b21776..447f896f2b 100644 --- a/crypto/openssh/auth2-gss.c +++ b/crypto/openssh/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.17 2011/03/10 02:52:57 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.21 2014/02/26 20:28:44 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -40,6 +40,7 @@ #include "log.h" #include "dispatch.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "packet.h" #include "ssh-gss.h" @@ -62,7 +63,6 @@ userauth_gssapi(Authctxt *authctxt) gss_OID_desc goid = {0, NULL}; Gssctxt *ctxt = NULL; int mechs; - gss_OID_set supported; int present; OM_uint32 ms; u_int len; @@ -77,12 +77,10 @@ userauth_gssapi(Authctxt *authctxt) return (0); } - ssh_gssapi_supported_oids(&supported); do { mechs--; - if (doid) - xfree(doid); + free(doid); present = 0; doid = packet_get_string(&len); @@ -91,17 +89,14 @@ userauth_gssapi(Authctxt *authctxt) doid[1] == len - 2) { goid.elements = doid + 2; goid.length = len - 2; - gss_test_oid_set_member(&ms, &goid, supported, - &present); + ssh_gssapi_test_oid_supported(&ms, &goid, &present); } else { logit("Badly formed OID received"); } } while (mechs > 0 && !present); - gss_release_oid_set(&ms, &supported); - if (!present) { - xfree(doid); + free(doid); authctxt->server_caused_failure = 1; return (0); } @@ -109,7 +104,7 @@ userauth_gssapi(Authctxt *authctxt) if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { if (ctxt != NULL) ssh_gssapi_delete_ctx(&ctxt); - xfree(doid); + free(doid); authctxt->server_caused_failure = 1; return (0); } @@ -122,7 +117,7 @@ userauth_gssapi(Authctxt *authctxt) packet_put_string(doid, len); packet_send(); - xfree(doid); + free(doid); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); @@ -153,7 +148,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, &send_tok, &flags)); - xfree(recv_tok.value); + free(recv_tok.value); if (GSS_ERROR(maj_status)) { if (send_tok.length != 0) { @@ -163,7 +158,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) } authctxt->postponed = 0; dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); - userauth_finish(authctxt, 0, "gssapi-with-mic"); + userauth_finish(authctxt, 0, "gssapi-with-mic", NULL); } else { if (send_tok.length != 0) { packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); @@ -208,7 +203,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, &send_tok, NULL)); - xfree(recv_tok.value); + free(recv_tok.value); /* We can't return anything to the client, even if we wanted to */ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); @@ -229,14 +224,11 @@ static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) { Authctxt *authctxt = ctxt; - Gssctxt *gssctxt; int authenticated; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) fatal("No authentication or GSSAPI context"); - gssctxt = authctxt->methoddata; - /* * We don't need to check the status, because we're only enabled in * the dispatcher once the exchange is complete @@ -251,7 +243,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); - userauth_finish(authctxt, authenticated, "gssapi-with-mic"); + userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); } static void @@ -284,14 +276,14 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) logit("GSSAPI MIC check failed"); buffer_free(&b); - xfree(mic.value); + free(mic.value); authctxt->postponed = 0; dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); - userauth_finish(authctxt, authenticated, "gssapi-with-mic"); + userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); } Authmethod method_gssapi = { diff --git a/crypto/openssh/auth2-hostbased.c b/crypto/openssh/auth2-hostbased.c index cdf442f97c..6787e4ca41 100644 --- a/crypto/openssh/auth2-hostbased.c +++ b/crypto/openssh/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -36,6 +36,7 @@ #include "packet.h" #include "buffer.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "compat.h" #include "key.h" @@ -100,6 +101,12 @@ userauth_hostbased(Authctxt *authctxt) "(received %d, expected %d)", key->type, pktype); goto done; } + if (key_type_plain(key->type) == KEY_RSA && + (datafellows & SSH_BUG_RSASIGMD5) != 0) { + error("Refusing RSA key because peer uses unsafe " + "signature format"); + goto done; + } service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; buffer_init(&b); @@ -116,6 +123,10 @@ userauth_hostbased(Authctxt *authctxt) #ifdef DEBUG_PK buffer_dump(&b); #endif + + pubkey_auth_info(authctxt, key, + "client user \"%.100s\", client host \"%.100s\"", cuser, chost); + /* test for allowed key and correct signature */ authenticated = 0; if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && @@ -128,11 +139,11 @@ done: debug2("userauth_hostbased: authenticated %d", authenticated); if (key != NULL) key_free(key); - xfree(pkalg); - xfree(pkblob); - xfree(cuser); - xfree(chost); - xfree(sig); + free(pkalg); + free(pkblob); + free(cuser); + free(chost); + free(sig); return authenticated; } @@ -207,7 +218,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, verbose("Accepted %s public key %s from %s@%s", key_type(key), fp, cuser, lookup); } - xfree(fp); + free(fp); } return (host_status == HOST_OK); diff --git a/crypto/openssh/auth2-jpake.c b/crypto/openssh/auth2-jpake.c deleted file mode 100644 index a460e82162..0000000000 --- a/crypto/openssh/auth2-jpake.c +++ /dev/null @@ -1,563 +0,0 @@ -/* $OpenBSD: auth2-jpake.c,v 1.4 2010/08/31 11:54:45 djm Exp $ */ -/* - * Copyright (c) 2008 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Server side of zero-knowledge password auth using J-PAKE protocol - * as described in: - * - * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", - * 16th Workshop on Security Protocols, Cambridge, April 2008 - * - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - */ - -#ifdef JPAKE - -#include -#include - -#include -#include -#include -#include - -#include -#include - -#include "xmalloc.h" -#include "ssh2.h" -#include "key.h" -#include "hostfile.h" -#include "auth.h" -#include "buffer.h" -#include "packet.h" -#include "dispatch.h" -#include "log.h" -#include "servconf.h" -#include "auth-options.h" -#include "canohost.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" - -#include "schnorr.h" -#include "jpake.h" - -/* - * XXX options->permit_empty_passwd (at the moment, they will be refused - * anyway because they will mismatch on fake salt. - */ - -/* Dispatch handlers */ -static void input_userauth_jpake_client_step1(int, u_int32_t, void *); -static void input_userauth_jpake_client_step2(int, u_int32_t, void *); -static void input_userauth_jpake_client_confirm(int, u_int32_t, void *); - -static int auth2_jpake_start(Authctxt *); - -/* import */ -extern ServerOptions options; -extern u_char *session_id2; -extern u_int session_id2_len; - -/* - * Attempt J-PAKE authentication. - */ -static int -userauth_jpake(Authctxt *authctxt) -{ - int authenticated = 0; - - packet_check_eom(); - - debug("jpake-01@openssh.com requested"); - - if (authctxt->user != NULL) { - if (authctxt->jpake_ctx == NULL) - authctxt->jpake_ctx = jpake_new(); - if (options.zero_knowledge_password_authentication) - authenticated = auth2_jpake_start(authctxt); - } - - return authenticated; -} - -Authmethod method_jpake = { - "jpake-01@openssh.com", - userauth_jpake, - &options.zero_knowledge_password_authentication -}; - -/* Clear context and callbacks */ -void -auth2_jpake_stop(Authctxt *authctxt) -{ - /* unregister callbacks */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL); - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL); - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL); - if (authctxt->jpake_ctx != NULL) { - jpake_free(authctxt->jpake_ctx); - authctxt->jpake_ctx = NULL; - } -} - -/* Returns 1 if 'c' is a valid crypt(3) salt character, 0 otherwise */ -static int -valid_crypt_salt(int c) -{ - if (c >= 'A' && c <= 'Z') - return 1; - if (c >= 'a' && c <= 'z') - return 1; - if (c >= '.' && c <= '9') - return 1; - return 0; -} - -/* - * Derive fake salt as H(username || first_private_host_key) - * This provides relatively stable fake salts for non-existent - * users and avoids the jpake method becoming an account validity - * oracle. - */ -static void -derive_rawsalt(const char *username, u_char *rawsalt, u_int len) -{ - u_char *digest; - u_int digest_len; - Buffer b; - Key *k; - - buffer_init(&b); - buffer_put_cstring(&b, username); - if ((k = get_hostkey_by_index(0)) == NULL || - (k->flags & KEY_FLAG_EXT)) - fatal("%s: no hostkeys", __func__); - switch (k->type) { - case KEY_RSA1: - case KEY_RSA: - if (k->rsa->p == NULL || k->rsa->q == NULL) - fatal("%s: RSA key missing p and/or q", __func__); - buffer_put_bignum2(&b, k->rsa->p); - buffer_put_bignum2(&b, k->rsa->q); - break; - case KEY_DSA: - if (k->dsa->priv_key == NULL) - fatal("%s: DSA key missing priv_key", __func__); - buffer_put_bignum2(&b, k->dsa->priv_key); - break; - case KEY_ECDSA: - if (EC_KEY_get0_private_key(k->ecdsa) == NULL) - fatal("%s: ECDSA key missing priv_key", __func__); - buffer_put_bignum2(&b, EC_KEY_get0_private_key(k->ecdsa)); - break; - default: - fatal("%s: unknown key type %d", __func__, k->type); - } - if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(), - &digest, &digest_len) != 0) - fatal("%s: hash_buffer", __func__); - buffer_free(&b); - if (len > digest_len) - fatal("%s: not enough bytes for rawsalt (want %u have %u)", - __func__, len, digest_len); - memcpy(rawsalt, digest, len); - bzero(digest, digest_len); - xfree(digest); -} - -/* ASCII an integer [0, 64) for inclusion in a password/salt */ -static char -pw_encode64(u_int i64) -{ - const u_char e64[] = - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; - return e64[i64 % 64]; -} - -/* Generate ASCII salt bytes for user */ -static char * -makesalt(u_int want, const char *user) -{ - u_char rawsalt[32]; - static char ret[33]; - u_int i; - - if (want > sizeof(ret) - 1) - fatal("%s: want %u", __func__, want); - - derive_rawsalt(user, rawsalt, sizeof(rawsalt)); - bzero(ret, sizeof(ret)); - for (i = 0; i < want; i++) - ret[i] = pw_encode64(rawsalt[i]); - bzero(rawsalt, sizeof(rawsalt)); - - return ret; -} - -/* - * Select the system's default password hashing scheme and generate - * a stable fake salt under it for use by a non-existent account. - * Prevents jpake method being used to infer the validity of accounts. - */ -static void -fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme) -{ - char *rounds_s, *style; - long long rounds; - login_cap_t *lc; - - - if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL && - (lc = login_getclass(NULL)) == NULL) - fatal("%s: login_getclass failed", __func__); - style = login_getcapstr(lc, "localcipher", NULL, NULL); - if (style == NULL) - style = xstrdup("blowfish,6"); - login_close(lc); - - if ((rounds_s = strchr(style, ',')) != NULL) - *rounds_s++ = '\0'; - rounds = strtonum(rounds_s, 1, 1<<31, NULL); - - if (strcmp(style, "md5") == 0) { - xasprintf(salt, "$1$%s$", makesalt(8, authctxt->user)); - *scheme = xstrdup("md5"); - } else if (strcmp(style, "old") == 0) { - *salt = xstrdup(makesalt(2, authctxt->user)); - *scheme = xstrdup("crypt"); - } else if (strcmp(style, "newsalt") == 0) { - rounds = MAX(rounds, 7250); - rounds = MIN(rounds, (1<<24) - 1); - xasprintf(salt, "_%c%c%c%c%s", - pw_encode64(rounds), pw_encode64(rounds >> 6), - pw_encode64(rounds >> 12), pw_encode64(rounds >> 18), - makesalt(4, authctxt->user)); - *scheme = xstrdup("crypt-extended"); - } else { - /* Default to blowfish */ - rounds = MAX(rounds, 3); - rounds = MIN(rounds, 31); - xasprintf(salt, "$2a$%02lld$%s", rounds, - makesalt(22, authctxt->user)); - *scheme = xstrdup("bcrypt"); - } - xfree(style); - debug3("%s: fake %s salt for user %s: %s", - __func__, *scheme, authctxt->user, *salt); -} - -/* - * Fetch password hashing scheme, password salt and derive shared secret - * for user. If user does not exist, a fake but stable and user-unique - * salt will be returned. - */ -void -auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s, - char **hash_scheme, char **salt) -{ - char *cp; - u_char *secret; - u_int secret_len, salt_len; - -#ifdef JPAKE_DEBUG - debug3("%s: valid %d pw %.5s...", __func__, - authctxt->valid, authctxt->pw->pw_passwd); -#endif - - *salt = NULL; - *hash_scheme = NULL; - if (authctxt->valid) { - if (strncmp(authctxt->pw->pw_passwd, "$2$", 3) == 0 && - strlen(authctxt->pw->pw_passwd) > 28) { - /* - * old-variant bcrypt: - * "$2$", 2 digit rounds, "$", 22 bytes salt - */ - salt_len = 3 + 2 + 1 + 22 + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, salt_len); - *hash_scheme = xstrdup("bcrypt"); - } else if (strncmp(authctxt->pw->pw_passwd, "$2a$", 4) == 0 && - strlen(authctxt->pw->pw_passwd) > 29) { - /* - * current-variant bcrypt: - * "$2a$", 2 digit rounds, "$", 22 bytes salt - */ - salt_len = 4 + 2 + 1 + 22 + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, salt_len); - *hash_scheme = xstrdup("bcrypt"); - } else if (strncmp(authctxt->pw->pw_passwd, "$1$", 3) == 0 && - strlen(authctxt->pw->pw_passwd) > 5) { - /* - * md5crypt: - * "$1$", salt until "$" - */ - cp = strchr(authctxt->pw->pw_passwd + 3, '$'); - if (cp != NULL) { - salt_len = (cp - authctxt->pw->pw_passwd) + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, - salt_len); - *hash_scheme = xstrdup("md5crypt"); - } - } else if (strncmp(authctxt->pw->pw_passwd, "_", 1) == 0 && - strlen(authctxt->pw->pw_passwd) > 9) { - /* - * BSDI extended crypt: - * "_", 4 digits count, 4 chars salt - */ - salt_len = 1 + 4 + 4 + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, salt_len); - *hash_scheme = xstrdup("crypt-extended"); - } else if (strlen(authctxt->pw->pw_passwd) == 13 && - valid_crypt_salt(authctxt->pw->pw_passwd[0]) && - valid_crypt_salt(authctxt->pw->pw_passwd[1])) { - /* - * traditional crypt: - * 2 chars salt - */ - salt_len = 2 + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, salt_len); - *hash_scheme = xstrdup("crypt"); - } - if (*salt == NULL) { - debug("%s: unrecognised crypt scheme for user %s", - __func__, authctxt->pw->pw_name); - } - } - if (*salt == NULL) - fake_salt_and_scheme(authctxt, salt, hash_scheme); - - if (hash_buffer(authctxt->pw->pw_passwd, - strlen(authctxt->pw->pw_passwd), EVP_sha256(), - &secret, &secret_len) != 0) - fatal("%s: hash_buffer", __func__); - if ((*s = BN_bin2bn(secret, secret_len, NULL)) == NULL) - fatal("%s: BN_bin2bn (secret)", __func__); -#ifdef JPAKE_DEBUG - debug3("%s: salt = %s (len %u)", __func__, - *salt, (u_int)strlen(*salt)); - debug3("%s: scheme = %s", __func__, *hash_scheme); - JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); -#endif - bzero(secret, secret_len); - xfree(secret); -} - -/* - * Begin authentication attempt. - * Note, sets authctxt->postponed while in subprotocol - */ -static int -auth2_jpake_start(Authctxt *authctxt) -{ - struct jpake_ctx *pctx = authctxt->jpake_ctx; - u_char *x3_proof, *x4_proof; - u_int x3_proof_len, x4_proof_len; - char *salt, *hash_scheme; - - debug("%s: start", __func__); - - PRIVSEP(jpake_step1(pctx->grp, - &pctx->server_id, &pctx->server_id_len, - &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4, - &x3_proof, &x3_proof_len, - &x4_proof, &x4_proof_len)); - - PRIVSEP(auth2_jpake_get_pwdata(authctxt, &pctx->s, - &hash_scheme, &salt)); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__)); - - packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1); - packet_put_cstring(hash_scheme); - packet_put_cstring(salt); - packet_put_string(pctx->server_id, pctx->server_id_len); - packet_put_bignum2(pctx->g_x3); - packet_put_bignum2(pctx->g_x4); - packet_put_string(x3_proof, x3_proof_len); - packet_put_string(x4_proof, x4_proof_len); - packet_send(); - packet_write_wait(); - - bzero(hash_scheme, strlen(hash_scheme)); - bzero(salt, strlen(salt)); - xfree(hash_scheme); - xfree(salt); - bzero(x3_proof, x3_proof_len); - bzero(x4_proof, x4_proof_len); - xfree(x3_proof); - xfree(x4_proof); - - /* Expect step 1 packet from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, - input_userauth_jpake_client_step1); - - authctxt->postponed = 1; - return 0; -} - -/* ARGSUSED */ -static void -input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->jpake_ctx; - u_char *x1_proof, *x2_proof, *x4_s_proof; - u_int x1_proof_len, x2_proof_len, x4_s_proof_len; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL); - - /* Fetch step 1 values */ - if ((pctx->g_x1 = BN_new()) == NULL || - (pctx->g_x2 = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - pctx->client_id = packet_get_string(&pctx->client_id_len); - packet_get_bignum2(pctx->g_x1); - packet_get_bignum2(pctx->g_x2); - x1_proof = packet_get_string(&x1_proof_len); - x2_proof = packet_get_string(&x2_proof_len); - packet_check_eom(); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__)); - - PRIVSEP(jpake_step2(pctx->grp, pctx->s, pctx->g_x3, - pctx->g_x1, pctx->g_x2, pctx->x4, - pctx->client_id, pctx->client_id_len, - pctx->server_id, pctx->server_id_len, - x1_proof, x1_proof_len, - x2_proof, x2_proof_len, - &pctx->b, - &x4_s_proof, &x4_s_proof_len)); - - bzero(x1_proof, x1_proof_len); - bzero(x2_proof, x2_proof_len); - xfree(x1_proof); - xfree(x2_proof); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); - - /* Send values for step 2 */ - packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2); - packet_put_bignum2(pctx->b); - packet_put_string(x4_s_proof, x4_s_proof_len); - packet_send(); - packet_write_wait(); - - bzero(x4_s_proof, x4_s_proof_len); - xfree(x4_s_proof); - - /* Expect step 2 packet from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, - input_userauth_jpake_client_step2); -} - -/* ARGSUSED */ -static void -input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->jpake_ctx; - u_char *x2_s_proof; - u_int x2_s_proof_len; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL); - - if ((pctx->a = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - /* Fetch step 2 values */ - packet_get_bignum2(pctx->a); - x2_s_proof = packet_get_string(&x2_s_proof_len); - packet_check_eom(); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__)); - - /* Derive shared key and calculate confirmation hash */ - PRIVSEP(jpake_key_confirm(pctx->grp, pctx->s, pctx->a, - pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2, - pctx->server_id, pctx->server_id_len, - pctx->client_id, pctx->client_id_len, - session_id2, session_id2_len, - x2_s_proof, x2_s_proof_len, - &pctx->k, - &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); - - bzero(x2_s_proof, x2_s_proof_len); - xfree(x2_s_proof); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); - - /* Send key confirmation proof */ - packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM); - packet_put_string(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); - packet_send(); - packet_write_wait(); - - /* Expect confirmation from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, - input_userauth_jpake_client_confirm); -} - -/* ARGSUSED */ -static void -input_userauth_jpake_client_confirm(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->jpake_ctx; - int authenticated = 0; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL); - - pctx->h_k_cid_sessid = packet_get_string(&pctx->h_k_cid_sessid_len); - packet_check_eom(); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__)); - - /* Verify expected confirmation hash */ - if (PRIVSEP(jpake_check_confirm(pctx->k, - pctx->client_id, pctx->client_id_len, - session_id2, session_id2_len, - pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len)) == 1) - authenticated = authctxt->valid ? 1 : 0; - else - debug("%s: confirmation mismatch", __func__); - - /* done */ - authctxt->postponed = 0; - jpake_free(authctxt->jpake_ctx); - authctxt->jpake_ctx = NULL; - userauth_finish(authctxt, authenticated, method_jpake.name); -} - -#endif /* JPAKE */ - diff --git a/crypto/openssh/auth2-kbdint.c b/crypto/openssh/auth2-kbdint.c index fae67da6e3..bf75c6059f 100644 --- a/crypto/openssh/auth2-kbdint.c +++ b/crypto/openssh/auth2-kbdint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth2-kbdint.c,v 1.7 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -36,6 +36,7 @@ #include "auth.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" /* import */ @@ -56,8 +57,8 @@ userauth_kbdint(Authctxt *authctxt) if (options.challenge_response_authentication) authenticated = auth2_challenge(authctxt, devs); - xfree(devs); - xfree(lang); + free(devs); + free(lang); return authenticated; } diff --git a/crypto/openssh/auth2-none.c b/crypto/openssh/auth2-none.c index c8c6c74a93..e71e2219cf 100644 --- a/crypto/openssh/auth2-none.c +++ b/crypto/openssh/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.16 2010/06/25 08:46:17 djm Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -30,9 +30,10 @@ #include #include -#include #include #include +#include +#include #include "atomicio.h" #include "xmalloc.h" @@ -42,6 +43,7 @@ #include "packet.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "compat.h" #include "ssh2.h" diff --git a/crypto/openssh/auth2-passwd.c b/crypto/openssh/auth2-passwd.c index 5f1f3635f7..b638e8715b 100644 --- a/crypto/openssh/auth2-passwd.c +++ b/crypto/openssh/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -41,6 +41,7 @@ #include "ssh-gss.h" #endif #include "monitor_wrap.h" +#include "misc.h" #include "servconf.h" /* import */ @@ -59,8 +60,8 @@ userauth_passwd(Authctxt *authctxt) if (change) { /* discard new password from packet */ newpass = packet_get_string(&newlen); - memset(newpass, 0, newlen); - xfree(newpass); + explicit_bzero(newpass, newlen); + free(newpass); } packet_check_eom(); @@ -68,8 +69,8 @@ userauth_passwd(Authctxt *authctxt) logit("password change not supported"); else if (PRIVSEP(auth_password(authctxt, password)) == 1) authenticated = 1; - memset(password, 0, len); - xfree(password); + explicit_bzero(password, len); + free(password); return authenticated; } diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c index 5bccb5d767..f3ca96592b 100644 --- a/crypto/openssh/auth2-pubkey.c +++ b/crypto/openssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.30 2011/09/25 05:44:47 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.41 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -27,9 +27,15 @@ #include #include +#include +#include #include +#ifdef HAVE_PATHS_H +# include +#endif #include +#include #include #include #include @@ -42,6 +48,7 @@ #include "packet.h" #include "buffer.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "compat.h" #include "key.h" @@ -55,7 +62,6 @@ #include "ssh-gss.h" #endif #include "monitor_wrap.h" -#include "misc.h" #include "authfile.h" #include "match.h" @@ -69,7 +75,7 @@ userauth_pubkey(Authctxt *authctxt) { Buffer b; Key *key = NULL; - char *pkalg; + char *pkalg, *userstyle; u_char *pkblob, *sig; u_int alen, blen, slen; int have_sig, pktype; @@ -110,6 +116,12 @@ userauth_pubkey(Authctxt *authctxt) "(received %d, expected %d)", key->type, pktype); goto done; } + if (key_type_plain(key->type) == KEY_RSA && + (datafellows & SSH_BUG_RSASIGMD5) != 0) { + logit("Refusing RSA key because client uses unsafe " + "signature scheme"); + goto done; + } if (have_sig) { sig = packet_get_string(&slen); packet_check_eom(); @@ -121,7 +133,11 @@ userauth_pubkey(Authctxt *authctxt) } /* reconstruct packet */ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(&b, authctxt->user); + xasprintf(&userstyle, "%s%s%s", authctxt->user, + authctxt->style ? ":" : "", + authctxt->style ? authctxt->style : ""); + buffer_put_cstring(&b, userstyle); + free(userstyle); buffer_put_cstring(&b, datafellows & SSH_BUG_PKSERVICE ? "ssh-userauth" : @@ -137,6 +153,8 @@ userauth_pubkey(Authctxt *authctxt) #ifdef DEBUG_PK buffer_dump(&b); #endif + pubkey_auth_info(authctxt, key, NULL); + /* test for correct signature */ authenticated = 0; if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && @@ -144,7 +162,7 @@ userauth_pubkey(Authctxt *authctxt) buffer_len(&b))) == 1) authenticated = 1; buffer_free(&b); - xfree(sig); + free(sig); } else { debug("test whether pkalg/pkblob are acceptable"); packet_check_eom(); @@ -172,13 +190,47 @@ done: debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); if (key != NULL) key_free(key); - xfree(pkalg); - xfree(pkblob); + free(pkalg); + free(pkblob); return authenticated; } +void +pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) +{ + char *fp, *extra; + va_list ap; + int i; + + extra = NULL; + if (fmt != NULL) { + va_start(ap, fmt); + i = vasprintf(&extra, fmt, ap); + va_end(ap); + if (i < 0 || extra == NULL) + fatal("%s: vasprintf failed", __func__); + } + + if (key_is_cert(key)) { + fp = key_fingerprint(key->cert->signature_key, + SSH_FP_MD5, SSH_FP_HEX); + auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", + key_type(key), key->cert->key_id, + (unsigned long long)key->cert->serial, + key_type(key->cert->signature_key), fp, + extra == NULL ? "" : ", ", extra == NULL ? "" : extra); + free(fp); + } else { + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + auth_info(authctxt, "%s %s%s%s", key_type(key), fp, + extra == NULL ? "" : ", ", extra == NULL ? "" : extra); + free(fp); + } + free(extra); +} + static int -match_principals_option(const char *principal_list, struct KeyCert *cert) +match_principals_option(const char *principal_list, struct sshkey_cert *cert) { char *result; u_int i; @@ -190,7 +242,7 @@ match_principals_option(const char *principal_list, struct KeyCert *cert) principal_list, NULL)) != NULL) { debug3("matched principal from key options \"%.100s\"", result); - xfree(result); + free(result); return 1; } } @@ -198,7 +250,7 @@ match_principals_option(const char *principal_list, struct KeyCert *cert) } static int -match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) +match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert) { FILE *f; char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; @@ -240,7 +292,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) if (strcmp(cp, cert->principals[i]) == 0) { debug3("matched principal \"%.100s\" " "from file \"%s\" on line %lu", - cert->principals[i], file, linenum); + cert->principals[i], file, linenum); if (auth_parse_options(pw, line_opts, file, linenum) != 1) continue; @@ -253,37 +305,30 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) fclose(f); restore_uid(); return 0; -} +} -/* return 1 if user allows given key */ +/* + * Checks whether key is allowed in authorized_keys-format file, + * returns 1 if the key is allowed or 0 otherwise. + */ static int -user_key_allowed2(struct passwd *pw, Key *key, char *file) +check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) { char line[SSH_MAX_PUBKEY_BYTES]; const char *reason; int found_key = 0; - FILE *f; u_long linenum = 0; Key *found; char *fp; - /* Temporarily use the user's uid. */ - temporarily_use_uid(pw); - - debug("trying public key file %s", file); - f = auth_openkeyfile(file, pw, options.strict_modes); - - if (!f) { - restore_uid(); - return 0; - } - found_key = 0; - found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); + found = NULL; while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp, *key_options = NULL; - + if (found != NULL) + key_free(found); + found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); auth_clear_options(); /* Skip leading whitespace, empty and comment lines. */ @@ -335,7 +380,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) reason = "Certificate does not contain an " "authorized principal"; fail_reason: - xfree(fp); + free(fp); error("%s", reason); auth_debug_add("%s", reason); continue; @@ -345,13 +390,13 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) &reason) != 0) goto fail_reason; if (auth_cert_options(key, pw) != 0) { - xfree(fp); + free(fp); continue; } verbose("Accepted certificate ID \"%s\" " "signed by %s CA %s via %s", key->cert->key_id, key_type(found), fp, file); - xfree(fp); + free(fp); found_key = 1; break; } else if (key_equal(found, key)) { @@ -361,18 +406,15 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) if (key_is_cert_authority) continue; found_key = 1; - debug("matching key found: file %s, line %lu", - file, linenum); fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); - verbose("Found matching %s key: %s", - key_type(found), fp); - xfree(fp); + debug("matching key found: file %s, line %lu %s %s", + file, linenum, key_type(found), fp); + free(fp); break; } } - restore_uid(); - fclose(f); - key_free(found); + if (found != NULL) + key_free(found); if (!found_key) debug2("key not found"); return found_key; @@ -426,14 +468,185 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) ret = 1; out: - if (principals_file != NULL) - xfree(principals_file); - if (ca_fp != NULL) - xfree(ca_fp); + free(principals_file); + free(ca_fp); return ret; } -/* check whether given key is in .ssh/authorized_keys* */ +/* + * Checks whether key is allowed in file. + * returns 1 if the key is allowed or 0 otherwise. + */ +static int +user_key_allowed2(struct passwd *pw, Key *key, char *file) +{ + FILE *f; + int found_key = 0; + + /* Temporarily use the user's uid. */ + temporarily_use_uid(pw); + + debug("trying public key file %s", file); + if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) { + found_key = check_authkeys_file(f, file, key, pw); + fclose(f); + } + + restore_uid(); + return found_key; +} + +/* + * Checks whether key is allowed in output of command. + * returns 1 if the key is allowed or 0 otherwise. + */ +static int +user_key_command_allowed2(struct passwd *user_pw, Key *key) +{ + FILE *f; + int ok, found_key = 0; + struct passwd *pw; + struct stat st; + int status, devnull, p[2], i; + pid_t pid; + char *username, errmsg[512]; + + if (options.authorized_keys_command == NULL || + options.authorized_keys_command[0] != '/') + return 0; + + if (options.authorized_keys_command_user == NULL) { + error("No user for AuthorizedKeysCommand specified, skipping"); + return 0; + } + + username = percent_expand(options.authorized_keys_command_user, + "u", user_pw->pw_name, (char *)NULL); + pw = getpwnam(username); + if (pw == NULL) { + error("AuthorizedKeysCommandUser \"%s\" not found: %s", + username, strerror(errno)); + free(username); + return 0; + } + free(username); + + temporarily_use_uid(pw); + + if (stat(options.authorized_keys_command, &st) < 0) { + error("Could not stat AuthorizedKeysCommand \"%s\": %s", + options.authorized_keys_command, strerror(errno)); + goto out; + } + if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0, + errmsg, sizeof(errmsg)) != 0) { + error("Unsafe AuthorizedKeysCommand: %s", errmsg); + goto out; + } + + if (pipe(p) != 0) { + error("%s: pipe: %s", __func__, strerror(errno)); + goto out; + } + + debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"", + options.authorized_keys_command, user_pw->pw_name, pw->pw_name); + + /* + * Don't want to call this in the child, where it can fatal() and + * run cleanup_exit() code. + */ + restore_uid(); + + switch ((pid = fork())) { + case -1: /* error */ + error("%s: fork: %s", __func__, strerror(errno)); + close(p[0]); + close(p[1]); + return 0; + case 0: /* child */ + for (i = 0; i < NSIG; i++) + signal(i, SIG_DFL); + + if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { + error("%s: open %s: %s", __func__, _PATH_DEVNULL, + strerror(errno)); + _exit(1); + } + /* Keep stderr around a while longer to catch errors */ + if (dup2(devnull, STDIN_FILENO) == -1 || + dup2(p[1], STDOUT_FILENO) == -1) { + error("%s: dup2: %s", __func__, strerror(errno)); + _exit(1); + } + closefrom(STDERR_FILENO + 1); + + /* Don't use permanently_set_uid() here to avoid fatal() */ + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { + error("setresgid %u: %s", (u_int)pw->pw_gid, + strerror(errno)); + _exit(1); + } + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { + error("setresuid %u: %s", (u_int)pw->pw_uid, + strerror(errno)); + _exit(1); + } + /* stdin is pointed to /dev/null at this point */ + if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) { + error("%s: dup2: %s", __func__, strerror(errno)); + _exit(1); + } + + execl(options.authorized_keys_command, + options.authorized_keys_command, user_pw->pw_name, NULL); + + error("AuthorizedKeysCommand %s exec failed: %s", + options.authorized_keys_command, strerror(errno)); + _exit(127); + default: /* parent */ + break; + } + + temporarily_use_uid(pw); + + close(p[1]); + if ((f = fdopen(p[0], "r")) == NULL) { + error("%s: fdopen: %s", __func__, strerror(errno)); + close(p[0]); + /* Don't leave zombie child */ + kill(pid, SIGTERM); + while (waitpid(pid, NULL, 0) == -1 && errno == EINTR) + ; + goto out; + } + ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); + fclose(f); + + while (waitpid(pid, &status, 0) == -1) { + if (errno != EINTR) { + error("%s: waitpid: %s", __func__, strerror(errno)); + goto out; + } + } + if (WIFSIGNALED(status)) { + error("AuthorizedKeysCommand %s exited on signal %d", + options.authorized_keys_command, WTERMSIG(status)); + goto out; + } else if (WEXITSTATUS(status) != 0) { + error("AuthorizedKeysCommand %s returned status %d", + options.authorized_keys_command, WEXITSTATUS(status)); + goto out; + } + found_key = ok; + out: + restore_uid(); + return found_key; +} + +/* + * Check whether key authenticates and authorises the user. + */ int user_key_allowed(struct passwd *pw, Key *key) { @@ -449,11 +662,19 @@ user_key_allowed(struct passwd *pw, Key *key) if (success) return success; + success = user_key_command_allowed2(pw, key); + if (success > 0) + return success; + for (i = 0; !success && i < options.num_authkeys_files; i++) { + + if (strcasecmp(options.authorized_keys_files[i], "none") == 0) + continue; file = expand_authorized_keys( options.authorized_keys_files[i], pw); + success = user_key_allowed2(pw, key, file); - xfree(file); + free(file); } return success; diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index b66bef64cc..d9b440ae38 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.124 2011/12/07 05:44:38 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.132 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -41,6 +41,7 @@ #include "packet.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "compat.h" #include "key.h" @@ -71,9 +72,6 @@ extern Authmethod method_hostbased; #ifdef GSSAPI extern Authmethod method_gssapi; #endif -#ifdef JPAKE -extern Authmethod method_jpake; -#endif Authmethod *authmethods[] = { &method_none, @@ -81,9 +79,6 @@ Authmethod *authmethods[] = { #ifdef GSSAPI &method_gssapi, #endif -#ifdef JPAKE - &method_jpake, -#endif &method_passwd, &method_kbdint, &method_hostbased, @@ -96,8 +91,14 @@ static void input_service_request(int, u_int32_t, void *); static void input_userauth_request(int, u_int32_t, void *); /* helper */ -static Authmethod *authmethod_lookup(const char *); -static char *authmethods_get(void); +static Authmethod *authmethod_lookup(Authctxt *, const char *); +static char *authmethods_get(Authctxt *authctxt); + +#define MATCH_NONE 0 /* method or submethod mismatch */ +#define MATCH_METHOD 1 /* method matches (no submethod specified) */ +#define MATCH_BOTH 2 /* method and submethod match */ +#define MATCH_PARTIAL 3 /* method matches, submethod can't be checked */ +static int list_starts_with(const char *, const char *, const char *); char * auth2_read_banner(void) @@ -124,7 +125,7 @@ auth2_read_banner(void) close(fd); if (n != len) { - xfree(banner); + free(banner); return (NULL); } banner[n] = '\0'; @@ -160,8 +161,7 @@ userauth_banner(void) userauth_send_banner(banner); done: - if (banner) - xfree(banner); + free(banner); } /* @@ -206,7 +206,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) debug("bad service request %s", service); packet_disconnect("bad service request %s", service); } - xfree(service); + free(service); } /*ARGSUSED*/ @@ -255,6 +255,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (use_privsep) mm_inform_authserv(service, style); userauth_banner(); + if (auth2_setup_methods_lists(authctxt) != 0) + packet_disconnect("no authentication methods enabled"); } else if (strcmp(user, authctxt->user) != 0 || strcmp(service, authctxt->service) != 0) { packet_disconnect("Change of username or service not allowed: " @@ -263,9 +265,6 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) } /* reset state */ auth2_challenge_stop(authctxt); -#ifdef JPAKE - auth2_jpake_stop(authctxt); -#endif #ifdef GSSAPI /* XXX move to auth2_gssapi_stop() */ @@ -277,26 +276,30 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) authctxt->server_caused_failure = 0; /* try to authenticate user */ - m = authmethod_lookup(method); + m = authmethod_lookup(authctxt, method); if (m != NULL && authctxt->failures < options.max_authtries) { debug2("input_userauth_request: try method %s", method); authenticated = m->userauth(authctxt); } - userauth_finish(authctxt, authenticated, method); + userauth_finish(authctxt, authenticated, method, NULL); - xfree(service); - xfree(user); - xfree(method); + free(service); + free(user); + free(method); } void -userauth_finish(Authctxt *authctxt, int authenticated, char *method) +userauth_finish(Authctxt *authctxt, int authenticated, const char *method, + const char *submethod) { char *methods; + int partial = 0; if (!authctxt->valid && authenticated) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); + if (authenticated && authctxt->postponed) + fatal("INTERNAL ERROR: authenticated and postponed"); /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && @@ -307,6 +310,19 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) #endif } + if (authenticated && options.num_auth_methods != 0) { + if (!auth2_update_methods_lists(authctxt, method, submethod)) { + authenticated = 0; + partial = 1; + } + } + + /* Log before sending the reply */ + auth_log(authctxt, authenticated, partial, method, submethod); + + if (authctxt->postponed) + return; + #ifdef USE_PAM if (options.use_pam && authenticated) { if (!PRIVSEP(do_pam_account())) { @@ -325,17 +341,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) #ifdef _UNICOS if (authenticated && cray_access_denied(authctxt->user)) { authenticated = 0; - fatal("Access denied for user %s.",authctxt->user); + fatal("Access denied for user %s.", authctxt->user); } #endif /* _UNICOS */ - /* Log before sending the reply */ - auth_log(authctxt, authenticated, method, " ssh2"); - - if (authctxt->postponed) - return; - - /* XXX todo: check if multiple auth methods are needed */ if (authenticated == 1) { /* turn off userauth */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); @@ -354,36 +363,66 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); #endif - packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + auth_maxtries_exceeded(authctxt); } - methods = authmethods_get(); + methods = authmethods_get(authctxt); + debug3("%s: failure partial=%d next methods=\"%s\"", __func__, + partial, methods); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); - packet_put_char(0); /* XXX partial success, unused */ + packet_put_char(partial); packet_send(); packet_write_wait(); - xfree(methods); + free(methods); } } +/* + * Checks whether method is allowed by at least one AuthenticationMethods + * methods list. Returns 1 if allowed, or no methods lists configured. + * 0 otherwise. + */ +int +auth2_method_allowed(Authctxt *authctxt, const char *method, + const char *submethod) +{ + u_int i; + + /* + * NB. authctxt->num_auth_methods might be zero as a result of + * auth2_setup_methods_lists(), so check the configuration. + */ + if (options.num_auth_methods == 0) + return 1; + for (i = 0; i < authctxt->num_auth_methods; i++) { + if (list_starts_with(authctxt->auth_methods[i], method, + submethod) != MATCH_NONE) + return 1; + } + return 0; +} + static char * -authmethods_get(void) +authmethods_get(Authctxt *authctxt) { Buffer b; char *list; - int i; + u_int i; buffer_init(&b); for (i = 0; authmethods[i] != NULL; i++) { if (strcmp(authmethods[i]->name, "none") == 0) continue; - if (authmethods[i]->enabled != NULL && - *(authmethods[i]->enabled) != 0) { - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - buffer_append(&b, authmethods[i]->name, - strlen(authmethods[i]->name)); - } + if (authmethods[i]->enabled == NULL || + *(authmethods[i]->enabled) == 0) + continue; + if (!auth2_method_allowed(authctxt, authmethods[i]->name, + NULL)) + continue; + if (buffer_len(&b) > 0) + buffer_append(&b, ",", 1); + buffer_append(&b, authmethods[i]->name, + strlen(authmethods[i]->name)); } buffer_append(&b, "\0", 1); list = xstrdup(buffer_ptr(&b)); @@ -392,7 +431,7 @@ authmethods_get(void) } static Authmethod * -authmethod_lookup(const char *name) +authmethod_lookup(Authctxt *authctxt, const char *name) { int i; @@ -400,10 +439,181 @@ authmethod_lookup(const char *name) for (i = 0; authmethods[i] != NULL; i++) if (authmethods[i]->enabled != NULL && *(authmethods[i]->enabled) != 0 && - strcmp(name, authmethods[i]->name) == 0) + strcmp(name, authmethods[i]->name) == 0 && + auth2_method_allowed(authctxt, + authmethods[i]->name, NULL)) return authmethods[i]; debug2("Unrecognized authentication method name: %s", name ? name : "NULL"); return NULL; } +/* + * Check a comma-separated list of methods for validity. Is need_enable is + * non-zero, then also require that the methods are enabled. + * Returns 0 on success or -1 if the methods list is invalid. + */ +int +auth2_methods_valid(const char *_methods, int need_enable) +{ + char *methods, *omethods, *method, *p; + u_int i, found; + int ret = -1; + + if (*_methods == '\0') { + error("empty authentication method list"); + return -1; + } + omethods = methods = xstrdup(_methods); + while ((method = strsep(&methods, ",")) != NULL) { + for (found = i = 0; !found && authmethods[i] != NULL; i++) { + if ((p = strchr(method, ':')) != NULL) + *p = '\0'; + if (strcmp(method, authmethods[i]->name) != 0) + continue; + if (need_enable) { + if (authmethods[i]->enabled == NULL || + *(authmethods[i]->enabled) == 0) { + error("Disabled method \"%s\" in " + "AuthenticationMethods list \"%s\"", + method, _methods); + goto out; + } + } + found = 1; + break; + } + if (!found) { + error("Unknown authentication method \"%s\" in list", + method); + goto out; + } + } + ret = 0; + out: + free(omethods); + return ret; +} + +/* + * Prune the AuthenticationMethods supplied in the configuration, removing + * any methods lists that include disabled methods. Note that this might + * leave authctxt->num_auth_methods == 0, even when multiple required auth + * has been requested. For this reason, all tests for whether multiple is + * enabled should consult options.num_auth_methods directly. + */ +int +auth2_setup_methods_lists(Authctxt *authctxt) +{ + u_int i; + + if (options.num_auth_methods == 0) + return 0; + debug3("%s: checking methods", __func__); + authctxt->auth_methods = xcalloc(options.num_auth_methods, + sizeof(*authctxt->auth_methods)); + authctxt->num_auth_methods = 0; + for (i = 0; i < options.num_auth_methods; i++) { + if (auth2_methods_valid(options.auth_methods[i], 1) != 0) { + logit("Authentication methods list \"%s\" contains " + "disabled method, skipping", + options.auth_methods[i]); + continue; + } + debug("authentication methods list %d: %s", + authctxt->num_auth_methods, options.auth_methods[i]); + authctxt->auth_methods[authctxt->num_auth_methods++] = + xstrdup(options.auth_methods[i]); + } + if (authctxt->num_auth_methods == 0) { + error("No AuthenticationMethods left after eliminating " + "disabled methods"); + return -1; + } + return 0; +} + +static int +list_starts_with(const char *methods, const char *method, + const char *submethod) +{ + size_t l = strlen(method); + int match; + const char *p; + + if (strncmp(methods, method, l) != 0) + return MATCH_NONE; + p = methods + l; + match = MATCH_METHOD; + if (*p == ':') { + if (!submethod) + return MATCH_PARTIAL; + l = strlen(submethod); + p += 1; + if (strncmp(submethod, p, l)) + return MATCH_NONE; + p += l; + match = MATCH_BOTH; + } + if (*p != ',' && *p != '\0') + return MATCH_NONE; + return match; +} + +/* + * Remove method from the start of a comma-separated list of methods. + * Returns 0 if the list of methods did not start with that method or 1 + * if it did. + */ +static int +remove_method(char **methods, const char *method, const char *submethod) +{ + char *omethods = *methods, *p; + size_t l = strlen(method); + int match; + + match = list_starts_with(omethods, method, submethod); + if (match != MATCH_METHOD && match != MATCH_BOTH) + return 0; + p = omethods + l; + if (submethod && match == MATCH_BOTH) + p += 1 + strlen(submethod); /* include colon */ + if (*p == ',') + p++; + *methods = xstrdup(p); + free(omethods); + return 1; +} + +/* + * Called after successful authentication. Will remove the successful method + * from the start of each list in which it occurs. If it was the last method + * in any list, then authentication is deemed successful. + * Returns 1 if the method completed any authentication list or 0 otherwise. + */ +int +auth2_update_methods_lists(Authctxt *authctxt, const char *method, + const char *submethod) +{ + u_int i, found = 0; + + debug3("%s: updating methods list after \"%s\"", __func__, method); + for (i = 0; i < authctxt->num_auth_methods; i++) { + if (!remove_method(&(authctxt->auth_methods[i]), method, + submethod)) + continue; + found = 1; + if (*authctxt->auth_methods[i] == '\0') { + debug2("authentication methods list %d complete", i); + return 1; + } + debug3("authentication methods list %d remaining: \"%s\"", + i, authctxt->auth_methods[i]); + } + /* This should not happen, but would be bad if it did */ + if (!found) + fatal("%s: method not in AuthenticationMethods", __func__); + return 0; +} + + diff --git a/crypto/openssh/authfd.c b/crypto/openssh/authfd.c index f037e838b0..2d5a8dd5bb 100644 --- a/crypto/openssh/authfd.c +++ b/crypto/openssh/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */ +/* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,9 +41,6 @@ #include #include -#include - -#include #include #include #include @@ -102,7 +99,7 @@ ssh_get_authentication_socket(void) if (!authsocket) return -1; - bzero(&sunaddr, sizeof(sunaddr)); + memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); @@ -206,7 +203,7 @@ ssh_get_authentication_connection(void) if (sock < 0) return NULL; - auth = xmalloc(sizeof(*auth)); + auth = xcalloc(1, sizeof(*auth)); auth->fd = sock; buffer_init(&auth->identities); auth->howmany = 0; @@ -224,7 +221,7 @@ ssh_close_authentication_connection(AuthenticationConnection *auth) { buffer_free(&auth->identities); close(auth->fd); - xfree(auth); + free(auth); } /* Lock/unlock agent */ @@ -313,8 +310,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi Key * ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) { +#ifdef WITH_SSH1 int keybits; u_int bits; +#endif u_char *blob; u_int blen; Key *key = NULL; @@ -328,6 +327,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * error if the packet is too short or contains corrupt data. */ switch (version) { +#ifdef WITH_SSH1 case 1: key = key_new(KEY_RSA1); bits = buffer_get_int(&auth->identities); @@ -339,11 +339,12 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio logit("Warning: identity keysize mismatch: actual %d, announced %u", BN_num_bits(key->rsa->n), bits); break; +#endif case 2: blob = buffer_get_string(&auth->identities, &blen); *comment = buffer_get_string(&auth->identities, NULL); key = key_from_blob(blob, blen); - xfree(blob); + free(blob); break; default: return NULL; @@ -361,6 +362,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * supported) and 1 corresponding to protocol version 1.1. */ +#ifdef WITH_SSH1 int ssh_decrypt_challenge(AuthenticationConnection *auth, Key* key, BIGNUM *challenge, @@ -410,6 +412,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, buffer_free(&buffer); return success; } +#endif /* ask agent to sign data, returns -1 on error, 0 on success */ int @@ -436,7 +439,7 @@ ssh_agent_sign(AuthenticationConnection *auth, buffer_put_string(&msg, blob, blen); buffer_put_string(&msg, data, datalen); buffer_put_int(&msg, flags); - xfree(blob); + free(blob); if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); @@ -457,6 +460,7 @@ ssh_agent_sign(AuthenticationConnection *auth, /* Encode key for a message to the agent. */ +#ifdef WITH_SSH1 static void ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) { @@ -470,62 +474,12 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ buffer_put_cstring(b, comment); } +#endif static void ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) { - buffer_put_cstring(b, key_ssh_name(key)); - switch (key->type) { - case KEY_RSA: - buffer_put_bignum2(b, key->rsa->n); - buffer_put_bignum2(b, key->rsa->e); - buffer_put_bignum2(b, key->rsa->d); - buffer_put_bignum2(b, key->rsa->iqmp); - buffer_put_bignum2(b, key->rsa->p); - buffer_put_bignum2(b, key->rsa->q); - break; - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) - fatal("%s: no cert/certblob", __func__); - buffer_put_string(b, buffer_ptr(&key->cert->certblob), - buffer_len(&key->cert->certblob)); - buffer_put_bignum2(b, key->rsa->d); - buffer_put_bignum2(b, key->rsa->iqmp); - buffer_put_bignum2(b, key->rsa->p); - buffer_put_bignum2(b, key->rsa->q); - break; - case KEY_DSA: - buffer_put_bignum2(b, key->dsa->p); - buffer_put_bignum2(b, key->dsa->q); - buffer_put_bignum2(b, key->dsa->g); - buffer_put_bignum2(b, key->dsa->pub_key); - buffer_put_bignum2(b, key->dsa->priv_key); - break; - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) - fatal("%s: no cert/certblob", __func__); - buffer_put_string(b, buffer_ptr(&key->cert->certblob), - buffer_len(&key->cert->certblob)); - buffer_put_bignum2(b, key->dsa->priv_key); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid)); - buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa), - EC_KEY_get0_public_key(key->ecdsa)); - buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); - break; - case KEY_ECDSA_CERT: - if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) - fatal("%s: no cert/certblob", __func__); - buffer_put_string(b, buffer_ptr(&key->cert->certblob), - buffer_len(&key->cert->certblob)); - buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); - break; -#endif - } + key_private_serialize(key, b); buffer_put_cstring(b, comment); } @@ -544,6 +498,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_init(&msg); switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: type = constrained ? SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : @@ -551,6 +506,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_put_char(&msg, type); ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; +#endif +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: case KEY_RSA_CERT_V00: @@ -559,6 +516,9 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, case KEY_DSA_CERT_V00: case KEY_ECDSA: case KEY_ECDSA_CERT: +#endif + case KEY_ED25519: + case KEY_ED25519_CERT: type = constrained ? SSH2_AGENTC_ADD_ID_CONSTRAINED : SSH2_AGENTC_ADD_IDENTITY; @@ -601,18 +561,19 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) buffer_init(&msg); +#ifdef WITH_SSH1 if (key->type == KEY_RSA1) { buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); buffer_put_int(&msg, BN_num_bits(key->rsa->n)); buffer_put_bignum(&msg, key->rsa->e); buffer_put_bignum(&msg, key->rsa->n); - } else if (key_type_plain(key->type) == KEY_DSA || - key_type_plain(key->type) == KEY_RSA || - key_type_plain(key->type) == KEY_ECDSA) { + } else +#endif + if (key->type != KEY_UNSPEC) { key_to_blob(key, &blob, &blen); buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); buffer_put_string(&msg, blob, blen); - xfree(blob); + free(blob); } else { buffer_free(&msg); return 0; diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c dissimilarity index 80% index 7dd449690c..e93d867386 100644 --- a/crypto/openssh/authfile.c +++ b/crypto/openssh/authfile.c @@ -1,946 +1,555 @@ -/* $OpenBSD: authfile.c,v 1.93 2012/01/25 19:36:31 markus Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * This file contains functions for reading and writing identity files, and - * for reading the passphrase from the user. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include -#include - -#include -#include -#include - -/* compatibility with old or broken OpenSSL versions */ -#include "openbsd-compat/openssl-compat.h" - -#include -#include -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "cipher.h" -#include "buffer.h" -#include "key.h" -#include "ssh.h" -#include "log.h" -#include "authfile.h" -#include "rsa.h" -#include "misc.h" -#include "atomicio.h" - -#define MAX_KEY_FILE_SIZE (1024 * 1024) - -/* Version identification string for SSH v1 identity files. */ -static const char authfile_id_string[] = - "SSH PRIVATE KEY FILE FORMAT 1.1\n"; - -/* - * Serialises the authentication (private) key to a blob, encrypting it with - * passphrase. The identification of the blob (lowest 64 bits of n) will - * precede the key to provide identification of the key without needing a - * passphrase. - */ -static int -key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, - const char *comment) -{ - Buffer buffer, encrypted; - u_char buf[100], *cp; - int i, cipher_num; - CipherContext ciphercontext; - Cipher *cipher; - u_int32_t rnd; - - /* - * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting - * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. - */ - cipher_num = (strcmp(passphrase, "") == 0) ? - SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER; - if ((cipher = cipher_by_number(cipher_num)) == NULL) - fatal("save_private_key_rsa: bad cipher"); - - /* This buffer is used to built the secret part of the private key. */ - buffer_init(&buffer); - - /* Put checkbytes for checking passphrase validity. */ - rnd = arc4random(); - buf[0] = rnd & 0xff; - buf[1] = (rnd >> 8) & 0xff; - buf[2] = buf[0]; - buf[3] = buf[1]; - buffer_append(&buffer, buf, 4); - - /* - * Store the private key (n and e will not be stored because they - * will be stored in plain text, and storing them also in encrypted - * format would just give known plaintext). - */ - buffer_put_bignum(&buffer, key->rsa->d); - buffer_put_bignum(&buffer, key->rsa->iqmp); - buffer_put_bignum(&buffer, key->rsa->q); /* reverse from SSL p */ - buffer_put_bignum(&buffer, key->rsa->p); /* reverse from SSL q */ - - /* Pad the part to be encrypted until its size is a multiple of 8. */ - while (buffer_len(&buffer) % 8 != 0) - buffer_put_char(&buffer, 0); - - /* This buffer will be used to contain the data in the file. */ - buffer_init(&encrypted); - - /* First store keyfile id string. */ - for (i = 0; authfile_id_string[i]; i++) - buffer_put_char(&encrypted, authfile_id_string[i]); - buffer_put_char(&encrypted, 0); - - /* Store cipher type. */ - buffer_put_char(&encrypted, cipher_num); - buffer_put_int(&encrypted, 0); /* For future extension */ - - /* Store public key. This will be in plain text. */ - buffer_put_int(&encrypted, BN_num_bits(key->rsa->n)); - buffer_put_bignum(&encrypted, key->rsa->n); - buffer_put_bignum(&encrypted, key->rsa->e); - buffer_put_cstring(&encrypted, comment); - - /* Allocate space for the private part of the key in the buffer. */ - cp = buffer_append_space(&encrypted, buffer_len(&buffer)); - - cipher_set_key_string(&ciphercontext, cipher, passphrase, - CIPHER_ENCRYPT); - cipher_crypt(&ciphercontext, cp, - buffer_ptr(&buffer), buffer_len(&buffer)); - cipher_cleanup(&ciphercontext); - memset(&ciphercontext, 0, sizeof(ciphercontext)); - - /* Destroy temporary data. */ - memset(buf, 0, sizeof(buf)); - buffer_free(&buffer); - - buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); - buffer_free(&encrypted); - - return 1; -} - -/* convert SSH v2 key in OpenSSL PEM format */ -static int -key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, - const char *comment) -{ - int success = 0; - int blen, len = strlen(_passphrase); - u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; -#if (OPENSSL_VERSION_NUMBER < 0x00907000L) - const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; -#else - const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; -#endif - const u_char *bptr; - BIO *bio; - - if (len > 0 && len <= 4) { - error("passphrase too short: have %d bytes, need > 4", len); - return 0; - } - if ((bio = BIO_new(BIO_s_mem())) == NULL) { - error("%s: BIO_new failed", __func__); - return 0; - } - switch (key->type) { - case KEY_DSA: - success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, - cipher, passphrase, len, NULL, NULL); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, - cipher, passphrase, len, NULL, NULL); - break; -#endif - case KEY_RSA: - success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, - cipher, passphrase, len, NULL, NULL); - break; - } - if (success) { - if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) - success = 0; - else - buffer_append(blob, bptr, blen); - } - BIO_free(bio); - return success; -} - -/* Save a key blob to a file */ -static int -key_save_private_blob(Buffer *keybuf, const char *filename) -{ - int fd; - - if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) { - error("open %s failed: %s.", filename, strerror(errno)); - return 0; - } - if (atomicio(vwrite, fd, buffer_ptr(keybuf), - buffer_len(keybuf)) != buffer_len(keybuf)) { - error("write to key file %s failed: %s", filename, - strerror(errno)); - close(fd); - unlink(filename); - return 0; - } - close(fd); - return 1; -} - -/* Serialise "key" to buffer "blob" */ -static int -key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, - const char *comment) -{ - switch (key->type) { - case KEY_RSA1: - return key_private_rsa1_to_blob(key, blob, passphrase, comment); - case KEY_DSA: - case KEY_ECDSA: - case KEY_RSA: - return key_private_pem_to_blob(key, blob, passphrase, comment); - default: - error("%s: cannot save key type %d", __func__, key->type); - return 0; - } -} - -int -key_save_private(Key *key, const char *filename, const char *passphrase, - const char *comment) -{ - Buffer keyblob; - int success = 0; - - buffer_init(&keyblob); - if (!key_private_to_blob(key, &keyblob, passphrase, comment)) - goto out; - if (!key_save_private_blob(&keyblob, filename)) - goto out; - success = 1; - out: - buffer_free(&keyblob); - return success; -} - -/* - * Parse the public, unencrypted portion of a RSA1 key. - */ -static Key * -key_parse_public_rsa1(Buffer *blob, char **commentp) -{ - Key *pub; - Buffer copy; - - /* Check that it is at least big enough to contain the ID string. */ - if (buffer_len(blob) < sizeof(authfile_id_string)) { - debug3("Truncated RSA1 identifier"); - return NULL; - } - - /* - * Make sure it begins with the id string. Consume the id string - * from the buffer. - */ - if (memcmp(buffer_ptr(blob), authfile_id_string, - sizeof(authfile_id_string)) != 0) { - debug3("Incorrect RSA1 identifier"); - return NULL; - } - buffer_init(©); - buffer_append(©, buffer_ptr(blob), buffer_len(blob)); - buffer_consume(©, sizeof(authfile_id_string)); - - /* Skip cipher type and reserved data. */ - (void) buffer_get_char(©); /* cipher type */ - (void) buffer_get_int(©); /* reserved */ - - /* Read the public key from the buffer. */ - (void) buffer_get_int(©); - pub = key_new(KEY_RSA1); - buffer_get_bignum(©, pub->rsa->n); - buffer_get_bignum(©, pub->rsa->e); - if (commentp) - *commentp = buffer_get_string(©, NULL); - /* The encrypted private part is not parsed by this function. */ - buffer_free(©); - - return pub; -} - -/* Load a key from a fd into a buffer */ -int -key_load_file(int fd, const char *filename, Buffer *blob) -{ - u_char buf[1024]; - size_t len; - struct stat st; - - if (fstat(fd, &st) < 0) { - error("%s: fstat of key file %.200s%sfailed: %.100s", __func__, - filename == NULL ? "" : filename, - filename == NULL ? "" : " ", - strerror(errno)); - return 0; - } - if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && - st.st_size > MAX_KEY_FILE_SIZE) { - toobig: - error("%s: key file %.200s%stoo large", __func__, - filename == NULL ? "" : filename, - filename == NULL ? "" : " "); - return 0; - } - buffer_clear(blob); - for (;;) { - if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { - if (errno == EPIPE) - break; - debug("%s: read from key file %.200s%sfailed: %.100s", - __func__, filename == NULL ? "" : filename, - filename == NULL ? "" : " ", strerror(errno)); - buffer_clear(blob); - bzero(buf, sizeof(buf)); - return 0; - } - buffer_append(blob, buf, len); - if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { - buffer_clear(blob); - bzero(buf, sizeof(buf)); - goto toobig; - } - } - bzero(buf, sizeof(buf)); - if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && - st.st_size != buffer_len(blob)) { - debug("%s: key file %.200s%schanged size while reading", - __func__, filename == NULL ? "" : filename, - filename == NULL ? "" : " "); - buffer_clear(blob); - return 0; - } - - return 1; -} - -/* - * Loads the public part of the ssh v1 key file. Returns NULL if an error was - * encountered (the file does not exist or is not readable), and the key - * otherwise. - */ -static Key * -key_load_public_rsa1(int fd, const char *filename, char **commentp) -{ - Buffer buffer; - Key *pub; - - buffer_init(&buffer); - if (!key_load_file(fd, filename, &buffer)) { - buffer_free(&buffer); - return NULL; - } - - pub = key_parse_public_rsa1(&buffer, commentp); - if (pub == NULL) - debug3("Could not load \"%s\" as a RSA1 public key", filename); - buffer_free(&buffer); - return pub; -} - -/* load public key from private-key file, works only for SSH v1 */ -Key * -key_load_public_type(int type, const char *filename, char **commentp) -{ - Key *pub; - int fd; - - if (type == KEY_RSA1) { - fd = open(filename, O_RDONLY); - if (fd < 0) - return NULL; - pub = key_load_public_rsa1(fd, filename, commentp); - close(fd); - return pub; - } - return NULL; -} - -static Key * -key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) -{ - int check1, check2, cipher_type; - Buffer decrypted; - u_char *cp; - CipherContext ciphercontext; - Cipher *cipher; - Key *prv = NULL; - Buffer copy; - - /* Check that it is at least big enough to contain the ID string. */ - if (buffer_len(blob) < sizeof(authfile_id_string)) { - debug3("Truncated RSA1 identifier"); - return NULL; - } - - /* - * Make sure it begins with the id string. Consume the id string - * from the buffer. - */ - if (memcmp(buffer_ptr(blob), authfile_id_string, - sizeof(authfile_id_string)) != 0) { - debug3("Incorrect RSA1 identifier"); - return NULL; - } - buffer_init(©); - buffer_append(©, buffer_ptr(blob), buffer_len(blob)); - buffer_consume(©, sizeof(authfile_id_string)); - - /* Read cipher type. */ - cipher_type = buffer_get_char(©); - (void) buffer_get_int(©); /* Reserved data. */ - - /* Read the public key from the buffer. */ - (void) buffer_get_int(©); - prv = key_new_private(KEY_RSA1); - - buffer_get_bignum(©, prv->rsa->n); - buffer_get_bignum(©, prv->rsa->e); - if (commentp) - *commentp = buffer_get_string(©, NULL); - else - (void)buffer_get_string_ptr(©, NULL); - - /* Check that it is a supported cipher. */ - cipher = cipher_by_number(cipher_type); - if (cipher == NULL) { - debug("Unsupported RSA1 cipher %d", cipher_type); - buffer_free(©); - goto fail; - } - /* Initialize space for decrypted data. */ - buffer_init(&decrypted); - cp = buffer_append_space(&decrypted, buffer_len(©)); - - /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ - cipher_set_key_string(&ciphercontext, cipher, passphrase, - CIPHER_DECRYPT); - cipher_crypt(&ciphercontext, cp, - buffer_ptr(©), buffer_len(©)); - cipher_cleanup(&ciphercontext); - memset(&ciphercontext, 0, sizeof(ciphercontext)); - buffer_free(©); - - check1 = buffer_get_char(&decrypted); - check2 = buffer_get_char(&decrypted); - if (check1 != buffer_get_char(&decrypted) || - check2 != buffer_get_char(&decrypted)) { - if (strcmp(passphrase, "") != 0) - debug("Bad passphrase supplied for RSA1 key"); - /* Bad passphrase. */ - buffer_free(&decrypted); - goto fail; - } - /* Read the rest of the private key. */ - buffer_get_bignum(&decrypted, prv->rsa->d); - buffer_get_bignum(&decrypted, prv->rsa->iqmp); /* u */ - /* in SSL and SSH v1 p and q are exchanged */ - buffer_get_bignum(&decrypted, prv->rsa->q); /* p */ - buffer_get_bignum(&decrypted, prv->rsa->p); /* q */ - - /* calculate p-1 and q-1 */ - rsa_generate_additional_parameters(prv->rsa); - - buffer_free(&decrypted); - - /* enable blinding */ - if (RSA_blinding_on(prv->rsa, NULL) != 1) { - error("%s: RSA_blinding_on failed", __func__); - goto fail; - } - return prv; - -fail: - if (commentp) - xfree(*commentp); - key_free(prv); - return NULL; -} - -static Key * -key_parse_private_pem(Buffer *blob, int type, const char *passphrase, - char **commentp) -{ - EVP_PKEY *pk = NULL; - Key *prv = NULL; - char *name = ""; - BIO *bio; - - if ((bio = BIO_new_mem_buf(buffer_ptr(blob), - buffer_len(blob))) == NULL) { - error("%s: BIO_new_mem_buf failed", __func__); - return NULL; - } - - pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase); - BIO_free(bio); - if (pk == NULL) { - debug("%s: PEM_read_PrivateKey failed", __func__); - (void)ERR_get_error(); - } else if (pk->type == EVP_PKEY_RSA && - (type == KEY_UNSPEC||type==KEY_RSA)) { - prv = key_new(KEY_UNSPEC); - prv->rsa = EVP_PKEY_get1_RSA(pk); - prv->type = KEY_RSA; - name = "rsa w/o comment"; -#ifdef DEBUG_PK - RSA_print_fp(stderr, prv->rsa, 8); -#endif - if (RSA_blinding_on(prv->rsa, NULL) != 1) { - error("%s: RSA_blinding_on failed", __func__); - key_free(prv); - prv = NULL; - } - } else if (pk->type == EVP_PKEY_DSA && - (type == KEY_UNSPEC||type==KEY_DSA)) { - prv = key_new(KEY_UNSPEC); - prv->dsa = EVP_PKEY_get1_DSA(pk); - prv->type = KEY_DSA; - name = "dsa w/o comment"; -#ifdef DEBUG_PK - DSA_print_fp(stderr, prv->dsa, 8); -#endif -#ifdef OPENSSL_HAS_ECC - } else if (pk->type == EVP_PKEY_EC && - (type == KEY_UNSPEC||type==KEY_ECDSA)) { - prv = key_new(KEY_UNSPEC); - prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); - prv->type = KEY_ECDSA; - if ((prv->ecdsa_nid = key_ecdsa_key_to_nid(prv->ecdsa)) == -1 || - key_curve_nid_to_name(prv->ecdsa_nid) == NULL || - key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), - EC_KEY_get0_public_key(prv->ecdsa)) != 0 || - key_ec_validate_private(prv->ecdsa) != 0) { - error("%s: bad ECDSA key", __func__); - key_free(prv); - prv = NULL; - } - name = "ecdsa w/o comment"; -#ifdef DEBUG_PK - if (prv != NULL && prv->ecdsa != NULL) - key_dump_ec_key(prv->ecdsa); -#endif -#endif /* OPENSSL_HAS_ECC */ - } else { - error("%s: PEM_read_PrivateKey: mismatch or " - "unknown EVP_PKEY save_type %d", __func__, pk->save_type); - } - if (pk != NULL) - EVP_PKEY_free(pk); - if (prv != NULL && commentp) - *commentp = xstrdup(name); - debug("read PEM private key done: type %s", - prv ? key_type(prv) : ""); - return prv; -} - -Key * -key_load_private_pem(int fd, int type, const char *passphrase, - char **commentp) -{ - Buffer buffer; - Key *prv; - - buffer_init(&buffer); - if (!key_load_file(fd, NULL, &buffer)) { - buffer_free(&buffer); - return NULL; - } - prv = key_parse_private_pem(&buffer, type, passphrase, commentp); - buffer_free(&buffer); - return prv; -} - -int -key_perm_ok(int fd, const char *filename) -{ - struct stat st; - - if (fstat(fd, &st) < 0) - return 0; - /* - * if a key owned by the user is accessed, then we check the - * permissions of the file. if the key owned by a different user, - * then we don't care. - */ -#ifdef HAVE_CYGWIN - if (check_ntsec(filename)) -#endif - if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("Permissions 0%3.3o for '%s' are too open.", - (u_int)st.st_mode & 0777, filename); - error("It is required that your private key files are NOT accessible by others."); - error("This private key will be ignored."); - return 0; - } - return 1; -} - -static Key * -key_parse_private_type(Buffer *blob, int type, const char *passphrase, - char **commentp) -{ - switch (type) { - case KEY_RSA1: - return key_parse_private_rsa1(blob, passphrase, commentp); - case KEY_DSA: - case KEY_ECDSA: - case KEY_RSA: - case KEY_UNSPEC: - return key_parse_private_pem(blob, type, passphrase, commentp); - default: - error("%s: cannot parse key type %d", __func__, type); - break; - } - return NULL; -} - -Key * -key_load_private_type(int type, const char *filename, const char *passphrase, - char **commentp, int *perm_ok) -{ - int fd; - Key *ret; - Buffer buffer; - - fd = open(filename, O_RDONLY); - if (fd < 0) { - debug("could not open key file '%s': %s", filename, - strerror(errno)); - if (perm_ok != NULL) - *perm_ok = 0; - return NULL; - } - if (!key_perm_ok(fd, filename)) { - if (perm_ok != NULL) - *perm_ok = 0; - error("bad permissions: ignore key: %s", filename); - close(fd); - return NULL; - } - if (perm_ok != NULL) - *perm_ok = 1; - - buffer_init(&buffer); - if (!key_load_file(fd, filename, &buffer)) { - buffer_free(&buffer); - close(fd); - return NULL; - } - close(fd); - ret = key_parse_private_type(&buffer, type, passphrase, commentp); - buffer_free(&buffer); - return ret; -} - -Key * -key_parse_private(Buffer *buffer, const char *filename, - const char *passphrase, char **commentp) -{ - Key *pub, *prv; - - /* it's a SSH v1 key if the public key part is readable */ - pub = key_parse_public_rsa1(buffer, commentp); - if (pub == NULL) { - prv = key_parse_private_type(buffer, KEY_UNSPEC, - passphrase, NULL); - /* use the filename as a comment for PEM */ - if (commentp && prv) - *commentp = xstrdup(filename); - } else { - key_free(pub); - /* key_parse_public_rsa1() has already loaded the comment */ - prv = key_parse_private_type(buffer, KEY_RSA1, passphrase, - NULL); - } - return prv; -} - -Key * -key_load_private(const char *filename, const char *passphrase, - char **commentp) -{ - Key *prv; - Buffer buffer; - int fd; - - fd = open(filename, O_RDONLY); - if (fd < 0) { - debug("could not open key file '%s': %s", filename, - strerror(errno)); - return NULL; - } - if (!key_perm_ok(fd, filename)) { - error("bad permissions: ignore key: %s", filename); - close(fd); - return NULL; - } - - buffer_init(&buffer); - if (!key_load_file(fd, filename, &buffer)) { - buffer_free(&buffer); - close(fd); - return NULL; - } - close(fd); - - prv = key_parse_private(&buffer, filename, passphrase, commentp); - buffer_free(&buffer); - return prv; -} - -static int -key_try_load_public(Key *k, const char *filename, char **commentp) -{ - FILE *f; - char line[SSH_MAX_PUBKEY_BYTES]; - char *cp; - u_long linenum = 0; - - f = fopen(filename, "r"); - if (f != NULL) { - while (read_keyfile_line(f, filename, line, sizeof(line), - &linenum) != -1) { - cp = line; - switch (*cp) { - case '#': - case '\n': - case '\0': - continue; - } - /* Abort loading if this looks like a private key */ - if (strncmp(cp, "-----BEGIN", 10) == 0) - break; - /* Skip leading whitespace. */ - for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) - ; - if (*cp) { - if (key_read(k, &cp) == 1) { - cp[strcspn(cp, "\r\n")] = '\0'; - if (commentp) { - *commentp = xstrdup(*cp ? - cp : filename); - } - fclose(f); - return 1; - } - } - } - fclose(f); - } - return 0; -} - -/* load public key from ssh v1 private or any pubkey file */ -Key * -key_load_public(const char *filename, char **commentp) -{ - Key *pub; - char file[MAXPATHLEN]; - - /* try rsa1 private key */ - pub = key_load_public_type(KEY_RSA1, filename, commentp); - if (pub != NULL) - return pub; - - /* try rsa1 public key */ - pub = key_new(KEY_RSA1); - if (key_try_load_public(pub, filename, commentp) == 1) - return pub; - key_free(pub); - - /* try ssh2 public key */ - pub = key_new(KEY_UNSPEC); - if (key_try_load_public(pub, filename, commentp) == 1) - return pub; - if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && - (strlcat(file, ".pub", sizeof file) < sizeof(file)) && - (key_try_load_public(pub, file, commentp) == 1)) - return pub; - key_free(pub); - return NULL; -} - -/* Load the certificate associated with the named private key */ -Key * -key_load_cert(const char *filename) -{ - Key *pub; - char *file; - - pub = key_new(KEY_UNSPEC); - xasprintf(&file, "%s-cert.pub", filename); - if (key_try_load_public(pub, file, NULL) == 1) { - xfree(file); - return pub; - } - xfree(file); - key_free(pub); - return NULL; -} - -/* Load private key and certificate */ -Key * -key_load_private_cert(int type, const char *filename, const char *passphrase, - int *perm_ok) -{ - Key *key, *pub; - - switch (type) { - case KEY_RSA: - case KEY_DSA: - case KEY_ECDSA: - break; - default: - error("%s: unsupported key type", __func__); - return NULL; - } - - if ((key = key_load_private_type(type, filename, - passphrase, NULL, perm_ok)) == NULL) - return NULL; - - if ((pub = key_load_cert(filename)) == NULL) { - key_free(key); - return NULL; - } - - /* Make sure the private key matches the certificate */ - if (key_equal_public(key, pub) == 0) { - error("%s: certificate does not match private key %s", - __func__, filename); - } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) { - error("%s: key_to_certified failed", __func__); - } else { - key_cert_copy(pub, key); - key_free(pub); - return key; - } - - key_free(key); - key_free(pub); - return NULL; -} - -/* - * Returns 1 if the specified "key" is listed in the file "filename", - * 0 if the key is not listed or -1 on error. - * If strict_type is set then the key type must match exactly, - * otherwise a comparison that ignores certficiate data is performed. - */ -int -key_in_file(Key *key, const char *filename, int strict_type) -{ - FILE *f; - char line[SSH_MAX_PUBKEY_BYTES]; - char *cp; - u_long linenum = 0; - int ret = 0; - Key *pub; - int (*key_compare)(const Key *, const Key *) = strict_type ? - key_equal : key_equal_public; - - if ((f = fopen(filename, "r")) == NULL) { - if (errno == ENOENT) { - debug("%s: keyfile \"%s\" missing", __func__, filename); - return 0; - } else { - error("%s: could not open keyfile \"%s\": %s", __func__, - filename, strerror(errno)); - return -1; - } - } - - while (read_keyfile_line(f, filename, line, sizeof(line), - &linenum) != -1) { - cp = line; - - /* Skip leading whitespace. */ - for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) - ; - - /* Skip comments and empty lines */ - switch (*cp) { - case '#': - case '\n': - case '\0': - continue; - } - - pub = key_new(KEY_UNSPEC); - if (key_read(pub, &cp) != 1) { - key_free(pub); - continue; - } - if (key_compare(key, pub)) { - ret = 1; - key_free(pub); - break; - } - key_free(pub); - } - fclose(f); - return ret; -} - +/* $OpenBSD: authfile.c,v 1.107 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "cipher.h" +#include "key.h" +#include "ssh.h" +#include "log.h" +#include "authfile.h" +#include "rsa.h" +#include "misc.h" +#include "atomicio.h" +#include "sshbuf.h" +#include "ssherr.h" + +#define MAX_KEY_FILE_SIZE (1024 * 1024) + +/* Save a key blob to a file */ +static int +sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) +{ + int fd, oerrno; + + if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) + return SSH_ERR_SYSTEM_ERROR; + if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf), + sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { + oerrno = errno; + close(fd); + unlink(filename); + errno = oerrno; + return SSH_ERR_SYSTEM_ERROR; + } + close(fd); + return 0; +} + +int +sshkey_save_private(struct sshkey *key, const char *filename, + const char *passphrase, const char *comment, + int force_new_format, const char *new_format_cipher, int new_format_rounds) +{ + struct sshbuf *keyblob = NULL; + int r; + + if ((keyblob = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, + force_new_format, new_format_cipher, new_format_rounds)) != 0) + goto out; + if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) + goto out; + r = 0; + out: + sshbuf_free(keyblob); + return r; +} + +/* Load a key from a fd into a buffer */ +int +sshkey_load_file(int fd, const char *filename, struct sshbuf *blob) +{ + u_char buf[1024]; + size_t len; + struct stat st; + int r; + + if (fstat(fd, &st) < 0) + return SSH_ERR_SYSTEM_ERROR; + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && + st.st_size > MAX_KEY_FILE_SIZE) + return SSH_ERR_INVALID_FORMAT; + for (;;) { + if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { + if (errno == EPIPE) + break; + r = SSH_ERR_SYSTEM_ERROR; + goto out; + } + if ((r = sshbuf_put(blob, buf, len)) != 0) + goto out; + if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && + st.st_size != (off_t)sshbuf_len(blob)) { + r = SSH_ERR_FILE_CHANGED; + goto out; + } + r = 0; + + out: + explicit_bzero(buf, sizeof(buf)); + if (r != 0) + sshbuf_reset(blob); + return r; +} + +#ifdef WITH_SSH1 +/* + * Loads the public part of the ssh v1 key file. Returns NULL if an error was + * encountered (the file does not exist or is not readable), and the key + * otherwise. + */ +static int +sshkey_load_public_rsa1(int fd, const char *filename, + struct sshkey **keyp, char **commentp) +{ + struct sshbuf *b = NULL; + int r; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshkey_load_file(fd, filename, b)) != 0) + goto out; + if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) + goto out; + r = 0; + out: + sshbuf_free(b); + return r; +} +#endif /* WITH_SSH1 */ + +#ifdef WITH_OPENSSL +/* XXX Deprecate? */ +int +sshkey_load_private_pem(int fd, int type, const char *passphrase, + struct sshkey **keyp, char **commentp) +{ + struct sshbuf *buffer = NULL; + int r; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + if ((buffer = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshkey_load_file(fd, NULL, buffer)) != 0) + goto out; + if ((r = sshkey_parse_private_pem_fileblob(buffer, type, passphrase, + keyp, commentp)) != 0) + goto out; + r = 0; + out: + sshbuf_free(buffer); + return r; +} +#endif /* WITH_OPENSSL */ + +/* XXX remove error() calls from here? */ +int +sshkey_perm_ok(int fd, const char *filename) +{ + struct stat st; + + if (fstat(fd, &st) < 0) + return SSH_ERR_SYSTEM_ERROR; + /* + * if a key owned by the user is accessed, then we check the + * permissions of the file. if the key owned by a different user, + * then we don't care. + */ +#ifdef HAVE_CYGWIN + if (check_ntsec(filename)) +#endif + if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("Permissions 0%3.3o for '%s' are too open.", + (u_int)st.st_mode & 0777, filename); + error("It is recommended that your private key files are NOT accessible by others."); + error("This private key will be ignored."); + return SSH_ERR_KEY_BAD_PERMISSIONS; + } + return 0; +} + +/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ +int +sshkey_load_private_type(int type, const char *filename, const char *passphrase, + struct sshkey **keyp, char **commentp, int *perm_ok) +{ + int fd, r; + struct sshbuf *buffer = NULL; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + if ((fd = open(filename, O_RDONLY)) < 0) { + if (perm_ok != NULL) + *perm_ok = 0; + return SSH_ERR_SYSTEM_ERROR; + } + if (sshkey_perm_ok(fd, filename) != 0) { + if (perm_ok != NULL) + *perm_ok = 0; + r = SSH_ERR_KEY_BAD_PERMISSIONS; + goto out; + } + if (perm_ok != NULL) + *perm_ok = 1; + + if ((buffer = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_load_file(fd, filename, buffer)) != 0) + goto out; + if ((r = sshkey_parse_private_fileblob_type(buffer, type, passphrase, + keyp, commentp)) != 0) + goto out; + r = 0; + out: + close(fd); + if (buffer != NULL) + sshbuf_free(buffer); + return r; +} + +/* XXX this is almost identical to sshkey_load_private_type() */ +int +sshkey_load_private(const char *filename, const char *passphrase, + struct sshkey **keyp, char **commentp) +{ + struct sshbuf *buffer = NULL; + int r, fd; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + if ((fd = open(filename, O_RDONLY)) < 0) + return SSH_ERR_SYSTEM_ERROR; + if (sshkey_perm_ok(fd, filename) != 0) { + r = SSH_ERR_KEY_BAD_PERMISSIONS; + goto out; + } + + if ((buffer = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_load_file(fd, filename, buffer)) != 0 || + (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, + keyp, commentp)) != 0) + goto out; + r = 0; + out: + close(fd); + if (buffer != NULL) + sshbuf_free(buffer); + return r; +} + +static int +sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) +{ + FILE *f; + char line[SSH_MAX_PUBKEY_BYTES]; + char *cp; + u_long linenum = 0; + int r; + + if (commentp != NULL) + *commentp = NULL; + if ((f = fopen(filename, "r")) == NULL) + return SSH_ERR_SYSTEM_ERROR; + while (read_keyfile_line(f, filename, line, sizeof(line), + &linenum) != -1) { + cp = line; + switch (*cp) { + case '#': + case '\n': + case '\0': + continue; + } + /* Abort loading if this looks like a private key */ + if (strncmp(cp, "-----BEGIN", 10) == 0 || + strcmp(cp, "SSH PRIVATE KEY FILE") == 0) + break; + /* Skip leading whitespace. */ + for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) + ; + if (*cp) { + if ((r = sshkey_read(k, &cp)) == 0) { + cp[strcspn(cp, "\r\n")] = '\0'; + if (commentp) { + *commentp = strdup(*cp ? + cp : filename); + if (*commentp == NULL) + r = SSH_ERR_ALLOC_FAIL; + } + fclose(f); + return r; + } + } + } + fclose(f); + return SSH_ERR_INVALID_FORMAT; +} + +/* load public key from ssh v1 private or any pubkey file */ +int +sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) +{ + struct sshkey *pub = NULL; + char file[MAXPATHLEN]; + int r, fd; + + if (keyp != NULL) + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + if ((fd = open(filename, O_RDONLY)) < 0) + goto skip; +#ifdef WITH_SSH1 + /* try rsa1 private key */ + r = sshkey_load_public_rsa1(fd, filename, keyp, commentp); + close(fd); + switch (r) { + case SSH_ERR_INTERNAL_ERROR: + case SSH_ERR_ALLOC_FAIL: + case SSH_ERR_INVALID_ARGUMENT: + case SSH_ERR_SYSTEM_ERROR: + case 0: + return r; + } +#endif /* WITH_SSH1 */ + + /* try ssh2 public key */ + if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { + if (keyp != NULL) + *keyp = pub; + return 0; + } + sshkey_free(pub); + +#ifdef WITH_SSH1 + /* try rsa1 public key */ + if ((pub = sshkey_new(KEY_RSA1)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { + if (keyp != NULL) + *keyp = pub; + return 0; + } + sshkey_free(pub); +#endif /* WITH_SSH1 */ + + skip: + /* try .pub suffix */ + if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) + return SSH_ERR_ALLOC_FAIL; + r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */ + if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && + (strlcat(file, ".pub", sizeof file) < sizeof(file)) && + (r = sshkey_try_load_public(pub, file, commentp)) == 0) { + if (keyp != NULL) + *keyp = pub; + return 0; + } + sshkey_free(pub); + return r; +} + +/* Load the certificate associated with the named private key */ +int +sshkey_load_cert(const char *filename, struct sshkey **keyp) +{ + struct sshkey *pub = NULL; + char *file = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + *keyp = NULL; + + if (asprintf(&file, "%s-cert.pub", filename) == -1) + return SSH_ERR_ALLOC_FAIL; + + if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { + goto out; + } + if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) + goto out; + + *keyp = pub; + pub = NULL; + r = 0; + + out: + if (file != NULL) + free(file); + if (pub != NULL) + sshkey_free(pub); + return r; +} + +/* Load private key and certificate */ +int +sshkey_load_private_cert(int type, const char *filename, const char *passphrase, + struct sshkey **keyp, int *perm_ok) +{ + struct sshkey *key = NULL, *cert = NULL; + int r; + + *keyp = NULL; + + switch (type) { +#ifdef WITH_OPENSSL + case KEY_RSA: + case KEY_DSA: + case KEY_ECDSA: + case KEY_ED25519: +#endif /* WITH_OPENSSL */ + case KEY_UNSPEC: + break; + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } + + if ((r = sshkey_load_private_type(type, filename, + passphrase, &key, NULL, perm_ok)) != 0 || + (r = sshkey_load_cert(filename, &cert)) != 0) + goto out; + + /* Make sure the private key matches the certificate */ + if (sshkey_equal_public(key, cert) == 0) { + r = SSH_ERR_KEY_CERT_MISMATCH; + goto out; + } + + if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 || + (r = sshkey_cert_copy(cert, key)) != 0) + goto out; + r = 0; + *keyp = key; + key = NULL; + out: + if (key != NULL) + sshkey_free(key); + if (cert != NULL) + sshkey_free(cert); + return r; +} + +/* + * Returns success if the specified "key" is listed in the file "filename", + * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. + * If strict_type is set then the key type must match exactly, + * otherwise a comparison that ignores certficiate data is performed. + */ +int +sshkey_in_file(struct sshkey *key, const char *filename, int strict_type) +{ + FILE *f; + char line[SSH_MAX_PUBKEY_BYTES]; + char *cp; + u_long linenum = 0; + int r = 0; + struct sshkey *pub = NULL; + int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = + strict_type ? sshkey_equal : sshkey_equal_public; + + if ((f = fopen(filename, "r")) == NULL) { + if (errno == ENOENT) + return SSH_ERR_KEY_NOT_FOUND; + else + return SSH_ERR_SYSTEM_ERROR; + } + + while (read_keyfile_line(f, filename, line, sizeof(line), + &linenum) != -1) { + cp = line; + + /* Skip leading whitespace. */ + for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) + ; + + /* Skip comments and empty lines */ + switch (*cp) { + case '#': + case '\n': + case '\0': + continue; + } + + if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_read(pub, &cp)) != 0) + goto out; + if (sshkey_compare(key, pub)) { + r = 0; + goto out; + } + sshkey_free(pub); + pub = NULL; + } + r = SSH_ERR_KEY_NOT_FOUND; + out: + if (pub != NULL) + sshkey_free(pub); + fclose(f); + return r; +} + diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h b/crypto/openssh/authfile.h similarity index 57% copy from crypto/openssh/openbsd-compat/bsd-cygwin_util.h copy to crypto/openssh/authfile.h index b4bcd04b7a..03bc3958c7 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h +++ b/crypto/openssh/authfile.h @@ -1,7 +1,7 @@ -/* $Id: bsd-cygwin_util.h,v 1.15 2012/08/28 09:57:19 dtucker Exp $ */ +/* $OpenBSD: authfile.h,v 1.19 2014/07/03 23:18:35 djm Exp $ */ /* - * Copyright (c) 2000, 2001, 2011 Corinna Vinschen + * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -22,39 +22,26 @@ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Created: Sat Sep 02 12:17:00 2000 cv - * - * This file contains functions for forcing opened file descriptors to - * binary mode on Windows systems. */ -#ifndef _BSD_CYGWIN_UTIL_H -#define _BSD_CYGWIN_UTIL_H - -#ifdef HAVE_CYGWIN - -#undef ERROR - -#define WIN32_LEAN_AND_MEAN +#ifndef AUTHFILE_H +#define AUTHFILE_H + +struct sshbuf; +struct sshkey; + +int sshkey_save_private(struct sshkey *, const char *, + const char *, const char *, int, const char *, int); +int sshkey_load_file(int, const char *, struct sshbuf *); +int sshkey_load_cert(const char *, struct sshkey **); +int sshkey_load_public(const char *, struct sshkey **, char **); +int sshkey_load_private(const char *, const char *, struct sshkey **, char **); +int sshkey_load_private_cert(int, const char *, const char *, + struct sshkey **, int *); +int sshkey_load_private_type(int, const char *, const char *, + struct sshkey **, char **, int *); +int sshkey_load_private_pem(int, int, const char *, struct sshkey **, char **); +int sshkey_perm_ok(int, const char *); +int sshkey_in_file(struct sshkey *, const char *, int); -#include -#include -#include - -/* Make sure _WIN32 isn't defined later in the code, otherwise headers from - other packages might get the wrong idea about the target system. */ -#ifdef _WIN32 -#undef _WIN32 #endif - -int binary_open(const char *, int , ...); -int check_ntsec(const char *); -char **fetch_windows_environment(void); -void free_windows_environment(char **); - -#define open binary_open - -#endif /* HAVE_CYGWIN */ - -#endif /* _BSD_CYGWIN_UTIL_H */ diff --git a/crypto/openssh/blocks.c b/crypto/openssh/blocks.c new file mode 100644 index 0000000000..ad93fe5099 --- /dev/null +++ b/crypto/openssh/blocks.c @@ -0,0 +1,248 @@ +/* $OpenBSD: blocks.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Author: Daniel J. Bernstein + * Copied from nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c + */ + +#include "includes.h" + +#include "crypto_api.h" + +typedef unsigned long long uint64; + +static uint64 load_bigendian(const unsigned char *x) +{ + return + (uint64) (x[7]) \ + | (((uint64) (x[6])) << 8) \ + | (((uint64) (x[5])) << 16) \ + | (((uint64) (x[4])) << 24) \ + | (((uint64) (x[3])) << 32) \ + | (((uint64) (x[2])) << 40) \ + | (((uint64) (x[1])) << 48) \ + | (((uint64) (x[0])) << 56) + ; +} + +static void store_bigendian(unsigned char *x,uint64 u) +{ + x[7] = u; u >>= 8; + x[6] = u; u >>= 8; + x[5] = u; u >>= 8; + x[4] = u; u >>= 8; + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(w,k) \ + T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ + T2 = Sigma0(a) + Maj(a,b,c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + T1; \ + d = c; \ + c = b; \ + b = a; \ + a = T1 + T2; + +int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint64 state[8]; + uint64 a; + uint64 b; + uint64 c; + uint64 d; + uint64 e; + uint64 f; + uint64 g; + uint64 h; + uint64 T1; + uint64 T2; + + a = load_bigendian(statebytes + 0); state[0] = a; + b = load_bigendian(statebytes + 8); state[1] = b; + c = load_bigendian(statebytes + 16); state[2] = c; + d = load_bigendian(statebytes + 24); state[3] = d; + e = load_bigendian(statebytes + 32); state[4] = e; + f = load_bigendian(statebytes + 40); state[5] = f; + g = load_bigendian(statebytes + 48); state[6] = g; + h = load_bigendian(statebytes + 56); state[7] = h; + + while (inlen >= 128) { + uint64 w0 = load_bigendian(in + 0); + uint64 w1 = load_bigendian(in + 8); + uint64 w2 = load_bigendian(in + 16); + uint64 w3 = load_bigendian(in + 24); + uint64 w4 = load_bigendian(in + 32); + uint64 w5 = load_bigendian(in + 40); + uint64 w6 = load_bigendian(in + 48); + uint64 w7 = load_bigendian(in + 56); + uint64 w8 = load_bigendian(in + 64); + uint64 w9 = load_bigendian(in + 72); + uint64 w10 = load_bigendian(in + 80); + uint64 w11 = load_bigendian(in + 88); + uint64 w12 = load_bigendian(in + 96); + uint64 w13 = load_bigendian(in + 104); + uint64 w14 = load_bigendian(in + 112); + uint64 w15 = load_bigendian(in + 120); + + F(w0 ,0x428a2f98d728ae22ULL) + F(w1 ,0x7137449123ef65cdULL) + F(w2 ,0xb5c0fbcfec4d3b2fULL) + F(w3 ,0xe9b5dba58189dbbcULL) + F(w4 ,0x3956c25bf348b538ULL) + F(w5 ,0x59f111f1b605d019ULL) + F(w6 ,0x923f82a4af194f9bULL) + F(w7 ,0xab1c5ed5da6d8118ULL) + F(w8 ,0xd807aa98a3030242ULL) + F(w9 ,0x12835b0145706fbeULL) + F(w10,0x243185be4ee4b28cULL) + F(w11,0x550c7dc3d5ffb4e2ULL) + F(w12,0x72be5d74f27b896fULL) + F(w13,0x80deb1fe3b1696b1ULL) + F(w14,0x9bdc06a725c71235ULL) + F(w15,0xc19bf174cf692694ULL) + + EXPAND + + F(w0 ,0xe49b69c19ef14ad2ULL) + F(w1 ,0xefbe4786384f25e3ULL) + F(w2 ,0x0fc19dc68b8cd5b5ULL) + F(w3 ,0x240ca1cc77ac9c65ULL) + F(w4 ,0x2de92c6f592b0275ULL) + F(w5 ,0x4a7484aa6ea6e483ULL) + F(w6 ,0x5cb0a9dcbd41fbd4ULL) + F(w7 ,0x76f988da831153b5ULL) + F(w8 ,0x983e5152ee66dfabULL) + F(w9 ,0xa831c66d2db43210ULL) + F(w10,0xb00327c898fb213fULL) + F(w11,0xbf597fc7beef0ee4ULL) + F(w12,0xc6e00bf33da88fc2ULL) + F(w13,0xd5a79147930aa725ULL) + F(w14,0x06ca6351e003826fULL) + F(w15,0x142929670a0e6e70ULL) + + EXPAND + + F(w0 ,0x27b70a8546d22ffcULL) + F(w1 ,0x2e1b21385c26c926ULL) + F(w2 ,0x4d2c6dfc5ac42aedULL) + F(w3 ,0x53380d139d95b3dfULL) + F(w4 ,0x650a73548baf63deULL) + F(w5 ,0x766a0abb3c77b2a8ULL) + F(w6 ,0x81c2c92e47edaee6ULL) + F(w7 ,0x92722c851482353bULL) + F(w8 ,0xa2bfe8a14cf10364ULL) + F(w9 ,0xa81a664bbc423001ULL) + F(w10,0xc24b8b70d0f89791ULL) + F(w11,0xc76c51a30654be30ULL) + F(w12,0xd192e819d6ef5218ULL) + F(w13,0xd69906245565a910ULL) + F(w14,0xf40e35855771202aULL) + F(w15,0x106aa07032bbd1b8ULL) + + EXPAND + + F(w0 ,0x19a4c116b8d2d0c8ULL) + F(w1 ,0x1e376c085141ab53ULL) + F(w2 ,0x2748774cdf8eeb99ULL) + F(w3 ,0x34b0bcb5e19b48a8ULL) + F(w4 ,0x391c0cb3c5c95a63ULL) + F(w5 ,0x4ed8aa4ae3418acbULL) + F(w6 ,0x5b9cca4f7763e373ULL) + F(w7 ,0x682e6ff3d6b2b8a3ULL) + F(w8 ,0x748f82ee5defb2fcULL) + F(w9 ,0x78a5636f43172f60ULL) + F(w10,0x84c87814a1f0ab72ULL) + F(w11,0x8cc702081a6439ecULL) + F(w12,0x90befffa23631e28ULL) + F(w13,0xa4506cebde82bde9ULL) + F(w14,0xbef9a3f7b2c67915ULL) + F(w15,0xc67178f2e372532bULL) + + EXPAND + + F(w0 ,0xca273eceea26619cULL) + F(w1 ,0xd186b8c721c0c207ULL) + F(w2 ,0xeada7dd6cde0eb1eULL) + F(w3 ,0xf57d4f7fee6ed178ULL) + F(w4 ,0x06f067aa72176fbaULL) + F(w5 ,0x0a637dc5a2c898a6ULL) + F(w6 ,0x113f9804bef90daeULL) + F(w7 ,0x1b710b35131c471bULL) + F(w8 ,0x28db77f523047d84ULL) + F(w9 ,0x32caab7b40c72493ULL) + F(w10,0x3c9ebe0a15c9bebcULL) + F(w11,0x431d67c49c100d4cULL) + F(w12,0x4cc5d4becb3e42b6ULL) + F(w13,0x597f299cfc657e2aULL) + F(w14,0x5fcb6fab3ad6faecULL) + F(w15,0x6c44198c4a475817ULL) + + a += state[0]; + b += state[1]; + c += state[2]; + d += state[3]; + e += state[4]; + f += state[5]; + g += state[6]; + h += state[7]; + + state[0] = a; + state[1] = b; + state[2] = c; + state[3] = d; + state[4] = e; + state[5] = f; + state[6] = g; + state[7] = h; + + in += 128; + inlen -= 128; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 8,state[1]); + store_bigendian(statebytes + 16,state[2]); + store_bigendian(statebytes + 24,state[3]); + store_bigendian(statebytes + 32,state[4]); + store_bigendian(statebytes + 40,state[5]); + store_bigendian(statebytes + 48,state[6]); + store_bigendian(statebytes + 56,state[7]); + + return inlen; +} diff --git a/crypto/openssh/bufaux.c b/crypto/openssh/bufaux.c dissimilarity index 76% index 00208ca279..3976896a99 100644 --- a/crypto/openssh/bufaux.c +++ b/crypto/openssh/bufaux.c @@ -1,316 +1,259 @@ -/* $OpenBSD: bufaux.c,v 1.50 2010/08/31 09:58:37 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Auxiliary functions for storing and retrieving various data types to/from - * Buffers. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * SSH2 packet format added by Markus Friedl - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include - -#include - -#include -#include - -#include "xmalloc.h" -#include "buffer.h" -#include "log.h" -#include "misc.h" - -/* - * Returns integers from the buffer (msb first). - */ - -int -buffer_get_short_ret(u_short *ret, Buffer *buffer) -{ - u_char buf[2]; - - if (buffer_get_ret(buffer, (char *) buf, 2) == -1) - return (-1); - *ret = get_u16(buf); - return (0); -} - -u_short -buffer_get_short(Buffer *buffer) -{ - u_short ret; - - if (buffer_get_short_ret(&ret, buffer) == -1) - fatal("buffer_get_short: buffer error"); - - return (ret); -} - -int -buffer_get_int_ret(u_int *ret, Buffer *buffer) -{ - u_char buf[4]; - - if (buffer_get_ret(buffer, (char *) buf, 4) == -1) - return (-1); - if (ret != NULL) - *ret = get_u32(buf); - return (0); -} - -u_int -buffer_get_int(Buffer *buffer) -{ - u_int ret; - - if (buffer_get_int_ret(&ret, buffer) == -1) - fatal("buffer_get_int: buffer error"); - - return (ret); -} - -int -buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) -{ - u_char buf[8]; - - if (buffer_get_ret(buffer, (char *) buf, 8) == -1) - return (-1); - if (ret != NULL) - *ret = get_u64(buf); - return (0); -} - -u_int64_t -buffer_get_int64(Buffer *buffer) -{ - u_int64_t ret; - - if (buffer_get_int64_ret(&ret, buffer) == -1) - fatal("buffer_get_int: buffer error"); - - return (ret); -} - -/* - * Stores integers in the buffer, msb first. - */ -void -buffer_put_short(Buffer *buffer, u_short value) -{ - char buf[2]; - - put_u16(buf, value); - buffer_append(buffer, buf, 2); -} - -void -buffer_put_int(Buffer *buffer, u_int value) -{ - char buf[4]; - - put_u32(buf, value); - buffer_append(buffer, buf, 4); -} - -void -buffer_put_int64(Buffer *buffer, u_int64_t value) -{ - char buf[8]; - - put_u64(buf, value); - buffer_append(buffer, buf, 8); -} - -/* - * Returns an arbitrary binary string from the buffer. The string cannot - * be longer than 256k. The returned value points to memory allocated - * with xmalloc; it is the responsibility of the calling function to free - * the data. If length_ptr is non-NULL, the length of the returned data - * will be stored there. A null character will be automatically appended - * to the returned string, and is not counted in length. - */ -void * -buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) -{ - u_char *value; - u_int len; - - /* Get the length. */ - if (buffer_get_int_ret(&len, buffer) != 0) { - error("buffer_get_string_ret: cannot extract length"); - return (NULL); - } - if (len > 256 * 1024) { - error("buffer_get_string_ret: bad string length %u", len); - return (NULL); - } - /* Allocate space for the string. Add one byte for a null character. */ - value = xmalloc(len + 1); - /* Get the string. */ - if (buffer_get_ret(buffer, value, len) == -1) { - error("buffer_get_string_ret: buffer_get failed"); - xfree(value); - return (NULL); - } - /* Append a null character to make processing easier. */ - value[len] = '\0'; - /* Optionally return the length of the string. */ - if (length_ptr) - *length_ptr = len; - return (value); -} - -void * -buffer_get_string(Buffer *buffer, u_int *length_ptr) -{ - void *ret; - - if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) - fatal("buffer_get_string: buffer error"); - return (ret); -} - -char * -buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr) -{ - u_int length; - char *cp, *ret = buffer_get_string_ret(buffer, &length); - - if (ret == NULL) - return NULL; - if ((cp = memchr(ret, '\0', length)) != NULL) { - /* XXX allow \0 at end-of-string for a while, remove later */ - if (cp == ret + length - 1) - error("buffer_get_cstring_ret: string contains \\0"); - else { - bzero(ret, length); - xfree(ret); - return NULL; - } - } - if (length_ptr != NULL) - *length_ptr = length; - return ret; -} - -char * -buffer_get_cstring(Buffer *buffer, u_int *length_ptr) -{ - char *ret; - - if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL) - fatal("buffer_get_cstring: buffer error"); - return ret; -} - -void * -buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr) -{ - void *ptr; - u_int len; - - if (buffer_get_int_ret(&len, buffer) != 0) - return NULL; - if (len > 256 * 1024) { - error("buffer_get_string_ptr: bad string length %u", len); - return NULL; - } - ptr = buffer_ptr(buffer); - buffer_consume(buffer, len); - if (length_ptr) - *length_ptr = len; - return (ptr); -} - -void * -buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr) -{ - void *ret; - - if ((ret = buffer_get_string_ptr_ret(buffer, length_ptr)) == NULL) - fatal("buffer_get_string_ptr: buffer error"); - return (ret); -} - -/* - * Stores and arbitrary binary string in the buffer. - */ -void -buffer_put_string(Buffer *buffer, const void *buf, u_int len) -{ - buffer_put_int(buffer, len); - buffer_append(buffer, buf, len); -} -void -buffer_put_cstring(Buffer *buffer, const char *s) -{ - if (s == NULL) - fatal("buffer_put_cstring: s == NULL"); - buffer_put_string(buffer, s, strlen(s)); -} - -/* - * Returns a character from the buffer (0 - 255). - */ -int -buffer_get_char_ret(char *ret, Buffer *buffer) -{ - if (buffer_get_ret(buffer, ret, 1) == -1) { - error("buffer_get_char_ret: buffer_get_ret failed"); - return (-1); - } - return (0); -} - -int -buffer_get_char(Buffer *buffer) -{ - char ch; - - if (buffer_get_char_ret(&ch, buffer) == -1) - fatal("buffer_get_char: buffer error"); - return (u_char) ch; -} - -/* - * Stores a character in the buffer. - */ -void -buffer_put_char(Buffer *buffer, int value) -{ - char ch = value; - - buffer_append(buffer, &ch, 1); -} +/* $OpenBSD: bufaux.c,v 1.60 2014/04/30 05:29:56 djm Exp $ */ +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + +#include "includes.h" + +#include + +#include "buffer.h" +#include "log.h" +#include "ssherr.h" + +int +buffer_get_short_ret(u_short *v, Buffer *buffer) +{ + int ret; + + if ((ret = sshbuf_get_u16(buffer, v)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +u_short +buffer_get_short(Buffer *buffer) +{ + u_short ret; + + if (buffer_get_short_ret(&ret, buffer) == -1) + fatal("%s: buffer error", __func__); + + return (ret); +} + +int +buffer_get_int_ret(u_int *v, Buffer *buffer) +{ + int ret; + + if ((ret = sshbuf_get_u32(buffer, v)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +u_int +buffer_get_int(Buffer *buffer) +{ + u_int ret; + + if (buffer_get_int_ret(&ret, buffer) == -1) + fatal("%s: buffer error", __func__); + + return (ret); +} + +int +buffer_get_int64_ret(u_int64_t *v, Buffer *buffer) +{ + int ret; + + if ((ret = sshbuf_get_u64(buffer, v)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +u_int64_t +buffer_get_int64(Buffer *buffer) +{ + u_int64_t ret; + + if (buffer_get_int64_ret(&ret, buffer) == -1) + fatal("%s: buffer error", __func__); + + return (ret); +} + +void +buffer_put_short(Buffer *buffer, u_short value) +{ + int ret; + + if ((ret = sshbuf_put_u16(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_put_int(Buffer *buffer, u_int value) +{ + int ret; + + if ((ret = sshbuf_put_u32(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_put_int64(Buffer *buffer, u_int64_t value) +{ + int ret; + + if ((ret = sshbuf_put_u64(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void * +buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) +{ + size_t len; + int ret; + u_char *value; + + if ((ret = sshbuf_get_string(buffer, &value, &len)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return NULL; + } + if (length_ptr != NULL) + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; +} + +void * +buffer_get_string(Buffer *buffer, u_int *length_ptr) +{ + void *ret; + + if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) + fatal("%s: buffer error", __func__); + return (ret); +} + +char * +buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr) +{ + size_t len; + int ret; + char *value; + + if ((ret = sshbuf_get_cstring(buffer, &value, &len)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return NULL; + } + if (length_ptr != NULL) + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; +} + +char * +buffer_get_cstring(Buffer *buffer, u_int *length_ptr) +{ + char *ret; + + if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL) + fatal("%s: buffer error", __func__); + return ret; +} + +const void * +buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr) +{ + size_t len; + int ret; + const u_char *value; + + if ((ret = sshbuf_get_string_direct(buffer, &value, &len)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return NULL; + } + if (length_ptr != NULL) + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; +} + +const void * +buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr) +{ + const void *ret; + + if ((ret = buffer_get_string_ptr_ret(buffer, length_ptr)) == NULL) + fatal("%s: buffer error", __func__); + return (ret); +} + +void +buffer_put_string(Buffer *buffer, const void *buf, u_int len) +{ + int ret; + + if ((ret = sshbuf_put_string(buffer, buf, len)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_put_cstring(Buffer *buffer, const char *s) +{ + int ret; + + if ((ret = sshbuf_put_cstring(buffer, s)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +int +buffer_get_char_ret(char *v, Buffer *buffer) +{ + int ret; + + if ((ret = sshbuf_get_u8(buffer, (u_char *)v)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +int +buffer_get_char(Buffer *buffer) +{ + char ch; + + if (buffer_get_char_ret(&ch, buffer) == -1) + fatal("%s: buffer error", __func__); + return (u_char) ch; +} + +void +buffer_put_char(Buffer *buffer, int value) +{ + int ret; + + if ((ret = sshbuf_put_u8(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l) +{ + int ret; + + if ((ret = sshbuf_put_bignum2_bytes(buffer, s, l)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + diff --git a/crypto/openssh/bufbn.c b/crypto/openssh/bufbn.c dissimilarity index 86% index 251cd09518..b7f7cb122a 100644 --- a/crypto/openssh/bufbn.c +++ b/crypto/openssh/bufbn.c @@ -1,223 +1,103 @@ -/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Auxiliary functions for storing and retrieving various data types to/from - * Buffers. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * SSH2 packet format added by Markus Friedl - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include - -#include - -#include -#include - -#include "xmalloc.h" -#include "buffer.h" -#include "log.h" -#include "misc.h" - -/* - * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed - * by (bits+7)/8 bytes of binary data, msb first. - */ -int -buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) -{ - int bits = BN_num_bits(value); - int bin_size = (bits + 7) / 8; - u_char *buf = xmalloc(bin_size); - int oi; - char msg[2]; - - /* Get the value of in binary */ - oi = BN_bn2bin(value, buf); - if (oi != bin_size) { - error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", - oi, bin_size); - xfree(buf); - return (-1); - } - - /* Store the number of bits in the buffer in two bytes, msb first. */ - put_u16(msg, bits); - buffer_append(buffer, msg, 2); - /* Store the binary data. */ - buffer_append(buffer, buf, oi); - - memset(buf, 0, bin_size); - xfree(buf); - - return (0); -} - -void -buffer_put_bignum(Buffer *buffer, const BIGNUM *value) -{ - if (buffer_put_bignum_ret(buffer, value) == -1) - fatal("buffer_put_bignum: buffer error"); -} - -/* - * Retrieves a BIGNUM from the buffer. - */ -int -buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) -{ - u_int bits, bytes; - u_char buf[2], *bin; - - /* Get the number of bits. */ - if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { - error("buffer_get_bignum_ret: invalid length"); - return (-1); - } - bits = get_u16(buf); - /* Compute the number of binary bytes that follow. */ - bytes = (bits + 7) / 8; - if (bytes > 8 * 1024) { - error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); - return (-1); - } - if (buffer_len(buffer) < bytes) { - error("buffer_get_bignum_ret: input buffer too small"); - return (-1); - } - bin = buffer_ptr(buffer); - if (BN_bin2bn(bin, bytes, value) == NULL) { - error("buffer_get_bignum_ret: BN_bin2bn failed"); - return (-1); - } - if (buffer_consume_ret(buffer, bytes) == -1) { - error("buffer_get_bignum_ret: buffer_consume failed"); - return (-1); - } - return (0); -} - -void -buffer_get_bignum(Buffer *buffer, BIGNUM *value) -{ - if (buffer_get_bignum_ret(buffer, value) == -1) - fatal("buffer_get_bignum: buffer error"); -} - -/* - * Stores a BIGNUM in the buffer in SSH2 format. - */ -int -buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) -{ - u_int bytes; - u_char *buf; - int oi; - u_int hasnohigh = 0; - - if (BN_is_zero(value)) { - buffer_put_int(buffer, 0); - return 0; - } - if (value->neg) { - error("buffer_put_bignum2_ret: negative numbers not supported"); - return (-1); - } - bytes = BN_num_bytes(value) + 1; /* extra padding byte */ - if (bytes < 2) { - error("buffer_put_bignum2_ret: BN too small"); - return (-1); - } - buf = xmalloc(bytes); - buf[0] = 0x00; - /* Get the value of in binary */ - oi = BN_bn2bin(value, buf+1); - if (oi < 0 || (u_int)oi != bytes - 1) { - error("buffer_put_bignum2_ret: BN_bn2bin() failed: " - "oi %d != bin_size %d", oi, bytes); - xfree(buf); - return (-1); - } - hasnohigh = (buf[1] & 0x80) ? 0 : 1; - buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); - memset(buf, 0, bytes); - xfree(buf); - return (0); -} - -void -buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) -{ - if (buffer_put_bignum2_ret(buffer, value) == -1) - fatal("buffer_put_bignum2: buffer error"); -} - -int -buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) -{ - u_int len; - u_char *bin; - - if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { - error("buffer_get_bignum2_ret: invalid bignum"); - return (-1); - } - - if (len > 0 && (bin[0] & 0x80)) { - error("buffer_get_bignum2_ret: negative numbers not supported"); - xfree(bin); - return (-1); - } - if (len > 8 * 1024) { - error("buffer_get_bignum2_ret: cannot handle BN of size %d", - len); - xfree(bin); - return (-1); - } - if (BN_bin2bn(bin, len, value) == NULL) { - error("buffer_get_bignum2_ret: BN_bin2bn failed"); - xfree(bin); - return (-1); - } - xfree(bin); - return (0); -} - -void -buffer_get_bignum2(Buffer *buffer, BIGNUM *value) -{ - if (buffer_get_bignum2_ret(buffer, value) == -1) - fatal("buffer_get_bignum2: buffer error"); -} +/* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */ + +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + +#include "includes.h" + +#include + +#include "buffer.h" +#include "log.h" +#include "ssherr.h" + +int +buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) +{ + int ret; + + if ((ret = sshbuf_put_bignum1(buffer, value)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_put_bignum(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum_ret(buffer, value) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) +{ + int ret; + + if ((ret = sshbuf_get_bignum1(buffer, value)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_get_bignum(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum_ret(buffer, value) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) +{ + int ret; + + if ((ret = sshbuf_put_bignum2(buffer, value)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum2_ret(buffer, value) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) +{ + int ret; + + if ((ret = sshbuf_get_bignum2(buffer, value)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_get_bignum2(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum2_ret(buffer, value) == -1) + fatal("%s: buffer error", __func__); +} diff --git a/crypto/openssh/bufec.c b/crypto/openssh/bufec.c dissimilarity index 63% index 3dcb49477d..749ce9d4c2 100644 --- a/crypto/openssh/bufec.c +++ b/crypto/openssh/bufec.c @@ -1,146 +1,74 @@ -/* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ -/* - * Copyright (c) 2010 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#ifdef OPENSSL_HAS_ECC - -#include - -#include -#include - -#include -#include - -#include "xmalloc.h" -#include "buffer.h" -#include "log.h" -#include "misc.h" - -/* - * Maximum supported EC GFp field length is 528 bits. SEC1 uncompressed - * encoding represents this as two bitstring points that should each - * be no longer than the field length, SEC1 specifies a 1 byte - * point type header. - * Being paranoid here may insulate us to parsing problems in - * EC_POINT_oct2point. - */ -#define BUFFER_MAX_ECPOINT_LEN ((528*2 / 8) + 1) - -/* - * Append an EC_POINT to the buffer as a string containing a SEC1 encoded - * uncompressed point. Fortunately OpenSSL handles the gory details for us. - */ -int -buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, - const EC_POINT *point) -{ - u_char *buf = NULL; - size_t len; - BN_CTX *bnctx; - int ret = -1; - - /* Determine length */ - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new failed", __func__); - len = EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, bnctx); - if (len > BUFFER_MAX_ECPOINT_LEN) { - error("%s: giant EC point: len = %lu (max %u)", - __func__, (u_long)len, BUFFER_MAX_ECPOINT_LEN); - goto out; - } - /* Convert */ - buf = xmalloc(len); - if (EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED, - buf, len, bnctx) != len) { - error("%s: EC_POINT_point2oct length mismatch", __func__); - goto out; - } - /* Append */ - buffer_put_string(buffer, buf, len); - ret = 0; - out: - if (buf != NULL) { - bzero(buf, len); - xfree(buf); - } - BN_CTX_free(bnctx); - return ret; -} - -void -buffer_put_ecpoint(Buffer *buffer, const EC_GROUP *curve, - const EC_POINT *point) -{ - if (buffer_put_ecpoint_ret(buffer, curve, point) == -1) - fatal("%s: buffer error", __func__); -} - -int -buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, - EC_POINT *point) -{ - u_char *buf; - u_int len; - BN_CTX *bnctx; - int ret = -1; - - if ((buf = buffer_get_string_ret(buffer, &len)) == NULL) { - error("%s: invalid point", __func__); - return -1; - } - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new failed", __func__); - if (len > BUFFER_MAX_ECPOINT_LEN) { - error("%s: EC_POINT too long: %u > max %u", __func__, - len, BUFFER_MAX_ECPOINT_LEN); - goto out; - } - if (len == 0) { - error("%s: EC_POINT buffer is empty", __func__); - goto out; - } - if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) { - error("%s: EC_POINT is in an incorrect form: " - "0x%02x (want 0x%02x)", __func__, buf[0], - POINT_CONVERSION_UNCOMPRESSED); - goto out; - } - if (EC_POINT_oct2point(curve, point, buf, len, bnctx) != 1) { - error("buffer_get_bignum2_ret: BN_bin2bn failed"); - goto out; - } - /* EC_POINT_oct2point verifies that the point is on the curve for us */ - ret = 0; - out: - BN_CTX_free(bnctx); - bzero(buf, len); - xfree(buf); - return ret; -} - -void -buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve, - EC_POINT *point) -{ - if (buffer_get_ecpoint_ret(buffer, curve, point) == -1) - fatal("%s: buffer error", __func__); -} - -#endif /* OPENSSL_HAS_ECC */ +/* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */ + +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + +#include "includes.h" + +#include + +#include "buffer.h" +#include "log.h" +#include "ssherr.h" + +#ifdef OPENSSL_HAS_ECC + +int +buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, + const EC_POINT *point) +{ + int ret; + + if ((ret = sshbuf_put_ec(buffer, point, curve)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_put_ecpoint(Buffer *buffer, const EC_GROUP *curve, + const EC_POINT *point) +{ + if (buffer_put_ecpoint_ret(buffer, curve, point) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, + EC_POINT *point) +{ + int ret; + + if ((ret = sshbuf_get_ec(buffer, point, curve)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve, + EC_POINT *point) +{ + if (buffer_get_ecpoint_ret(buffer, curve, point) == -1) + fatal("%s: buffer error", __func__); +} + +#endif /* OPENSSL_HAS_ECC */ + diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c dissimilarity index 86% index ae9700344d..c5f708ab2e 100644 --- a/crypto/openssh/buffer.c +++ b/crypto/openssh/buffer.c @@ -1,252 +1,118 @@ -/* $OpenBSD: buffer.c,v 1.32 2010/02/09 03:56:28 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Functions for manipulating fifo buffers (that can grow if needed). - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" - -#include - -#include -#include -#include - -#include "xmalloc.h" -#include "buffer.h" -#include "log.h" - -#define BUFFER_MAX_CHUNK 0x100000 -#define BUFFER_MAX_LEN 0xa00000 -#define BUFFER_ALLOCSZ 0x008000 - -/* Initializes the buffer structure. */ - -void -buffer_init(Buffer *buffer) -{ - const u_int len = 4096; - - buffer->alloc = 0; - buffer->buf = xmalloc(len); - buffer->alloc = len; - buffer->offset = 0; - buffer->end = 0; -} - -/* Frees any memory used for the buffer. */ - -void -buffer_free(Buffer *buffer) -{ - if (buffer->alloc > 0) { - memset(buffer->buf, 0, buffer->alloc); - buffer->alloc = 0; - xfree(buffer->buf); - } -} - -/* - * Clears any data from the buffer, making it empty. This does not actually - * zero the memory. - */ - -void -buffer_clear(Buffer *buffer) -{ - buffer->offset = 0; - buffer->end = 0; -} - -/* Appends data to the buffer, expanding it if necessary. */ - -void -buffer_append(Buffer *buffer, const void *data, u_int len) -{ - void *p; - p = buffer_append_space(buffer, len); - memcpy(p, data, len); -} - -static int -buffer_compact(Buffer *buffer) -{ - /* - * If the buffer is quite empty, but all data is at the end, move the - * data to the beginning. - */ - if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) { - memmove(buffer->buf, buffer->buf + buffer->offset, - buffer->end - buffer->offset); - buffer->end -= buffer->offset; - buffer->offset = 0; - return (1); - } - return (0); -} - -/* - * Appends space to the buffer, expanding the buffer if necessary. This does - * not actually copy the data into the buffer, but instead returns a pointer - * to the allocated region. - */ - -void * -buffer_append_space(Buffer *buffer, u_int len) -{ - u_int newlen; - void *p; - - if (len > BUFFER_MAX_CHUNK) - fatal("buffer_append_space: len %u not supported", len); - - /* If the buffer is empty, start using it from the beginning. */ - if (buffer->offset == buffer->end) { - buffer->offset = 0; - buffer->end = 0; - } -restart: - /* If there is enough space to store all data, store it now. */ - if (buffer->end + len < buffer->alloc) { - p = buffer->buf + buffer->end; - buffer->end += len; - return p; - } - - /* Compact data back to the start of the buffer if necessary */ - if (buffer_compact(buffer)) - goto restart; - - /* Increase the size of the buffer and retry. */ - newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ); - if (newlen > BUFFER_MAX_LEN) - fatal("buffer_append_space: alloc %u not supported", - newlen); - buffer->buf = xrealloc(buffer->buf, 1, newlen); - buffer->alloc = newlen; - goto restart; - /* NOTREACHED */ -} - -/* - * Check whether an allocation of 'len' will fit in the buffer - * This must follow the same math as buffer_append_space - */ -int -buffer_check_alloc(Buffer *buffer, u_int len) -{ - if (buffer->offset == buffer->end) { - buffer->offset = 0; - buffer->end = 0; - } - restart: - if (buffer->end + len < buffer->alloc) - return (1); - if (buffer_compact(buffer)) - goto restart; - if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN) - return (1); - return (0); -} - -/* Returns the number of bytes of data in the buffer. */ - -u_int -buffer_len(const Buffer *buffer) -{ - return buffer->end - buffer->offset; -} - -/* Gets data from the beginning of the buffer. */ - -int -buffer_get_ret(Buffer *buffer, void *buf, u_int len) -{ - if (len > buffer->end - buffer->offset) { - error("buffer_get_ret: trying to get more bytes %d than in buffer %d", - len, buffer->end - buffer->offset); - return (-1); - } - memcpy(buf, buffer->buf + buffer->offset, len); - buffer->offset += len; - return (0); -} - -void -buffer_get(Buffer *buffer, void *buf, u_int len) -{ - if (buffer_get_ret(buffer, buf, len) == -1) - fatal("buffer_get: buffer error"); -} - -/* Consumes the given number of bytes from the beginning of the buffer. */ - -int -buffer_consume_ret(Buffer *buffer, u_int bytes) -{ - if (bytes > buffer->end - buffer->offset) { - error("buffer_consume_ret: trying to get more bytes than in buffer"); - return (-1); - } - buffer->offset += bytes; - return (0); -} - -void -buffer_consume(Buffer *buffer, u_int bytes) -{ - if (buffer_consume_ret(buffer, bytes) == -1) - fatal("buffer_consume: buffer error"); -} - -/* Consumes the given number of bytes from the end of the buffer. */ - -int -buffer_consume_end_ret(Buffer *buffer, u_int bytes) -{ - if (bytes > buffer->end - buffer->offset) - return (-1); - buffer->end -= bytes; - return (0); -} - -void -buffer_consume_end(Buffer *buffer, u_int bytes) -{ - if (buffer_consume_end_ret(buffer, bytes) == -1) - fatal("buffer_consume_end: trying to get more bytes than in buffer"); -} - -/* Returns a pointer to the first used byte in the buffer. */ - -void * -buffer_ptr(const Buffer *buffer) -{ - return buffer->buf + buffer->offset; -} - -/* Dumps the contents of the buffer to stderr. */ - -void -buffer_dump(const Buffer *buffer) -{ - u_int i; - u_char *ucp = buffer->buf; - - for (i = buffer->offset; i < buffer->end; i++) { - fprintf(stderr, "%02x", ucp[i]); - if ((i-buffer->offset)%16==15) - fprintf(stderr, "\r\n"); - else if ((i-buffer->offset)%2==1) - fprintf(stderr, " "); - } - fprintf(stderr, "\r\n"); -} +/* $OpenBSD: buffer.c,v 1.36 2014/04/30 05:29:56 djm Exp $ */ + +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + +#include "includes.h" + +#include + +#include "buffer.h" +#include "log.h" +#include "ssherr.h" + +void +buffer_append(Buffer *buffer, const void *data, u_int len) +{ + int ret; + + if ((ret = sshbuf_put(buffer, data, len)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void * +buffer_append_space(Buffer *buffer, u_int len) +{ + int ret; + u_char *p; + + if ((ret = sshbuf_reserve(buffer, len, &p)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); + return p; +} + +int +buffer_check_alloc(Buffer *buffer, u_int len) +{ + int ret = sshbuf_check_reserve(buffer, len); + + if (ret == 0) + return 1; + if (ret == SSH_ERR_NO_BUFFER_SPACE) + return 0; + fatal("%s: %s", __func__, ssh_err(ret)); +} + +int +buffer_get_ret(Buffer *buffer, void *buf, u_int len) +{ + int ret; + + if ((ret = sshbuf_get(buffer, buf, len)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_get(Buffer *buffer, void *buf, u_int len) +{ + if (buffer_get_ret(buffer, buf, len) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_consume_ret(Buffer *buffer, u_int bytes) +{ + int ret = sshbuf_consume(buffer, bytes); + + if (ret == 0) + return 0; + if (ret == SSH_ERR_MESSAGE_INCOMPLETE) + return -1; + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_consume(Buffer *buffer, u_int bytes) +{ + if (buffer_consume_ret(buffer, bytes) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_consume_end_ret(Buffer *buffer, u_int bytes) +{ + int ret = sshbuf_consume_end(buffer, bytes); + + if (ret == 0) + return 0; + if (ret == SSH_ERR_MESSAGE_INCOMPLETE) + return -1; + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_consume_end(Buffer *buffer, u_int bytes) +{ + if (buffer_consume_end_ret(buffer, bytes) == -1) + fatal("%s: buffer error", __func__); +} + + diff --git a/crypto/openssh/buffer.h b/crypto/openssh/buffer.h index e2a9dd1002..9d853edf2d 100644 --- a/crypto/openssh/buffer.h +++ b/crypto/openssh/buffer.h @@ -1,57 +1,58 @@ -/* $OpenBSD: buffer.h,v 1.21 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: buffer.h,v 1.25 2014/04/30 05:29:56 djm Exp $ */ /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Code for manipulating FIFO buffers. + * Copyright (c) 2012 Damien Miller * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + #ifndef BUFFER_H #define BUFFER_H -typedef struct { - u_char *buf; /* Buffer for data. */ - u_int alloc; /* Number of bytes allocated for data. */ - u_int offset; /* Offset of first byte containing data. */ - u_int end; /* Offset of last byte containing data. */ -} Buffer; +#include "sshbuf.h" -void buffer_init(Buffer *); -void buffer_clear(Buffer *); -void buffer_free(Buffer *); +typedef struct sshbuf Buffer; -u_int buffer_len(const Buffer *); -void *buffer_ptr(const Buffer *); +#define buffer_init(b) sshbuf_init(b) +#define buffer_clear(b) sshbuf_reset(b) +#define buffer_free(b) sshbuf_free(b) +#define buffer_dump(b) sshbuf_dump(b, stderr) + +/* XXX cast is safe: sshbuf never stores more than len 2^31 */ +#define buffer_len(b) ((u_int) sshbuf_len(b)) +#define buffer_ptr(b) sshbuf_mutable_ptr(b) void buffer_append(Buffer *, const void *, u_int); void *buffer_append_space(Buffer *, u_int); - int buffer_check_alloc(Buffer *, u_int); - void buffer_get(Buffer *, void *, u_int); void buffer_consume(Buffer *, u_int); void buffer_consume_end(Buffer *, u_int); -void buffer_dump(const Buffer *); int buffer_get_ret(Buffer *, void *, u_int); int buffer_consume_ret(Buffer *, u_int); int buffer_consume_end_ret(Buffer *, u_int); #include - void buffer_put_bignum(Buffer *, const BIGNUM *); void buffer_put_bignum2(Buffer *, const BIGNUM *); void buffer_get_bignum(Buffer *, BIGNUM *); void buffer_get_bignum2(Buffer *, BIGNUM *); +void buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int); u_short buffer_get_short(Buffer *); void buffer_put_short(Buffer *, u_short); @@ -66,13 +67,12 @@ int buffer_get_char(Buffer *); void buffer_put_char(Buffer *, int); void *buffer_get_string(Buffer *, u_int *); -void *buffer_get_string_ptr(Buffer *, u_int *); +const void *buffer_get_string_ptr(Buffer *, u_int *); void buffer_put_string(Buffer *, const void *, u_int); char *buffer_get_cstring(Buffer *, u_int *); void buffer_put_cstring(Buffer *, const char *); -#define buffer_skip_string(b) \ - do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0) +#define buffer_skip_string(b) (void)buffer_get_string_ptr(b, NULL); int buffer_put_bignum_ret(Buffer *, const BIGNUM *); int buffer_get_bignum_ret(Buffer *, BIGNUM *); @@ -83,16 +83,16 @@ int buffer_get_int_ret(u_int *, Buffer *); int buffer_get_int64_ret(u_int64_t *, Buffer *); void *buffer_get_string_ret(Buffer *, u_int *); char *buffer_get_cstring_ret(Buffer *, u_int *); -void *buffer_get_string_ptr_ret(Buffer *, u_int *); +const void *buffer_get_string_ptr_ret(Buffer *, u_int *); int buffer_get_char_ret(char *, Buffer *); #ifdef OPENSSL_HAS_ECC #include - int buffer_put_ecpoint_ret(Buffer *, const EC_GROUP *, const EC_POINT *); void buffer_put_ecpoint(Buffer *, const EC_GROUP *, const EC_POINT *); int buffer_get_ecpoint_ret(Buffer *, const EC_GROUP *, EC_POINT *); void buffer_get_ecpoint(Buffer *, const EC_GROUP *, EC_POINT *); #endif -#endif /* BUFFER_H */ +#endif /* BUFFER_H */ + diff --git a/crypto/openssh/canohost.c b/crypto/openssh/canohost.c index dabd8a31ac..a3e3bbff80 100644 --- a/crypto/openssh/canohost.c +++ b/crypto/openssh/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */ +/* $OpenBSD: canohost.c,v 1.71 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -16,11 +16,11 @@ #include #include +#include #include #include -#include #include #include #include @@ -41,14 +41,13 @@ static int cached_port = -1; /* * Return the canonical name of the host at the other end of the socket. The - * caller should free the returned string with xfree. + * caller should free the returned string. */ static char * get_remote_hostname(int sock, int use_dns) { struct sockaddr_storage from; - int i; socklen_t fromlen; struct addrinfo hints, *ai, *aitop; char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; @@ -99,13 +98,9 @@ get_remote_hostname(int sock, int use_dns) return xstrdup(ntop); } - /* - * Convert it to all lowercase (which is expected by the rest - * of this software). - */ - for (i = 0; name[i]; i++) - if (isupper(name[i])) - name[i] = (char)tolower(name[i]); + /* Names are stores in lowercase. */ + lowercase(name); + /* * Map it back to an IP address and check that the given * address actually is an address of this host. This is @@ -160,8 +155,7 @@ check_ip_options(int sock, char *ipaddr) #ifdef IP_OPTIONS u_char options[200]; char text[sizeof(options) * 3 + 1]; - socklen_t option_size; - u_int i; + socklen_t option_size, i; int ipproto; struct protoent *ip; @@ -199,7 +193,7 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr)); port = a6->sin6_port; - bzero(a4, sizeof(*a4)); + memset(a4, 0, sizeof(*a4)); a4->sin_family = AF_INET; *len = sizeof(*a4); @@ -269,6 +263,11 @@ get_socket_address(int sock, int remote, int flags) if (addr.ss_family == AF_INET6) addrlen = sizeof(struct sockaddr_in6); + if (addr.ss_family == AF_UNIX) { + /* Get the Unix domain socket path. */ + return xstrdup(((struct sockaddr_un *)&addr)->sun_path); + } + ipv64_normalise_mapped(&addr, &addrlen); /* Get the address in ascii. */ @@ -323,10 +322,8 @@ get_local_name(int fd) void clear_cached_addr(void) { - if (canonical_host_ip != NULL) { - xfree(canonical_host_ip); - canonical_host_ip = NULL; - } + free(canonical_host_ip); + canonical_host_ip = NULL; cached_port = -1; } @@ -393,6 +390,10 @@ get_sock_port(int sock, int local) if (from.ss_family == AF_INET6) fromlen = sizeof(struct sockaddr_in6); + /* Unix domain sockets don't have a port number. */ + if (from.ss_family == AF_UNIX) + return 0; + /* Return port number. */ if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, strport, sizeof(strport), NI_NUMERICSERV)) != 0) diff --git a/crypto/openssh/chacha.c b/crypto/openssh/chacha.c new file mode 100644 index 0000000000..a84c25ea88 --- /dev/null +++ b/crypto/openssh/chacha.c @@ -0,0 +1,219 @@ +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +#include "includes.h" + +#include "chacha.h" + +/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */ + +typedef unsigned char u8; +typedef unsigned int u32; + +typedef struct chacha_ctx chacha_ctx; + +#define U8C(v) (v##U) +#define U32C(v) (v##U) + +#define U8V(v) ((u8)(v) & U8C(0xFF)) +#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) + +#define ROTL32(v, n) \ + (U32V((v) << (n)) | ((v) >> (32 - (n)))) + +#define U8TO32_LITTLE(p) \ + (((u32)((p)[0]) ) | \ + ((u32)((p)[1]) << 8) | \ + ((u32)((p)[2]) << 16) | \ + ((u32)((p)[3]) << 24)) + +#define U32TO8_LITTLE(p, v) \ + do { \ + (p)[0] = U8V((v) ); \ + (p)[1] = U8V((v) >> 8); \ + (p)[2] = U8V((v) >> 16); \ + (p)[3] = U8V((v) >> 24); \ + } while (0) + +#define ROTATE(v,c) (ROTL32(v,c)) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ + a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); + +static const char sigma[16] = "expand 32-byte k"; +static const char tau[16] = "expand 16-byte k"; + +void +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) +{ + const char *constants; + + x->input[4] = U8TO32_LITTLE(k + 0); + x->input[5] = U8TO32_LITTLE(k + 4); + x->input[6] = U8TO32_LITTLE(k + 8); + x->input[7] = U8TO32_LITTLE(k + 12); + if (kbits == 256) { /* recommended */ + k += 16; + constants = sigma; + } else { /* kbits == 128 */ + constants = tau; + } + x->input[8] = U8TO32_LITTLE(k + 0); + x->input[9] = U8TO32_LITTLE(k + 4); + x->input[10] = U8TO32_LITTLE(k + 8); + x->input[11] = U8TO32_LITTLE(k + 12); + x->input[0] = U8TO32_LITTLE(constants + 0); + x->input[1] = U8TO32_LITTLE(constants + 4); + x->input[2] = U8TO32_LITTLE(constants + 8); + x->input[3] = U8TO32_LITTLE(constants + 12); +} + +void +chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter) +{ + x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0); + x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4); + x->input[14] = U8TO32_LITTLE(iv + 0); + x->input[15] = U8TO32_LITTLE(iv + 4); +} + +void +chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + u8 *ctarget = NULL; + u8 tmp[64]; + u_int i; + + if (!bytes) return; + + j0 = x->input[0]; + j1 = x->input[1]; + j2 = x->input[2]; + j3 = x->input[3]; + j4 = x->input[4]; + j5 = x->input[5]; + j6 = x->input[6]; + j7 = x->input[7]; + j8 = x->input[8]; + j9 = x->input[9]; + j10 = x->input[10]; + j11 = x->input[11]; + j12 = x->input[12]; + j13 = x->input[13]; + j14 = x->input[14]; + j15 = x->input[15]; + + for (;;) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) tmp[i] = m[i]; + m = tmp; + ctarget = c; + c = tmp; + } + x0 = j0; + x1 = j1; + x2 = j2; + x3 = j3; + x4 = j4; + x5 = j5; + x6 = j6; + x7 = j7; + x8 = j8; + x9 = j9; + x10 = j10; + x11 = j11; + x12 = j12; + x13 = j13; + x14 = j14; + x15 = j15; + for (i = 20;i > 0;i -= 2) { + QUARTERROUND( x0, x4, x8,x12) + QUARTERROUND( x1, x5, x9,x13) + QUARTERROUND( x2, x6,x10,x14) + QUARTERROUND( x3, x7,x11,x15) + QUARTERROUND( x0, x5,x10,x15) + QUARTERROUND( x1, x6,x11,x12) + QUARTERROUND( x2, x7, x8,x13) + QUARTERROUND( x3, x4, x9,x14) + } + x0 = PLUS(x0,j0); + x1 = PLUS(x1,j1); + x2 = PLUS(x2,j2); + x3 = PLUS(x3,j3); + x4 = PLUS(x4,j4); + x5 = PLUS(x5,j5); + x6 = PLUS(x6,j6); + x7 = PLUS(x7,j7); + x8 = PLUS(x8,j8); + x9 = PLUS(x9,j9); + x10 = PLUS(x10,j10); + x11 = PLUS(x11,j11); + x12 = PLUS(x12,j12); + x13 = PLUS(x13,j13); + x14 = PLUS(x14,j14); + x15 = PLUS(x15,j15); + + x0 = XOR(x0,U8TO32_LITTLE(m + 0)); + x1 = XOR(x1,U8TO32_LITTLE(m + 4)); + x2 = XOR(x2,U8TO32_LITTLE(m + 8)); + x3 = XOR(x3,U8TO32_LITTLE(m + 12)); + x4 = XOR(x4,U8TO32_LITTLE(m + 16)); + x5 = XOR(x5,U8TO32_LITTLE(m + 20)); + x6 = XOR(x6,U8TO32_LITTLE(m + 24)); + x7 = XOR(x7,U8TO32_LITTLE(m + 28)); + x8 = XOR(x8,U8TO32_LITTLE(m + 32)); + x9 = XOR(x9,U8TO32_LITTLE(m + 36)); + x10 = XOR(x10,U8TO32_LITTLE(m + 40)); + x11 = XOR(x11,U8TO32_LITTLE(m + 44)); + x12 = XOR(x12,U8TO32_LITTLE(m + 48)); + x13 = XOR(x13,U8TO32_LITTLE(m + 52)); + x14 = XOR(x14,U8TO32_LITTLE(m + 56)); + x15 = XOR(x15,U8TO32_LITTLE(m + 60)); + + j12 = PLUSONE(j12); + if (!j12) { + j13 = PLUSONE(j13); + /* stopping at 2^70 bytes per nonce is user's responsibility */ + } + + U32TO8_LITTLE(c + 0,x0); + U32TO8_LITTLE(c + 4,x1); + U32TO8_LITTLE(c + 8,x2); + U32TO8_LITTLE(c + 12,x3); + U32TO8_LITTLE(c + 16,x4); + U32TO8_LITTLE(c + 20,x5); + U32TO8_LITTLE(c + 24,x6); + U32TO8_LITTLE(c + 28,x7); + U32TO8_LITTLE(c + 32,x8); + U32TO8_LITTLE(c + 36,x9); + U32TO8_LITTLE(c + 40,x10); + U32TO8_LITTLE(c + 44,x11); + U32TO8_LITTLE(c + 48,x12); + U32TO8_LITTLE(c + 52,x13); + U32TO8_LITTLE(c + 56,x14); + U32TO8_LITTLE(c + 60,x15); + + if (bytes <= 64) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) ctarget[i] = c[i]; + } + x->input[12] = j12; + x->input[13] = j13; + return; + } + bytes -= 64; + c += 64; + m += 64; + } +} diff --git a/crypto/openssh/chacha.h b/crypto/openssh/chacha.h new file mode 100644 index 0000000000..40eaf2d900 --- /dev/null +++ b/crypto/openssh/chacha.h @@ -0,0 +1,35 @@ +/* $OpenBSD: chacha.h,v 1.3 2014/05/02 03:27:54 djm Exp $ */ + +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +#ifndef CHACHA_H +#define CHACHA_H + +#include + +struct chacha_ctx { + u_int input[16]; +}; + +#define CHACHA_MINKEYLEN 16 +#define CHACHA_NONCELEN 8 +#define CHACHA_CTRLEN 8 +#define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) +#define CHACHA_BLOCKLEN 64 + +void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits) + __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); +void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr) + __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) + __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); +void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, + u_char *c, u_int bytes) + __attribute__((__bounded__(__buffer__, 2, 4))) + __attribute__((__bounded__(__buffer__, 3, 4))); + +#endif /* CHACHA_H */ + diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index 7791febd7c..d67fdf48b1 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.318 2012/04/23 08:18:17 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.336 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,6 +42,7 @@ #include "includes.h" #include +#include #include #include #include @@ -107,10 +108,15 @@ static int channel_max_fd = 0; * a corrupt remote server from accessing arbitrary TCP/IP ports on our local * network (which might be behind a firewall). */ +/* XXX: streamlocal wants a path instead of host:port */ +/* Overload host_to_connect; we could just make this match Forward */ +/* XXX - can we use listen_host instead of listen_path? */ typedef struct { char *host_to_connect; /* Connect to 'host'. */ - u_short port_to_connect; /* Connect to 'port'. */ - u_short listen_port; /* Remote side should listen port number. */ + int port_to_connect; /* Connect to 'port'. */ + char *listen_host; /* Remote side should listen address. */ + char *listen_path; /* Remote side should listen path. */ + int listen_port; /* Remote side should listen port. */ } ForwardPermission; /* List of all permitted host/port pairs to connect by the user. */ @@ -213,6 +219,7 @@ channel_lookup(int id) case SSH_CHANNEL_OPEN: case SSH_CHANNEL_INPUT_DRAINING: case SSH_CHANNEL_OUTPUT_DRAINING: + case SSH_CHANNEL_ABANDONED: return (c); } logit("Non-public channel %d, type %d.", id, c->type); @@ -247,7 +254,10 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, if ((c->isatty = is_tty) != 0) debug2("channel %d: rfd %d isatty", c->self, c->rfd); +#ifdef _AIX + /* XXX: Later AIX versions can't push as much data to tty */ c->wfd_isatty = is_tty || isatty(c->wfd); +#endif /* enable nonblocking mode */ if (nonblock) { @@ -401,7 +411,7 @@ channel_free(Channel *c) s = channel_open_message(); debug3("channel %d: status: %s", c->self, s); - xfree(s); + free(s); if (c->sock != -1) shutdown(c->sock, SHUT_RDWR); @@ -409,29 +419,23 @@ channel_free(Channel *c) buffer_free(&c->input); buffer_free(&c->output); buffer_free(&c->extended); - if (c->remote_name) { - xfree(c->remote_name); - c->remote_name = NULL; - } - if (c->path) { - xfree(c->path); - c->path = NULL; - } - if (c->listening_addr) { - xfree(c->listening_addr); - c->listening_addr = NULL; - } + free(c->remote_name); + c->remote_name = NULL; + free(c->path); + c->path = NULL; + free(c->listening_addr); + c->listening_addr = NULL; while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { if (cc->abandon_cb != NULL) cc->abandon_cb(c, cc->ctx); TAILQ_REMOVE(&c->status_confirms, cc, entry); - bzero(cc, sizeof(*cc)); - xfree(cc); + explicit_bzero(cc, sizeof(*cc)); + free(cc); } if (c->filter_cleanup != NULL && c->filter_ctx != NULL) c->filter_cleanup(c->self, c->filter_ctx); channels[c->self] = NULL; - xfree(c); + free(c); } void @@ -475,6 +479,8 @@ channel_stop_listening(void) case SSH_CHANNEL_PORT_LISTENER: case SSH_CHANNEL_RPORT_LISTENER: case SSH_CHANNEL_X11_LISTENER: + case SSH_CHANNEL_UNIX_LISTENER: + case SSH_CHANNEL_RUNIX_LISTENER: channel_close_fd(&c->sock); channel_free(c); break; @@ -536,6 +542,9 @@ channel_still_open(void) case SSH_CHANNEL_DYNAMIC: case SSH_CHANNEL_CONNECTING: case SSH_CHANNEL_ZOMBIE: + case SSH_CHANNEL_ABANDONED: + case SSH_CHANNEL_UNIX_LISTENER: + case SSH_CHANNEL_RUNIX_LISTENER: continue; case SSH_CHANNEL_LARVAL: if (!compat20) @@ -581,6 +590,9 @@ channel_find_open(void) case SSH_CHANNEL_OPENING: case SSH_CHANNEL_CONNECTING: case SSH_CHANNEL_ZOMBIE: + case SSH_CHANNEL_ABANDONED: + case SSH_CHANNEL_UNIX_LISTENER: + case SSH_CHANNEL_RUNIX_LISTENER: continue; case SSH_CHANNEL_LARVAL: case SSH_CHANNEL_AUTH_SOCKET: @@ -628,8 +640,11 @@ channel_open_message(void) case SSH_CHANNEL_CLOSED: case SSH_CHANNEL_AUTH_SOCKET: case SSH_CHANNEL_ZOMBIE: + case SSH_CHANNEL_ABANDONED: case SSH_CHANNEL_MUX_CLIENT: case SSH_CHANNEL_MUX_LISTENER: + case SSH_CHANNEL_UNIX_LISTENER: + case SSH_CHANNEL_RUNIX_LISTENER: continue; case SSH_CHANNEL_LARVAL: case SSH_CHANNEL_OPENING: @@ -703,7 +718,7 @@ channel_register_status_confirm(int id, channel_confirm_cb *cb, if ((c = channel_lookup(id)) == NULL) fatal("channel_register_expect: %d: bad id", id); - cc = xmalloc(sizeof(*cc)); + cc = xcalloc(1, sizeof(*cc)); cc->cb = cb; cc->abandon_cb = abandon_cb; cc->ctx = ctx; @@ -1071,6 +1086,9 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) buffer_get(&c->input, (char *)&s4_req.dest_addr, 4); have = buffer_len(&c->input); p = buffer_ptr(&c->input); + if (memchr(p, '\0', have) == NULL) + fatal("channel %d: decode socks4: user not nul terminated", + c->self); len = strlen(p); debug2("channel %d: decode socks4: user %s/%d", c->self, p, len); len++; /* trailing '\0' */ @@ -1080,10 +1098,8 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) strlcpy(username, p, sizeof(username)); buffer_consume(&c->input, len); - if (c->path != NULL) { - xfree(c->path); - c->path = NULL; - } + free(c->path); + c->path = NULL; if (need == 1) { /* SOCKS4: one string */ host = inet_ntoa(s4_req.dest_addr); c->path = xstrdup(host); @@ -1143,7 +1159,8 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) u_int8_t atyp; } s5_req, s5_rsp; u_int16_t dest_port; - u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN]; + char dest_addr[255+1], ntop[INET6_ADDRSTRLEN]; + u_char *p; u_int have, need, i, found, nmethods, addrlen, af; debug2("channel %d: decode socks5", c->self); @@ -1213,13 +1230,11 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) buffer_consume(&c->input, sizeof(s5_req)); if (s5_req.atyp == SSH_SOCKS5_DOMAIN) buffer_consume(&c->input, 1); /* host string length */ - buffer_get(&c->input, (char *)&dest_addr, addrlen); + buffer_get(&c->input, &dest_addr, addrlen); buffer_get(&c->input, (char *)&dest_port, 2); dest_addr[addrlen] = '\0'; - if (c->path != NULL) { - xfree(c->path); - c->path = NULL; - } + free(c->path); + c->path = NULL; if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { if (addrlen >= NI_MAXHOST) { error("channel %d: dynamic request: socks5 hostname " @@ -1241,11 +1256,10 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) s5_rsp.command = SSH_SOCKS5_SUCCESS; s5_rsp.reserved = 0; /* ignored */ s5_rsp.atyp = SSH_SOCKS5_IPV4; - ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY; dest_port = 0; /* ignored */ buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp)); - buffer_append(&c->output, &dest_addr, sizeof(struct in_addr)); + buffer_put_int(&c->output, ntohl(INADDR_ANY)); /* bind address */ buffer_append(&c->output, &dest_port, sizeof(dest_port)); return 1; } @@ -1324,7 +1338,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) { Channel *nc; struct sockaddr_storage addr; - int newsock; + int newsock, oerrno; socklen_t addrlen; char buf[16384], *remote_ipaddr; int remote_port; @@ -1334,14 +1348,18 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (c->single_connection) { + oerrno = errno; debug2("single_connection: closing X11 listener."); channel_close_fd(&c->sock); chan_mark_dead(c); + errno = oerrno; } if (newsock < 0) { - error("accept: %.100s", strerror(errno)); + if (errno != EINTR && errno != EWOULDBLOCK && + errno != ECONNABORTED) + error("accept: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) - c->notbefore = time(NULL) + 1; + c->notbefore = monotime() + 1; return; } set_nodelay(newsock); @@ -1375,34 +1393,33 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) packet_put_cstring(buf); packet_send(); } - xfree(remote_ipaddr); + free(remote_ipaddr); } } static void port_open_helper(Channel *c, char *rtype) { - int direct; char buf[1024]; + char *local_ipaddr = get_local_ipaddr(c->sock); + int local_port = c->sock == -1 ? 65536 : get_sock_port(c->sock, 1); char *remote_ipaddr = get_peer_ipaddr(c->sock); int remote_port = get_peer_port(c->sock); if (remote_port == -1) { /* Fake addr/port to appease peers that validate it (Tectia) */ - xfree(remote_ipaddr); + free(remote_ipaddr); remote_ipaddr = xstrdup("127.0.0.1"); remote_port = 65535; } - direct = (strcmp(rtype, "direct-tcpip") == 0); - snprintf(buf, sizeof buf, "%s: listening port %d for %.100s port %d, " - "connect from %.200s port %d", + "connect from %.200s port %d to %.100s port %d", rtype, c->listening_port, c->path, c->host_port, - remote_ipaddr, remote_port); + remote_ipaddr, remote_port, local_ipaddr, local_port); - xfree(c->remote_name); + free(c->remote_name); c->remote_name = xstrdup(buf); if (compat20) { @@ -1411,18 +1428,29 @@ port_open_helper(Channel *c, char *rtype) packet_put_int(c->self); packet_put_int(c->local_window_max); packet_put_int(c->local_maxpacket); - if (direct) { + if (strcmp(rtype, "direct-tcpip") == 0) { /* target host, port */ packet_put_cstring(c->path); packet_put_int(c->host_port); + } else if (strcmp(rtype, "direct-streamlocal@openssh.com") == 0) { + /* target path */ + packet_put_cstring(c->path); + } else if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) { + /* listen path */ + packet_put_cstring(c->path); } else { /* listen address, port */ packet_put_cstring(c->path); - packet_put_int(c->listening_port); + packet_put_int(local_port); + } + if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) { + /* reserved for future owner/mode info */ + packet_put_cstring(""); + } else { + /* originator host and port */ + packet_put_cstring(remote_ipaddr); + packet_put_int((u_int)remote_port); } - /* originator host and port */ - packet_put_cstring(remote_ipaddr); - packet_put_int((u_int)remote_port); packet_send(); } else { packet_start(SSH_MSG_PORT_OPEN); @@ -1434,7 +1462,8 @@ port_open_helper(Channel *c, char *rtype) packet_put_cstring(c->remote_name); packet_send(); } - xfree(remote_ipaddr); + free(remote_ipaddr); + free(local_ipaddr); } static void @@ -1471,25 +1500,32 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) if (c->type == SSH_CHANNEL_RPORT_LISTENER) { nextstate = SSH_CHANNEL_OPENING; rtype = "forwarded-tcpip"; + } else if (c->type == SSH_CHANNEL_RUNIX_LISTENER) { + nextstate = SSH_CHANNEL_OPENING; + rtype = "forwarded-streamlocal@openssh.com"; + } else if (c->host_port == PORT_STREAMLOCAL) { + nextstate = SSH_CHANNEL_OPENING; + rtype = "direct-streamlocal@openssh.com"; + } else if (c->host_port == 0) { + nextstate = SSH_CHANNEL_DYNAMIC; + rtype = "dynamic-tcpip"; } else { - if (c->host_port == 0) { - nextstate = SSH_CHANNEL_DYNAMIC; - rtype = "dynamic-tcpip"; - } else { - nextstate = SSH_CHANNEL_OPENING; - rtype = "direct-tcpip"; - } + nextstate = SSH_CHANNEL_OPENING; + rtype = "direct-tcpip"; } addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { - error("accept: %.100s", strerror(errno)); + if (errno != EINTR && errno != EWOULDBLOCK && + errno != ECONNABORTED) + error("accept: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) - c->notbefore = time(NULL) + 1; + c->notbefore = monotime() + 1; return; } - set_nodelay(newsock); + if (c->host_port != PORT_STREAMLOCAL) + set_nodelay(newsock); nc = channel_new(rtype, nextstate, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, rtype, 1); nc->listening_port = c->listening_port; @@ -1522,7 +1558,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) error("accept from auth socket: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) - c->notbefore = time(NULL) + 1; + c->notbefore = monotime() + 1; return; } nc = channel_new("accepted auth socket", @@ -1685,7 +1721,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) if (c->datagram) { /* ignore truncated writes, datagrams might get lost */ len = write(c->wfd, buf, dlen); - xfree(data); + free(data); if (len < 0 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; @@ -1926,7 +1962,7 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset) &addrlen)) == -1) { error("%s accept: %s", __func__, strerror(errno)); if (errno == EMFILE || errno == ENFILE) - c->notbefore = time(NULL) + 1; + c->notbefore = monotime() + 1; return; } @@ -1978,6 +2014,8 @@ channel_handler_init_20(void) channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open; channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener; channel_pre[SSH_CHANNEL_RPORT_LISTENER] = &channel_pre_listener; + channel_pre[SSH_CHANNEL_UNIX_LISTENER] = &channel_pre_listener; + channel_pre[SSH_CHANNEL_RUNIX_LISTENER] = &channel_pre_listener; channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener; channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener; channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting; @@ -1988,6 +2026,8 @@ channel_handler_init_20(void) channel_post[SSH_CHANNEL_OPEN] = &channel_post_open; channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener; channel_post[SSH_CHANNEL_RPORT_LISTENER] = &channel_post_port_listener; + channel_post[SSH_CHANNEL_UNIX_LISTENER] = &channel_post_port_listener; + channel_post[SSH_CHANNEL_RUNIX_LISTENER] = &channel_post_port_listener; channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener; channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener; channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting; @@ -2089,7 +2129,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset, channel_handler_init(); did_init = 1; } - now = time(NULL); + now = monotime(); if (unpause_secs != NULL) *unpause_secs = 0; for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { @@ -2219,7 +2259,7 @@ channel_output_poll(void) debug("channel %d: datagram " "too big for channel", c->self); - xfree(data); + free(data); continue; } packet_start(SSH2_MSG_CHANNEL_DATA); @@ -2227,7 +2267,7 @@ channel_output_poll(void) packet_put_string(data, dlen); packet_send(); c->remote_window -= dlen + 4; - xfree(data); + free(data); } continue; } @@ -2306,7 +2346,7 @@ void channel_input_data(int type, u_int32_t seq, void *ctxt) { int id; - char *data; + const u_char *data; u_int data_len, win_len; Channel *c; @@ -2399,13 +2439,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) if (data_len > c->local_window) { logit("channel %d: rcvd too much extended_data %d, win %d", c->self, data_len, c->local_window); - xfree(data); + free(data); return; } debug2("channel %d: rcvd ext data %d", c->self, data_len); c->local_window -= data_len; buffer_append(&c->extended, data, data_len); - xfree(data); + free(data); } /* ARGSUSED */ @@ -2495,7 +2535,7 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) if (c == NULL) packet_disconnect("Received close confirmation for " "out-of-range channel %d.", id); - if (c->type != SSH_CHANNEL_CLOSED) + if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED) packet_disconnect("Received close confirmation for " "non-closed channel %d (type %d).", id, c->type); channel_free(c); @@ -2571,10 +2611,8 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) } logit("channel %d: open failed: %s%s%s", id, reason2txt(reason), msg ? ": ": "", msg ? msg : ""); - if (msg != NULL) - xfree(msg); - if (lang != NULL) - xfree(lang); + free(msg); + free(lang); if (c->open_confirm) { debug2("callback start"); c->open_confirm(c->self, 0, c->open_confirm_ctx); @@ -2630,10 +2668,10 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) originator_string = xstrdup("unknown (remote did not supply name)"); } packet_check_eom(); - c = channel_connect_to(host, host_port, + c = channel_connect_to_port(host, host_port, "connected socket", originator_string); - xfree(originator_string); - xfree(host); + free(originator_string); + free(host); if (c == NULL) { packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remote_id); @@ -2667,8 +2705,8 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) return; cc->cb(type, c, cc->ctx); TAILQ_REMOVE(&c->status_confirms, cc, entry); - bzero(cc, sizeof(*cc)); - xfree(cc); + explicit_bzero(cc, sizeof(*cc)); + free(cc); } /* -- tcp forwarding */ @@ -2693,26 +2731,50 @@ channel_set_af(int af) * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR * "" (empty string), "*" -> wildcard v4/v6 * "localhost" -> loopback v4/v6 + * "127.0.0.1" / "::1" -> accepted even if gateway_ports isn't set */ static const char * channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, - int is_client, int gateway_ports) + int is_client, struct ForwardOptions *fwd_opts) { const char *addr = NULL; int wildcard = 0; if (listen_addr == NULL) { /* No address specified: default to gateway_ports setting */ - if (gateway_ports) + if (fwd_opts->gateway_ports) wildcard = 1; - } else if (gateway_ports || is_client) { + } else if (fwd_opts->gateway_ports || is_client) { if (((datafellows & SSH_OLD_FORWARD_ADDR) && strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || - (!is_client && gateway_ports == 1)) + (!is_client && fwd_opts->gateway_ports == 1)) { wildcard = 1; - else if (strcmp(listen_addr, "localhost") != 0) + /* + * Notify client if they requested a specific listen + * address and it was overridden. + */ + if (*listen_addr != '\0' && + strcmp(listen_addr, "0.0.0.0") != 0 && + strcmp(listen_addr, "*") != 0) { + packet_send_debug("Forwarding listen address " + "\"%s\" overridden by server " + "GatewayPorts", listen_addr); + } + } else if (strcmp(listen_addr, "localhost") != 0 || + strcmp(listen_addr, "127.0.0.1") == 0 || + strcmp(listen_addr, "::1") == 0) { + /* Accept localhost address when GatewayPorts=yes */ addr = listen_addr; + } + } else if (strcmp(listen_addr, "127.0.0.1") == 0 || + strcmp(listen_addr, "::1") == 0) { + /* + * If a specific IPv4/IPv6 localhost address has been + * requested then accept it even if gateway_ports is in + * effect. This allows the client to prefer IPv4 or IPv6. + */ + addr = listen_addr; } if (wildcardp != NULL) *wildcardp = wildcard; @@ -2720,9 +2782,8 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, } static int -channel_setup_fwd_listener(int type, const char *listen_addr, - u_short listen_port, int *allocated_listen_port, - const char *host_to_connect, u_short port_to_connect, int gateway_ports) +channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, + int *allocated_listen_port, struct ForwardOptions *fwd_opts) { Channel *c; int sock, r, success = 0, wildcard = 0, is_client; @@ -2732,7 +2793,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, in_port_t *lport_p; host = (type == SSH_CHANNEL_RPORT_LISTENER) ? - listen_addr : host_to_connect; + fwd->listen_host : fwd->connect_host; is_client = (type == SSH_CHANNEL_PORT_LISTENER); if (host == NULL) { @@ -2745,9 +2806,9 @@ channel_setup_fwd_listener(int type, const char *listen_addr, } /* Determine the bind address, cf. channel_fwd_bind_addr() comment */ - addr = channel_fwd_bind_addr(listen_addr, &wildcard, - is_client, gateway_ports); - debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s", + addr = channel_fwd_bind_addr(fwd->listen_host, &wildcard, + is_client, fwd_opts); + debug3("%s: type %d wildcard %d addr %s", __func__, type, wildcard, (addr == NULL) ? "NULL" : addr); /* @@ -2758,15 +2819,14 @@ channel_setup_fwd_listener(int type, const char *listen_addr, hints.ai_family = IPv4or6; hints.ai_flags = wildcard ? AI_PASSIVE : 0; hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%d", listen_port); + snprintf(strport, sizeof strport, "%d", fwd->listen_port); if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) { if (addr == NULL) { /* This really shouldn't happen */ packet_disconnect("getaddrinfo: fatal error: %s", ssh_gai_strerror(r)); } else { - error("channel_setup_fwd_listener: " - "getaddrinfo(%.64s): %s", addr, + error("%s: getaddrinfo(%.64s): %s", __func__, addr, ssh_gai_strerror(r)); } return 0; @@ -2790,13 +2850,13 @@ channel_setup_fwd_listener(int type, const char *listen_addr, * If allocating a port for -R forwards, then use the * same port for all address families. */ - if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 && + if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 && allocated_listen_port != NULL && *allocated_listen_port > 0) *lport_p = htons(*allocated_listen_port); if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("channel_setup_fwd_listener: getnameinfo failed"); + error("%s: getnameinfo failed", __func__); continue; } /* Create a port to listen for the host. */ @@ -2833,10 +2893,10 @@ channel_setup_fwd_listener(int type, const char *listen_addr, } /* - * listen_port == 0 requests a dynamically allocated port - + * fwd->listen_port == 0 requests a dynamically allocated port - * record what we got. */ - if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 && + if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 && allocated_listen_port != NULL && *allocated_listen_port == 0) { *allocated_listen_port = get_sock_port(sock, 1); @@ -2849,24 +2909,98 @@ channel_setup_fwd_listener(int type, const char *listen_addr, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "port listener", 1); c->path = xstrdup(host); - c->host_port = port_to_connect; + c->host_port = fwd->connect_port; c->listening_addr = addr == NULL ? NULL : xstrdup(addr); - if (listen_port == 0 && allocated_listen_port != NULL && + if (fwd->listen_port == 0 && allocated_listen_port != NULL && !(datafellows & SSH_BUG_DYNAMIC_RPORT)) c->listening_port = *allocated_listen_port; else - c->listening_port = listen_port; + c->listening_port = fwd->listen_port; success = 1; } if (success == 0) - error("channel_setup_fwd_listener: cannot listen to port: %d", - listen_port); + error("%s: cannot listen to port: %d", __func__, + fwd->listen_port); freeaddrinfo(aitop); return success; } -int -channel_cancel_rport_listener(const char *host, u_short port) +static int +channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd, + struct ForwardOptions *fwd_opts) +{ + struct sockaddr_un sunaddr; + const char *path; + Channel *c; + int port, sock; + mode_t omask; + + switch (type) { + case SSH_CHANNEL_UNIX_LISTENER: + if (fwd->connect_path != NULL) { + if (strlen(fwd->connect_path) > sizeof(sunaddr.sun_path)) { + error("Local connecting path too long: %s", + fwd->connect_path); + return 0; + } + path = fwd->connect_path; + port = PORT_STREAMLOCAL; + } else { + if (fwd->connect_host == NULL) { + error("No forward host name."); + return 0; + } + if (strlen(fwd->connect_host) >= NI_MAXHOST) { + error("Forward host name too long."); + return 0; + } + path = fwd->connect_host; + port = fwd->connect_port; + } + break; + case SSH_CHANNEL_RUNIX_LISTENER: + path = fwd->listen_path; + port = PORT_STREAMLOCAL; + break; + default: + error("%s: unexpected channel type %d", __func__, type); + return 0; + } + + if (fwd->listen_path == NULL) { + error("No forward path name."); + return 0; + } + if (strlen(fwd->listen_path) > sizeof(sunaddr.sun_path)) { + error("Local listening path too long: %s", fwd->listen_path); + return 0; + } + + debug3("%s: type %d path %s", __func__, type, fwd->listen_path); + + /* Start a Unix domain listener. */ + omask = umask(fwd_opts->streamlocal_bind_mask); + sock = unix_listener(fwd->listen_path, SSH_LISTEN_BACKLOG, + fwd_opts->streamlocal_bind_unlink); + umask(omask); + if (sock < 0) + return 0; + + debug("Local forwarding listening on path %s.", fwd->listen_path); + + /* Allocate a channel number for the socket. */ + c = channel_new("unix listener", type, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "unix listener", 1); + c->path = xstrdup(path); + c->host_port = port; + c->listening_port = PORT_STREAMLOCAL; + c->listening_addr = xstrdup(fwd->listen_path); + return 1; +} + +static int +channel_cancel_rport_listener_tcpip(const char *host, u_short port) { u_int i; int found = 0; @@ -2885,13 +3019,44 @@ channel_cancel_rport_listener(const char *host, u_short port) return (found); } +static int +channel_cancel_rport_listener_streamlocal(const char *path) +{ + u_int i; + int found = 0; + + for (i = 0; i < channels_alloc; i++) { + Channel *c = channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_RUNIX_LISTENER) + continue; + if (c->path == NULL) + continue; + if (strcmp(c->path, path) == 0) { + debug2("%s: close channel %d", __func__, i); + channel_free(c); + found = 1; + } + } + + return (found); +} + int -channel_cancel_lport_listener(const char *lhost, u_short lport, - int cport, int gateway_ports) +channel_cancel_rport_listener(struct Forward *fwd) +{ + if (fwd->listen_path != NULL) + return channel_cancel_rport_listener_streamlocal(fwd->listen_path); + else + return channel_cancel_rport_listener_tcpip(fwd->listen_host, fwd->listen_port); +} + +static int +channel_cancel_lport_listener_tcpip(const char *lhost, u_short lport, + int cport, struct ForwardOptions *fwd_opts) { u_int i; int found = 0; - const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, gateway_ports); + const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, fwd_opts); for (i = 0; i < channels_alloc; i++) { Channel *c = channels[i]; @@ -2920,24 +3085,68 @@ channel_cancel_lport_listener(const char *lhost, u_short lport, return (found); } +static int +channel_cancel_lport_listener_streamlocal(const char *path) +{ + u_int i; + int found = 0; + + if (path == NULL) { + error("%s: no path specified.", __func__); + return 0; + } + + for (i = 0; i < channels_alloc; i++) { + Channel *c = channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_UNIX_LISTENER) + continue; + if (c->listening_addr == NULL) + continue; + if (strcmp(c->listening_addr, path) == 0) { + debug2("%s: close channel %d", __func__, i); + channel_free(c); + found = 1; + } + } + + return (found); +} + +int +channel_cancel_lport_listener(struct Forward *fwd, int cport, struct ForwardOptions *fwd_opts) +{ + if (fwd->listen_path != NULL) + return channel_cancel_lport_listener_streamlocal(fwd->listen_path); + else + return channel_cancel_lport_listener_tcpip(fwd->listen_host, fwd->listen_port, cport, fwd_opts); +} + /* protocol local port fwd, used by ssh (and sshd in v1) */ int -channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port, - const char *host_to_connect, u_short port_to_connect, int gateway_ports) +channel_setup_local_fwd_listener(struct Forward *fwd, struct ForwardOptions *fwd_opts) { - return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, - listen_host, listen_port, NULL, host_to_connect, port_to_connect, - gateway_ports); + if (fwd->listen_path != NULL) { + return channel_setup_fwd_listener_streamlocal( + SSH_CHANNEL_UNIX_LISTENER, fwd, fwd_opts); + } else { + return channel_setup_fwd_listener_tcpip(SSH_CHANNEL_PORT_LISTENER, + fwd, NULL, fwd_opts); + } } /* protocol v2 remote port fwd, used by sshd */ int -channel_setup_remote_fwd_listener(const char *listen_address, - u_short listen_port, int *allocated_listen_port, int gateway_ports) +channel_setup_remote_fwd_listener(struct Forward *fwd, + int *allocated_listen_port, struct ForwardOptions *fwd_opts) { - return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, - listen_address, listen_port, allocated_listen_port, - NULL, 0, gateway_ports); + if (fwd->listen_path != NULL) { + return channel_setup_fwd_listener_streamlocal( + SSH_CHANNEL_RUNIX_LISTENER, fwd, fwd_opts); + } else { + return channel_setup_fwd_listener_tcpip( + SSH_CHANNEL_RPORT_LISTENER, fwd, allocated_listen_port, + fwd_opts); + } } /* @@ -2968,27 +3177,32 @@ channel_rfwd_bind_host(const char *listen_host) * channel_update_permitted_opens(). */ int -channel_request_remote_forwarding(const char *listen_host, u_short listen_port, - const char *host_to_connect, u_short port_to_connect) +channel_request_remote_forwarding(struct Forward *fwd) { int type, success = 0, idx = -1; /* Send the forward request to the remote side. */ if (compat20) { packet_start(SSH2_MSG_GLOBAL_REQUEST); - packet_put_cstring("tcpip-forward"); - packet_put_char(1); /* boolean: want reply */ - packet_put_cstring(channel_rfwd_bind_host(listen_host)); - packet_put_int(listen_port); + if (fwd->listen_path != NULL) { + packet_put_cstring("streamlocal-forward@openssh.com"); + packet_put_char(1); /* boolean: want reply */ + packet_put_cstring(fwd->listen_path); + } else { + packet_put_cstring("tcpip-forward"); + packet_put_char(1); /* boolean: want reply */ + packet_put_cstring(channel_rfwd_bind_host(fwd->listen_host)); + packet_put_int(fwd->listen_port); + } packet_send(); packet_write_wait(); /* Assume that server accepts the request */ success = 1; - } else { + } else if (fwd->listen_path == NULL) { packet_start(SSH_CMSG_PORT_FORWARD_REQUEST); - packet_put_int(listen_port); - packet_put_cstring(host_to_connect); - packet_put_int(port_to_connect); + packet_put_int(fwd->listen_port); + packet_put_cstring(fwd->connect_host); + packet_put_int(fwd->connect_port); packet_send(); packet_write_wait(); @@ -3005,25 +3219,102 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, packet_disconnect("Protocol error for port forward request:" "received packet type %d.", type); } + } else { + logit("Warning: Server does not support remote stream local forwarding."); } if (success) { /* Record that connection to this host/port is permitted. */ permitted_opens = xrealloc(permitted_opens, num_permitted_opens + 1, sizeof(*permitted_opens)); idx = num_permitted_opens++; - permitted_opens[idx].host_to_connect = xstrdup(host_to_connect); - permitted_opens[idx].port_to_connect = port_to_connect; - permitted_opens[idx].listen_port = listen_port; + if (fwd->connect_path != NULL) { + permitted_opens[idx].host_to_connect = + xstrdup(fwd->connect_path); + permitted_opens[idx].port_to_connect = + PORT_STREAMLOCAL; + } else { + permitted_opens[idx].host_to_connect = + xstrdup(fwd->connect_host); + permitted_opens[idx].port_to_connect = + fwd->connect_port; + } + if (fwd->listen_path != NULL) { + permitted_opens[idx].listen_host = NULL; + permitted_opens[idx].listen_path = + xstrdup(fwd->listen_path); + permitted_opens[idx].listen_port = PORT_STREAMLOCAL; + } else { + permitted_opens[idx].listen_host = + fwd->listen_host ? xstrdup(fwd->listen_host) : NULL; + permitted_opens[idx].listen_path = NULL; + permitted_opens[idx].listen_port = fwd->listen_port; + } } return (idx); } +static int +open_match(ForwardPermission *allowed_open, const char *requestedhost, + int requestedport) +{ + if (allowed_open->host_to_connect == NULL) + return 0; + if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT && + allowed_open->port_to_connect != requestedport) + return 0; + if (strcmp(allowed_open->host_to_connect, requestedhost) != 0) + return 0; + return 1; +} + +/* + * Note that in the listen host/port case + * we don't support FWD_PERMIT_ANY_PORT and + * need to translate between the configured-host (listen_host) + * and what we've sent to the remote server (channel_rfwd_bind_host) + */ +static int +open_listen_match_tcpip(ForwardPermission *allowed_open, + const char *requestedhost, u_short requestedport, int translate) +{ + const char *allowed_host; + + if (allowed_open->host_to_connect == NULL) + return 0; + if (allowed_open->listen_port != requestedport) + return 0; + if (!translate && allowed_open->listen_host == NULL && + requestedhost == NULL) + return 1; + allowed_host = translate ? + channel_rfwd_bind_host(allowed_open->listen_host) : + allowed_open->listen_host; + if (allowed_host == NULL || + strcmp(allowed_host, requestedhost) != 0) + return 0; + return 1; +} + +static int +open_listen_match_streamlocal(ForwardPermission *allowed_open, + const char *requestedpath) +{ + if (allowed_open->host_to_connect == NULL) + return 0; + if (allowed_open->listen_port != PORT_STREAMLOCAL) + return 0; + if (allowed_open->listen_path == NULL || + strcmp(allowed_open->listen_path, requestedpath) != 0) + return 0; + return 1; +} + /* * Request cancellation of remote forwarding of connection host:port from * local side. */ -int -channel_request_rforward_cancel(const char *host, u_short port) +static int +channel_request_rforward_cancel_tcpip(const char *host, u_short port) { int i; @@ -3031,8 +3322,7 @@ channel_request_rforward_cancel(const char *host, u_short port) return -1; for (i = 0; i < num_permitted_opens; i++) { - if (permitted_opens[i].host_to_connect != NULL && - permitted_opens[i].listen_port == port) + if (open_listen_match_tcpip(&permitted_opens[i], host, port, 0)) break; } if (i >= num_permitted_opens) { @@ -3048,11 +3338,66 @@ channel_request_rforward_cancel(const char *host, u_short port) permitted_opens[i].listen_port = 0; permitted_opens[i].port_to_connect = 0; - xfree(permitted_opens[i].host_to_connect); + free(permitted_opens[i].host_to_connect); + permitted_opens[i].host_to_connect = NULL; + free(permitted_opens[i].listen_host); + permitted_opens[i].listen_host = NULL; + permitted_opens[i].listen_path = NULL; + + return 0; +} + +/* + * Request cancellation of remote forwarding of Unix domain socket + * path from local side. + */ +static int +channel_request_rforward_cancel_streamlocal(const char *path) +{ + int i; + + if (!compat20) + return -1; + + for (i = 0; i < num_permitted_opens; i++) { + if (open_listen_match_streamlocal(&permitted_opens[i], path)) + break; + } + if (i >= num_permitted_opens) { + debug("%s: requested forward not found", __func__); + return -1; + } + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("cancel-streamlocal-forward@openssh.com"); + packet_put_char(0); + packet_put_cstring(path); + packet_send(); + + permitted_opens[i].listen_port = 0; + permitted_opens[i].port_to_connect = 0; + free(permitted_opens[i].host_to_connect); permitted_opens[i].host_to_connect = NULL; + permitted_opens[i].listen_host = NULL; + free(permitted_opens[i].listen_path); + permitted_opens[i].listen_path = NULL; return 0; } + +/* + * Request cancellation of remote forwarding of a connection from local side. + */ +int +channel_request_rforward_cancel(struct Forward *fwd) +{ + if (fwd->listen_path != NULL) { + return (channel_request_rforward_cancel_streamlocal( + fwd->listen_path)); + } else { + return (channel_request_rforward_cancel_tcpip(fwd->listen_host, + fwd->listen_port ? fwd->listen_port : fwd->allocated_port)); + } +} /* * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates @@ -3060,36 +3405,35 @@ channel_request_rforward_cancel(const char *host, u_short port) * message if there was an error). */ int -channel_input_port_forward_request(int is_root, int gateway_ports) +channel_input_port_forward_request(int is_root, struct ForwardOptions *fwd_opts) { - u_short port, host_port; int success = 0; - char *hostname; + struct Forward fwd; /* Get arguments from the packet. */ - port = packet_get_int(); - hostname = packet_get_string(NULL); - host_port = packet_get_int(); + memset(&fwd, 0, sizeof(fwd)); + fwd.listen_port = packet_get_int(); + fwd.connect_host = packet_get_string(NULL); + fwd.connect_port = packet_get_int(); #ifndef HAVE_CYGWIN /* * Check that an unprivileged user is not trying to forward a * privileged port. */ - if (port < IPPORT_RESERVED && !is_root) + if (fwd.listen_port < IPPORT_RESERVED && !is_root) packet_disconnect( "Requested forwarding of port %d but user is not root.", - port); - if (host_port == 0) + fwd.listen_port); + if (fwd.connect_port == 0) packet_disconnect("Dynamic forwarding denied."); #endif /* Initiate forwarding */ - success = channel_setup_local_fwd_listener(NULL, port, hostname, - host_port, gateway_ports); + success = channel_setup_local_fwd_listener(&fwd, fwd_opts); /* Free the argument string. */ - xfree(hostname); + free(fwd.connect_host); return (success ? 0 : -1); } @@ -3115,6 +3459,9 @@ channel_add_permitted_opens(char *host, int port) num_permitted_opens + 1, sizeof(*permitted_opens)); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); permitted_opens[num_permitted_opens].port_to_connect = port; + permitted_opens[num_permitted_opens].listen_host = NULL; + permitted_opens[num_permitted_opens].listen_path = NULL; + permitted_opens[num_permitted_opens].listen_port = 0; num_permitted_opens++; all_opens_permitted = 0; @@ -3144,8 +3491,12 @@ channel_update_permitted_opens(int idx, int newport) } else { permitted_opens[idx].listen_port = 0; permitted_opens[idx].port_to_connect = 0; - xfree(permitted_opens[idx].host_to_connect); + free(permitted_opens[idx].host_to_connect); permitted_opens[idx].host_to_connect = NULL; + free(permitted_opens[idx].listen_host); + permitted_opens[idx].listen_host = NULL; + free(permitted_opens[idx].listen_path); + permitted_opens[idx].listen_path = NULL; } } @@ -3159,18 +3510,19 @@ channel_add_adm_permitted_opens(char *host, int port) permitted_adm_opens[num_adm_permitted_opens].host_to_connect = xstrdup(host); permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; + permitted_adm_opens[num_adm_permitted_opens].listen_host = NULL; + permitted_adm_opens[num_adm_permitted_opens].listen_path = NULL; + permitted_adm_opens[num_adm_permitted_opens].listen_port = 0; return ++num_adm_permitted_opens; } void channel_disable_adm_local_opens(void) { - if (num_adm_permitted_opens == 0) { - permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); - permitted_adm_opens[num_adm_permitted_opens].host_to_connect - = NULL; - num_adm_permitted_opens = 1; - } + channel_clear_adm_permitted_opens(); + permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); + permitted_adm_opens[num_adm_permitted_opens].host_to_connect = NULL; + num_adm_permitted_opens = 1; } void @@ -3178,13 +3530,13 @@ channel_clear_permitted_opens(void) { int i; - for (i = 0; i < num_permitted_opens; i++) - if (permitted_opens[i].host_to_connect != NULL) - xfree(permitted_opens[i].host_to_connect); - if (num_permitted_opens > 0) { - xfree(permitted_opens); - permitted_opens = NULL; + for (i = 0; i < num_permitted_opens; i++) { + free(permitted_opens[i].host_to_connect); + free(permitted_opens[i].listen_host); + free(permitted_opens[i].listen_path); } + free(permitted_opens); + permitted_opens = NULL; num_permitted_opens = 0; } @@ -3193,13 +3545,13 @@ channel_clear_adm_permitted_opens(void) { int i; - for (i = 0; i < num_adm_permitted_opens; i++) - if (permitted_adm_opens[i].host_to_connect != NULL) - xfree(permitted_adm_opens[i].host_to_connect); - if (num_adm_permitted_opens > 0) { - xfree(permitted_adm_opens); - permitted_adm_opens = NULL; + for (i = 0; i < num_adm_permitted_opens; i++) { + free(permitted_adm_opens[i].host_to_connect); + free(permitted_adm_opens[i].listen_host); + free(permitted_adm_opens[i].listen_path); } + free(permitted_adm_opens); + permitted_adm_opens = NULL; num_adm_permitted_opens = 0; } @@ -3235,30 +3587,32 @@ permitopen_port(const char *p) return -1; } -static int -port_match(u_short allowedport, u_short requestedport) -{ - if (allowedport == FWD_PERMIT_ANY_PORT || - allowedport == requestedport) - return 1; - return 0; -} - /* Try to start non-blocking connect to next host in cctx list */ static int connect_next(struct channel_connect *cctx) { int sock, saved_errno; - char ntop[NI_MAXHOST], strport[NI_MAXSERV]; + struct sockaddr_un *sunaddr; + char ntop[NI_MAXHOST], strport[MAX(NI_MAXSERV,sizeof(sunaddr->sun_path))]; for (; cctx->ai; cctx->ai = cctx->ai->ai_next) { - if (cctx->ai->ai_family != AF_INET && - cctx->ai->ai_family != AF_INET6) - continue; - if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen, - ntop, sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("connect_next: getnameinfo failed"); + switch (cctx->ai->ai_family) { + case AF_UNIX: + /* unix:pathname instead of host:port */ + sunaddr = (struct sockaddr_un *)cctx->ai->ai_addr; + strlcpy(ntop, "unix", sizeof(ntop)); + strlcpy(strport, sunaddr->sun_path, sizeof(strport)); + break; + case AF_INET: + case AF_INET6: + if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen, + ntop, sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV) != 0) { + error("connect_next: getnameinfo failed"); + continue; + } + break; + default: continue; } if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, @@ -3281,10 +3635,11 @@ connect_next(struct channel_connect *cctx) errno = saved_errno; continue; /* fail -- try next */ } + if (cctx->ai->ai_family != AF_UNIX) + set_nodelay(sock); debug("connect_next: host %.100s ([%.100s]:%s) " "in progress, fd=%d", cctx->host, ntop, strport, sock); cctx->ai = cctx->ai->ai_next; - set_nodelay(sock); return sock; } return -1; @@ -3293,17 +3648,19 @@ connect_next(struct channel_connect *cctx) static void channel_connect_ctx_free(struct channel_connect *cctx) { - xfree(cctx->host); - if (cctx->aitop) - freeaddrinfo(cctx->aitop); - bzero(cctx, sizeof(*cctx)); - cctx->host = NULL; - cctx->ai = cctx->aitop = NULL; + free(cctx->host); + if (cctx->aitop) { + if (cctx->aitop->ai_family == AF_UNIX) + free(cctx->aitop); + else + freeaddrinfo(cctx->aitop); + } + memset(cctx, 0, sizeof(*cctx)); } -/* Return CONNECTING channel to remote host, port */ +/* Return CONNECTING channel to remote host:port or local socket path */ static Channel * -connect_to(const char *host, u_short port, char *ctype, char *rname) +connect_to(const char *name, int port, char *ctype, char *rname) { struct addrinfo hints; int gaierr; @@ -3313,23 +3670,51 @@ connect_to(const char *host, u_short port, char *ctype, char *rname) Channel *c; memset(&cctx, 0, sizeof(cctx)); - memset(&hints, 0, sizeof(hints)); - hints.ai_family = IPv4or6; - hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%d", port); - if ((gaierr = getaddrinfo(host, strport, &hints, &cctx.aitop)) != 0) { - error("connect_to %.100s: unknown host (%s)", host, - ssh_gai_strerror(gaierr)); - return NULL; + + if (port == PORT_STREAMLOCAL) { + struct sockaddr_un *sunaddr; + struct addrinfo *ai; + + if (strlen(name) > sizeof(sunaddr->sun_path)) { + error("%.100s: %.100s", name, strerror(ENAMETOOLONG)); + return (NULL); + } + + /* + * Fake up a struct addrinfo for AF_UNIX connections. + * channel_connect_ctx_free() must check ai_family + * and use free() not freeaddirinfo() for AF_UNIX. + */ + ai = xmalloc(sizeof(*ai) + sizeof(*sunaddr)); + memset(ai, 0, sizeof(*ai) + sizeof(*sunaddr)); + ai->ai_addr = (struct sockaddr *)(ai + 1); + ai->ai_addrlen = sizeof(*sunaddr); + ai->ai_family = AF_UNIX; + ai->ai_socktype = SOCK_STREAM; + ai->ai_protocol = PF_UNSPEC; + sunaddr = (struct sockaddr_un *)ai->ai_addr; + sunaddr->sun_family = AF_UNIX; + strlcpy(sunaddr->sun_path, name, sizeof(sunaddr->sun_path)); + cctx.aitop = ai; + } else { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = IPv4or6; + hints.ai_socktype = SOCK_STREAM; + snprintf(strport, sizeof strport, "%d", port); + if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) { + error("connect_to %.100s: unknown host (%s)", name, + ssh_gai_strerror(gaierr)); + return NULL; + } } - cctx.host = xstrdup(host); + cctx.host = xstrdup(name); cctx.port = port; cctx.ai = cctx.aitop; if ((sock = connect_next(&cctx)) == -1) { error("connect to %.100s port %d failed: %s", - host, port, strerror(errno)); + name, port, strerror(errno)); channel_connect_ctx_free(&cctx); return NULL; } @@ -3340,13 +3725,14 @@ connect_to(const char *host, u_short port, char *ctype, char *rname) } Channel * -channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) +channel_connect_by_listen_address(const char *listen_host, + u_short listen_port, char *ctype, char *rname) { int i; for (i = 0; i < num_permitted_opens; i++) { - if (permitted_opens[i].host_to_connect != NULL && - port_match(permitted_opens[i].listen_port, listen_port)) { + if (open_listen_match_tcpip(&permitted_opens[i], listen_host, + listen_port, 1)) { return connect_to( permitted_opens[i].host_to_connect, permitted_opens[i].port_to_connect, ctype, rname); @@ -3357,29 +3743,45 @@ channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) return NULL; } +Channel * +channel_connect_by_listen_path(const char *path, char *ctype, char *rname) +{ + int i; + + for (i = 0; i < num_permitted_opens; i++) { + if (open_listen_match_streamlocal(&permitted_opens[i], path)) { + return connect_to( + permitted_opens[i].host_to_connect, + permitted_opens[i].port_to_connect, ctype, rname); + } + } + error("WARNING: Server requests forwarding for unknown path %.100s", + path); + return NULL; +} + /* Check if connecting to that port is permitted and connect. */ Channel * -channel_connect_to(const char *host, u_short port, char *ctype, char *rname) +channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname) { int i, permit, permit_adm = 1; permit = all_opens_permitted; if (!permit) { for (i = 0; i < num_permitted_opens; i++) - if (permitted_opens[i].host_to_connect != NULL && - port_match(permitted_opens[i].port_to_connect, port) && - strcmp(permitted_opens[i].host_to_connect, host) == 0) + if (open_match(&permitted_opens[i], host, port)) { permit = 1; + break; + } } if (num_adm_permitted_opens > 0) { permit_adm = 0; for (i = 0; i < num_adm_permitted_opens; i++) - if (permitted_adm_opens[i].host_to_connect != NULL && - port_match(permitted_adm_opens[i].port_to_connect, port) && - strcmp(permitted_adm_opens[i].host_to_connect, host) - == 0) + if (open_match(&permitted_adm_opens[i], host, port)) { permit_adm = 1; + break; + } } if (!permit || !permit_adm) { @@ -3390,6 +3792,38 @@ channel_connect_to(const char *host, u_short port, char *ctype, char *rname) return connect_to(host, port, ctype, rname); } +/* Check if connecting to that path is permitted and connect. */ +Channel * +channel_connect_to_path(const char *path, char *ctype, char *rname) +{ + int i, permit, permit_adm = 1; + + permit = all_opens_permitted; + if (!permit) { + for (i = 0; i < num_permitted_opens; i++) + if (open_match(&permitted_opens[i], path, PORT_STREAMLOCAL)) { + permit = 1; + break; + } + } + + if (num_adm_permitted_opens > 0) { + permit_adm = 0; + for (i = 0; i < num_adm_permitted_opens; i++) + if (open_match(&permitted_adm_opens[i], path, PORT_STREAMLOCAL)) { + permit_adm = 1; + break; + } + } + + if (!permit || !permit_adm) { + logit("Received request to connect to path %.100s, " + "but the request was denied.", path); + return NULL; + } + return connect_to(path, PORT_STREAMLOCAL, ctype, rname); +} + void channel_send_window_changes(void) { @@ -3688,7 +4122,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) c->remote_id = remote_id; c->force_drain = 1; } - xfree(remote_host); + free(remote_host); if (c == NULL) { /* Send refusal to the remote host. */ packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); @@ -3796,7 +4230,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, packet_put_int(screen_number); packet_send(); packet_write_wait(); - xfree(new_data); + free(new_data); } diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index d75b800f70..a000c98e5a 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.115 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen @@ -55,7 +55,10 @@ #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ #define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */ #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ -#define SSH_CHANNEL_MAX_TYPE 17 +#define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */ +#define SSH_CHANNEL_UNIX_LISTENER 18 /* Listening on a domain socket. */ +#define SSH_CHANNEL_RUNIX_LISTENER 19 /* Listening to a R-style domain socket. */ +#define SSH_CHANNEL_MAX_TYPE 20 #define CHANNEL_CANCEL_PORT_STATIC -1 @@ -102,7 +105,9 @@ struct Channel { int sock; /* sock fd */ int ctl_chan; /* control channel (multiplexed connections) */ int isatty; /* rfd is a tty */ +#ifdef _AIX int wfd_isatty; /* wfd is a tty */ +#endif int client_tty; /* (client) TTY has been requested */ int force_drain; /* force close on iEOF */ time_t notbefore; /* Pause IO until deadline (time_t) */ @@ -110,7 +115,7 @@ struct Channel { * channels are delayed until the first call * to a matching pre-select handler. * this way post-select handlers are not - * accidenly called if a FD gets reused */ + * accidentally called if a FD gets reused */ Buffer input; /* data read from socket, to be sent over * encrypted connection */ Buffer output; /* data received over encrypted connection for @@ -251,6 +256,8 @@ char *channel_open_message(void); int channel_find_open(void); /* tcp forwarding */ +struct Forward; +struct ForwardOptions; void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); @@ -260,18 +267,19 @@ void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); -int channel_input_port_forward_request(int, int); -Channel *channel_connect_to(const char *, u_short, char *, char *); +int channel_input_port_forward_request(int, struct ForwardOptions *); +Channel *channel_connect_to_port(const char *, u_short, char *, char *); +Channel *channel_connect_to_path(const char *, char *, char *); Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); -Channel *channel_connect_by_listen_address(u_short, char *, char *); -int channel_request_remote_forwarding(const char *, u_short, - const char *, u_short); -int channel_setup_local_fwd_listener(const char *, u_short, - const char *, u_short, int); -int channel_request_rforward_cancel(const char *host, u_short port); -int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); -int channel_cancel_rport_listener(const char *, u_short); -int channel_cancel_lport_listener(const char *, u_short, int, int); +Channel *channel_connect_by_listen_address(const char *, u_short, + char *, char *); +Channel *channel_connect_by_listen_path(const char *, char *, char *); +int channel_request_remote_forwarding(struct Forward *); +int channel_setup_local_fwd_listener(struct Forward *, struct ForwardOptions *); +int channel_request_rforward_cancel(struct Forward *); +int channel_setup_remote_fwd_listener(struct Forward *, int *, struct ForwardOptions *); +int channel_cancel_rport_listener(struct Forward *); +int channel_cancel_lport_listener(struct Forward *, int, struct ForwardOptions *); int permitopen_port(const char *); /* x11 forwarding */ diff --git a/crypto/openssh/cipher-3des1.c b/crypto/openssh/cipher-3des1.c index b7aa588cd5..2753f9a0e1 100644 --- a/crypto/openssh/cipher-3des1.c +++ b/crypto/openssh/cipher-3des1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-3des1.c,v 1.7 2010/10/01 23:05:32 djm Exp $ */ +/* $OpenBSD: cipher-3des1.c,v 1.11 2014/07/02 04:59:06 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -29,13 +29,11 @@ #include -#include #include #include "xmalloc.h" #include "log.h" - -#include "openbsd-compat/openssl-compat.h" +#include "ssherr.h" /* * This is used by SSH1: @@ -57,7 +55,7 @@ struct ssh1_3des_ctx }; const EVP_CIPHER * evp_ssh1_3des(void); -void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); +int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, @@ -67,11 +65,12 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, u_char *k1, *k2, *k3; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { - c = xmalloc(sizeof(*c)); + if ((c = calloc(1, sizeof(*c))) == NULL) + return 0; EVP_CIPHER_CTX_set_app_data(ctx, c); } if (key == NULL) - return (1); + return 1; if (enc == -1) enc = ctx->encrypt; k1 = k2 = k3 = (u_char *) key; @@ -85,44 +84,29 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, EVP_CIPHER_CTX_init(&c->k1); EVP_CIPHER_CTX_init(&c->k2); EVP_CIPHER_CTX_init(&c->k3); -#ifdef SSH_OLD_EVP - EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc); - EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc); - EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc); -#else if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { - memset(c, 0, sizeof(*c)); - xfree(c); + explicit_bzero(c, sizeof(*c)); + free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); - return (0); + return 0; } -#endif - return (1); + return 1; } static int -ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, - LIBCRYPTO_EVP_INL_TYPE len) +ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) { struct ssh1_3des_ctx *c; - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { - error("ssh1_3des_cbc: no context"); - return (0); - } -#ifdef SSH_OLD_EVP - EVP_Cipher(&c->k1, dest, (u_char *)src, len); - EVP_Cipher(&c->k2, dest, dest, len); - EVP_Cipher(&c->k3, dest, dest, len); -#else + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) + return 0; if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || EVP_Cipher(&c->k2, dest, dest, len) == 0 || EVP_Cipher(&c->k3, dest, dest, len) == 0) - return (0); -#endif - return (1); + return 0; + return 1; } static int @@ -134,33 +118,32 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) EVP_CIPHER_CTX_cleanup(&c->k1); EVP_CIPHER_CTX_cleanup(&c->k2); EVP_CIPHER_CTX_cleanup(&c->k3); - memset(c, 0, sizeof(*c)); - xfree(c); + explicit_bzero(c, sizeof(*c)); + free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); } - return (1); + return 1; } -void +int ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len) { struct ssh1_3des_ctx *c; if (len != 24) - fatal("%s: bad 3des iv length: %d", __func__, len); + return SSH_ERR_INVALID_ARGUMENT; if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) - fatal("%s: no 3des context", __func__); + return SSH_ERR_INTERNAL_ERROR; if (doset) { - debug3("%s: Installed 3DES IV", __func__); memcpy(c->k1.iv, iv, 8); memcpy(c->k2.iv, iv + 8, 8); memcpy(c->k3.iv, iv + 16, 8); } else { - debug3("%s: Copying 3DES IV", __func__); memcpy(iv, c->k1.iv, 8); memcpy(iv + 8, c->k2.iv, 8); memcpy(iv + 16, c->k3.iv, 8); } + return 0; } const EVP_CIPHER * @@ -176,8 +159,6 @@ evp_ssh1_3des(void) ssh1_3des.init = ssh1_3des_init; ssh1_3des.cleanup = ssh1_3des_cleanup; ssh1_3des.do_cipher = ssh1_3des_cbc; -#ifndef SSH_OLD_EVP ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; -#endif - return (&ssh1_3des); + return &ssh1_3des; } diff --git a/crypto/openssh/cipher-acss.c b/crypto/openssh/cipher-acss.c deleted file mode 100644 index e755f92b97..0000000000 --- a/crypto/openssh/cipher-acss.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2004 The OpenBSD project - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include - -#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) - -#include "acss.h" -#include "openbsd-compat/openssl-compat.h" - -#define data(ctx) ((EVP_ACSS_KEY *)(ctx)->cipher_data) - -typedef struct { - ACSS_KEY ks; -} EVP_ACSS_KEY; - -#define EVP_CTRL_SET_ACSS_MODE 0xff06 -#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07 - -static int -acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA); - return 1; -} - -static int -acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, - LIBCRYPTO_EVP_INL_TYPE inl) -{ - acss(&data(ctx)->ks,inl,in,out); - return 1; -} - -static int -acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - switch(type) { - case EVP_CTRL_SET_ACSS_MODE: - data(ctx)->ks.mode = arg; - return 1; - case EVP_CTRL_SET_ACSS_SUBKEY: - acss_setsubkey(&data(ctx)->ks,(unsigned char *)ptr); - return 1; - default: - return -1; - } -} - -const EVP_CIPHER * -evp_acss(void) -{ - static EVP_CIPHER acss_cipher; - - memset(&acss_cipher, 0, sizeof(EVP_CIPHER)); - - acss_cipher.nid = NID_undef; - acss_cipher.block_size = 1; - acss_cipher.key_len = 5; - acss_cipher.init = acss_init_key; - acss_cipher.do_cipher = acss_ciph; - acss_cipher.ctx_size = sizeof(EVP_ACSS_KEY); - acss_cipher.ctrl = acss_ctrl; - - return (&acss_cipher); -} -#endif - diff --git a/crypto/openssh/cipher-aes.c b/crypto/openssh/cipher-aes.c index bfda6d2f24..8b10172728 100644 --- a/crypto/openssh/cipher-aes.c +++ b/crypto/openssh/cipher-aes.c @@ -46,9 +46,6 @@ struct ssh_rijndael_ctx u_char r_iv[RIJNDAEL_BLOCKSIZE]; }; -const EVP_CIPHER * evp_rijndael(void); -void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); - static int ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc) @@ -123,7 +120,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { memset(c, 0, sizeof(*c)); - xfree(c); + free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); } return (1); diff --git a/crypto/openssh/platform.h b/crypto/openssh/cipher-aesctr.h similarity index 55% copy from crypto/openssh/platform.h copy to crypto/openssh/cipher-aesctr.h index 944d2c340d..85d55bba29 100644 --- a/crypto/openssh/platform.h +++ b/crypto/openssh/cipher-aesctr.h @@ -1,7 +1,6 @@ -/* $Id: platform.h,v 1.7 2010/11/05 03:47:01 dtucker Exp $ */ - +/* $OpenBSD: cipher-aesctr.h,v 1.1 2014/04/29 15:39:33 markus Exp $ */ /* - * Copyright (c) 2006 Darren Tucker. All rights reserved. + * Copyright (c) 2014 Markus Friedl * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,18 +15,21 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include +#ifndef OPENSSH_AESCTR_H +#define OPENSSH_AESCTR_H + +#include "rijndael.h" -#include +#define AES_BLOCK_SIZE 16 -void platform_pre_listen(void); -void platform_pre_fork(void); -void platform_post_fork_parent(pid_t child_pid); -void platform_post_fork_child(void); -int platform_privileged_uidswap(void); -void platform_setusercontext(struct passwd *); -void platform_setusercontext_post_groups(struct passwd *); -char *platform_get_krb5_client(const char *); -char *platform_krb5_get_principal_name(const char *); +typedef struct aesctr_ctx { + int rounds; /* keylen-dependent #rounds */ + u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ + u8 ctr[AES_BLOCK_SIZE]; /* counter */ +} aesctr_ctx; +void aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits); +void aesctr_ivsetup(aesctr_ctx *x,const u8 *iv); +void aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes); +#endif diff --git a/crypto/openssh/cipher-chachapoly.c b/crypto/openssh/cipher-chachapoly.c new file mode 100644 index 0000000000..8665b41a30 --- /dev/null +++ b/crypto/openssh/cipher-chachapoly.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2013 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $OpenBSD: cipher-chachapoly.c,v 1.6 2014/07/03 12:42:16 jsing Exp $ */ + +#include "includes.h" + +#include +#include /* needed for log.h */ +#include +#include /* needed for misc.h */ + +#include "log.h" +#include "sshbuf.h" +#include "ssherr.h" +#include "cipher-chachapoly.h" + +int chachapoly_init(struct chachapoly_ctx *ctx, + const u_char *key, u_int keylen) +{ + if (keylen != (32 + 32)) /* 2 x 256 bit keys */ + return SSH_ERR_INVALID_ARGUMENT; + chacha_keysetup(&ctx->main_ctx, key, 256); + chacha_keysetup(&ctx->header_ctx, key + 32, 256); + return 0; +} + +/* + * chachapoly_crypt() operates as following: + * En/decrypt with header key 'aadlen' bytes from 'src', storing result + * to 'dest'. The ciphertext here is treated as additional authenticated + * data for MAC calculation. + * En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use + * POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication + * tag. This tag is written on encryption and verified on decryption. + */ +int +chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, + const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) +{ + u_char seqbuf[8]; + const u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB little-endian */ + u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; + int r = SSH_ERR_INTERNAL_ERROR; + + /* + * Run ChaCha20 once to generate the Poly1305 key. The IV is the + * packet sequence number. + */ + memset(poly_key, 0, sizeof(poly_key)); + POKE_U64(seqbuf, seqnr); + chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL); + chacha_encrypt_bytes(&ctx->main_ctx, + poly_key, poly_key, sizeof(poly_key)); + + /* If decrypting, check tag before anything else */ + if (!do_encrypt) { + const u_char *tag = src + aadlen + len; + + poly1305_auth(expected_tag, src, aadlen + len, poly_key); + if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) { + r = SSH_ERR_MAC_INVALID; + goto out; + } + } + + /* Crypt additional data */ + if (aadlen) { + chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); + chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen); + } + + /* Set Chacha's block counter to 1 */ + chacha_ivsetup(&ctx->main_ctx, seqbuf, one); + chacha_encrypt_bytes(&ctx->main_ctx, src + aadlen, + dest + aadlen, len); + + /* If encrypting, calculate and append tag */ + if (do_encrypt) { + poly1305_auth(dest + aadlen + len, dest, aadlen + len, + poly_key); + } + r = 0; + out: + explicit_bzero(expected_tag, sizeof(expected_tag)); + explicit_bzero(seqbuf, sizeof(seqbuf)); + explicit_bzero(poly_key, sizeof(poly_key)); + return r; +} + +/* Decrypt and extract the encrypted packet length */ +int +chachapoly_get_length(struct chachapoly_ctx *ctx, + u_int *plenp, u_int seqnr, const u_char *cp, u_int len) +{ + u_char buf[4], seqbuf[8]; + + if (len < 4) + return SSH_ERR_MESSAGE_INCOMPLETE; + POKE_U64(seqbuf, seqnr); + chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); + chacha_encrypt_bytes(&ctx->header_ctx, cp, buf, 4); + *plenp = PEEK_U32(buf); + return 0; +} + diff --git a/crypto/openssh/cipher-chachapoly.h b/crypto/openssh/cipher-chachapoly.h new file mode 100644 index 0000000000..b7072be7d9 --- /dev/null +++ b/crypto/openssh/cipher-chachapoly.h @@ -0,0 +1,41 @@ +/* $OpenBSD: cipher-chachapoly.h,v 1.4 2014/06/24 01:13:21 djm Exp $ */ + +/* + * Copyright (c) Damien Miller 2013 + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#ifndef CHACHA_POLY_AEAD_H +#define CHACHA_POLY_AEAD_H + +#include +#include "chacha.h" +#include "poly1305.h" + +#define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */ + +struct chachapoly_ctx { + struct chacha_ctx main_ctx, header_ctx; +}; + +int chachapoly_init(struct chachapoly_ctx *cpctx, + const u_char *key, u_int keylen) + __attribute__((__bounded__(__buffer__, 2, 3))); +int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr, + u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen, + int do_encrypt); +int chachapoly_get_length(struct chachapoly_ctx *cpctx, + u_int *plenp, u_int seqnr, const u_char *cp, u_int len) + __attribute__((__bounded__(__buffer__, 4, 5))); + +#endif /* CHACHA_POLY_AEAD_H */ diff --git a/crypto/openssh/cipher-ctr.c b/crypto/openssh/cipher-ctr.c index 04975b4b65..ea0f9b3b74 100644 --- a/crypto/openssh/cipher-ctr.c +++ b/crypto/openssh/cipher-ctr.c @@ -16,6 +16,7 @@ */ #include "includes.h" +#ifndef OPENSSL_HAVE_EVPCTR #include #include @@ -33,9 +34,6 @@ #include #endif -const EVP_CIPHER *evp_aes_128_ctr(void); -void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); - struct ssh_aes_ctr_ctx { AES_KEY aes_ctx; @@ -106,7 +104,7 @@ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { memset(c, 0, sizeof(*c)); - xfree(c); + free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); } return (1); @@ -144,3 +142,5 @@ evp_aes_128_ctr(void) #endif return (&aes_ctr); } + +#endif /* OPENSSL_HAVE_EVPCTR */ diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c index bb5c0ac3a2..638ca2d971 100644 --- a/crypto/openssh/cipher.c +++ b/crypto/openssh/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.82 2009/01/26 09:58:15 markus Exp $ */ +/* $OpenBSD: cipher.c,v 1.99 2014/06/24 01:13:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,82 +39,162 @@ #include -#include - #include #include +#include -#include "xmalloc.h" -#include "log.h" #include "cipher.h" +#include "misc.h" +#include "sshbuf.h" +#include "ssherr.h" +#include "digest.h" -/* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" +#ifdef WITH_SSH1 extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); -extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); -extern const EVP_CIPHER *evp_aes_128_ctr(void); -extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); +#endif -struct Cipher { +struct sshcipher { char *name; int number; /* for ssh1 only */ u_int block_size; u_int key_len; + u_int iv_len; /* defaults to block_size */ + u_int auth_len; u_int discard_len; - u_int cbc_mode; + u_int flags; +#define CFLAG_CBC (1<<0) +#define CFLAG_CHACHAPOLY (1<<1) +#define CFLAG_AESCTR (1<<2) +#define CFLAG_NONE (1<<3) +#ifdef WITH_OPENSSL const EVP_CIPHER *(*evptype)(void); -} ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, - { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf }, - - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc }, - { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc }, - { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc }, - { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 }, - { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 }, - { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 }, - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, - { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, -#ifdef USE_CIPHER_ACSS - { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, +#else + void *ignored; #endif - { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL } +}; + +static const struct sshcipher ciphers[] = { +#ifdef WITH_SSH1 + { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, +#endif /* WITH_SSH1 */ +#ifdef WITH_OPENSSL + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, + { "blowfish-cbc", + SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, + { "cast128-cbc", + SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, + { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, + { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, + { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "rijndael-cbc@lysator.liu.se", + SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, +# ifdef OPENSSL_HAVE_EVPGCM + { "aes128-gcm@openssh.com", + SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, + { "aes256-gcm@openssh.com", + SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, +# endif /* OPENSSL_HAVE_EVPGCM */ +#else /* WITH_OPENSSL */ + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, +#endif /* WITH_OPENSSL */ + { "chacha20-poly1305@openssh.com", + SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, + + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } }; /*--*/ +/* Returns a comma-separated list of supported ciphers. */ +char * +cipher_alg_list(char sep, int auth_only) +{ + char *tmp, *ret = NULL; + size_t nlen, rlen = 0; + const struct sshcipher *c; + + for (c = ciphers; c->name != NULL; c++) { + if (c->number != SSH_CIPHER_SSH2) + continue; + if (auth_only && c->auth_len == 0) + continue; + if (ret != NULL) + ret[rlen++] = sep; + nlen = strlen(c->name); + if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { + free(ret); + return NULL; + } + ret = tmp; + memcpy(ret + rlen, c->name, nlen + 1); + rlen += nlen; + } + return ret; +} + u_int -cipher_blocksize(const Cipher *c) +cipher_blocksize(const struct sshcipher *c) { return (c->block_size); } u_int -cipher_keylen(const Cipher *c) +cipher_keylen(const struct sshcipher *c) { return (c->key_len); } u_int -cipher_get_number(const Cipher *c) +cipher_seclen(const struct sshcipher *c) +{ + if (strcmp("3des-cbc", c->name) == 0) + return 14; + return cipher_keylen(c); +} + +u_int +cipher_authlen(const struct sshcipher *c) +{ + return (c->auth_len); +} + +u_int +cipher_ivlen(const struct sshcipher *c) +{ + /* + * Default is cipher block size, except for chacha20+poly1305 that + * needs no IV. XXX make iv_len == -1 default? + */ + return (c->iv_len != 0 || (c->flags & CFLAG_CHACHAPOLY) != 0) ? + c->iv_len : c->block_size; +} + +u_int +cipher_get_number(const struct sshcipher *c) { return (c->number); } u_int -cipher_is_cbc(const Cipher *c) +cipher_is_cbc(const struct sshcipher *c) { - return (c->cbc_mode); + return (c->flags & CFLAG_CBC) != 0; } u_int @@ -129,20 +209,20 @@ cipher_mask_ssh1(int client) return mask; } -Cipher * +const struct sshcipher * cipher_by_name(const char *name) { - Cipher *c; + const struct sshcipher *c; for (c = ciphers; c->name != NULL; c++) if (strcmp(c->name, name) == 0) return c; return NULL; } -Cipher * +const struct sshcipher * cipher_by_number(int id) { - Cipher *c; + const struct sshcipher *c; for (c = ciphers; c->name != NULL; c++) if (c->number == id) return c; @@ -153,26 +233,23 @@ cipher_by_number(int id) int ciphers_valid(const char *names) { - Cipher *c; + const struct sshcipher *c; char *cipher_list, *cp; char *p; if (names == NULL || strcmp(names, "") == 0) return 0; - cipher_list = cp = xstrdup(names); + if ((cipher_list = cp = strdup(names)) == NULL) + return 0; for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); if (c == NULL || c->number != SSH_CIPHER_SSH2) { - debug("bad cipher %s [%s]", p, names); - xfree(cipher_list); + free(cipher_list); return 0; - } else { - debug3("cipher ok: %s [%s]", p, names); } } - debug3("ciphers ok: [%s]", names); - xfree(cipher_list); + free(cipher_list); return 1; } @@ -184,7 +261,7 @@ ciphers_valid(const char *names) int cipher_number(const char *name) { - Cipher *c; + const struct sshcipher *c; if (name == NULL) return -1; for (c = ciphers; c->name != NULL; c++) @@ -196,236 +273,377 @@ cipher_number(const char *name) char * cipher_name(int id) { - Cipher *c = cipher_by_number(id); + const struct sshcipher *c = cipher_by_number(id); return (c==NULL) ? "" : c->name; } -void -cipher_init(CipherContext *cc, Cipher *cipher, +const char * +cipher_warning_message(const struct sshcipher_ctx *cc) +{ + if (cc == NULL || cc->cipher == NULL) + return NULL; + if (cc->cipher->number == SSH_CIPHER_DES) + return "use of DES is strongly discouraged due to " + "cryptographic weaknesses"; + return NULL; +} + +int +cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, int do_encrypt) { - static int dowarn = 1; -#ifdef SSH_OLD_EVP - EVP_CIPHER *type; -#else +#ifdef WITH_OPENSSL + int ret = SSH_ERR_INTERNAL_ERROR; const EVP_CIPHER *type; int klen; -#endif u_char *junk, *discard; if (cipher->number == SSH_CIPHER_DES) { - if (dowarn) { - error("Warning: use of DES is strongly discouraged " - "due to cryptographic weaknesses"); - dowarn = 0; - } if (keylen > 8) keylen = 8; } +#endif cc->plaintext = (cipher->number == SSH_CIPHER_NONE); + cc->encrypt = do_encrypt; - if (keylen < cipher->key_len) - fatal("cipher_init: key length %d is insufficient for %s.", - keylen, cipher->name); - if (iv != NULL && ivlen < cipher->block_size) - fatal("cipher_init: iv length %d is insufficient for %s.", - ivlen, cipher->name); - cc->cipher = cipher; + if (keylen < cipher->key_len || + (iv != NULL && ivlen < cipher_ivlen(cipher))) + return SSH_ERR_INVALID_ARGUMENT; - type = (*cipher->evptype)(); - - EVP_CIPHER_CTX_init(&cc->evp); -#ifdef SSH_OLD_EVP - if (type->key_len > 0 && type->key_len != keylen) { - debug("cipher_init: set keylen (%d -> %d)", - type->key_len, keylen); - type->key_len = keylen; + cc->cipher = cipher; + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { + return chachapoly_init(&cc->cp_ctx, key, keylen); } - EVP_CipherInit(&cc->evp, type, (u_char *)key, (u_char *)iv, - (do_encrypt == CIPHER_ENCRYPT)); +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); + aesctr_ivsetup(&cc->ac_ctx, iv); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return 0; + return SSH_ERR_INVALID_ARGUMENT; #else + type = (*cipher->evptype)(); + EVP_CIPHER_CTX_init(&cc->evp); if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv, - (do_encrypt == CIPHER_ENCRYPT)) == 0) - fatal("cipher_init: EVP_CipherInit failed for %s", - cipher->name); + (do_encrypt == CIPHER_ENCRYPT)) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto bad; + } + if (cipher_authlen(cipher) && + !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, + -1, (u_char *)iv)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto bad; + } klen = EVP_CIPHER_CTX_key_length(&cc->evp); if (klen > 0 && keylen != (u_int)klen) { - debug2("cipher_init: set keylen (%d -> %d)", klen, keylen); - if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) - fatal("cipher_init: set keylen failed (%d -> %d)", - klen, keylen); + if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto bad; + } + } + if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto bad; } - if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) - fatal("cipher_init: EVP_CipherInit: set key failed for %s", - cipher->name); -#endif if (cipher->discard_len > 0) { - junk = xmalloc(cipher->discard_len); - discard = xmalloc(cipher->discard_len); - if (EVP_Cipher(&cc->evp, discard, junk, - cipher->discard_len) == 0) - fatal("evp_crypt: EVP_Cipher failed during discard"); - memset(discard, 0, cipher->discard_len); - xfree(junk); - xfree(discard); + if ((junk = malloc(cipher->discard_len)) == NULL || + (discard = malloc(cipher->discard_len)) == NULL) { + if (junk != NULL) + free(junk); + ret = SSH_ERR_ALLOC_FAIL; + goto bad; + } + ret = EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len); + explicit_bzero(discard, cipher->discard_len); + free(junk); + free(discard); + if (ret != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + bad: + EVP_CIPHER_CTX_cleanup(&cc->evp); + return ret; + } } +#endif + return 0; } -void -cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) +/* + * cipher_crypt() operates as following: + * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. + * Theses bytes are treated as additional authenticated data for + * authenticated encryption modes. + * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. + * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. + * This tag is written on encryption and verified on decryption. + * Both 'aadlen' and 'authlen' can be set to 0. + */ +int +cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, + const u_char *src, u_int len, u_int aadlen, u_int authlen) { + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { + return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, + len, aadlen, authlen, cc->encrypt); + } +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + if (aadlen) + memcpy(dest, src, aadlen); + aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen, + dest + aadlen, len); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + memcpy(dest, src, aadlen + len); + return 0; + } + return SSH_ERR_INVALID_ARGUMENT; +#else + if (authlen) { + u_char lastiv[1]; + + if (authlen != cipher_authlen(cc->cipher)) + return SSH_ERR_INVALID_ARGUMENT; + /* increment IV */ + if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, + 1, lastiv)) + return SSH_ERR_LIBCRYPTO_ERROR; + /* set tag on decyption */ + if (!cc->encrypt && + !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG, + authlen, (u_char *)src + aadlen + len)) + return SSH_ERR_LIBCRYPTO_ERROR; + } + if (aadlen) { + if (authlen && + EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0) + return SSH_ERR_LIBCRYPTO_ERROR; + memcpy(dest, src, aadlen); + } if (len % cc->cipher->block_size) - fatal("cipher_encrypt: bad plaintext length %d", len); - if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) - fatal("evp_crypt: EVP_Cipher failed"); + return SSH_ERR_INVALID_ARGUMENT; + if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen, + len) < 0) + return SSH_ERR_LIBCRYPTO_ERROR; + if (authlen) { + /* compute tag (on encrypt) or verify tag (on decrypt) */ + if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) + return cc->encrypt ? + SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID; + if (cc->encrypt && + !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, + authlen, dest + aadlen + len)) + return SSH_ERR_LIBCRYPTO_ERROR; + } + return 0; +#endif } -void -cipher_cleanup(CipherContext *cc) +/* Extract the packet length, including any decryption necessary beforehand */ +int +cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr, + const u_char *cp, u_int len) { - if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) - error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) + return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr, + cp, len); + if (len < 4) + return SSH_ERR_MESSAGE_INCOMPLETE; + *plenp = get_u32(cp); + return 0; +} + +int +cipher_cleanup(struct sshcipher_ctx *cc) +{ + if (cc == NULL || cc->cipher == NULL) + return 0; + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) + explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); + else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) + explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); +#ifdef WITH_OPENSSL + else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) + return SSH_ERR_LIBCRYPTO_ERROR; +#endif + return 0; } /* * Selects the cipher, and keys if by computing the MD5 checksum of the * passphrase and using the resulting 16 bytes as the key. */ - -void -cipher_set_key_string(CipherContext *cc, Cipher *cipher, +int +cipher_set_key_string(struct sshcipher_ctx *cc, const struct sshcipher *cipher, const char *passphrase, int do_encrypt) { - MD5_CTX md; u_char digest[16]; + int r = SSH_ERR_INTERNAL_ERROR; - MD5_Init(&md); - MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); - MD5_Final(digest, &md); - - cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); + if ((r = ssh_digest_memory(SSH_DIGEST_MD5, + passphrase, strlen(passphrase), + digest, sizeof(digest))) != 0) + goto out; - memset(digest, 0, sizeof(digest)); - memset(&md, 0, sizeof(md)); + r = cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); + out: + explicit_bzero(digest, sizeof(digest)); + return r; } /* - * Exports an IV from the CipherContext required to export the key + * Exports an IV from the sshcipher_ctx required to export the key * state back from the unprivileged child to the privileged parent * process. */ - int -cipher_get_keyiv_len(const CipherContext *cc) +cipher_get_keyiv_len(const struct sshcipher_ctx *cc) { - Cipher *c = cc->cipher; - int ivlen; + const struct sshcipher *c = cc->cipher; + int ivlen = 0; if (c->number == SSH_CIPHER_3DES) ivlen = 24; + else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) + ivlen = 0; +#ifdef WITH_OPENSSL else ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); +#endif /* WITH_OPENSSL */ return (ivlen); } -void -cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) +int +cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) { - Cipher *c = cc->cipher; - int evplen; + const struct sshcipher *c = cc->cipher; +#ifdef WITH_OPENSSL + int evplen; +#endif + + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { + if (len != 0) + return SSH_ERR_INVALID_ARGUMENT; + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return 0; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); - if (evplen <= 0) - return; + if (evplen == 0) + return 0; + else if (evplen < 0) + return SSH_ERR_LIBCRYPTO_ERROR; if ((u_int)evplen != len) - fatal("%s: wrong iv length %d != %d", __func__, - evplen, len); -#ifdef USE_BUILTIN_RIJNDAEL - if (c->evptype == evp_rijndael) - ssh_rijndael_iv(&cc->evp, 0, iv, len); - else -#endif + return SSH_ERR_INVALID_ARGUMENT; +#ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else +#endif + if (cipher_authlen(c)) { + if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, + len, iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else memcpy(iv, cc->evp.iv, len); break; +#endif +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: - ssh1_3des_iv(&cc->evp, 0, iv, 24); - break; + return ssh1_3des_iv(&cc->evp, 0, iv, 24); +#endif default: - fatal("%s: bad cipher %d", __func__, c->number); + return SSH_ERR_INVALID_ARGUMENT; } + return 0; } -void -cipher_set_keyiv(CipherContext *cc, u_char *iv) +int +cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) { - Cipher *c = cc->cipher; - int evplen = 0; + const struct sshcipher *c = cc->cipher; +#ifdef WITH_OPENSSL + int evplen = 0; +#endif + + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) + return 0; + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return 0; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); - if (evplen == 0) - return; -#ifdef USE_BUILTIN_RIJNDAEL - if (c->evptype == evp_rijndael) - ssh_rijndael_iv(&cc->evp, 1, iv, evplen); - else -#endif - if (c->evptype == evp_aes_128_ctr) - ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); - else + if (evplen <= 0) + return SSH_ERR_LIBCRYPTO_ERROR; + if (cipher_authlen(c)) { + /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ + if (!EVP_CIPHER_CTX_ctrl(&cc->evp, + EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else memcpy(cc->evp.iv, iv, evplen); break; +#endif +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: - ssh1_3des_iv(&cc->evp, 1, iv, 24); - break; + return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24); +#endif default: - fatal("%s: bad cipher %d", __func__, c->number); + return SSH_ERR_INVALID_ARGUMENT; } + return 0; } -#if OPENSSL_VERSION_NUMBER < 0x00907000L -#define EVP_X_STATE(evp) &(evp).c -#define EVP_X_STATE_LEN(evp) sizeof((evp).c) -#else +#ifdef WITH_OPENSSL #define EVP_X_STATE(evp) (evp).cipher_data #define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size #endif int -cipher_get_keycontext(const CipherContext *cc, u_char *dat) +cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) { - Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL + const struct sshcipher *c = cc->cipher; int plen = 0; - if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) { + if (c->evptype == EVP_rc4) { plen = EVP_X_STATE_LEN(cc->evp); if (dat == NULL) return (plen); memcpy(dat, EVP_X_STATE(cc->evp), plen); } return (plen); +#else + return 0; +#endif } void -cipher_set_keycontext(CipherContext *cc, u_char *dat) +cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) { - Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL + const struct sshcipher *c = cc->cipher; int plen; - if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) { + if (c->evptype == EVP_rc4) { plen = EVP_X_STATE_LEN(cc->evp); memcpy(EVP_X_STATE(cc->evp), dat, plen); } +#endif } diff --git a/crypto/openssh/cipher.h b/crypto/openssh/cipher.h index 3dd2270bbe..de74c1e3b3 100644 --- a/crypto/openssh/cipher.h +++ b/crypto/openssh/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.37 2009/01/26 09:58:15 markus Exp $ */ +/* $OpenBSD: cipher.h,v 1.46 2014/06/24 01:13:21 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +37,11 @@ #ifndef CIPHER_H #define CIPHER_H +#include #include +#include "cipher-chachapoly.h" +#include "cipher-aesctr.h" + /* * Cipher types for SSH-1. New types can be added, but old types should not * be removed for compatibility. The maximum allowed value is 31. @@ -58,35 +62,47 @@ #define CIPHER_ENCRYPT 1 #define CIPHER_DECRYPT 0 -typedef struct Cipher Cipher; -typedef struct CipherContext CipherContext; - -struct Cipher; -struct CipherContext { +struct sshcipher; +struct sshcipher_ctx { int plaintext; + int encrypt; EVP_CIPHER_CTX evp; - Cipher *cipher; + struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ + struct aesctr_ctx ac_ctx; /* XXX union with evp? */ + const struct sshcipher *cipher; }; +typedef struct sshcipher Cipher ; +typedef struct sshcipher_ctx CipherContext ; + u_int cipher_mask_ssh1(int); -Cipher *cipher_by_name(const char *); -Cipher *cipher_by_number(int); +const struct sshcipher *cipher_by_name(const char *); +const struct sshcipher *cipher_by_number(int); int cipher_number(const char *); char *cipher_name(int); int ciphers_valid(const char *); -void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, - const u_char *, u_int, int); -void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); -void cipher_cleanup(CipherContext *); -void cipher_set_key_string(CipherContext *, Cipher *, const char *, int); -u_int cipher_blocksize(const Cipher *); -u_int cipher_keylen(const Cipher *); -u_int cipher_is_cbc(const Cipher *); +char *cipher_alg_list(char, int); +int cipher_init(struct sshcipher_ctx *, const struct sshcipher *, + const u_char *, u_int, const u_char *, u_int, int); +const char* cipher_warning_message(const struct sshcipher_ctx *); +int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *, + u_int, u_int, u_int); +int cipher_get_length(struct sshcipher_ctx *, u_int *, u_int, + const u_char *, u_int); +int cipher_cleanup(struct sshcipher_ctx *); +int cipher_set_key_string(struct sshcipher_ctx *, const struct sshcipher *, + const char *, int); +u_int cipher_blocksize(const struct sshcipher *); +u_int cipher_keylen(const struct sshcipher *); +u_int cipher_seclen(const struct sshcipher *); +u_int cipher_authlen(const struct sshcipher *); +u_int cipher_ivlen(const struct sshcipher *); +u_int cipher_is_cbc(const struct sshcipher *); -u_int cipher_get_number(const Cipher *); -void cipher_get_keyiv(CipherContext *, u_char *, u_int); -void cipher_set_keyiv(CipherContext *, u_char *); -int cipher_get_keyiv_len(const CipherContext *); -int cipher_get_keycontext(const CipherContext *, u_char *); -void cipher_set_keycontext(CipherContext *, u_char *); +u_int cipher_get_number(const struct sshcipher *); +int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int); +int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *); +int cipher_get_keyiv_len(const struct sshcipher_ctx *); +int cipher_get_keycontext(const struct sshcipher_ctx *, u_char *); +void cipher_set_keycontext(struct sshcipher_ctx *, const u_char *); #endif /* CIPHER_H */ diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 1c1a770888..397c96532b 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.240 2012/06/20 04:42:58 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.261 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -100,13 +100,13 @@ #include "cipher.h" #include "kex.h" #include "log.h" +#include "misc.h" #include "readconf.h" #include "clientloop.h" #include "sshconnect.h" #include "authfd.h" #include "atomicio.h" #include "sshpty.h" -#include "misc.h" #include "match.h" #include "msg.h" #include "roaming.h" @@ -273,7 +273,7 @@ set_control_persist_exit_time(void) control_persist_exit_time = 0; } else if (control_persist_exit_time <= 0) { /* a client connection has recently closed */ - control_persist_exit_time = time(NULL) + + control_persist_exit_time = monotime() + (time_t)options.control_persist_timeout; debug2("%s: schedule exit in %d seconds", __func__, options.control_persist_timeout); @@ -289,7 +289,7 @@ client_x11_display_valid(const char *display) dlen = strlen(display); for (i = 0; i < dlen; i++) { - if (!isalnum(display[i]) && + if (!isalnum((u_char)display[i]) && strchr(SSH_X11_VALID_DISPLAY_CHARS, display[i]) == NULL) { debug("Invalid character '%c' in DISPLAY", display[i]); return 0; @@ -356,7 +356,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, if (system(cmd) == 0) generated = 1; if (x11_refuse_time == 0) { - now = time(NULL) + 1; + now = monotime() + 1; if (UINT_MAX - timeout < now) x11_refuse_time = UINT_MAX; else @@ -393,10 +393,8 @@ client_x11_get_proto(const char *display, const char *xauth_path, unlink(xauthfile); rmdir(xauthdir); } - if (xauthdir) - xfree(xauthdir); - if (xauthfile) - xfree(xauthfile); + free(xauthdir); + free(xauthfile); /* * If we didn't get authentication data, just make up some @@ -551,8 +549,8 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt) gc->cb(type, seq, gc->ctx); if (--gc->ref_count <= 0) { TAILQ_REMOVE(&global_confirms, gc, entry); - bzero(gc, sizeof(*gc)); - xfree(gc); + explicit_bzero(gc, sizeof(*gc)); + free(gc); } packet_set_alive_timeouts(0); @@ -583,7 +581,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, { struct timeval tv, *tvp; int timeout_secs; - time_t minwait_secs = 0; + time_t minwait_secs = 0, server_alive_time = 0, now = monotime(); int ret; /* Add any selections by the channel mechanism. */ @@ -632,12 +630,16 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, */ timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ - if (options.server_alive_interval > 0 && compat20) + if (options.server_alive_interval > 0 && compat20) { timeout_secs = options.server_alive_interval; + server_alive_time = now + options.server_alive_interval; + } + if (options.rekey_interval > 0 && compat20 && !rekeying) + timeout_secs = MIN(timeout_secs, packet_get_rekey_timeout()); set_control_persist_exit_time(); if (control_persist_exit_time > 0) { timeout_secs = MIN(timeout_secs, - control_persist_exit_time - time(NULL)); + control_persist_exit_time - now); if (timeout_secs < 0) timeout_secs = 0; } @@ -669,8 +671,15 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); buffer_append(&stderr_buffer, buf, strlen(buf)); quit_pending = 1; - } else if (ret == 0) - server_alive_check(); + } else if (ret == 0) { + /* + * Timeout. Could have been either keepalive or rekeying. + * Keepalive we check here, rekeying is checked in clientloop. + */ + if (server_alive_time != 0 && server_alive_time <= monotime()) + server_alive_check(); + } + } static void @@ -815,20 +824,20 @@ client_status_confirm(int type, Channel *c, void *ctx) chan_write_failed(c); } } - xfree(cr); + free(cr); } static void client_abandon_status_confirm(Channel *c, void *ctx) { - xfree(ctx); + free(ctx); } void client_expect_confirm(int id, const char *request, enum confirm_action action) { - struct channel_reply_ctx *cr = xmalloc(sizeof(*cr)); + struct channel_reply_ctx *cr = xcalloc(1, sizeof(*cr)); cr->request_type = request; cr->action = action; @@ -851,7 +860,7 @@ client_register_global_confirm(global_confirm_cb *cb, void *ctx) return; } - gc = xmalloc(sizeof(*gc)); + gc = xcalloc(1, sizeof(*gc)); gc->cb = cb; gc->ctx = ctx; gc->ref_count = 1; @@ -862,20 +871,18 @@ static void process_cmdline(void) { void (*handler)(int); - char *s, *cmd, *cancel_host; - int delete = 0, local = 0, remote = 0, dynamic = 0; - int cancel_port, ok; - Forward fwd; + char *s, *cmd; + int ok, delete = 0, local = 0, remote = 0, dynamic = 0; + struct Forward fwd; - bzero(&fwd, sizeof(fwd)); - fwd.listen_host = fwd.connect_host = NULL; + memset(&fwd, 0, sizeof(fwd)); leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); handler = signal(SIGINT, SIG_IGN); cmd = s = read_passphrase("\r\nssh> ", RP_ECHO); if (s == NULL) goto out; - while (isspace(*s)) + while (isspace((u_char)*s)) s++; if (*s == '-') s++; /* Skip cmdline '-', if any */ @@ -929,34 +936,25 @@ process_cmdline(void) goto out; } - while (isspace(*++s)) + while (isspace((u_char)*++s)) ; /* XXX update list of forwards in options */ if (delete) { - cancel_port = 0; - cancel_host = hpdelim(&s); /* may be NULL */ - if (s != NULL) { - cancel_port = a2port(s); - cancel_host = cleanhostname(cancel_host); - } else { - cancel_port = a2port(cancel_host); - cancel_host = NULL; - } - if (cancel_port <= 0) { - logit("Bad forwarding close port"); + /* We pass 1 for dynamicfwd to restrict to 1 or 2 fields. */ + if (!parse_forward(&fwd, s, 1, 0)) { + logit("Bad forwarding close specification."); goto out; } if (remote) - ok = channel_request_rforward_cancel(cancel_host, - cancel_port) == 0; + ok = channel_request_rforward_cancel(&fwd) == 0; else if (dynamic) - ok = channel_cancel_lport_listener(cancel_host, - cancel_port, 0, options.gateway_ports) > 0; + ok = channel_cancel_lport_listener(&fwd, + 0, &options.fwd_opts) > 0; else - ok = channel_cancel_lport_listener(cancel_host, - cancel_port, CHANNEL_CANCEL_PORT_STATIC, - options.gateway_ports) > 0; + ok = channel_cancel_lport_listener(&fwd, + CHANNEL_CANCEL_PORT_STATIC, + &options.fwd_opts) > 0; if (!ok) { logit("Unkown port forwarding."); goto out; @@ -968,16 +966,13 @@ process_cmdline(void) goto out; } if (local || dynamic) { - if (channel_setup_local_fwd_listener(fwd.listen_host, - fwd.listen_port, fwd.connect_host, - fwd.connect_port, options.gateway_ports) < 0) { + if (!channel_setup_local_fwd_listener(&fwd, + &options.fwd_opts)) { logit("Port forwarding failed."); goto out; } } else { - if (channel_request_remote_forwarding(fwd.listen_host, - fwd.listen_port, fwd.connect_host, - fwd.connect_port) < 0) { + if (channel_request_remote_forwarding(&fwd) < 0) { logit("Port forwarding failed."); goto out; } @@ -988,12 +983,68 @@ process_cmdline(void) out: signal(SIGINT, handler); enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); - if (cmd) - xfree(cmd); - if (fwd.listen_host != NULL) - xfree(fwd.listen_host); - if (fwd.connect_host != NULL) - xfree(fwd.connect_host); + free(cmd); + free(fwd.listen_host); + free(fwd.listen_path); + free(fwd.connect_host); + free(fwd.connect_path); +} + +/* reasons to suppress output of an escape command in help output */ +#define SUPPRESS_NEVER 0 /* never suppress, always show */ +#define SUPPRESS_PROTO1 1 /* don't show in protocol 1 sessions */ +#define SUPPRESS_MUXCLIENT 2 /* don't show in mux client sessions */ +#define SUPPRESS_MUXMASTER 4 /* don't show in mux master sessions */ +#define SUPPRESS_SYSLOG 8 /* don't show when logging to syslog */ +struct escape_help_text { + const char *cmd; + const char *text; + unsigned int flags; +}; +static struct escape_help_text esc_txt[] = { + {".", "terminate session", SUPPRESS_MUXMASTER}, + {".", "terminate connection (and any multiplexed sessions)", + SUPPRESS_MUXCLIENT}, + {"B", "send a BREAK to the remote system", SUPPRESS_PROTO1}, + {"C", "open a command line", SUPPRESS_MUXCLIENT}, + {"R", "request rekey", SUPPRESS_PROTO1}, + {"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT}, + {"^Z", "suspend ssh", SUPPRESS_MUXCLIENT}, + {"#", "list forwarded connections", SUPPRESS_NEVER}, + {"&", "background ssh (when waiting for connections to terminate)", + SUPPRESS_MUXCLIENT}, + {"?", "this message", SUPPRESS_NEVER}, +}; + +static void +print_escape_help(Buffer *b, int escape_char, int protocol2, int mux_client, + int using_stderr) +{ + unsigned int i, suppress_flags; + char string[1024]; + + snprintf(string, sizeof string, "%c?\r\n" + "Supported escape sequences:\r\n", escape_char); + buffer_append(b, string, strlen(string)); + + suppress_flags = (protocol2 ? 0 : SUPPRESS_PROTO1) | + (mux_client ? SUPPRESS_MUXCLIENT : 0) | + (mux_client ? 0 : SUPPRESS_MUXMASTER) | + (using_stderr ? 0 : SUPPRESS_SYSLOG); + + for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) { + if (esc_txt[i].flags & suppress_flags) + continue; + snprintf(string, sizeof string, " %c%-3s - %s\r\n", + escape_char, esc_txt[i].cmd, esc_txt[i].text); + buffer_append(b, string, strlen(string)); + } + + snprintf(string, sizeof string, + " %c%c - send the escape character by typing it twice\r\n" + "(Note that escapes are only recognized immediately after " + "newline.)\r\n", escape_char, escape_char); + buffer_append(b, string, strlen(string)); } /* @@ -1046,6 +1097,11 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, if (c && c->ctl_chan != -1) { chan_read_failed(c); chan_write_failed(c); + if (c->detach_user) + c->detach_user(c->self, NULL); + c->type = SSH_CHANNEL_ABANDONED; + buffer_clear(&c->input); + chan_ibuf_empty(c); return 0; } else quit_pending = 1; @@ -1054,11 +1110,16 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, case 'Z' - 64: /* XXX support this for mux clients */ if (c && c->ctl_chan != -1) { + char b[16]; noescape: + if (ch == 'Z' - 64) + snprintf(b, sizeof b, "^Z"); + else + snprintf(b, sizeof b, "%c", ch); snprintf(string, sizeof string, - "%c%c escape not available to " + "%c%s escape not available to " "multiplexed sessions\r\n", - escape_char, ch); + escape_char, b); buffer_append(berr, string, strlen(string)); continue; @@ -1080,7 +1141,7 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, "%cB\r\n", escape_char); buffer_append(berr, string, strlen(string)); - channel_request_start(session_ident, + channel_request_start(c->self, "break", 0); packet_put_int(1000); packet_send(); @@ -1097,6 +1158,31 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, } continue; + case 'V': + /* FALLTHROUGH */ + case 'v': + if (c && c->ctl_chan != -1) + goto noescape; + if (!log_is_on_stderr()) { + snprintf(string, sizeof string, + "%c%c [Logging to syslog]\r\n", + escape_char, ch); + buffer_append(berr, string, + strlen(string)); + continue; + } + if (ch == 'V' && options.log_level > + SYSLOG_LEVEL_QUIET) + log_change_level(--options.log_level); + if (ch == 'v' && options.log_level < + SYSLOG_LEVEL_DEBUG3) + log_change_level(++options.log_level); + snprintf(string, sizeof string, + "%c%c [LogLevel %s]\r\n", escape_char, ch, + log_level_name(options.log_level)); + buffer_append(berr, string, strlen(string)); + continue; + case '&': if (c && c->ctl_chan != -1) goto noescape; @@ -1150,43 +1236,9 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, continue; case '?': - if (c && c->ctl_chan != -1) { - snprintf(string, sizeof string, -"%c?\r\n\ -Supported escape sequences:\r\n\ - %c. - terminate session\r\n\ - %cB - send a BREAK to the remote system\r\n\ - %cR - Request rekey (SSH protocol 2 only)\r\n\ - %c# - list forwarded connections\r\n\ - %c? - this message\r\n\ - %c%c - send the escape character by typing it twice\r\n\ -(Note that escapes are only recognized immediately after newline.)\r\n", - escape_char, escape_char, - escape_char, escape_char, - escape_char, escape_char, - escape_char, escape_char); - } else { - snprintf(string, sizeof string, -"%c?\r\n\ -Supported escape sequences:\r\n\ - %c. - terminate connection (and any multiplexed sessions)\r\n\ - %cB - send a BREAK to the remote system\r\n\ - %cC - open a command line\r\n\ - %cR - Request rekey (SSH protocol 2 only)\r\n\ - %c^Z - suspend ssh\r\n\ - %c# - list forwarded connections\r\n\ - %c& - background ssh (when waiting for connections to terminate)\r\n\ - %c? - this message\r\n\ - %c%c - send the escape character by typing it twice\r\n\ -(Note that escapes are only recognized immediately after newline.)\r\n", - escape_char, escape_char, - escape_char, escape_char, - escape_char, escape_char, - escape_char, escape_char, - escape_char, escape_char, - escape_char); - } - buffer_append(berr, string, strlen(string)); + print_escape_help(berr, escape_char, compat20, + (c && c->ctl_chan != -1), + log_is_on_stderr()); continue; case '#': @@ -1195,7 +1247,7 @@ Supported escape sequences:\r\n\ buffer_append(berr, string, strlen(string)); s = channel_open_message(); buffer_append(berr, s, strlen(s)); - xfree(s); + free(s); continue; case 'C': @@ -1374,7 +1426,7 @@ client_new_escape_filter_ctx(int escape_char) { struct escape_filter_ctx *ret; - ret = xmalloc(sizeof(*ret)); + ret = xcalloc(1, sizeof(*ret)); ret->escape_pending = 0; ret->escape_char = escape_char; return (void *)ret; @@ -1384,7 +1436,7 @@ client_new_escape_filter_ctx(int escape_char) void client_filter_cleanup(int cid, void *ctx) { - xfree(ctx); + free(ctx); } int @@ -1589,16 +1641,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) * connections, then quit. */ if (control_persist_exit_time > 0) { - if (time(NULL) >= control_persist_exit_time) { + if (monotime() >= control_persist_exit_time) { debug("ControlPersist timeout expired"); break; } } } - if (readset) - xfree(readset); - if (writeset) - xfree(writeset); + free(readset); + free(writeset); /* Terminate the session. */ @@ -1699,8 +1749,8 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt) char *data = packet_get_string(&data_len); packet_check_eom(); buffer_append(&stdout_buffer, data, data_len); - memset(data, 0, data_len); - xfree(data); + explicit_bzero(data, data_len); + free(data); } static void client_input_stderr_data(int type, u_int32_t seq, void *ctxt) @@ -1709,8 +1759,8 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt) char *data = packet_get_string(&data_len); packet_check_eom(); buffer_append(&stderr_buffer, data, data_len); - memset(data, 0, data_len); - xfree(data); + explicit_bzero(data, data_len); + free(data); } static void client_input_exit_status(int type, u_int32_t seq, void *ctxt) @@ -1783,15 +1833,35 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) originator_port = packet_get_int(); packet_check_eom(); - debug("client_request_forwarded_tcpip: listen %s port %d, " - "originator %s port %d", listen_address, listen_port, - originator_address, originator_port); + debug("%s: listen %s port %d, originator %s port %d", __func__, + listen_address, listen_port, originator_address, originator_port); - c = channel_connect_by_listen_address(listen_port, + c = channel_connect_by_listen_address(listen_address, listen_port, "forwarded-tcpip", originator_address); - xfree(originator_address); - xfree(listen_address); + free(originator_address); + free(listen_address); + return c; +} + +static Channel * +client_request_forwarded_streamlocal(const char *request_type, int rchan) +{ + Channel *c = NULL; + char *listen_path; + + /* Get the remote path. */ + listen_path = packet_get_string(NULL); + /* XXX: Skip reserved field for now. */ + if (packet_get_string_ptr(NULL) == NULL) + fatal("%s: packet_get_string_ptr failed", __func__); + packet_check_eom(); + + debug("%s: %s", __func__, listen_path); + + c = channel_connect_by_listen_path(listen_path, + "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); + free(listen_path); return c; } @@ -1809,7 +1879,7 @@ client_request_x11(const char *request_type, int rchan) "malicious server."); return NULL; } - if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) { + if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) { verbose("Rejected X11 connection after ForwardX11Timeout " "expired"); return NULL; @@ -1825,7 +1895,7 @@ client_request_x11(const char *request_type, int rchan) /* XXX check permission */ debug("client_request_x11: request from %s %d", originator, originator_port); - xfree(originator); + free(originator); sock = x11_connect_display(); if (sock < 0) return NULL; @@ -1922,6 +1992,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) if (strcmp(ctype, "forwarded-tcpip") == 0) { c = client_request_forwarded_tcpip(ctype, rchan); + } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { + c = client_request_forwarded_streamlocal(ctype, rchan); } else if (strcmp(ctype, "x11") == 0) { c = client_request_x11(ctype, rchan); } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { @@ -1952,7 +2024,7 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) } packet_send(); } - xfree(ctype); + free(ctype); } static void client_input_channel_req(int type, u_int32_t seq, void *ctxt) @@ -1992,13 +2064,13 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); } - if (reply && c != NULL) { + if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) { packet_start(success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); packet_put_int(c->remote_id); packet_send(); } - xfree(rtype); + free(rtype); } static void client_input_global_request(int type, u_int32_t seq, void *ctxt) @@ -2017,7 +2089,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) packet_send(); packet_write_wait(); } - xfree(rtype); + free(rtype); } void @@ -2067,7 +2139,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, /* Split */ name = xstrdup(env[i]); if ((val = strchr(name, '=')) == NULL) { - xfree(name); + free(name); continue; } *val++ = '\0'; @@ -2081,7 +2153,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, } if (!matched) { debug3("Ignored env %s", name); - xfree(name); + free(name); continue; } @@ -2090,7 +2162,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, packet_put_cstring(name); packet_put_cstring(val); packet_send(); - xfree(name); + free(name); } } @@ -2189,10 +2261,10 @@ client_stop_mux(void) if (options.control_path != NULL && muxserver_sock != -1) unlink(options.control_path); /* - * If we are in persist mode, signal that we should close when all - * active channels are closed. + * If we are in persist mode, or don't have a shell, signal that we + * should close when all active channels are closed. */ - if (options.control_persist) { + if (options.control_persist || no_shell_flag) { session_closed = 1; setproctitle("[stopped mux]"); } diff --git a/crypto/openssh/clientloop.h b/crypto/openssh/clientloop.h index 3bb794879c..338d45186f 100644 --- a/crypto/openssh/clientloop.h +++ b/crypto/openssh/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.29 2011/09/09 22:46:44 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */ /* * Author: Tatu Ylonen diff --git a/crypto/openssh/compat.c b/crypto/openssh/compat.c index 0dc089fd60..4d286e8e9a 100644 --- a/crypto/openssh/compat.c +++ b/crypto/openssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.79 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: compat.c,v 1.85 2014/04/20 02:49:32 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -45,6 +45,8 @@ int datafellows = 0; void enable_compat20(void) { + if (compat20) + return; debug("Enabling compatibility mode for protocol 2.0"); compat20 = 1; } @@ -93,6 +95,9 @@ compat_datafellows(const char *version) { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH_4*", 0 }, { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, + { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, + { "OpenSSH_6.5*," + "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, { "OpenSSH*", SSH_NEW_OPENSSH }, { "*MindTerm*", 0 }, { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| @@ -169,8 +174,9 @@ compat_datafellows(const char *version) for (i = 0; check[i].pat; i++) { if (match_pattern_list(version, check[i].pat, strlen(check[i].pat), 0) == 1) { - debug("match: %s pat %s", version, check[i].pat); datafellows = check[i].bugs; + debug("match: %s pat %s compat 0x%08x", + version, check[i].pat, datafellows); return; } } @@ -202,37 +208,75 @@ proto_spec(const char *spec) break; } } - xfree(s); + free(s); return ret; } -char * -compat_cipher_proposal(char *cipher_prop) +/* + * Filters a proposal string, excluding any algorithm matching the 'filter' + * pattern list. + */ +static char * +filter_proposal(char *proposal, const char *filter) { Buffer b; - char *orig_prop, *fix_ciphers; + char *orig_prop, *fix_prop; char *cp, *tmp; - if (!(datafellows & SSH_BUG_BIGENDIANAES)) - return(cipher_prop); - buffer_init(&b); - tmp = orig_prop = xstrdup(cipher_prop); + tmp = orig_prop = xstrdup(proposal); while ((cp = strsep(&tmp, ",")) != NULL) { - if (strncmp(cp, "aes", 3) != 0) { + if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) { if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); buffer_append(&b, cp, strlen(cp)); - } + } else + debug2("Compat: skipping algorithm \"%s\"", cp); } buffer_append(&b, "\0", 1); - fix_ciphers = xstrdup(buffer_ptr(&b)); + fix_prop = xstrdup(buffer_ptr(&b)); buffer_free(&b); - xfree(orig_prop); - debug2("Original cipher proposal: %s", cipher_prop); - debug2("Compat cipher proposal: %s", fix_ciphers); - if (!*fix_ciphers) - fatal("No available ciphers found."); + free(orig_prop); + + return fix_prop; +} + +char * +compat_cipher_proposal(char *cipher_prop) +{ + if (!(datafellows & SSH_BUG_BIGENDIANAES)) + return cipher_prop; + debug2("%s: original cipher proposal: %s", __func__, cipher_prop); + cipher_prop = filter_proposal(cipher_prop, "aes*"); + debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); + if (*cipher_prop == '\0') + fatal("No supported ciphers found"); + return cipher_prop; +} - return(fix_ciphers); +char * +compat_pkalg_proposal(char *pkalg_prop) +{ + if (!(datafellows & SSH_BUG_RSASIGMD5)) + return pkalg_prop; + debug2("%s: original public key proposal: %s", __func__, pkalg_prop); + pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa"); + debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); + if (*pkalg_prop == '\0') + fatal("No supported PK algorithms found"); + return pkalg_prop; } + +char * +compat_kex_proposal(char *kex_prop) +{ + if (!(datafellows & SSH_BUG_CURVE25519PAD)) + return kex_prop; + debug2("%s: original KEX proposal: %s", __func__, kex_prop); + kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org"); + debug2("%s: compat KEX proposal: %s", __func__, kex_prop); + if (*kex_prop == '\0') + fatal("No supported key exchange algorithms found"); + return kex_prop; +} + diff --git a/crypto/openssh/compat.h b/crypto/openssh/compat.h index 3ae5d9c783..2e25d5ba99 100644 --- a/crypto/openssh/compat.h +++ b/crypto/openssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.43 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.45 2014/04/18 23:52:25 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -59,12 +59,15 @@ #define SSH_BUG_RFWD_ADDR 0x02000000 #define SSH_NEW_OPENSSH 0x04000000 #define SSH_BUG_DYNAMIC_RPORT 0x08000000 +#define SSH_BUG_CURVE25519PAD 0x10000000 void enable_compat13(void); void enable_compat20(void); void compat_datafellows(const char *); int proto_spec(const char *); char *compat_cipher_proposal(char *); +char *compat_pkalg_proposal(char *); +char *compat_kex_proposal(char *); extern int compat13; extern int compat20; diff --git a/crypto/openssh/crypto_api.h b/crypto/openssh/crypto_api.h new file mode 100644 index 0000000000..5820ce8fa1 --- /dev/null +++ b/crypto/openssh/crypto_api.h @@ -0,0 +1,44 @@ +/* $OpenBSD: crypto_api.h,v 1.3 2013/12/17 10:36:38 markus Exp $ */ + +/* + * Assembled from generated headers and source files by Markus Friedl. + * Placed in the public domain. + */ + +#ifndef crypto_api_h +#define crypto_api_h + +#ifdef HAVE_STDINT_H +# include +#endif +#include + +typedef int32_t crypto_int32; +typedef uint32_t crypto_uint32; + +#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len)) + +#define crypto_hashblocks_sha512_STATEBYTES 64U +#define crypto_hashblocks_sha512_BLOCKBYTES 128U + +int crypto_hashblocks_sha512(unsigned char *, const unsigned char *, + unsigned long long); + +#define crypto_hash_sha512_BYTES 64U + +int crypto_hash_sha512(unsigned char *, const unsigned char *, + unsigned long long); + +int crypto_verify_32(const unsigned char *, const unsigned char *); + +#define crypto_sign_ed25519_SECRETKEYBYTES 64U +#define crypto_sign_ed25519_PUBLICKEYBYTES 32U +#define crypto_sign_ed25519_BYTES 64U + +int crypto_sign_ed25519(unsigned char *, unsigned long long *, + const unsigned char *, unsigned long long, const unsigned char *); +int crypto_sign_ed25519_open(unsigned char *, unsigned long long *, + const unsigned char *, unsigned long long, const unsigned char *); +int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *); + +#endif /* crypto_api_h */ diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h index 53f83a142c..3ac8be9875 100644 --- a/crypto/openssh/defines.h +++ b/crypto/openssh/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.169 2012/02/15 04:13:06 tim Exp $ */ +/* $Id: defines.h,v 1.183 2014/09/02 19:33:26 djm Exp $ */ /* Constants */ @@ -171,11 +171,6 @@ enum # define MAP_FAILED ((void *)-1) #endif -/* *-*-nto-qnx doesn't define this constant in the system headers */ -#ifdef MISSING_NFDBITS -# define NFDBITS (8 * sizeof(unsigned long)) -#endif - /* SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but including rpc/rpc.h breaks Solaris 6 @@ -227,11 +222,7 @@ typedef uint16_t u_int16_t; typedef uint32_t u_int32_t; # define HAVE_U_INTXX_T 1 # else -# if (SIZEOF_CHAR == 1) typedef unsigned char u_int8_t; -# else -# error "8 bit int type not found." -# endif # if (SIZEOF_SHORT_INT == 2) typedef unsigned short int u_int16_t; # else @@ -278,11 +269,30 @@ typedef unsigned long long int u_int64_t; # endif #endif +#ifndef HAVE_UINTXX_T +typedef u_int8_t uint8_t; +typedef u_int16_t uint16_t; +typedef u_int32_t uint32_t; +typedef u_int64_t uint64_t; +#endif + +#ifndef HAVE_INTMAX_T +typedef long long intmax_t; +#endif + +#ifndef HAVE_UINTMAX_T +typedef unsigned long long uintmax_t; +#endif + #ifndef HAVE_U_CHAR typedef unsigned char u_char; # define HAVE_U_CHAR #endif /* HAVE_U_CHAR */ +#ifndef ULLONG_MAX +# define ULLONG_MAX ((unsigned long long)-1) +#endif + #ifndef SIZE_T_MAX #define SIZE_T_MAX ULONG_MAX #endif /* SIZE_T_MAX */ @@ -355,11 +365,19 @@ struct winsize { }; #endif -/* *-*-nto-qnx does not define this type in the system headers */ -#ifdef MISSING_FD_MASK +/* bits needed for select that may not be in the system headers */ +#ifndef HAVE_FD_MASK typedef unsigned long int fd_mask; #endif +#if defined(HAVE_DECL_NFDBITS) && HAVE_DECL_NFDBITS == 0 +# define NFDBITS (8 * sizeof(unsigned long)) +#endif + +#if defined(HAVE_DECL_HOWMANY) && HAVE_DECL_HOWMANY == 0 +# define howmany(x,y) (((x)+((y)-1))/(y)) +#endif + /* Paths */ #ifndef _PATH_BSHELL @@ -387,7 +405,7 @@ struct winsize { /* user may have set a different path */ #if defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) -# undef _PATH_MAILDIR MAILDIR +# undef _PATH_MAILDIR #endif /* defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) */ #ifdef MAIL_DIRECTORY @@ -484,11 +502,6 @@ struct winsize { # define __nonnull__(x) #endif -/* *-*-nto-qnx doesn't define this macro in the system headers */ -#ifdef MISSING_HOWMANY -# define howmany(x,y) (((x)+((y)-1))/(y)) -#endif - #ifndef OSSH_ALIGNBYTES #define OSSH_ALIGNBYTES (sizeof(int) - 1) #endif @@ -590,10 +603,6 @@ struct winsize { # define memmove(s1, s2, n) bcopy((s2), (s1), (n)) #endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */ -#if defined(HAVE_VHANGUP) && !defined(HAVE_DEV_PTMX) -# define USE_VHANGUP -#endif /* defined(HAVE_VHANGUP) && !defined(HAVE_DEV_PTMX) */ - #ifndef GETPGRP_VOID # include # define getpgrp() getpgrp(0) @@ -804,4 +813,32 @@ struct winsize { # endif #endif +/* + * Platforms that have arc4random_uniform() and not arc4random_stir() + * shouldn't need the latter. + */ +#if defined(HAVE_ARC4RANDOM) && defined(HAVE_ARC4RANDOM_UNIFORM) && \ + !defined(HAVE_ARC4RANDOM_STIR) +# define arc4random_stir() +#endif + +#ifndef HAVE_VA_COPY +# ifdef HAVE___VA_COPY +# define va_copy(dest, src) __va_copy(dest, src) +# else +# define va_copy(dest, src) (dest) = (src) +# endif +#endif + +#ifndef __predict_true +# if defined(__GNUC__) && \ + ((__GNUC__ > (2)) || (__GNUC__ == (2) && __GNUC_MINOR__ >= (96))) +# define __predict_true(exp) __builtin_expect(((exp) != 0), 1) +# define __predict_false(exp) __builtin_expect(((exp) != 0), 0) +# else +# define __predict_true(exp) ((exp) != 0) +# define __predict_false(exp) ((exp) != 0) +# endif /* gcc version */ +#endif /* __predict_true */ + #endif /* _DEFINES_H */ diff --git a/crypto/openssh/dh.c b/crypto/openssh/dh.c index d943ca1e1b..3331cda6c7 100644 --- a/crypto/openssh/dh.c +++ b/crypto/openssh/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.49 2011/12/07 05:44:38 djm Exp $ */ +/* $OpenBSD: dh.c,v 1.53 2013/11/21 00:45:44 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -48,6 +48,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) const char *errstr = NULL; long long n; + dhg->p = dhg->g = NULL; cp = line; if ((arg = strdelim(&cp)) == NULL) return 0; @@ -59,66 +60,85 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) /* time */ if (cp == NULL || *arg == '\0') - goto fail; + goto truncated; arg = strsep(&cp, " "); /* type */ if (cp == NULL || *arg == '\0') - goto fail; + goto truncated; /* Ensure this is a safe prime */ n = strtonum(arg, 0, 5, &errstr); - if (errstr != NULL || n != MODULI_TYPE_SAFE) + if (errstr != NULL || n != MODULI_TYPE_SAFE) { + error("moduli:%d: type is not %d", linenum, MODULI_TYPE_SAFE); goto fail; + } arg = strsep(&cp, " "); /* tests */ if (cp == NULL || *arg == '\0') - goto fail; + goto truncated; /* Ensure prime has been tested and is not composite */ n = strtonum(arg, 0, 0x1f, &errstr); if (errstr != NULL || - (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) + (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) { + error("moduli:%d: invalid moduli tests flag", linenum); goto fail; + } arg = strsep(&cp, " "); /* tries */ if (cp == NULL || *arg == '\0') - goto fail; + goto truncated; n = strtonum(arg, 0, 1<<30, &errstr); - if (errstr != NULL || n == 0) + if (errstr != NULL || n == 0) { + error("moduli:%d: invalid primality trial count", linenum); goto fail; + } strsize = strsep(&cp, " "); /* size */ if (cp == NULL || *strsize == '\0' || (dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || - errstr) + errstr) { + error("moduli:%d: invalid prime length", linenum); goto fail; + } /* The whole group is one bit larger */ dhg->size++; gen = strsep(&cp, " "); /* gen */ if (cp == NULL || *gen == '\0') - goto fail; + goto truncated; prime = strsep(&cp, " "); /* prime */ - if (cp != NULL || *prime == '\0') + if (cp != NULL || *prime == '\0') { + truncated: + error("moduli:%d: truncated", linenum); goto fail; + } if ((dhg->g = BN_new()) == NULL) fatal("parse_prime: BN_new failed"); if ((dhg->p = BN_new()) == NULL) fatal("parse_prime: BN_new failed"); - if (BN_hex2bn(&dhg->g, gen) == 0) - goto failclean; - - if (BN_hex2bn(&dhg->p, prime) == 0) - goto failclean; - - if (BN_num_bits(dhg->p) != dhg->size) - goto failclean; - - if (BN_is_zero(dhg->g) || BN_is_one(dhg->g)) - goto failclean; + if (BN_hex2bn(&dhg->g, gen) == 0) { + error("moduli:%d: could not parse generator value", linenum); + goto fail; + } + if (BN_hex2bn(&dhg->p, prime) == 0) { + error("moduli:%d: could not parse prime value", linenum); + goto fail; + } + if (BN_num_bits(dhg->p) != dhg->size) { + error("moduli:%d: prime has wrong size: actual %d listed %d", + linenum, BN_num_bits(dhg->p), dhg->size - 1); + goto fail; + } + if (BN_cmp(dhg->g, BN_value_one()) <= 0) { + error("moduli:%d: generator is invalid", linenum); + goto fail; + } - return (1); + return 1; - failclean: - BN_clear_free(dhg->g); - BN_clear_free(dhg->p); fail: + if (dhg->g != NULL) + BN_clear_free(dhg->g); + if (dhg->p != NULL) + BN_clear_free(dhg->p); + dhg->g = dhg->p = NULL; error("Bad prime description in line %d", linenum); - return (0); + return 0; } DH * @@ -234,33 +254,19 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) void dh_gen_key(DH *dh, int need) { - int i, bits_set, tries = 0; + int pbits; - if (need < 0) - fatal("dh_gen_key: need < 0"); + if (need <= 0) + fatal("%s: need <= 0", __func__); if (dh->p == NULL) - fatal("dh_gen_key: dh->p == NULL"); - if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p)) - fatal("dh_gen_key: group too small: %d (2*need %d)", - BN_num_bits(dh->p), 2*need); - do { - if (dh->priv_key != NULL) - BN_clear_free(dh->priv_key); - if ((dh->priv_key = BN_new()) == NULL) - fatal("dh_gen_key: BN_new failed"); - /* generate a 2*need bits random private exponent */ - if (!BN_rand(dh->priv_key, 2*need, 0, 0)) - fatal("dh_gen_key: BN_rand failed"); - if (DH_generate_key(dh) == 0) - fatal("DH_generate_key"); - for (i = 0, bits_set = 0; i <= BN_num_bits(dh->priv_key); i++) - if (BN_is_bit_set(dh->priv_key, i)) - bits_set++; - debug2("dh_gen_key: priv key bits set: %d/%d", - bits_set, BN_num_bits(dh->priv_key)); - if (tries++ > 10) - fatal("dh_gen_key: too many bad keys: giving up"); - } while (!dh_pub_is_valid(dh, dh->pub_key)); + fatal("%s: dh->p == NULL", __func__); + if ((pbits = BN_num_bits(dh->p)) <= 0) + fatal("%s: bits(p) <= 0", __func__); + dh->length = MIN(need * 2, pbits - 1); + if (DH_generate_key(dh) == 0) + fatal("%s: key generation failed", __func__); + if (!dh_pub_is_valid(dh, dh->pub_key)) + fatal("%s: generated invalid key", __func__); } DH * @@ -332,17 +338,20 @@ dh_new_group14(void) /* * Estimates the group order for a Diffie-Hellman group that has an - * attack complexity approximately the same as O(2**bits). Estimate - * with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3))) + * attack complexity approximately the same as O(2**bits). + * Values from NIST Special Publication 800-57: Recommendation for Key + * Management Part 1 (rev 3) limited by the recommended maximum value + * from RFC4419 section 3. */ int dh_estimate(int bits) { - + if (bits <= 112) + return 2048; if (bits <= 128) - return (1024); /* O(2**86) */ + return 3072; if (bits <= 192) - return (2048); /* O(2**116) */ - return (4096); /* O(2**156) */ + return 7680; + return 8192; } diff --git a/crypto/openssh/dh.h b/crypto/openssh/dh.h index dfc1480eac..48f7b68eaf 100644 --- a/crypto/openssh/dh.h +++ b/crypto/openssh/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */ +/* $OpenBSD: dh.h,v 1.11 2013/10/08 11:42:13 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -43,6 +43,7 @@ int dh_pub_is_valid(DH *, BIGNUM *); int dh_estimate(int); +/* Min and max values from RFC4419. */ #define DH_GRP_MIN 1024 #define DH_GRP_MAX 8192 diff --git a/crypto/openssh/digest-libc.c b/crypto/openssh/digest-libc.c new file mode 100644 index 0000000000..1b4423a05c --- /dev/null +++ b/crypto/openssh/digest-libc.c @@ -0,0 +1,239 @@ +/* $OpenBSD: digest-libc.c,v 1.3 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2013 Damien Miller + * Copyright (c) 2014 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "ssherr.h" +#include "sshbuf.h" +#include "digest.h" + +typedef void md_init_fn(void *mdctx); +typedef void md_update_fn(void *mdctx, const u_int8_t *m, size_t mlen); +typedef void md_final_fn(u_int8_t[], void *mdctx); + +struct ssh_digest_ctx { + int alg; + void *mdctx; +}; + +struct ssh_digest { + int id; + const char *name; + size_t block_len; + size_t digest_len; + size_t ctx_len; + md_init_fn *md_init; + md_update_fn *md_update; + md_final_fn *md_final; +}; + +/* NB. Indexed directly by algorithm number */ +const struct ssh_digest digests[SSH_DIGEST_MAX] = { + { + SSH_DIGEST_MD5, + "MD5", + MD5_BLOCK_LENGTH, + MD5_DIGEST_LENGTH, + sizeof(MD5_CTX), + (md_init_fn *) MD5Init, + (md_update_fn *) MD5Update, + (md_final_fn *) MD5Final + }, + { + SSH_DIGEST_RIPEMD160, + "RIPEMD160", + RMD160_BLOCK_LENGTH, + RMD160_DIGEST_LENGTH, + sizeof(RMD160_CTX), + (md_init_fn *) RMD160Init, + (md_update_fn *) RMD160Update, + (md_final_fn *) RMD160Final + }, + { + SSH_DIGEST_SHA1, + "SHA1", + SHA1_BLOCK_LENGTH, + SHA1_DIGEST_LENGTH, + sizeof(SHA1_CTX), + (md_init_fn *) SHA1Init, + (md_update_fn *) SHA1Update, + (md_final_fn *) SHA1Final + }, + { + SSH_DIGEST_SHA256, + "SHA256", + SHA256_BLOCK_LENGTH, + SHA256_DIGEST_LENGTH, + sizeof(SHA2_CTX), + (md_init_fn *) SHA256Init, + (md_update_fn *) SHA256Update, + (md_final_fn *) SHA256Final + }, + { + SSH_DIGEST_SHA384, + "SHA384", + SHA384_BLOCK_LENGTH, + SHA384_DIGEST_LENGTH, + sizeof(SHA2_CTX), + (md_init_fn *) SHA384Init, + (md_update_fn *) SHA384Update, + (md_final_fn *) SHA384Final + }, + { + SSH_DIGEST_SHA512, + "SHA512", + SHA512_BLOCK_LENGTH, + SHA512_DIGEST_LENGTH, + sizeof(SHA2_CTX), + (md_init_fn *) SHA512Init, + (md_update_fn *) SHA512Update, + (md_final_fn *) SHA512Final + } +}; + +static const struct ssh_digest * +ssh_digest_by_alg(int alg) +{ + if (alg < 0 || alg >= SSH_DIGEST_MAX) + return NULL; + if (digests[alg].id != alg) /* sanity */ + return NULL; + return &(digests[alg]); +} + +size_t +ssh_digest_bytes(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + + return digest == NULL ? 0 : digest->digest_len; +} + +size_t +ssh_digest_blocksize(struct ssh_digest_ctx *ctx) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); + + return digest == NULL ? 0 : digest->block_len; +} + +struct ssh_digest_ctx * +ssh_digest_start(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + struct ssh_digest_ctx *ret; + + if (digest == NULL || (ret = calloc(1, sizeof(ret))) == NULL) + return NULL; + if ((ret->mdctx = calloc(1, digest->ctx_len)) == NULL) { + free(ret); + return NULL; + } + ret->alg = alg; + digest->md_init(ret->mdctx); + return ret; +} + +int +ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(from->alg); + + if (digest == NULL || from->alg != to->alg) + return SSH_ERR_INVALID_ARGUMENT; + memcpy(to->mdctx, from->mdctx, digest->ctx_len); + return 0; +} + +int +ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); + + if (digest == NULL) + return SSH_ERR_INVALID_ARGUMENT; + digest->md_update(ctx->mdctx, m, mlen); + return 0; +} + +int +ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b) +{ + return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b)); +} + +int +ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); + + if (digest == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen > UINT_MAX) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen < digest->digest_len) /* No truncation allowed */ + return SSH_ERR_INVALID_ARGUMENT; + digest->md_final(d, ctx->mdctx); + return 0; +} + +void +ssh_digest_free(struct ssh_digest_ctx *ctx) +{ + const struct ssh_digest *digest; + + if (ctx != NULL) { + digest = ssh_digest_by_alg(ctx->alg); + if (digest) { + explicit_bzero(ctx->mdctx, digest->ctx_len); + free(ctx->mdctx); + explicit_bzero(ctx, sizeof(*ctx)); + free(ctx); + } + } +} + +int +ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) +{ + struct ssh_digest_ctx *ctx = ssh_digest_start(alg); + + if (ctx == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (ssh_digest_update(ctx, m, mlen) != 0 || + ssh_digest_final(ctx, d, dlen) != 0) + return SSH_ERR_INVALID_ARGUMENT; + ssh_digest_free(ctx); + return 0; +} + +int +ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) +{ + return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); +} diff --git a/crypto/openssh/digest-openssl.c b/crypto/openssh/digest-openssl.c new file mode 100644 index 0000000000..02b1703412 --- /dev/null +++ b/crypto/openssh/digest-openssl.c @@ -0,0 +1,182 @@ +/* $OpenBSD: digest-openssl.c,v 1.4 2014/07/03 03:26:43 djm Exp $ */ +/* + * Copyright (c) 2013 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include +#include +#include + +#include + +#include "openbsd-compat/openssl-compat.h" + +#include "sshbuf.h" +#include "digest.h" +#include "ssherr.h" + +#ifndef HAVE_EVP_RIPEMD160 +# define EVP_ripemd160 NULL +#endif /* HAVE_EVP_RIPEMD160 */ +#ifndef HAVE_EVP_SHA256 +# define EVP_sha256 NULL +# define EVP_sha384 NULL +# define EVP_sha512 NULL +#endif /* HAVE_EVP_SHA256 */ + +struct ssh_digest_ctx { + int alg; + EVP_MD_CTX mdctx; +}; + +struct ssh_digest { + int id; + const char *name; + size_t digest_len; + const EVP_MD *(*mdfunc)(void); +}; + +/* NB. Indexed directly by algorithm number */ +const struct ssh_digest digests[] = { + { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, + { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, + { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, + { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, + { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 }, + { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, + { -1, NULL, 0, NULL }, +}; + +static const struct ssh_digest * +ssh_digest_by_alg(int alg) +{ + if (alg < 0 || alg >= SSH_DIGEST_MAX) + return NULL; + if (digests[alg].id != alg) /* sanity */ + return NULL; + if (digests[alg].mdfunc == NULL) + return NULL; + return &(digests[alg]); +} + +size_t +ssh_digest_bytes(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + + return digest == NULL ? 0 : digest->digest_len; +} + +size_t +ssh_digest_blocksize(struct ssh_digest_ctx *ctx) +{ + return EVP_MD_CTX_block_size(&ctx->mdctx); +} + +struct ssh_digest_ctx * +ssh_digest_start(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + struct ssh_digest_ctx *ret; + + if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) + return NULL; + ret->alg = alg; + EVP_MD_CTX_init(&ret->mdctx); + if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) { + free(ret); + return NULL; + } + return ret; +} + +int +ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) +{ + if (from->alg != to->alg) + return SSH_ERR_INVALID_ARGUMENT; + /* we have bcopy-style order while openssl has memcpy-style */ + if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) + return SSH_ERR_LIBCRYPTO_ERROR; + return 0; +} + +int +ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) +{ + if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) + return SSH_ERR_LIBCRYPTO_ERROR; + return 0; +} + +int +ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b) +{ + return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b)); +} + +int +ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); + u_int l = dlen; + + if (dlen > UINT_MAX) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen < digest->digest_len) /* No truncation allowed */ + return SSH_ERR_INVALID_ARGUMENT; + if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) + return SSH_ERR_LIBCRYPTO_ERROR; + if (l != digest->digest_len) /* sanity */ + return SSH_ERR_INTERNAL_ERROR; + return 0; +} + +void +ssh_digest_free(struct ssh_digest_ctx *ctx) +{ + if (ctx != NULL) { + EVP_MD_CTX_cleanup(&ctx->mdctx); + explicit_bzero(ctx, sizeof(*ctx)); + free(ctx); + } +} + +int +ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + u_int mdlen; + + if (digest == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen > UINT_MAX) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen < digest->digest_len) + return SSH_ERR_INVALID_ARGUMENT; + mdlen = dlen; + if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL)) + return SSH_ERR_LIBCRYPTO_ERROR; + return 0; +} + +int +ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) +{ + return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); +} diff --git a/crypto/openssh/digest.h b/crypto/openssh/digest.h new file mode 100644 index 0000000000..6afb197f0a --- /dev/null +++ b/crypto/openssh/digest.h @@ -0,0 +1,65 @@ +/* $OpenBSD: digest.h,v 1.6 2014/07/03 04:36:45 djm Exp $ */ +/* + * Copyright (c) 2013 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _DIGEST_H +#define _DIGEST_H + +/* Maximum digest output length */ +#define SSH_DIGEST_MAX_LENGTH 64 + +/* Digest algorithms */ +#define SSH_DIGEST_MD5 0 +#define SSH_DIGEST_RIPEMD160 1 +#define SSH_DIGEST_SHA1 2 +#define SSH_DIGEST_SHA256 3 +#define SSH_DIGEST_SHA384 4 +#define SSH_DIGEST_SHA512 5 +#define SSH_DIGEST_MAX 6 + +struct sshbuf; +struct ssh_digest_ctx; + +/* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */ +size_t ssh_digest_bytes(int alg); + +/* Returns the block size of the digest, e.g. for implementing HMAC */ +size_t ssh_digest_blocksize(struct ssh_digest_ctx *ctx); + +/* Copies internal state of digest of 'from' to 'to' */ +int ssh_digest_copy_state(struct ssh_digest_ctx *from, + struct ssh_digest_ctx *to); + +/* One-shot API */ +int ssh_digest_memory(int alg, const void *m, size_t mlen, + u_char *d, size_t dlen) + __attribute__((__bounded__(__buffer__, 2, 3))) + __attribute__((__bounded__(__buffer__, 4, 5))); +int ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) + __attribute__((__bounded__(__buffer__, 3, 4))); + +/* Update API */ +struct ssh_digest_ctx *ssh_digest_start(int alg); +int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) + __attribute__((__bounded__(__buffer__, 2, 3))); +int ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, + const struct sshbuf *b); +int ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) + __attribute__((__bounded__(__buffer__, 2, 3))); +void ssh_digest_free(struct ssh_digest_ctx *ctx); + +#endif /* _DIGEST_H */ + diff --git a/crypto/openssh/dns.c b/crypto/openssh/dns.c index 9e3084ba5b..c4d073cf50 100644 --- a/crypto/openssh/dns.c +++ b/crypto/openssh/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.31 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -34,6 +34,8 @@ #include #include #include +#include +#include #include "xmalloc.h" #include "key.h" @@ -96,6 +98,11 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, if (!*digest_type) *digest_type = SSHFP_HASH_SHA256; break; + case KEY_ED25519: + *algorithm = SSHFP_KEY_ED25519; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA256; + break; default: *algorithm = SSHFP_KEY_RESERVED; /* 0 */ *digest_type = SSHFP_HASH_RESERVED; /* 0 */ @@ -261,7 +268,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (hostkey_digest_type != dnskey_digest_type) { hostkey_digest_type = dnskey_digest_type; - xfree(hostkey_digest); + free(hostkey_digest); /* Initialize host key parameters */ if (!dns_read_key(&hostkey_algorithm, @@ -281,10 +288,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, hostkey_digest_len) == 0) *flags |= DNS_VERIFY_MATCH; } - xfree(dnskey_digest); + free(dnskey_digest); } - xfree(hostkey_digest); /* from key_fingerprint_raw() */ + free(hostkey_digest); /* from key_fingerprint_raw() */ freerrset(fingerprints); if (*flags & DNS_VERIFY_FOUND) @@ -327,7 +334,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) for (i = 0; i < rdata_digest_len; i++) fprintf(f, "%02x", rdata_digest[i]); fprintf(f, "\n"); - xfree(rdata_digest); /* from key_fingerprint_raw() */ + free(rdata_digest); /* from key_fingerprint_raw() */ success = 1; } } diff --git a/crypto/openssh/dns.h b/crypto/openssh/dns.h index d5f4281778..b9feae6bef 100644 --- a/crypto/openssh/dns.h +++ b/crypto/openssh/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.12 2012/05/23 03:28:28 djm Exp $ */ +/* $OpenBSD: dns.h,v 1.13 2014/04/20 09:24:26 logan Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -32,7 +32,8 @@ enum sshfp_types { SSHFP_KEY_RESERVED = 0, SSHFP_KEY_RSA = 1, SSHFP_KEY_DSA = 2, - SSHFP_KEY_ECDSA = 3 + SSHFP_KEY_ECDSA = 3, + SSHFP_KEY_ED25519 = 4 }; enum sshfp_hashes { diff --git a/crypto/openssh/ed25519.c b/crypto/openssh/ed25519.c new file mode 100644 index 0000000000..767ec24d6d --- /dev/null +++ b/crypto/openssh/ed25519.c @@ -0,0 +1,144 @@ +/* $OpenBSD: ed25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c + */ + +#include "includes.h" +#include "crypto_api.h" + +#include "ge25519.h" + +static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen) +{ + unsigned long long i; + + for (i = 0;i < 32;++i) playground[i] = sm[i]; + for (i = 32;i < 64;++i) playground[i] = pk[i-32]; + for (i = 64;i < smlen;++i) playground[i] = sm[i]; + + crypto_hash_sha512(hram,playground,smlen); +} + + +int crypto_sign_ed25519_keypair( + unsigned char *pk, + unsigned char *sk + ) +{ + sc25519 scsk; + ge25519 gepk; + unsigned char extsk[64]; + int i; + + randombytes(sk, 32); + crypto_hash_sha512(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; + + sc25519_from32bytes(&scsk,extsk); + + ge25519_scalarmult_base(&gepk, &scsk); + ge25519_pack(pk, &gepk); + for(i=0;i<32;i++) + sk[32 + i] = pk[i]; + return 0; +} + +int crypto_sign_ed25519( + unsigned char *sm,unsigned long long *smlen, + const unsigned char *m,unsigned long long mlen, + const unsigned char *sk + ) +{ + sc25519 sck, scs, scsk; + ge25519 ger; + unsigned char r[32]; + unsigned char s[32]; + unsigned char extsk[64]; + unsigned long long i; + unsigned char hmg[crypto_hash_sha512_BYTES]; + unsigned char hram[crypto_hash_sha512_BYTES]; + + crypto_hash_sha512(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; + + *smlen = mlen+64; + for(i=0;i #include +#include "openbsd-compat/openssl-compat.h" + #include "ssh.h" #include "misc.h" #include "xmalloc.h" @@ -209,16 +211,7 @@ seed_rng(void) #ifndef OPENSSL_PRNG_ONLY unsigned char buf[RANDOM_SEED_SIZE]; #endif - /* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) for <1.0.0. - * After that, we acceptable compatible fix versions (so we - * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed - * within a patch series. - */ - u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; - if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || - (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) + if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay())) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); diff --git a/crypto/openssh/fe25519.c b/crypto/openssh/fe25519.c new file mode 100644 index 0000000000..e54fd15473 --- /dev/null +++ b/crypto/openssh/fe25519.c @@ -0,0 +1,337 @@ +/* $OpenBSD: fe25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c + */ + +#include "includes.h" + +#define WINDOWSIZE 1 /* Should be 1,2, or 4 */ +#define WINDOWMASK ((1<>= 31; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ + x >>= 31; /* 0: yes; 1: no */ + x ^= 1; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 times19(crypto_uint32 a) +{ + return (a << 4) + (a << 1) + a; +} + +static crypto_uint32 times38(crypto_uint32 a) +{ + return (a << 5) + (a << 2) + (a << 1); +} + +static void reduce_add_sub(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<4;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +static void reduce_mul(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<2;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +/* reduction modulo 2^255-19 */ +void fe25519_freeze(fe25519 *r) +{ + int i; + crypto_uint32 m = equal(r->v[31],127); + for(i=30;i>0;i--) + m &= equal(r->v[i],255); + m &= ge(r->v[0],237); + + m = -m; + + r->v[31] -= m&127; + for(i=30;i>0;i--) + r->v[i] -= m&255; + r->v[0] -= m&237; +} + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x[i]; + r->v[31] &= 127; +} + +/* Assumes input x being reduced below 2^255 */ +void fe25519_pack(unsigned char r[32], const fe25519 *x) +{ + int i; + fe25519 y = *x; + fe25519_freeze(&y); + for(i=0;i<32;i++) + r[i] = y.v[i]; +} + +int fe25519_iszero(const fe25519 *x) +{ + int i; + int r; + fe25519 t = *x; + fe25519_freeze(&t); + r = equal(t.v[0],0); + for(i=1;i<32;i++) + r &= equal(t.v[i],0); + return r; +} + +int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y) +{ + int i; + fe25519 t1 = *x; + fe25519 t2 = *y; + fe25519_freeze(&t1); + fe25519_freeze(&t2); + for(i=0;i<32;i++) + if(t1.v[i] != t2.v[i]) return 0; + return 1; +} + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) +{ + int i; + crypto_uint32 mask = b; + mask = -mask; + for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]); +} + +unsigned char fe25519_getparity(const fe25519 *x) +{ + fe25519 t = *x; + fe25519_freeze(&t); + return t.v[0] & 1; +} + +void fe25519_setone(fe25519 *r) +{ + int i; + r->v[0] = 1; + for(i=1;i<32;i++) r->v[i]=0; +} + +void fe25519_setzero(fe25519 *r) +{ + int i; + for(i=0;i<32;i++) r->v[i]=0; +} + +void fe25519_neg(fe25519 *r, const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i]=x->v[i]; + fe25519_setzero(r); + fe25519_sub(r, r, &t); +} + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + reduce_add_sub(r); +} + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + crypto_uint32 t[32]; + t[0] = x->v[0] + 0x1da; + t[31] = x->v[31] + 0xfe; + for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; + for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; + reduce_add_sub(r); +} + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i,j; + crypto_uint32 t[63]; + for(i=0;i<63;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + for(i=32;i<63;i++) + r->v[i-32] = t[i-32] + times38(t[i]); + r->v[31] = t[31]; /* result now in r[0]...r[31] */ + + reduce_mul(r); +} + +void fe25519_square(fe25519 *r, const fe25519 *x) +{ + fe25519_mul(r, x, x); +} + +void fe25519_invert(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t0; + fe25519 t1; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t1,&z2); + /* 8 */ fe25519_square(&t0,&t1); + /* 9 */ fe25519_mul(&z9,&t0,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t0,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); + /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); + /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); + /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); + /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); + /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); + /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); + /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); + /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); + /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); + /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); + /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); +} + +void fe25519_pow2523(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t,&z2); + /* 8 */ fe25519_square(&t,&t); + /* 9 */ fe25519_mul(&z9,&t,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0); + /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); } + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0); + /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0); + /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); } + /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t,&t); + /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0); + /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0); + /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); } + /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t,&t); + /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t,&t); + /* 2^252 - 2^2 */ fe25519_square(&t,&t); + /* 2^252 - 3 */ fe25519_mul(r,&t,x); +} diff --git a/crypto/openssh/fe25519.h b/crypto/openssh/fe25519.h new file mode 100644 index 0000000000..41b3cbb49d --- /dev/null +++ b/crypto/openssh/fe25519.h @@ -0,0 +1,70 @@ +/* $OpenBSD: fe25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.h + */ + +#ifndef FE25519_H +#define FE25519_H + +#include "crypto_api.h" + +#define fe25519 crypto_sign_ed25519_ref_fe25519 +#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze +#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack +#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack +#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero +#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime +#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov +#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone +#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero +#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg +#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity +#define fe25519_add crypto_sign_ed25519_ref_fe25519_add +#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub +#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul +#define fe25519_square crypto_sign_ed25519_ref_fe25519_square +#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert +#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 + +typedef struct +{ + crypto_uint32 v[32]; +} +fe25519; + +void fe25519_freeze(fe25519 *r); + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]); + +void fe25519_pack(unsigned char r[32], const fe25519 *x); + +int fe25519_iszero(const fe25519 *x); + +int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); + +void fe25519_setone(fe25519 *r); + +void fe25519_setzero(fe25519 *r); + +void fe25519_neg(fe25519 *r, const fe25519 *x); + +unsigned char fe25519_getparity(const fe25519 *x); + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_square(fe25519 *r, const fe25519 *x); + +void fe25519_invert(fe25519 *r, const fe25519 *x); + +void fe25519_pow2523(fe25519 *r, const fe25519 *x); + +#endif diff --git a/crypto/openssh/ge25519.c b/crypto/openssh/ge25519.c new file mode 100644 index 0000000000..dfe3849b93 --- /dev/null +++ b/crypto/openssh/ge25519.c @@ -0,0 +1,321 @@ +/* $OpenBSD: ge25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c + */ + +#include "includes.h" + +#include "fe25519.h" +#include "sc25519.h" +#include "ge25519.h" + +/* + * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 + * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 + * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); + */ + +/* d */ +static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, + 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}}; +/* 2*d */ +static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, + 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}}; +/* sqrt(-1) */ +static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, + 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}}; + +#define ge25519_p3 ge25519 + +typedef struct +{ + fe25519 x; + fe25519 z; + fe25519 y; + fe25519 t; +} ge25519_p1p1; + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; +} ge25519_p2; + +typedef struct +{ + fe25519 x; + fe25519 y; +} ge25519_aff; + + +/* Packed coordinates of the base point */ +const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, + 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}}, + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, + 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}}; + +/* Multiples of the base point in affine representation */ +static const ge25519_aff ge25519_base_multiples_affine[425] = { +#include "ge25519_base.data" +}; + +static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) +{ + fe25519_mul(&r->x, &p->x, &p->t); + fe25519_mul(&r->y, &p->y, &p->z); + fe25519_mul(&r->z, &p->z, &p->t); +} + +static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) +{ + p1p1_to_p2((ge25519_p2 *)r, p); + fe25519_mul(&r->t, &p->x, &p->y); +} + +static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q) +{ + fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; + fe25519_mul(&qt, &q->x, &q->y); + fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_sub(&t1, &q->y, &q->x); + fe25519_add(&t2, &q->y, &q->x); + fe25519_mul(&a, &a, &t1); + fe25519_mul(&b, &b, &t2); + fe25519_sub(&e, &b, &a); /* E = B-A */ + fe25519_add(&h, &b, &a); /* H = B+A */ + fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ + fe25519_sub(&f, &d, &c); /* F = D-C */ + fe25519_add(&g, &d, &c); /* G = D+C */ + fe25519_mul(&r->x, &e, &f); + fe25519_mul(&r->y, &h, &g); + fe25519_mul(&r->z, &g, &f); + fe25519_mul(&r->t, &e, &h); +} + +static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + fe25519 a, b, c, d, t; + + fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_sub(&t, &q->y, &q->x); + fe25519_mul(&a, &a, &t); + fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_add(&t, &q->x, &q->y); + fe25519_mul(&b, &b, &t); + fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ + fe25519_add(&d, &d, &d); + fe25519_sub(&r->x, &b, &a); /* E = B-A */ + fe25519_sub(&r->t, &d, &c); /* F = D-C */ + fe25519_add(&r->z, &d, &c); /* G = D+C */ + fe25519_add(&r->y, &b, &a); /* H = B+A */ +} + +/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ +static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) +{ + fe25519 a,b,c,d; + fe25519_square(&a, &p->x); + fe25519_square(&b, &p->y); + fe25519_square(&c, &p->z); + fe25519_add(&c, &c, &c); + fe25519_neg(&d, &a); + + fe25519_add(&r->x, &p->x, &p->y); + fe25519_square(&r->x, &r->x); + fe25519_sub(&r->x, &r->x, &a); + fe25519_sub(&r->x, &r->x, &b); + fe25519_add(&r->z, &d, &b); + fe25519_sub(&r->t, &r->z, &c); + fe25519_sub(&r->y, &d, &b); +} + +/* Constant-time version of: if(b) r = p */ +static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b) +{ + fe25519_cmov(&r->x, &p->x, b); + fe25519_cmov(&r->y, &p->y, b); +} + +static unsigned char equal(signed char b,signed char c) +{ + unsigned char ub = b; + unsigned char uc = c; + unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ + crypto_uint32 y = x; /* 0: yes; 1..255: no */ + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ + return y; +} + +static unsigned char negative(signed char b) +{ + unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ + x >>= 63; /* 1: yes; 0: no */ + return x; +} + +static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b) +{ + /* constant time */ + fe25519 v; + *t = ge25519_base_multiples_affine[5*pos+0]; + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); + fe25519_neg(&v, &t->x); + fe25519_cmov(&t->x, &v, negative(b)); +} + +static void setneutral(ge25519 *r) +{ + fe25519_setzero(&r->x); + fe25519_setone(&r->y); + fe25519_setone(&r->z); + fe25519_setzero(&r->t); +} + +/* ******************************************************************** + * EXPORTED FUNCTIONS + ******************************************************************** */ + +/* return 0 on success, -1 otherwise */ +int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32]) +{ + unsigned char par; + fe25519 t, chk, num, den, den2, den4, den6; + fe25519_setone(&r->z); + par = p[31] >> 7; + fe25519_unpack(&r->y, p); + fe25519_square(&num, &r->y); /* x = y^2 */ + fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */ + fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */ + fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */ + + /* Computation of sqrt(num/den) */ + /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ + fe25519_square(&den2, &den); + fe25519_square(&den4, &den2); + fe25519_mul(&den6, &den4, &den2); + fe25519_mul(&t, &den6, &num); + fe25519_mul(&t, &t, &den); + + fe25519_pow2523(&t, &t); + /* 2. computation of r->x = t * num * den^3 */ + fe25519_mul(&t, &t, &num); + fe25519_mul(&t, &t, &den); + fe25519_mul(&t, &t, &den); + fe25519_mul(&r->x, &t, &den); + + /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1); + + /* 4. Now we have one of the two square roots, except if input was not a square */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + return -1; + + /* 5. Choose the desired square root according to parity: */ + if(fe25519_getparity(&r->x) != (1-par)) + fe25519_neg(&r->x, &r->x); + + fe25519_mul(&r->t, &r->x, &r->y); + return 0; +} + +void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) +{ + fe25519 tx, ty, zi; + fe25519_invert(&zi, &p->z); + fe25519_mul(&tx, &p->x, &zi); + fe25519_mul(&ty, &p->y, &zi); + fe25519_pack(r, &ty); + r[31] ^= fe25519_getparity(&tx) << 7; +} + +int ge25519_isneutral_vartime(const ge25519_p3 *p) +{ + int ret = 1; + if(!fe25519_iszero(&p->x)) ret = 0; + if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0; + return ret; +} + +/* computes [s1]p1 + [s2]p2 */ +void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2) +{ + ge25519_p1p1 tp1p1; + ge25519_p3 pre[16]; + unsigned char b[127]; + int i; + + /* precomputation s2 s1 */ + setneutral(pre); /* 00 00 */ + pre[1] = *p1; /* 00 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ + add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ + pre[4] = *p2; /* 01 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ + add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ + add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */ + add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */ + add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */ + add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */ + + sc25519_2interleave2(b,s1,s2); + + /* scalar multiplication */ + *r = pre[b[126]]; + for(i=125;i>=0;i--) + { + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + p1p1_to_p2((ge25519_p2 *) r, &tp1p1); + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + if(b[i]!=0) + { + p1p1_to_p3(r, &tp1p1); + add_p1p1(&tp1p1, r, &pre[b[i]]); + } + if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1); + else p1p1_to_p3(r, &tp1p1); + } +} + +void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) +{ + signed char b[85]; + int i; + ge25519_aff t; + sc25519_window3(b,s); + + choose_t((ge25519_aff *)r, 0, b[0]); + fe25519_setone(&r->z); + fe25519_mul(&r->t, &r->x, &r->y); + for(i=1;i<85;i++) + { + choose_t(&t, (unsigned long long) i, b[i]); + ge25519_mixadd2(r, &t); + } +} diff --git a/crypto/openssh/ge25519.h b/crypto/openssh/ge25519.h new file mode 100644 index 0000000000..64f63c6f8f --- /dev/null +++ b/crypto/openssh/ge25519.h @@ -0,0 +1,43 @@ +/* $OpenBSD: ge25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h + */ + +#ifndef GE25519_H +#define GE25519_H + +#include "fe25519.h" +#include "sc25519.h" + +#define ge25519 crypto_sign_ed25519_ref_ge25519 +#define ge25519_base crypto_sign_ed25519_ref_ge25519_base +#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime +#define ge25519_pack crypto_sign_ed25519_ref_pack +#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime +#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime +#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; + fe25519 t; +} ge25519; + +const ge25519 ge25519_base; + +int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); + +void ge25519_pack(unsigned char r[32], const ge25519 *p); + +int ge25519_isneutral_vartime(const ge25519 *p); + +void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); + +void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); + +#endif diff --git a/crypto/openssh/ge25519_base.data b/crypto/openssh/ge25519_base.data new file mode 100644 index 0000000000..66fb1b61c6 --- /dev/null +++ b/crypto/openssh/ge25519_base.data @@ -0,0 +1,858 @@ +/* $OpenBSD: ge25519_base.data,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519_base.data + */ + +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} , + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}}, +{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} , + {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}}, +{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} , + {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}}, +{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} , + {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} , + {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}}, +{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} , + {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}}, +{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} , + {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}}, +{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} , + {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} , + {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}}, +{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} , + {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}}, +{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} , + {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}}, +{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} , + {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} , + {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}}, +{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} , + {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}}, +{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} , + {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}}, +{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} , + {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} , + {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}}, +{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} , + {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}}, +{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} , + {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}}, +{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} , + {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} , + {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}}, +{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} , + {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}}, +{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} , + {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}}, +{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} , + {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} , + {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}}, +{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} , + {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}}, +{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} , + {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}}, +{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} , + {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} , + {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}}, +{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} , + {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}}, +{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} , + {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}}, +{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} , + {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} , + {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}}, +{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} , + {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}}, +{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} , + {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}}, +{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} , + {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} , + {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}}, +{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} , + {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}}, +{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} , + {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}}, +{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} , + {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} , + {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}}, +{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} , + {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}}, +{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} , + {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}}, +{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} , + {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} , + {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}}, +{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} , + {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}}, +{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} , + {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}}, +{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} , + {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} , + {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}}, +{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} , + {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}}, +{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} , + {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}}, +{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} , + {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} , + {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}}, +{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} , + {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}}, +{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} , + {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}}, +{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} , + {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} , + {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}}, +{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} , + {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}}, +{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} , + {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}}, +{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} , + {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} , + {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}}, +{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} , + {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}}, +{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} , + {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}}, +{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} , + {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} , + {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}}, +{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} , + {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}}, +{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} , + {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}}, +{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} , + {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} , + {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}}, +{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} , + {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}}, +{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} , + {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}}, +{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} , + {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} , + {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}}, +{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} , + {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}}, +{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} , + {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}}, +{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} , + {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} , + {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}}, +{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} , + {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}}, +{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} , + {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}}, +{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} , + {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} , + {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}}, +{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} , + {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}}, +{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} , + {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}}, +{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} , + {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} , + {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}}, +{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} , + {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}}, +{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} , + {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}}, +{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} , + {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} , + {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}}, +{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} , + {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}}, +{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} , + {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}}, +{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} , + {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} , + {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}}, +{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} , + {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}}, +{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} , + {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}}, +{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} , + {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} , + {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}}, +{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} , + {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}}, +{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} , + {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}}, +{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} , + {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} , + {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}}, +{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} , + {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}}, +{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} , + {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}}, +{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} , + {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} , + {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}}, +{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} , + {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}}, +{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} , + {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}}, +{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} , + {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} , + {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}}, +{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} , + {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}}, +{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} , + {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}}, +{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} , + {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} , + {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}}, +{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} , + {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}}, +{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} , + {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}}, +{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} , + {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} , + {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}}, +{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} , + {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}}, +{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} , + {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}}, +{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} , + {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} , + {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}}, +{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} , + {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}}, +{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} , + {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}}, +{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} , + {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} , + {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}}, +{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} , + {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}}, +{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} , + {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}}, +{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} , + {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} , + {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}}, +{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} , + {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}}, +{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} , + {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}}, +{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} , + {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} , + {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}}, +{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} , + {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}}, +{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} , + {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}}, +{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} , + {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} , + {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}}, +{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} , + {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}}, +{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} , + {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}}, +{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} , + {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} , + {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}}, +{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} , + {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}}, +{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} , + {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}}, +{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} , + {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} , + {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}}, +{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} , + {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}}, +{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} , + {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}}, +{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} , + {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} , + {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}}, +{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} , + {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}}, +{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} , + {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}}, +{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} , + {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} , + {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}}, +{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} , + {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}}, +{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} , + {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}}, +{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} , + {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} , + {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}}, +{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} , + {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}}, +{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} , + {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}}, +{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} , + {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} , + {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}}, +{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} , + {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}}, +{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} , + {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}}, +{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} , + {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} , + {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}}, +{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} , + {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}}, +{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} , + {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}}, +{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} , + {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} , + {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}}, +{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} , + {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}}, +{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} , + {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}}, +{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} , + {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} , + {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}}, +{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} , + {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}}, +{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} , + {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}}, +{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} , + {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} , + {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}}, +{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} , + {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}}, +{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} , + {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}}, +{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} , + {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} , + {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}}, +{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} , + {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}}, +{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} , + {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}}, +{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} , + {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} , + {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}}, +{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} , + {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}}, +{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} , + {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}}, +{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} , + {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} , + {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}}, +{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} , + {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}}, +{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} , + {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}}, +{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} , + {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} , + {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}}, +{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} , + {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}}, +{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} , + {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}}, +{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} , + {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} , + {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}}, +{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} , + {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}}, +{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} , + {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}}, +{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} , + {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} , + {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}}, +{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} , + {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}}, +{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} , + {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}}, +{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} , + {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} , + {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}}, +{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} , + {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}}, +{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} , + {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}}, +{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} , + {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} , + {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}}, +{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} , + {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}}, +{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} , + {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}}, +{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} , + {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} , + {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}}, +{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} , + {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}}, +{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} , + {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}}, +{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} , + {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} , + {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}}, +{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} , + {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}}, +{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} , + {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}}, +{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} , + {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} , + {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}}, +{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} , + {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}}, +{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} , + {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}}, +{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} , + {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} , + {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}}, +{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} , + {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}}, +{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} , + {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}}, +{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} , + {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} , + {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}}, +{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} , + {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}}, +{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} , + {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}}, +{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} , + {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} , + {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}}, +{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} , + {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}}, +{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} , + {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}}, +{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} , + {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} , + {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}}, +{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} , + {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}}, +{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} , + {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}}, +{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} , + {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} , + {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}}, +{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} , + {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}}, +{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} , + {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}}, +{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} , + {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} , + {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}}, +{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} , + {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}}, +{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} , + {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}}, +{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} , + {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} , + {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}}, +{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} , + {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}}, +{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} , + {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}}, +{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} , + {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} , + {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}}, +{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} , + {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}}, +{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} , + {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}}, +{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} , + {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} , + {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}}, +{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} , + {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}}, +{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} , + {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}}, +{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} , + {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} , + {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}}, +{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} , + {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}}, +{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} , + {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}}, +{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} , + {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} , + {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}}, +{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} , + {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}}, +{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} , + {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}}, +{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} , + {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} , + {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}}, +{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} , + {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}}, +{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} , + {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}}, +{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} , + {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} , + {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}}, +{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} , + {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}}, +{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} , + {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}}, +{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} , + {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} , + {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}}, +{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} , + {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}}, +{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} , + {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}}, +{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} , + {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} , + {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}}, +{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} , + {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}}, +{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} , + {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}}, +{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} , + {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} , + {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}}, +{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} , + {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}}, +{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} , + {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}}, +{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} , + {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} , + {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}}, +{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} , + {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}}, +{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} , + {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}}, +{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} , + {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} , + {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}}, +{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} , + {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}}, +{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} , + {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}}, +{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} , + {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} , + {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}}, +{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} , + {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}}, +{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} , + {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}}, +{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} , + {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} , + {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}}, +{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} , + {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}}, +{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} , + {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}}, +{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} , + {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} , + {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}}, +{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} , + {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}}, +{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} , + {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}}, +{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} , + {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} , + {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}}, +{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} , + {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}}, +{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} , + {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}}, +{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} , + {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} , + {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}}, +{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} , + {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}}, +{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} , + {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}}, +{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} , + {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} , + {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}}, +{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} , + {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}}, +{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} , + {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}}, +{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} , + {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} , + {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}}, +{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} , + {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}}, +{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} , + {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}}, +{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} , + {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} , + {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}}, +{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} , + {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}}, +{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} , + {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}}, +{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} , + {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} , + {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}}, +{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} , + {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}}, +{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} , + {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}}, +{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} , + {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} , + {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}}, +{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} , + {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}}, +{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} , + {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}}, +{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} , + {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} , + {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}}, +{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} , + {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}}, +{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} , + {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}}, +{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} , + {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}} diff --git a/crypto/openssh/groupaccess.c b/crypto/openssh/groupaccess.c index 2381aeb15b..1eab10b196 100644 --- a/crypto/openssh/groupaccess.c +++ b/crypto/openssh/groupaccess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */ +/* $OpenBSD: groupaccess.c,v 1.14 2013/05/17 00:13:13 djm Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. * @@ -31,6 +31,7 @@ #include #include #include +#include #include #include "xmalloc.h" @@ -68,7 +69,7 @@ ga_init(const char *user, gid_t base) for (i = 0, j = 0; i < ngroups; i++) if ((gr = getgrgid(groups_bygid[i])) != NULL) groups_byname[j++] = xstrdup(gr->gr_name); - xfree(groups_bygid); + free(groups_bygid); return (ngroups = j); } @@ -122,8 +123,8 @@ ga_free(void) if (ngroups > 0) { for (i = 0; i < ngroups; i++) - xfree(groups_byname[i]); + free(groups_byname[i]); ngroups = 0; - xfree(groups_byname); + free(groups_byname); } } diff --git a/crypto/openssh/gss-genr.c b/crypto/openssh/gss-genr.c index 842f38582c..b39281bc1e 100644 --- a/crypto/openssh/gss-genr.c +++ b/crypto/openssh/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.22 2013/11/08 00:39:15 djm Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -59,10 +59,10 @@ void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) { if (ctx->oid != GSS_C_NO_OID) { - xfree(ctx->oid->elements); - xfree(ctx->oid); + free(ctx->oid->elements); + free(ctx->oid); } - ctx->oid = xmalloc(sizeof(gss_OID_desc)); + ctx->oid = xcalloc(1, sizeof(gss_OID_desc)); ctx->oid->length = len; ctx->oid->elements = xmalloc(len); memcpy(ctx->oid->elements, data, len); @@ -83,7 +83,7 @@ ssh_gssapi_error(Gssctxt *ctxt) s = ssh_gssapi_last_error(ctxt, NULL, NULL); debug("%s", s); - xfree(s); + free(s); } char * @@ -164,8 +164,8 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx) if ((*ctx)->name != GSS_C_NO_NAME) gss_release_name(&ms, &(*ctx)->name); if ((*ctx)->oid != GSS_C_NO_OID) { - xfree((*ctx)->oid->elements); - xfree((*ctx)->oid); + free((*ctx)->oid->elements); + free((*ctx)->oid); (*ctx)->oid = GSS_C_NO_OID; } if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) @@ -175,7 +175,7 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx) if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&ms, &(*ctx)->client_creds); - xfree(*ctx); + free(*ctx); *ctx = NULL; } @@ -222,7 +222,7 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) ssh_gssapi_error(ctx); - xfree(gssbuf.value); + free(gssbuf.value); return (ctx->major); } diff --git a/crypto/openssh/gss-serv-krb5.c b/crypto/openssh/gss-serv-krb5.c index 5a625acb89..795992d9f7 100644 --- a/crypto/openssh/gss-serv-krb5.c +++ b/crypto/openssh/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -39,6 +39,7 @@ #include "hostfile.h" #include "auth.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "buffer.h" @@ -48,12 +49,11 @@ extern ServerOptions options; #ifdef HEIMDAL # include -#else -# ifdef HAVE_GSSAPI_KRB5_H -# include -# elif HAVE_GSSAPI_GSSAPI_KRB5_H -# include -# endif +#endif +#ifdef HAVE_GSSAPI_KRB5_H +# include +#elif HAVE_GSSAPI_GSSAPI_KRB5_H +# include #endif static krb5_context krb_context = NULL; @@ -87,14 +87,16 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) { krb5_principal princ; int retval; + const char *errmsg; if (ssh_gssapi_krb5_init() == 0) return 0; if ((retval = krb5_parse_name(krb_context, client->exportedname.value, &princ))) { - logit("krb5_parse_name(): %.100s", - krb5_get_err_text(krb_context, retval)); + errmsg = krb5_get_error_message(krb_context, retval); + logit("krb5_parse_name(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); return 0; } if (krb5_kuserok(krb_context, princ, name)) { @@ -120,6 +122,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) krb5_principal princ; OM_uint32 maj_status, min_status; int len; + const char *errmsg; if (client->creds == NULL) { debug("No credentials stored"); @@ -130,30 +133,40 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) return; #ifdef HEIMDAL +# ifdef HAVE_KRB5_CC_NEW_UNIQUE + if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix, + NULL, &ccache)) != 0) { + errmsg = krb5_get_error_message(krb_context, problem); + logit("krb5_cc_new_unique(): %.100s", errmsg); +# else if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { - logit("krb5_cc_gen_new(): %.100s", - krb5_get_err_text(krb_context, problem)); + logit("krb5_cc_gen_new(): %.100s", + krb5_get_err_text(krb_context, problem)); +# endif + krb5_free_error_message(krb_context, errmsg); return; } #else if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { - logit("ssh_krb5_cc_gen(): %.100s", - krb5_get_err_text(krb_context, problem)); + errmsg = krb5_get_error_message(krb_context, problem); + logit("ssh_krb5_cc_gen(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); return; } #endif /* #ifdef HEIMDAL */ if ((problem = krb5_parse_name(krb_context, client->exportedname.value, &princ))) { - logit("krb5_parse_name(): %.100s", - krb5_get_err_text(krb_context, problem)); - krb5_cc_destroy(krb_context, ccache); + errmsg = krb5_get_error_message(krb_context, problem); + logit("krb5_parse_name(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); return; } if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) { - logit("krb5_cc_initialize(): %.100s", - krb5_get_err_text(krb_context, problem)); + errmsg = krb5_get_error_message(krb_context, problem); + logit("krb5_cc_initialize(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); krb5_free_principal(krb_context, princ); krb5_cc_destroy(krb_context, ccache); return; diff --git a/crypto/openssh/gss-serv.c b/crypto/openssh/gss-serv.c index c719c13064..5c599247bb 100644 --- a/crypto/openssh/gss-serv.c +++ b/crypto/openssh/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.27 2014/07/03 03:34:09 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -50,7 +50,7 @@ static ssh_gssapi_client gssapi_client = { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; + GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}}; ssh_gssapi_mech gssapi_null_mech = { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; @@ -66,6 +66,25 @@ ssh_gssapi_mech* supported_mechs[]= { &gssapi_null_mech, }; +/* + * ssh_gssapi_supported_oids() can cause sandbox violations, so prepare the + * list of supported mechanisms before privsep is set up. + */ +static gss_OID_set supported_oids; + +void +ssh_gssapi_prepare_supported_oids(void) +{ + ssh_gssapi_supported_oids(&supported_oids); +} + +OM_uint32 +ssh_gssapi_test_oid_supported(OM_uint32 *ms, gss_OID member, int *present) +{ + if (supported_oids == NULL) + ssh_gssapi_prepare_supported_oids(); + return gss_test_oid_set_member(ms, member, supported_oids, present); +} /* * Acquire credentials for a server running on the current host. @@ -78,13 +97,13 @@ static OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *ctx) { OM_uint32 status; - char lname[MAXHOSTNAMELEN]; + char lname[NI_MAXHOST]; gss_OID_set oidset; gss_create_empty_oid_set(&status, &oidset); gss_add_oid_set_member(&status, ctx->oid, &oidset); - if (gethostname(lname, MAXHOSTNAMELEN)) { + if (gethostname(lname, sizeof(lname))) { gss_release_oid_set(&status, &oidset); return (-1); } @@ -346,7 +365,8 @@ ssh_gssapi_userok(char *user) gss_release_buffer(&lmin, &gssapi_client.displayname); gss_release_buffer(&lmin, &gssapi_client.exportedname); gss_release_cred(&lmin, &gssapi_client.creds); - memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); + explicit_bzero(&gssapi_client, + sizeof(ssh_gssapi_client)); return 0; } else diff --git a/crypto/openssh/hash.c b/crypto/openssh/hash.c new file mode 100644 index 0000000000..734c6bee2a --- /dev/null +++ b/crypto/openssh/hash.c @@ -0,0 +1,76 @@ +/* $OpenBSD: hash.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* Copied from nacl-20110221/crypto_hash/sha512/ref/hash.c */ + +/* +20080913 +D. J. Bernstein +Public domain. +*/ + +#include "includes.h" + +#include "crypto_api.h" + +#define blocks crypto_hashblocks_sha512 + +static const unsigned char iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +typedef unsigned long long uint64; + +int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen) +{ + unsigned char h[64]; + unsigned char padded[256]; + unsigned int i; + unsigned long long bytes = inlen; + + for (i = 0;i < 64;++i) h[i] = iv[i]; + + blocks(h,in,inlen); + in += inlen; + inlen &= 127; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 112) { + for (i = inlen + 1;i < 119;++i) padded[i] = 0; + padded[119] = bytes >> 61; + padded[120] = bytes >> 53; + padded[121] = bytes >> 45; + padded[122] = bytes >> 37; + padded[123] = bytes >> 29; + padded[124] = bytes >> 21; + padded[125] = bytes >> 13; + padded[126] = bytes >> 5; + padded[127] = bytes << 3; + blocks(h,padded,128); + } else { + for (i = inlen + 1;i < 247;++i) padded[i] = 0; + padded[247] = bytes >> 61; + padded[248] = bytes >> 53; + padded[249] = bytes >> 45; + padded[250] = bytes >> 37; + padded[251] = bytes >> 29; + padded[252] = bytes >> 21; + padded[253] = bytes >> 13; + padded[254] = bytes >> 5; + padded[255] = bytes << 3; + blocks(h,padded,256); + } + + for (i = 0;i < 64;++i) out[i] = h[i]; + + return 0; +} diff --git a/crypto/openssh/hmac.c b/crypto/openssh/hmac.c new file mode 100644 index 0000000000..99317b0f96 --- /dev/null +++ b/crypto/openssh/hmac.c @@ -0,0 +1,197 @@ +/* $OpenBSD: hmac.c,v 1.10 2014/01/31 16:39:19 tedu Exp $ */ +/* + * Copyright (c) 2014 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#include "buffer.h" +#include "digest.h" +#include "hmac.h" + +struct ssh_hmac_ctx { + int alg; + struct ssh_digest_ctx *ictx; + struct ssh_digest_ctx *octx; + struct ssh_digest_ctx *digest; + u_char *buf; + size_t buf_len; +}; + +size_t +ssh_hmac_bytes(int alg) +{ + return ssh_digest_bytes(alg); +} + +struct ssh_hmac_ctx * +ssh_hmac_start(int alg) +{ + struct ssh_hmac_ctx *ret; + + if ((ret = calloc(1, sizeof(*ret))) == NULL) + return NULL; + ret->alg = alg; + if ((ret->ictx = ssh_digest_start(alg)) == NULL || + (ret->octx = ssh_digest_start(alg)) == NULL || + (ret->digest = ssh_digest_start(alg)) == NULL) + goto fail; + ret->buf_len = ssh_digest_blocksize(ret->ictx); + if ((ret->buf = calloc(1, ret->buf_len)) == NULL) + goto fail; + return ret; +fail: + ssh_hmac_free(ret); + return NULL; +} + +int +ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) +{ + size_t i; + + /* reset ictx and octx if no is key given */ + if (key != NULL) { + /* truncate long keys */ + if (klen <= ctx->buf_len) + memcpy(ctx->buf, key, klen); + else if (ssh_digest_memory(ctx->alg, key, klen, ctx->buf, + ctx->buf_len) < 0) + return -1; + for (i = 0; i < ctx->buf_len; i++) + ctx->buf[i] ^= 0x36; + if (ssh_digest_update(ctx->ictx, ctx->buf, ctx->buf_len) < 0) + return -1; + for (i = 0; i < ctx->buf_len; i++) + ctx->buf[i] ^= 0x36 ^ 0x5c; + if (ssh_digest_update(ctx->octx, ctx->buf, ctx->buf_len) < 0) + return -1; + explicit_bzero(ctx->buf, ctx->buf_len); + } + /* start with ictx */ + if (ssh_digest_copy_state(ctx->ictx, ctx->digest) < 0) + return -1; + return 0; +} + +int +ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) +{ + return ssh_digest_update(ctx->digest, m, mlen); +} + +int +ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const Buffer *b) +{ + return ssh_digest_update_buffer(ctx->digest, b); +} + +int +ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) +{ + size_t len; + + len = ssh_digest_bytes(ctx->alg); + if (dlen < len || + ssh_digest_final(ctx->digest, ctx->buf, len)) + return -1; + /* switch to octx */ + if (ssh_digest_copy_state(ctx->octx, ctx->digest) < 0 || + ssh_digest_update(ctx->digest, ctx->buf, len) < 0 || + ssh_digest_final(ctx->digest, d, dlen) < 0) + return -1; + return 0; +} + +void +ssh_hmac_free(struct ssh_hmac_ctx *ctx) +{ + if (ctx != NULL) { + ssh_digest_free(ctx->ictx); + ssh_digest_free(ctx->octx); + ssh_digest_free(ctx->digest); + if (ctx->buf) { + explicit_bzero(ctx->buf, ctx->buf_len); + free(ctx->buf); + } + explicit_bzero(ctx, sizeof(*ctx)); + free(ctx); + } +} + +#ifdef TEST + +/* cc -DTEST hmac.c digest.c buffer.c cleanup.c fatal.c log.c xmalloc.c -lcrypto */ +static void +hmac_test(void *key, size_t klen, void *m, size_t mlen, u_char *e, size_t elen) +{ + struct ssh_hmac_ctx *ctx; + size_t i; + u_char digest[16]; + + if ((ctx = ssh_hmac_start(SSH_DIGEST_MD5)) == NULL) + printf("ssh_hmac_start failed"); + if (ssh_hmac_init(ctx, key, klen) < 0 || + ssh_hmac_update(ctx, m, mlen) < 0 || + ssh_hmac_final(ctx, digest, sizeof(digest)) < 0) + printf("ssh_hmac_xxx failed"); + ssh_hmac_free(ctx); + + if (memcmp(e, digest, elen)) { + for (i = 0; i < elen; i++) + printf("[%zd] %2.2x %2.2x\n", i, e[i], digest[i]); + printf("mismatch\n"); + } else + printf("ok\n"); +} + +int +main(int argc, char **argv) +{ + /* try test vectors from RFC 2104 */ + + u_char key1[16] = { + 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, + 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb }; + u_char *data1 = "Hi There"; + u_char dig1[16] = { + 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, + 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d }; + + u_char *key2 = "Jefe"; + u_char *data2 = "what do ya want for nothing?"; + u_char dig2[16] = { + 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03, + 0xea, 0xa8, 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 }; + + u_char key3[16]; + u_char data3[50]; + u_char dig3[16] = { + 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88, + 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 }; + memset(key3, 0xaa, sizeof(key3)); + memset(data3, 0xdd, sizeof(data3)); + + hmac_test(key1, sizeof(key1), data1, strlen(data1), dig1, sizeof(dig1)); + hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2)); + hmac_test(key3, sizeof(key3), data3, sizeof(data3), dig3, sizeof(dig3)); + + return 0; +} + +#endif diff --git a/crypto/openssh/hmac.h b/crypto/openssh/hmac.h new file mode 100644 index 0000000000..42b33d0028 --- /dev/null +++ b/crypto/openssh/hmac.h @@ -0,0 +1,38 @@ +/* $OpenBSD: hmac.h,v 1.9 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2014 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _HMAC_H +#define _HMAC_H + +/* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */ +size_t ssh_hmac_bytes(int alg); + +struct sshbuf; +struct ssh_hmac_ctx; +struct ssh_hmac_ctx *ssh_hmac_start(int alg); + +/* Sets the state of the HMAC or resets the state if key == NULL */ +int ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) + __attribute__((__bounded__(__buffer__, 2, 3))); +int ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) + __attribute__((__bounded__(__buffer__, 2, 3))); +int ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const struct sshbuf *b); +int ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) + __attribute__((__bounded__(__buffer__, 2, 3))); +void ssh_hmac_free(struct ssh_hmac_ctx *ctx); + +#endif /* _HMAC_H */ diff --git a/crypto/openssh/hostfile.c b/crypto/openssh/hostfile.c index b6f924b234..ee2daf45f0 100644 --- a/crypto/openssh/hostfile.c +++ b/crypto/openssh/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.57 2014/06/24 01:13:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,14 +42,12 @@ #include -#include -#include - #include #include #include #include #include +#include #include "xmalloc.h" #include "match.h" @@ -57,6 +55,8 @@ #include "hostfile.h" #include "log.h" #include "misc.h" +#include "digest.h" +#include "hmac.h" struct hostkeys { struct hostkey_entry *entries; @@ -64,7 +64,7 @@ struct hostkeys { }; static int -extract_salt(const char *s, u_int l, char *salt, size_t salt_len) +extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len) { char *p, *b64salt; u_int b64len; @@ -96,14 +96,14 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len) b64salt[b64len] = '\0'; ret = __b64_pton(b64salt, salt, salt_len); - xfree(b64salt); + free(b64salt); if (ret == -1) { debug2("extract_salt: salt decode error"); return (-1); } - if (ret != SHA_DIGEST_LENGTH) { - debug2("extract_salt: expected salt len %d, got %d", - SHA_DIGEST_LENGTH, ret); + if (ret != (int)ssh_hmac_bytes(SSH_DIGEST_SHA1)) { + debug2("extract_salt: expected salt len %zd, got %d", + ssh_hmac_bytes(SSH_DIGEST_SHA1), ret); return (-1); } @@ -113,13 +113,13 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len) char * host_hash(const char *host, const char *name_from_hostfile, u_int src_len) { - const EVP_MD *md = EVP_sha1(); - HMAC_CTX mac_ctx; - char salt[256], result[256], uu_salt[512], uu_result[512]; + struct ssh_hmac_ctx *ctx; + u_char salt[256], result[256]; + char uu_salt[512], uu_result[512]; static char encoded[1024]; u_int i, len; - len = EVP_MD_size(md); + len = ssh_digest_bytes(SSH_DIGEST_SHA1); if (name_from_hostfile == NULL) { /* Create new salt */ @@ -132,14 +132,16 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) return (NULL); } - HMAC_Init(&mac_ctx, salt, len, md); - HMAC_Update(&mac_ctx, host, strlen(host)); - HMAC_Final(&mac_ctx, result, NULL); - HMAC_cleanup(&mac_ctx); + if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL || + ssh_hmac_init(ctx, salt, len) < 0 || + ssh_hmac_update(ctx, host, strlen(host)) < 0 || + ssh_hmac_final(ctx, result, sizeof(result))) + fatal("%s: ssh_hmac failed", __func__); + ssh_hmac_free(ctx); if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) - fatal("host_hash: __b64_ntop failed"); + fatal("%s: __b64_ntop failed", __func__); snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, HASH_DELIM, uu_result); @@ -153,7 +155,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) */ int -hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) +hostfile_read_key(char **cpp, int *bitsp, Key *ret) { char *cp; @@ -170,8 +172,10 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) /* Return results. */ *cpp = cp; - if (bitsp != NULL) - *bitsp = key_size(ret); + if (bitsp != NULL) { + if ((*bitsp = key_size(ret)) <= 0) + return 0; + } return 1; } @@ -179,6 +183,7 @@ static int hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, u_long linenum) { +#ifdef WITH_SSH1 if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) return 1; if (bits != BN_num_bits(key->rsa->n)) { @@ -188,6 +193,7 @@ hostfile_check_key(int bits, const Key *key, const char *host, logit("Warning: replace %d with %d in %s, line %lu.", bits, BN_num_bits(key->rsa->n), filename, linenum); } +#endif return 1; } @@ -293,11 +299,15 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) key = key_new(KEY_UNSPEC); if (!hostfile_read_key(&cp, &kbits, key)) { key_free(key); +#ifdef WITH_SSH1 key = key_new(KEY_RSA1); if (!hostfile_read_key(&cp, &kbits, key)) { key_free(key); continue; } +#else + continue; +#endif } if (!hostfile_check_key(kbits, key, host, path, linenum)) continue; @@ -327,16 +337,14 @@ free_hostkeys(struct hostkeys *hostkeys) u_int i; for (i = 0; i < hostkeys->num_entries; i++) { - xfree(hostkeys->entries[i].host); - xfree(hostkeys->entries[i].file); + free(hostkeys->entries[i].host); + free(hostkeys->entries[i].file); key_free(hostkeys->entries[i].key); - bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); + explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); } - if (hostkeys->entries != NULL) - xfree(hostkeys->entries); - hostkeys->entries = NULL; - hostkeys->num_entries = 0; - xfree(hostkeys); + free(hostkeys->entries); + explicit_bzero(hostkeys, sizeof(*hostkeys)); + free(hostkeys); } static int diff --git a/crypto/openssh/hostfile.h b/crypto/openssh/hostfile.h index d84d422ff6..679c034f3f 100644 --- a/crypto/openssh/hostfile.h +++ b/crypto/openssh/hostfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.h,v 1.19 2010/11/29 23:45:51 djm Exp $ */ +/* $OpenBSD: hostfile.h,v 1.20 2013/07/12 00:19:58 djm Exp $ */ /* * Author: Tatu Ylonen @@ -40,7 +40,7 @@ HostStatus check_key_in_hostkeys(struct hostkeys *, Key *, int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, const struct hostkey_entry **); -int hostfile_read_key(char **, u_int *, Key *); +int hostfile_read_key(char **, int *, Key *); int add_host_to_hostfile(const char *, const char *, const Key *, int); #define HASH_MAGIC "|1|" diff --git a/crypto/openssh/includes.h b/crypto/openssh/includes.h index b4c53d9b4f..07bcd89f2c 100644 --- a/crypto/openssh/includes.h +++ b/crypto/openssh/includes.h @@ -18,7 +18,9 @@ #include "config.h" +#ifndef _GNU_SOURCE #define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif #include #include /* For CMSG_* */ @@ -137,8 +139,10 @@ # include #endif -#ifdef HAVE_LIBUTIL_H -# include /* Openpty on FreeBSD at least */ +#if defined(HAVE_BSD_LIBUTIL_H) +# include +#elif defined(HAVE_LIBUTIL_H) +# include #endif #if defined(KRB5) && defined(USE_AFS) diff --git a/crypto/openssh/jpake.c b/crypto/openssh/jpake.c deleted file mode 100644 index b010dafaa5..0000000000 --- a/crypto/openssh/jpake.c +++ /dev/null @@ -1,456 +0,0 @@ -/* $OpenBSD: jpake.c,v 1.7 2012/06/18 11:43:53 dtucker Exp $ */ -/* - * Copyright (c) 2008 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Shared components of zero-knowledge password auth using J-PAKE protocol - * as described in: - * - * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", - * 16th Workshop on Security Protocols, Cambridge, April 2008 - * - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - */ - -#include "includes.h" - -#include - -#include -#include -#include - -#include -#include - -#include "xmalloc.h" -#include "ssh2.h" -#include "key.h" -#include "hostfile.h" -#include "auth.h" -#include "buffer.h" -#include "packet.h" -#include "dispatch.h" -#include "log.h" -#include "misc.h" - -#include "jpake.h" -#include "schnorr.h" - -#ifdef JPAKE - -/* RFC3526 group 5, 1536 bits */ -#define JPAKE_GROUP_G "2" -#define JPAKE_GROUP_P \ - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74" \ - "020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437" \ - "4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05" \ - "98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" \ - "9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF" - -struct modp_group * -jpake_default_group(void) -{ - return modp_group_from_g_and_safe_p(JPAKE_GROUP_G, JPAKE_GROUP_P); -} - -struct jpake_ctx * -jpake_new(void) -{ - struct jpake_ctx *ret; - - ret = xcalloc(1, sizeof(*ret)); - - ret->grp = jpake_default_group(); - - ret->s = ret->k = NULL; - ret->x1 = ret->x2 = ret->x3 = ret->x4 = NULL; - ret->g_x1 = ret->g_x2 = ret->g_x3 = ret->g_x4 = NULL; - ret->a = ret->b = NULL; - - ret->client_id = ret->server_id = NULL; - ret->h_k_cid_sessid = ret->h_k_sid_sessid = NULL; - - debug3("%s: alloc %p", __func__, ret); - - return ret; -} - -void -jpake_free(struct jpake_ctx *pctx) -{ - debug3("%s: free %p", __func__, pctx); - -#define JPAKE_BN_CLEAR_FREE(v) \ - do { \ - if ((v) != NULL) { \ - BN_clear_free(v); \ - (v) = NULL; \ - } \ - } while (0) -#define JPAKE_BUF_CLEAR_FREE(v, l) \ - do { \ - if ((v) != NULL) { \ - bzero((v), (l)); \ - xfree(v); \ - (v) = NULL; \ - (l) = 0; \ - } \ - } while (0) - - JPAKE_BN_CLEAR_FREE(pctx->s); - JPAKE_BN_CLEAR_FREE(pctx->k); - JPAKE_BN_CLEAR_FREE(pctx->x1); - JPAKE_BN_CLEAR_FREE(pctx->x2); - JPAKE_BN_CLEAR_FREE(pctx->x3); - JPAKE_BN_CLEAR_FREE(pctx->x4); - JPAKE_BN_CLEAR_FREE(pctx->g_x1); - JPAKE_BN_CLEAR_FREE(pctx->g_x2); - JPAKE_BN_CLEAR_FREE(pctx->g_x3); - JPAKE_BN_CLEAR_FREE(pctx->g_x4); - JPAKE_BN_CLEAR_FREE(pctx->a); - JPAKE_BN_CLEAR_FREE(pctx->b); - - JPAKE_BUF_CLEAR_FREE(pctx->client_id, pctx->client_id_len); - JPAKE_BUF_CLEAR_FREE(pctx->server_id, pctx->server_id_len); - JPAKE_BUF_CLEAR_FREE(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len); - JPAKE_BUF_CLEAR_FREE(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); - -#undef JPAKE_BN_CLEAR_FREE -#undef JPAKE_BUF_CLEAR_FREE - - bzero(pctx, sizeof(*pctx)); - xfree(pctx); -} - -/* dump entire jpake_ctx. NB. includes private values! */ -void -jpake_dump(struct jpake_ctx *pctx, const char *fmt, ...) -{ - char *out; - va_list args; - - out = NULL; - va_start(args, fmt); - vasprintf(&out, fmt, args); - va_end(args); - if (out == NULL) - fatal("%s: vasprintf failed", __func__); - - debug3("%s: %s (ctx at %p)", __func__, out, pctx); - if (pctx == NULL) { - free(out); - return; - } - -#define JPAKE_DUMP_BN(a) do { \ - if ((a) != NULL) \ - JPAKE_DEBUG_BN(((a), "%s = ", #a)); \ - } while (0) -#define JPAKE_DUMP_BUF(a, b) do { \ - if ((a) != NULL) \ - JPAKE_DEBUG_BUF((a, b, "%s", #a)); \ - } while (0) - - JPAKE_DUMP_BN(pctx->s); - JPAKE_DUMP_BN(pctx->k); - JPAKE_DUMP_BN(pctx->x1); - JPAKE_DUMP_BN(pctx->x2); - JPAKE_DUMP_BN(pctx->x3); - JPAKE_DUMP_BN(pctx->x4); - JPAKE_DUMP_BN(pctx->g_x1); - JPAKE_DUMP_BN(pctx->g_x2); - JPAKE_DUMP_BN(pctx->g_x3); - JPAKE_DUMP_BN(pctx->g_x4); - JPAKE_DUMP_BN(pctx->a); - JPAKE_DUMP_BN(pctx->b); - - JPAKE_DUMP_BUF(pctx->client_id, pctx->client_id_len); - JPAKE_DUMP_BUF(pctx->server_id, pctx->server_id_len); - JPAKE_DUMP_BUF(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len); - JPAKE_DUMP_BUF(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); - - debug3("%s: %s done", __func__, out); - free(out); -} - -/* Shared parts of step 1 exchange calculation */ -void -jpake_step1(struct modp_group *grp, - u_char **id, u_int *id_len, - BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2, - u_char **priv1_proof, u_int *priv1_proof_len, - u_char **priv2_proof, u_int *priv2_proof_len) -{ - BN_CTX *bn_ctx; - - if ((bn_ctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new", __func__); - - /* Random nonce to prevent replay */ - *id = xmalloc(KZP_ID_LEN); - *id_len = KZP_ID_LEN; - arc4random_buf(*id, *id_len); - - /* - * x1/x3 is a random element of Zq - * x2/x4 is a random element of Z*q - * We also exclude [1] from x1/x3 candidates and [0, 1] from - * x2/x4 candiates to avoid possible degeneracy (i.e. g^0, g^1). - */ - if ((*priv1 = bn_rand_range_gt_one(grp->q)) == NULL || - (*priv2 = bn_rand_range_gt_one(grp->q)) == NULL) - fatal("%s: bn_rand_range_gt_one", __func__); - - /* - * client: g_x1 = g^x1 mod p / server: g_x3 = g^x3 mod p - * client: g_x2 = g^x2 mod p / server: g_x4 = g^x4 mod p - */ - if ((*g_priv1 = BN_new()) == NULL || - (*g_priv2 = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - if (BN_mod_exp(*g_priv1, grp->g, *priv1, grp->p, bn_ctx) == -1) - fatal("%s: BN_mod_exp", __func__); - if (BN_mod_exp(*g_priv2, grp->g, *priv2, grp->p, bn_ctx) == -1) - fatal("%s: BN_mod_exp", __func__); - - /* Generate proofs for holding x1/x3 and x2/x4 */ - if (schnorr_sign_buf(grp->p, grp->q, grp->g, - *priv1, *g_priv1, *id, *id_len, - priv1_proof, priv1_proof_len) != 0) - fatal("%s: schnorr_sign", __func__); - if (schnorr_sign_buf(grp->p, grp->q, grp->g, - *priv2, *g_priv2, *id, *id_len, - priv2_proof, priv2_proof_len) != 0) - fatal("%s: schnorr_sign", __func__); - - BN_CTX_free(bn_ctx); -} - -/* Shared parts of step 2 exchange calculation */ -void -jpake_step2(struct modp_group *grp, BIGNUM *s, - BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2, - const u_char *theirid, u_int theirid_len, - const u_char *myid, u_int myid_len, - const u_char *theirpub1_proof, u_int theirpub1_proof_len, - const u_char *theirpub2_proof, u_int theirpub2_proof_len, - BIGNUM **newpub, - u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len) -{ - BN_CTX *bn_ctx; - BIGNUM *tmp, *exponent; - - /* Validate peer's step 1 values */ - if (BN_cmp(theirpub1, BN_value_one()) <= 0) - fatal("%s: theirpub1 <= 1", __func__); - if (BN_cmp(theirpub1, grp->p) >= 0) - fatal("%s: theirpub1 >= p", __func__); - if (BN_cmp(theirpub2, BN_value_one()) <= 0) - fatal("%s: theirpub2 <= 1", __func__); - if (BN_cmp(theirpub2, grp->p) >= 0) - fatal("%s: theirpub2 >= p", __func__); - - if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1, - theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1) - fatal("%s: schnorr_verify theirpub1 failed", __func__); - if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub2, - theirid, theirid_len, theirpub2_proof, theirpub2_proof_len) != 1) - fatal("%s: schnorr_verify theirpub2 failed", __func__); - - if ((bn_ctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new", __func__); - - if ((*newpub = BN_new()) == NULL || - (tmp = BN_new()) == NULL || - (exponent = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - /* - * client: exponent = x2 * s mod p - * server: exponent = x4 * s mod p - */ - if (BN_mod_mul(exponent, mypriv2, s, grp->q, bn_ctx) != 1) - fatal("%s: BN_mod_mul (exponent = mypriv2 * s mod p)", - __func__); - - /* - * client: tmp = g^(x1 + x3 + x4) mod p - * server: tmp = g^(x1 + x2 + x3) mod p - */ - if (BN_mod_mul(tmp, mypub1, theirpub1, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = mypub1 * theirpub1 mod p)", - __func__); - if (BN_mod_mul(tmp, tmp, theirpub2, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = tmp * theirpub2 mod p)", __func__); - - /* - * client: a = tmp^exponent = g^((x1+x3+x4) * x2 * s) mod p - * server: b = tmp^exponent = g^((x1+x2+x3) * x4 * s) mod p - */ - if (BN_mod_exp(*newpub, tmp, exponent, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (newpub = tmp^exponent mod p)", __func__); - - JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__)); - JPAKE_DEBUG_BN((exponent, "%s: exponent = ", __func__)); - - /* Note the generator here is 'tmp', not g */ - if (schnorr_sign_buf(grp->p, grp->q, tmp, exponent, *newpub, - myid, myid_len, - newpub_exponent_proof, newpub_exponent_proof_len) != 0) - fatal("%s: schnorr_sign newpub", __func__); - - BN_clear_free(tmp); /* XXX stash for later use? */ - BN_clear_free(exponent); /* XXX stash for later use? (yes, in conf) */ - - BN_CTX_free(bn_ctx); -} - -/* Confirmation hash calculation */ -void -jpake_confirm_hash(const BIGNUM *k, - const u_char *endpoint_id, u_int endpoint_id_len, - const u_char *sess_id, u_int sess_id_len, - u_char **confirm_hash, u_int *confirm_hash_len) -{ - Buffer b; - - /* - * Calculate confirmation proof: - * client: H(k || client_id || session_id) - * server: H(k || server_id || session_id) - */ - buffer_init(&b); - buffer_put_bignum2(&b, k); - buffer_put_string(&b, endpoint_id, endpoint_id_len); - buffer_put_string(&b, sess_id, sess_id_len); - if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(), - confirm_hash, confirm_hash_len) != 0) - fatal("%s: hash_buffer", __func__); - buffer_free(&b); -} - -/* Shared parts of key derivation and confirmation calculation */ -void -jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val, - BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2, - BIGNUM *theirpub1, BIGNUM *theirpub2, - const u_char *my_id, u_int my_id_len, - const u_char *their_id, u_int their_id_len, - const u_char *sess_id, u_int sess_id_len, - const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len, - BIGNUM **k, - u_char **confirm_hash, u_int *confirm_hash_len) -{ - BN_CTX *bn_ctx; - BIGNUM *tmp; - - if ((bn_ctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new", __func__); - if ((tmp = BN_new()) == NULL || - (*k = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - /* Validate step 2 values */ - if (BN_cmp(step2_val, BN_value_one()) <= 0) - fatal("%s: step2_val <= 1", __func__); - if (BN_cmp(step2_val, grp->p) >= 0) - fatal("%s: step2_val >= p", __func__); - - /* - * theirpriv2_s_proof is calculated with a different generator: - * tmp = g^(mypriv1+mypriv2+theirpub1) = g^mypub1*g^mypub2*g^theirpub1 - * Calculate it here so we can check the signature. - */ - if (BN_mod_mul(tmp, mypub1, mypub2, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = mypub1 * mypub2 mod p)", __func__); - if (BN_mod_mul(tmp, tmp, theirpub1, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = tmp * theirpub1 mod p)", __func__); - - JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__)); - - if (schnorr_verify_buf(grp->p, grp->q, tmp, step2_val, - their_id, their_id_len, - theirpriv2_s_proof, theirpriv2_s_proof_len) != 1) - fatal("%s: schnorr_verify theirpriv2_s_proof failed", __func__); - - /* - * Derive shared key: - * client: k = (b / g^(x2*x4*s))^x2 = g^((x1+x3)*x2*x4*s) - * server: k = (a / g^(x2*x4*s))^x4 = g^((x1+x3)*x2*x4*s) - * - * Computed as: - * client: k = (g_x4^(q - (x2 * s)) * b)^x2 mod p - * server: k = (g_x2^(q - (x4 * s)) * b)^x4 mod p - */ - if (BN_mul(tmp, mypriv2, s, bn_ctx) != 1) - fatal("%s: BN_mul (tmp = mypriv2 * s)", __func__); - if (BN_mod_sub(tmp, grp->q, tmp, grp->q, bn_ctx) != 1) - fatal("%s: BN_mod_sub (tmp = q - tmp mod q)", __func__); - if (BN_mod_exp(tmp, theirpub2, tmp, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_exp (tmp = theirpub2^tmp) mod p", __func__); - if (BN_mod_mul(tmp, tmp, step2_val, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = tmp * step2_val) mod p", __func__); - if (BN_mod_exp(*k, tmp, mypriv2, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_exp (k = tmp^mypriv2) mod p", __func__); - - BN_CTX_free(bn_ctx); - BN_clear_free(tmp); - - jpake_confirm_hash(*k, my_id, my_id_len, sess_id, sess_id_len, - confirm_hash, confirm_hash_len); -} - -/* - * Calculate and check confirmation hash from peer. Returns 1 on success - * 0 on failure/mismatch. - */ -int -jpake_check_confirm(const BIGNUM *k, - const u_char *peer_id, u_int peer_id_len, - const u_char *sess_id, u_int sess_id_len, - const u_char *peer_confirm_hash, u_int peer_confirm_hash_len) -{ - u_char *expected_confirm_hash; - u_int expected_confirm_hash_len; - int success = 0; - - /* Calculate and verify expected confirmation hash */ - jpake_confirm_hash(k, peer_id, peer_id_len, sess_id, sess_id_len, - &expected_confirm_hash, &expected_confirm_hash_len); - - JPAKE_DEBUG_BUF((expected_confirm_hash, expected_confirm_hash_len, - "%s: expected confirm hash", __func__)); - JPAKE_DEBUG_BUF((peer_confirm_hash, peer_confirm_hash_len, - "%s: received confirm hash", __func__)); - - if (peer_confirm_hash_len != expected_confirm_hash_len) - error("%s: confirmation length mismatch (my %u them %u)", - __func__, expected_confirm_hash_len, peer_confirm_hash_len); - else if (timingsafe_bcmp(peer_confirm_hash, expected_confirm_hash, - expected_confirm_hash_len) == 0) - success = 1; - bzero(expected_confirm_hash, expected_confirm_hash_len); - xfree(expected_confirm_hash); - debug3("%s: success = %d", __func__, success); - return success; -} - -/* XXX main() function with tests */ - -#endif /* JPAKE */ - diff --git a/crypto/openssh/jpake.h b/crypto/openssh/jpake.h deleted file mode 100644 index a3f2cf0256..0000000000 --- a/crypto/openssh/jpake.h +++ /dev/null @@ -1,114 +0,0 @@ -/* $OpenBSD: jpake.h,v 1.2 2009/03/05 07:18:19 djm Exp $ */ -/* - * Copyright (c) 2008 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef JPAKE_H -#define JPAKE_H - -#include - -#include - -/* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */ -#ifndef JPAKE_DEBUG -# define JPAKE_DEBUG_BN(a) -# define JPAKE_DEBUG_BUF(a) -# define JPAKE_DEBUG_CTX(a) -#else -# define JPAKE_DEBUG_BN(a) debug3_bn a -# define JPAKE_DEBUG_BUF(a) debug3_buf a -# define JPAKE_DEBUG_CTX(a) jpake_dump a -#endif /* JPAKE_DEBUG */ - -#define KZP_ID_LEN 16 /* Length of client and server IDs */ - -struct jpake_ctx { - /* Parameters */ - struct modp_group *grp; - - /* Private values shared by client and server */ - BIGNUM *s; /* Secret (salted, crypted password) */ - BIGNUM *k; /* Derived key */ - - /* Client private values (NULL for server) */ - BIGNUM *x1; /* random in Zq */ - BIGNUM *x2; /* random in Z*q */ - - /* Server private values (NULL for server) */ - BIGNUM *x3; /* random in Zq */ - BIGNUM *x4; /* random in Z*q */ - - /* Step 1: C->S */ - u_char *client_id; /* Anti-replay nonce */ - u_int client_id_len; - BIGNUM *g_x1; /* g^x1 */ - BIGNUM *g_x2; /* g^x2 */ - - /* Step 1: S->C */ - u_char *server_id; /* Anti-replay nonce */ - u_int server_id_len; - BIGNUM *g_x3; /* g^x3 */ - BIGNUM *g_x4; /* g^x4 */ - - /* Step 2: C->S */ - BIGNUM *a; /* g^((x1+x3+x4)*x2*s) */ - - /* Step 2: S->C */ - BIGNUM *b; /* g^((x1+x2+x3)*x4*s) */ - - /* Confirmation: C->S */ - u_char *h_k_cid_sessid; /* H(k || client_id || session_id) */ - u_int h_k_cid_sessid_len; - - /* Confirmation: S->C */ - u_char *h_k_sid_sessid; /* H(k || server_id || session_id) */ - u_int h_k_sid_sessid_len; -}; - -/* jpake.c */ -struct modp_group *jpake_default_group(void); -void jpake_dump(struct jpake_ctx *, const char *, ...) - __attribute__((__nonnull__ (2))) - __attribute__((format(printf, 2, 3))); -struct jpake_ctx *jpake_new(void); -void jpake_free(struct jpake_ctx *); - -void jpake_step1(struct modp_group *, u_char **, u_int *, - BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **, - u_char **, u_int *, u_char **, u_int *); - -void jpake_step2(struct modp_group *, BIGNUM *, - BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - const u_char *, u_int, const u_char *, u_int, - const u_char *, u_int, const u_char *, u_int, - BIGNUM **, u_char **, u_int *); - -void jpake_confirm_hash(const BIGNUM *, - const u_char *, u_int, - const u_char *, u_int, - u_char **, u_int *); - -void jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *, - BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - const u_char *, u_int, const u_char *, u_int, - const u_char *, u_int, const u_char *, u_int, - BIGNUM **, u_char **, u_int *); - -int jpake_check_confirm(const BIGNUM *, const u_char *, u_int, - const u_char *, u_int, const u_char *, u_int); - -#endif /* JPAKE_H */ - diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c index c65e28f94d..a173e70e38 100644 --- a/crypto/openssh/kex.c +++ b/crypto/openssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.86 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -33,7 +33,9 @@ #include #include +#ifdef WITH_OPENSSL #include +#endif #include "xmalloc.h" #include "ssh2.h" @@ -49,6 +51,7 @@ #include "dispatch.h" #include "monitor.h" #include "roaming.h" +#include "digest.h" #if OPENSSL_VERSION_NUMBER >= 0x00907000L # if defined(HAVE_EVP_SHA256) @@ -62,6 +65,68 @@ extern const EVP_MD *evp_ssh_sha256(void); static void kex_kexinit_finish(Kex *); static void kex_choose_conf(Kex *); +struct kexalg { + char *name; + int type; + int ec_nid; + int hash_alg; +}; +static const struct kexalg kexalgs[] = { +#ifdef WITH_OPENSSL + { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, +#ifdef HAVE_EVP_SHA256 + { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif /* HAVE_EVP_SHA256 */ +#ifdef OPENSSL_HAS_ECC + { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, + NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, + { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, + SSH_DIGEST_SHA384 }, +# ifdef OPENSSL_HAS_NISTP521 + { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, + SSH_DIGEST_SHA512 }, +# endif /* OPENSSL_HAS_NISTP521 */ +#endif /* OPENSSL_HAS_ECC */ + { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, +#endif /* WITH_OPENSSL */ +#ifdef HAVE_EVP_SHA256 + { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif /* HAVE_EVP_SHA256 */ + { NULL, -1, -1, -1}, +}; + +char * +kex_alg_list(char sep) +{ + char *ret = NULL; + size_t nlen, rlen = 0; + const struct kexalg *k; + + for (k = kexalgs; k->name != NULL; k++) { + if (ret != NULL) + ret[rlen++] = sep; + nlen = strlen(k->name); + ret = xrealloc(ret, 1, rlen + nlen + 2); + memcpy(ret + rlen, k->name, nlen + 1); + rlen += nlen; + } + return ret; +} + +static const struct kexalg * +kex_alg_by_name(const char *name) +{ + const struct kexalg *k; + + for (k = kexalgs; k->name != NULL; k++) { + if (strcmp(k->name, name) == 0) + return k; + } + return NULL; +} + /* Validate KEX method name list */ int kex_names_valid(const char *names) @@ -73,20 +138,14 @@ kex_names_valid(const char *names) s = cp = xstrdup(names); for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { - if (strcmp(p, KEX_DHGEX_SHA256) != 0 && - strcmp(p, KEX_DHGEX_SHA1) != 0 && - strcmp(p, KEX_DH14) != 0 && - strcmp(p, KEX_DH1) != 0 && - (strncmp(p, KEX_ECDH_SHA2_STEM, - sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 || - kex_ecdh_name_to_nid(p) == -1)) { + if (kex_alg_by_name(p) == NULL) { error("Unsupported KEX algorithm \"%.100s\"", p); - xfree(s); + free(s); return 0; } } debug3("kex names ok: [%s]", names); - xfree(s); + free(s); return 1; } @@ -146,8 +205,8 @@ kex_prop_free(char **proposal) u_int i; for (i = 0; i < PROPOSAL_MAX; i++) - xfree(proposal[i]); - xfree(proposal); + free(proposal[i]); + free(proposal); } /* ARGSUSED */ @@ -184,7 +243,7 @@ kex_finish(Kex *kex) buffer_clear(&kex->peer); /* buffer_clear(&kex->my); */ kex->flags &= ~KEX_INIT_SENT; - xfree(kex->name); + free(kex->name); kex->name = NULL; } @@ -241,9 +300,19 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) for (i = 0; i < KEX_COOKIE_LEN; i++) packet_get_char(); for (i = 0; i < PROPOSAL_MAX; i++) - xfree(packet_get_string(NULL)); - (void) packet_get_char(); - (void) packet_get_int(); + free(packet_get_string(NULL)); + /* + * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported + * KEX method has the server move first, but a server might be using + * a custom method or one that we otherwise don't support. We should + * be prepared to remember first_kex_follows here so we can eat a + * packet later. + * XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means + * for cases where the server *doesn't* go first. I guess we should + * ignore it when it is set for these cases, which is what we do now. + */ + (void) packet_get_char(); /* first_kex_follows */ + (void) packet_get_int(); /* reserved */ packet_check_eom(); kex_kexinit_finish(kex); @@ -294,6 +363,7 @@ choose_enc(Enc *enc, char *client, char *server) enc->name = name; enc->enabled = 0; enc->iv = NULL; + enc->iv_len = cipher_ivlen(enc->cipher); enc->key = NULL; enc->key_len = cipher_keylen(enc->cipher); enc->block_size = cipher_blocksize(enc->cipher); @@ -337,29 +407,16 @@ choose_comp(Comp *comp, char *client, char *server) static void choose_kex(Kex *k, char *client, char *server) { + const struct kexalg *kexalg; + k->name = match_list(client, server, NULL); if (k->name == NULL) fatal("Unable to negotiate a key exchange method"); - if (strcmp(k->name, KEX_DH1) == 0) { - k->kex_type = KEX_DH_GRP1_SHA1; - k->evp_md = EVP_sha1(); - } else if (strcmp(k->name, KEX_DH14) == 0) { - k->kex_type = KEX_DH_GRP14_SHA1; - k->evp_md = EVP_sha1(); - } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { - k->kex_type = KEX_DH_GEX_SHA1; - k->evp_md = EVP_sha1(); -#if OPENSSL_VERSION_NUMBER >= 0x00907000L - } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { - k->kex_type = KEX_DH_GEX_SHA256; - k->evp_md = evp_ssh_sha256(); - } else if (strncmp(k->name, KEX_ECDH_SHA2_STEM, - sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) { - k->kex_type = KEX_ECDH_SHA2; - k->evp_md = kex_ecdh_name_to_evpmd(k->name); -#endif - } else - fatal("bad kex alg %s", k->name); + if ((kexalg = kex_alg_by_name(k->name)) == NULL) + fatal("unsupported kex alg %s", k->name); + k->kex_type = kexalg->type; + k->hash_alg = kexalg->hash_alg; + k->ec_nid = kexalg->ec_nid; } static void @@ -371,7 +428,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server) k->hostkey_type = key_type_from_name(hostkeyalg); if (k->hostkey_type == KEY_UNSPEC) fatal("bad hostkey alg '%s'", hostkeyalg); - xfree(hostkeyalg); + free(hostkeyalg); } static int @@ -405,7 +462,7 @@ kex_choose_conf(Kex *kex) char **my, **peer; char **cprop, **sprop; int nenc, nmac, ncomp; - u_int mode, ctos, need; + u_int mode, ctos, need, dh_need, authlen; int first_kex_follows, type; my = kex_buf2prop(&kex->my, NULL); @@ -425,7 +482,7 @@ kex_choose_conf(Kex *kex) roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL); if (roaming) { kex->roaming = 1; - xfree(roaming); + free(roaming); } } @@ -438,30 +495,36 @@ kex_choose_conf(Kex *kex) nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC; nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC; - choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]); - choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]); + choose_enc(&newkeys->enc, cprop[nenc], sprop[nenc]); + /* ignore mac for authenticated encryption */ + authlen = cipher_authlen(newkeys->enc.cipher); + if (authlen == 0) + choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]); choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]); debug("kex: %s %s %s %s", ctos ? "client->server" : "server->client", newkeys->enc.name, - newkeys->mac.name, + authlen == 0 ? newkeys->mac.name : "", newkeys->comp.name); } choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]); - need = 0; + need = dh_need = 0; for (mode = 0; mode < MODE_MAX; mode++) { newkeys = kex->newkeys[mode]; - if (need < newkeys->enc.key_len) - need = newkeys->enc.key_len; - if (need < newkeys->enc.block_size) - need = newkeys->enc.block_size; - if (need < newkeys->mac.key_len) - need = newkeys->mac.key_len; + need = MAX(need, newkeys->enc.key_len); + need = MAX(need, newkeys->enc.block_size); + need = MAX(need, newkeys->enc.iv_len); + need = MAX(need, newkeys->mac.key_len); + dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher)); + dh_need = MAX(dh_need, newkeys->enc.block_size); + dh_need = MAX(dh_need, newkeys->enc.iv_len); + dh_need = MAX(dh_need, newkeys->mac.key_len); } /* XXX need runden? */ kex->we_need = need; + kex->dh_need = dh_need; /* ignore the next message if the proposals do not match */ if (first_kex_follows && !proposals_match(my, peer) && @@ -476,30 +539,34 @@ kex_choose_conf(Kex *kex) static u_char * derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, - BIGNUM *shared_secret) + const u_char *shared_secret, u_int slen) { Buffer b; - EVP_MD_CTX md; + struct ssh_digest_ctx *hashctx; char c = id; u_int have; - int mdsz; + size_t mdsz; u_char *digest; - if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0) - fatal("bad kex md size %d", mdsz); + if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0) + fatal("bad kex md size %zu", mdsz); digest = xmalloc(roundup(need, mdsz)); buffer_init(&b); - buffer_put_bignum2(&b, shared_secret); + buffer_append(&b, shared_secret, slen); /* K1 = HASH(K || H || "A" || session_id) */ - EVP_DigestInit(&md, kex->evp_md); - if (!(datafellows & SSH_BUG_DERIVEKEY)) - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestUpdate(&md, hash, hashlen); - EVP_DigestUpdate(&md, &c, 1); - EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); - EVP_DigestFinal(&md, digest, NULL); + if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL) + fatal("%s: ssh_digest_start failed", __func__); + if (ssh_digest_update_buffer(hashctx, &b) != 0 || + ssh_digest_update(hashctx, hash, hashlen) != 0 || + ssh_digest_update(hashctx, &c, 1) != 0 || + ssh_digest_update(hashctx, kex->session_id, + kex->session_id_len) != 0) + fatal("%s: ssh_digest_update failed", __func__); + if (ssh_digest_final(hashctx, digest, mdsz) != 0) + fatal("%s: ssh_digest_final failed", __func__); + ssh_digest_free(hashctx); /* * expand key: @@ -507,12 +574,15 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, * Key = K1 || K2 || ... || Kn */ for (have = mdsz; need > have; have += mdsz) { - EVP_DigestInit(&md, kex->evp_md); - if (!(datafellows & SSH_BUG_DERIVEKEY)) - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestUpdate(&md, hash, hashlen); - EVP_DigestUpdate(&md, digest, have); - EVP_DigestFinal(&md, digest + have, NULL); + if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL) + fatal("%s: ssh_digest_start failed", __func__); + if (ssh_digest_update_buffer(hashctx, &b) != 0 || + ssh_digest_update(hashctx, hash, hashlen) != 0 || + ssh_digest_update(hashctx, digest, have) != 0) + fatal("%s: ssh_digest_update failed", __func__); + if (ssh_digest_final(hashctx, digest + have, mdsz) != 0) + fatal("%s: ssh_digest_final failed", __func__); + ssh_digest_free(hashctx); } buffer_free(&b); #ifdef DEBUG_KEX @@ -526,14 +596,15 @@ Newkeys *current_keys[MODE_MAX]; #define NKEYS 6 void -kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret) +kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, + const u_char *shared_secret, u_int slen) { u_char *keys[NKEYS]; u_int i, mode, ctos; for (i = 0; i < NKEYS; i++) { keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen, - shared_secret); + shared_secret, slen); } debug2("kex_derive_keys"); @@ -548,6 +619,20 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret) } } +#ifdef WITH_OPENSSL +void +kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) +{ + Buffer shared_secret; + + buffer_init(&shared_secret); + buffer_put_bignum2(&shared_secret, secret); + kex_derive_keys(kex, hash, hashlen, + buffer_ptr(&shared_secret), buffer_len(&shared_secret)); + buffer_free(&shared_secret); +} +#endif + Newkeys * kex_get_newkeys(int mode) { @@ -558,38 +643,40 @@ kex_get_newkeys(int mode) return ret; } +#ifdef WITH_SSH1 void derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, u_int8_t cookie[8], u_int8_t id[16]) { - const EVP_MD *evp_md = EVP_md5(); - EVP_MD_CTX md; - u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE]; + u_int8_t nbuf[2048], obuf[SSH_DIGEST_MAX_LENGTH]; int len; + struct ssh_digest_ctx *hashctx; - EVP_DigestInit(&md, evp_md); + if ((hashctx = ssh_digest_start(SSH_DIGEST_MD5)) == NULL) + fatal("%s: ssh_digest_start", __func__); len = BN_num_bytes(host_modulus); if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) fatal("%s: bad host modulus (len %d)", __func__, len); BN_bn2bin(host_modulus, nbuf); - EVP_DigestUpdate(&md, nbuf, len); + if (ssh_digest_update(hashctx, nbuf, len) != 0) + fatal("%s: ssh_digest_update failed", __func__); len = BN_num_bytes(server_modulus); if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) fatal("%s: bad server modulus (len %d)", __func__, len); BN_bn2bin(server_modulus, nbuf); - EVP_DigestUpdate(&md, nbuf, len); - - EVP_DigestUpdate(&md, cookie, 8); - - EVP_DigestFinal(&md, obuf, NULL); - memcpy(id, obuf, 16); - - memset(nbuf, 0, sizeof(nbuf)); - memset(obuf, 0, sizeof(obuf)); - memset(&md, 0, sizeof(md)); + if (ssh_digest_update(hashctx, nbuf, len) != 0 || + ssh_digest_update(hashctx, cookie, 8) != 0) + fatal("%s: ssh_digest_update failed", __func__); + if (ssh_digest_final(hashctx, obuf, sizeof(obuf)) != 0) + fatal("%s: ssh_digest_final failed", __func__); + memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); + + explicit_bzero(nbuf, sizeof(nbuf)); + explicit_bzero(obuf, sizeof(obuf)); } +#endif #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void diff --git a/crypto/openssh/kex.h b/crypto/openssh/kex.h index 7373d3c789..4c40ec8518 100644 --- a/crypto/openssh/kex.h +++ b/crypto/openssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.52 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.64 2014/05/02 03:27:54 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -40,8 +40,10 @@ #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" #define KEX_RESUME "resume@appgate.com" -/* The following represents the family of ECDH methods */ -#define KEX_ECDH_SHA2_STEM "ecdh-sha2-" +#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" +#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" +#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" +#define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -73,6 +75,7 @@ enum kex_exchange { KEX_DH_GEX_SHA1, KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, + KEX_C25519_SHA256, KEX_MAX }; @@ -86,9 +89,10 @@ typedef struct Newkeys Newkeys; struct Enc { char *name; - Cipher *cipher; + const Cipher *cipher; int enabled; u_int key_len; + u_int iv_len; u_int block_size; u_char *key; u_char *iv; @@ -100,9 +104,9 @@ struct Mac { u_char *key; u_int key_len; int type; - const EVP_MD *evp_md; - HMAC_CTX evp_ctx; - struct umac_ctx *umac_ctx; + int etm; /* Encrypt-then-MAC */ + struct ssh_hmac_ctx *hmac_ctx; + struct umac_ctx *umac_ctx; }; struct Comp { int type; @@ -119,6 +123,7 @@ struct Kex { u_int session_id_len; Newkeys *newkeys[MODE_MAX]; u_int we_need; + u_int dh_need; int server; char *name; int hostkey_type; @@ -128,24 +133,28 @@ struct Kex { Buffer peer; sig_atomic_t done; int flags; - const EVP_MD *evp_md; + int hash_alg; + int ec_nid; char *client_version_string; char *server_version_string; int (*verify_host_key)(Key *); Key *(*load_host_public_key)(int); Key *(*load_host_private_key)(int); int (*host_key_index)(Key *); + void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int); void (*kex[KEX_MAX])(Kex *); }; int kex_names_valid(const char *); +char *kex_alg_list(char); Kex *kex_setup(char *[PROPOSAL_MAX]); void kex_finish(Kex *); void kex_send_kexinit(Kex *); void kex_input_kexinit(int, u_int32_t, void *); -void kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *); +void kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int); +void kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *); Newkeys *kex_get_newkeys(int); @@ -155,25 +164,35 @@ void kexgex_client(Kex *); void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); +void kexc25519_client(Kex *); +void kexc25519_server(Kex *); void kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); void -kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, +kexgex_hash(int, char *, char *, char *, int, char *, int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); #ifdef OPENSSL_HAS_ECC void -kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, +kex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int, char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char **, u_int *); -int kex_ecdh_name_to_nid(const char *); -const EVP_MD *kex_ecdh_name_to_evpmd(const char *); -#else -# define kex_ecdh_name_to_nid(x) (-1) -# define kex_ecdh_name_to_evpmd(x) (NULL) #endif +void +kex_c25519_hash(int, char *, char *, char *, int, + char *, int, u_char *, int, const u_char *, const u_char *, + const u_char *, u_int, u_char **, u_int *); + +#define CURVE25519_SIZE 32 +void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE]) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); +void kexc25519_shared_key(const u_char key[CURVE25519_SIZE], + const u_char pub[CURVE25519_SIZE], Buffer *out) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); void derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); diff --git a/crypto/openssh/kexecdh.c b/crypto/openssh/kexc25519.c similarity index 57% copy from crypto/openssh/kexecdh.c copy to crypto/openssh/kexc25519.c index f13f69d3b3..e3afa00551 100644 --- a/crypto/openssh/kexecdh.c +++ b/crypto/openssh/kexc25519.c @@ -1,7 +1,8 @@ -/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.7 2014/05/02 03:27:54 djm Exp $ */ /* - * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. + * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -26,8 +27,6 @@ #include "includes.h" -#ifdef OPENSSL_HAS_ECC - #include #include @@ -35,8 +34,6 @@ #include #include -#include -#include #include "buffer.h" #include "ssh2.h" @@ -44,42 +41,53 @@ #include "cipher.h" #include "kex.h" #include "log.h" +#include "digest.h" + +extern int crypto_scalarmult_curve25519(u_char a[CURVE25519_SIZE], + const u_char b[CURVE25519_SIZE], const u_char c[CURVE25519_SIZE]) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 3, CURVE25519_SIZE))); -int -kex_ecdh_name_to_nid(const char *kexname) +void +kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) { - if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) - fatal("%s: kexname too short \"%s\"", __func__, kexname); - return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); + static const u_char basepoint[CURVE25519_SIZE] = {9}; + + arc4random_buf(key, CURVE25519_SIZE); + crypto_scalarmult_curve25519(pub, key, basepoint); } -const EVP_MD * -kex_ecdh_name_to_evpmd(const char *kexname) +void +kexc25519_shared_key(const u_char key[CURVE25519_SIZE], + const u_char pub[CURVE25519_SIZE], Buffer *out) { - int nid = kex_ecdh_name_to_nid(kexname); + u_char shared_key[CURVE25519_SIZE]; - if (nid == -1) - fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname); - return key_ec_nid_to_evpmd(nid); + crypto_scalarmult_curve25519(shared_key, key, pub); +#ifdef DEBUG_KEXECDH + dump_digest("shared secret", shared_key, CURVE25519_SIZE); +#endif + buffer_clear(out); + buffer_put_bignum2_from_string(out, shared_key, CURVE25519_SIZE); + explicit_bzero(shared_key, CURVE25519_SIZE); } void -kex_ecdh_hash( - const EVP_MD *evp_md, - const EC_GROUP *ec_group, +kex_c25519_hash( + int hash_alg, char *client_version_string, char *server_version_string, char *ckexinit, int ckexinitlen, char *skexinit, int skexinitlen, u_char *serverhostkeyblob, int sbloblen, - const EC_POINT *client_dh_pub, - const EC_POINT *server_dh_pub, - const BIGNUM *shared_secret, + const u_char client_dh_pub[CURVE25519_SIZE], + const u_char server_dh_pub[CURVE25519_SIZE], + const u_char *shared_secret, u_int secretlen, u_char **hash, u_int *hashlen) { Buffer b; - EVP_MD_CTX md; - static u_char digest[EVP_MAX_MD_SIZE]; + static u_char digest[SSH_DIGEST_MAX_LENGTH]; buffer_init(&b); buffer_put_cstring(&b, client_version_string); @@ -94,24 +102,21 @@ kex_ecdh_hash( buffer_append(&b, skexinit, skexinitlen); buffer_put_string(&b, serverhostkeyblob, sbloblen); - buffer_put_ecpoint(&b, ec_group, client_dh_pub); - buffer_put_ecpoint(&b, ec_group, server_dh_pub); - buffer_put_bignum2(&b, shared_secret); + buffer_put_string(&b, client_dh_pub, CURVE25519_SIZE); + buffer_put_string(&b, server_dh_pub, CURVE25519_SIZE); + buffer_append(&b, shared_secret, secretlen); #ifdef DEBUG_KEX buffer_dump(&b); #endif - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestFinal(&md, digest, NULL); + if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0) + fatal("%s: digest_buffer failed", __func__); buffer_free(&b); #ifdef DEBUG_KEX - dump_digest("hash", digest, EVP_MD_size(evp_md)); + dump_digest("hash", digest, ssh_digest_bytes(hash_alg)); #endif *hash = digest; - *hashlen = EVP_MD_size(evp_md); + *hashlen = ssh_digest_bytes(hash_alg); } - -#endif /* OPENSSL_HAS_ECC */ diff --git a/crypto/openssh/kexecdhc.c b/crypto/openssh/kexc25519c.c similarity index 60% copy from crypto/openssh/kexecdhc.c copy to crypto/openssh/kexc25519c.c index 115d4bf834..a80678af6c 100644 --- a/crypto/openssh/kexecdhc.c +++ b/crypto/openssh/kexc25519c.c @@ -1,7 +1,8 @@ -/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. + * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -39,42 +40,29 @@ #include "kex.h" #include "log.h" #include "packet.h" -#include "dh.h" #include "ssh2.h" -#ifdef OPENSSL_HAS_ECC - -#include - void -kexecdh_client(Kex *kex) +kexc25519_client(Kex *kex) { - EC_KEY *client_key; - EC_POINT *server_public; - const EC_GROUP *group; - BIGNUM *shared_secret; Key *server_host_key; + u_char client_key[CURVE25519_SIZE]; + u_char client_pubkey[CURVE25519_SIZE]; + u_char *server_pubkey = NULL; u_char *server_host_key_blob = NULL, *signature = NULL; - u_char *kbuf, *hash; - u_int klen, slen, sbloblen, hashlen; - int curve_nid; - - if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) - fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); - if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) - fatal("%s: EC_KEY_new_by_curve_name failed", __func__); - if (EC_KEY_generate_key(client_key) != 1) - fatal("%s: EC_KEY_generate_key failed", __func__); - group = EC_KEY_get0_group(client_key); + u_char *hash; + u_int slen, sbloblen, hashlen; + Buffer shared_secret; + + kexc25519_keygen(client_key, client_pubkey); packet_start(SSH2_MSG_KEX_ECDH_INIT); - packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key)); + packet_put_string(client_pubkey, sizeof(client_pubkey)); packet_send(); debug("sending SSH2_MSG_KEX_ECDH_INIT"); #ifdef DEBUG_KEXECDH - fputs("client private key:\n", stderr); - key_dump_ec_key(client_key); + dump_digest("client private key:", client_key, sizeof(client_key)); #endif debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); @@ -93,60 +81,40 @@ kexecdh_client(Kex *kex) fatal("server_host_key verification failed"); /* Q_S, server public key */ - if ((server_public = EC_POINT_new(group)) == NULL) - fatal("%s: EC_POINT_new failed", __func__); - packet_get_ecpoint(group, server_public); - - if (key_ec_validate_public(group, server_public) != 0) - fatal("%s: invalid server public key", __func__); + server_pubkey = packet_get_string(&slen); + if (slen != CURVE25519_SIZE) + fatal("Incorrect size for server Curve25519 pubkey: %d", slen); #ifdef DEBUG_KEXECDH - fputs("server public key:\n", stderr); - key_dump_ec_point(group, server_public); + dump_digest("server public key:", server_pubkey, CURVE25519_SIZE); #endif /* signed H */ signature = packet_get_string(&slen); packet_check_eom(); - klen = (EC_GROUP_get_degree(group) + 7) / 8; - kbuf = xmalloc(klen); - if (ECDH_compute_key(kbuf, klen, server_public, - client_key, NULL) != (int)klen) - fatal("%s: ECDH_compute_key failed", __func__); - -#ifdef DEBUG_KEXECDH - dump_digest("shared secret", kbuf, klen); -#endif - if ((shared_secret = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) - fatal("%s: BN_bin2bn failed", __func__); - memset(kbuf, 0, klen); - xfree(kbuf); + buffer_init(&shared_secret); + kexc25519_shared_key(client_key, server_pubkey, &shared_secret); /* calc and verify H */ - kex_ecdh_hash( - kex->evp_md, - group, + kex_c25519_hash( + kex->hash_alg, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->my), buffer_len(&kex->my), buffer_ptr(&kex->peer), buffer_len(&kex->peer), server_host_key_blob, sbloblen, - EC_KEY_get0_public_key(client_key), - server_public, - shared_secret, + client_pubkey, + server_pubkey, + buffer_ptr(&shared_secret), buffer_len(&shared_secret), &hash, &hashlen ); - xfree(server_host_key_blob); - EC_POINT_clear_free(server_public); - EC_KEY_free(client_key); - + free(server_host_key_blob); + free(server_pubkey); if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); - xfree(signature); + free(signature); /* save session id */ if (kex->session_id == NULL) { @@ -154,15 +122,8 @@ kexecdh_client(Kex *kex) kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } - - kex_derive_keys(kex, hash, hashlen, shared_secret); - BN_clear_free(shared_secret); + kex_derive_keys(kex, hash, hashlen, + buffer_ptr(&shared_secret), buffer_len(&shared_secret)); + buffer_free(&shared_secret); kex_finish(kex); } -#else /* OPENSSL_HAS_ECC */ -void -kexecdh_client(Kex *kex) -{ - fatal("ECC support is not enabled"); -} -#endif /* OPENSSL_HAS_ECC */ diff --git a/crypto/openssh/kexecdhs.c b/crypto/openssh/kexc25519s.c similarity index 54% copy from crypto/openssh/kexecdhs.c copy to crypto/openssh/kexc25519s.c index 8c515dfa61..2b8e8efa17 100644 --- a/crypto/openssh/kexecdhs.c +++ b/crypto/openssh/kexc25519s.c @@ -1,9 +1,9 @@ -/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. + * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. * - * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright @@ -37,41 +37,24 @@ #include "kex.h" #include "log.h" #include "packet.h" -#include "dh.h" #include "ssh2.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" - -#ifdef OPENSSL_HAS_ECC - -#include void -kexecdh_server(Kex *kex) +kexc25519_server(Kex *kex) { - EC_POINT *client_public; - EC_KEY *server_key; - const EC_GROUP *group; - BIGNUM *shared_secret; Key *server_host_private, *server_host_public; u_char *server_host_key_blob = NULL, *signature = NULL; - u_char *kbuf, *hash; - u_int klen, slen, sbloblen, hashlen; - int curve_nid; - - if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) - fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); - if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) - fatal("%s: EC_KEY_new_by_curve_name failed", __func__); - if (EC_KEY_generate_key(server_key) != 1) - fatal("%s: EC_KEY_generate_key failed", __func__); - group = EC_KEY_get0_group(server_key); - + u_char server_key[CURVE25519_SIZE]; + u_char *client_pubkey = NULL; + u_char server_pubkey[CURVE25519_SIZE]; + u_char *hash; + u_int slen, sbloblen, hashlen; + Buffer shared_secret; + + /* generate private key */ + kexc25519_keygen(server_key, server_pubkey); #ifdef DEBUG_KEXECDH - fputs("server private key:\n", stderr); - key_dump_ec_key(server_key); + dump_digest("server private key:", server_key, sizeof(server_key)); #endif if (kex->load_host_public_key == NULL || @@ -81,58 +64,35 @@ kexecdh_server(Kex *kex) if (server_host_public == NULL) fatal("Unsupported hostkey type %d", kex->hostkey_type); server_host_private = kex->load_host_private_key(kex->hostkey_type); - if (server_host_private == NULL) - fatal("Missing private key for hostkey type %d", - kex->hostkey_type); debug("expecting SSH2_MSG_KEX_ECDH_INIT"); packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); - if ((client_public = EC_POINT_new(group)) == NULL) - fatal("%s: EC_POINT_new failed", __func__); - packet_get_ecpoint(group, client_public); + client_pubkey = packet_get_string(&slen); + if (slen != CURVE25519_SIZE) + fatal("Incorrect size for server Curve25519 pubkey: %d", slen); packet_check_eom(); - if (key_ec_validate_public(group, client_public) != 0) - fatal("%s: invalid client public key", __func__); - #ifdef DEBUG_KEXECDH - fputs("client public key:\n", stderr); - key_dump_ec_point(group, client_public); + dump_digest("client public key:", client_pubkey, CURVE25519_SIZE); #endif - /* Calculate shared_secret */ - klen = (EC_GROUP_get_degree(group) + 7) / 8; - kbuf = xmalloc(klen); - if (ECDH_compute_key(kbuf, klen, client_public, - server_key, NULL) != (int)klen) - fatal("%s: ECDH_compute_key failed", __func__); - -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, klen); -#endif - if ((shared_secret = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) - fatal("%s: BN_bin2bn failed", __func__); - memset(kbuf, 0, klen); - xfree(kbuf); + buffer_init(&shared_secret); + kexc25519_shared_key(server_key, client_pubkey, &shared_secret); /* calc H */ key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); - kex_ecdh_hash( - kex->evp_md, - group, + kex_c25519_hash( + kex->hash_alg, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->peer), buffer_len(&kex->peer), buffer_ptr(&kex->my), buffer_len(&kex->my), server_host_key_blob, sbloblen, - client_public, - EC_KEY_get0_public_key(server_key), - shared_secret, + client_pubkey, + server_pubkey, + buffer_ptr(&shared_secret), buffer_len(&shared_secret), &hash, &hashlen ); - EC_POINT_clear_free(client_public); /* save session id := H */ if (kex->session_id == NULL) { @@ -142,32 +102,25 @@ kexecdh_server(Kex *kex) } /* sign H */ - if (PRIVSEP(key_sign(server_host_private, &signature, &slen, - hash, hashlen)) < 0) - fatal("kexdh_server: key_sign failed"); + kex->sign(server_host_private, server_host_public, &signature, &slen, + hash, hashlen); /* destroy_sensitive_data(); */ /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ packet_start(SSH2_MSG_KEX_ECDH_REPLY); packet_put_string(server_host_key_blob, sbloblen); - packet_put_ecpoint(group, EC_KEY_get0_public_key(server_key)); + packet_put_string(server_pubkey, sizeof(server_pubkey)); packet_put_string(signature, slen); packet_send(); - xfree(signature); - xfree(server_host_key_blob); + free(signature); + free(server_host_key_blob); /* have keys, free server key */ - EC_KEY_free(server_key); + free(client_pubkey); - kex_derive_keys(kex, hash, hashlen, shared_secret); - BN_clear_free(shared_secret); + kex_derive_keys(kex, hash, hashlen, + buffer_ptr(&shared_secret), buffer_len(&shared_secret)); + buffer_free(&shared_secret); kex_finish(kex); } -#else /* OPENSSL_HAS_ECC */ -void -kexecdh_server(Kex *kex) -{ - fatal("ECC support is not enabled"); -} -#endif /* OPENSSL_HAS_ECC */ diff --git a/crypto/openssh/kexdh.c b/crypto/openssh/kexdh.c index 56e22f5bc8..e7cdadc900 100644 --- a/crypto/openssh/kexdh.c +++ b/crypto/openssh/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexdh.c,v 1.24 2014/01/09 23:20:00 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -36,6 +36,8 @@ #include "key.h" #include "cipher.h" #include "kex.h" +#include "digest.h" +#include "log.h" void kex_dh_hash( @@ -50,9 +52,7 @@ kex_dh_hash( u_char **hash, u_int *hashlen) { Buffer b; - static u_char digest[EVP_MAX_MD_SIZE]; - const EVP_MD *evp_md = EVP_sha1(); - EVP_MD_CTX md; + static u_char digest[SSH_DIGEST_MAX_LENGTH]; buffer_init(&b); buffer_put_cstring(&b, client_version_string); @@ -74,15 +74,14 @@ kex_dh_hash( #ifdef DEBUG_KEX buffer_dump(&b); #endif - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestFinal(&md, digest, NULL); + if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0) + fatal("%s: ssh_digest_buffer failed", __func__); buffer_free(&b); #ifdef DEBUG_KEX - dump_digest("hash", digest, EVP_MD_size(evp_md)); + dump_digest("hash", digest, ssh_digest_bytes(SSH_DIGEST_SHA1)); #endif *hash = digest; - *hashlen = EVP_MD_size(evp_md); + *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); } diff --git a/crypto/openssh/kexdhc.c b/crypto/openssh/kexdhc.c index 76ceb5dd89..f7a19fc134 100644 --- a/crypto/openssh/kexdhc.c +++ b/crypto/openssh/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.15 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -124,8 +124,8 @@ kexdh_client(Kex *kex) fatal("kexdh_client: BN_new failed"); if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) fatal("kexdh_client: BN_bin2bn failed"); - memset(kbuf, 0, klen); - xfree(kbuf); + explicit_bzero(kbuf, klen); + free(kbuf); /* calc and verify H */ kex_dh_hash( @@ -139,14 +139,14 @@ kexdh_client(Kex *kex) shared_secret, &hash, &hashlen ); - xfree(server_host_key_blob); + free(server_host_key_blob); BN_clear_free(dh_server_pub); DH_free(dh); if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); - xfree(signature); + free(signature); /* save session id */ if (kex->session_id == NULL) { @@ -155,7 +155,7 @@ kexdh_client(Kex *kex) memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, hashlen, shared_secret); + kex_derive_keys_bn(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } diff --git a/crypto/openssh/kexdhs.c b/crypto/openssh/kexdhs.c index f56e88764a..c3011f741d 100644 --- a/crypto/openssh/kexdhs.c +++ b/crypto/openssh/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.18 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -42,10 +42,6 @@ #include "packet.h" #include "dh.h" #include "ssh2.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" void kexdh_server(Kex *kex) @@ -80,9 +76,6 @@ kexdh_server(Kex *kex) if (server_host_public == NULL) fatal("Unsupported hostkey type %d", kex->hostkey_type); server_host_private = kex->load_host_private_key(kex->hostkey_type); - if (server_host_private == NULL) - fatal("Missing private key for hostkey type %d", - kex->hostkey_type); /* key, cert */ if ((dh_client_pub = BN_new()) == NULL) @@ -117,8 +110,8 @@ kexdh_server(Kex *kex) fatal("kexdh_server: BN_new failed"); if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) fatal("kexdh_server: BN_bin2bn failed"); - memset(kbuf, 0, klen); - xfree(kbuf); + explicit_bzero(kbuf, klen); + free(kbuf); key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); @@ -144,9 +137,8 @@ kexdh_server(Kex *kex) } /* sign H */ - if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, - hashlen)) < 0) - fatal("kexdh_server: key_sign failed"); + kex->sign(server_host_private, server_host_public, &signature, &slen, + hash, hashlen); /* destroy_sensitive_data(); */ @@ -157,12 +149,12 @@ kexdh_server(Kex *kex) packet_put_string(signature, slen); packet_send(); - xfree(signature); - xfree(server_host_key_blob); + free(signature); + free(server_host_key_blob); /* have keys, free DH */ DH_free(dh); - kex_derive_keys(kex, hash, hashlen, shared_secret); + kex_derive_keys_bn(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } diff --git a/crypto/openssh/kexecdh.c b/crypto/openssh/kexecdh.c index f13f69d3b3..c52c5e2347 100644 --- a/crypto/openssh/kexecdh.c +++ b/crypto/openssh/kexecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.5 2014/01/09 23:20:00 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -44,28 +44,11 @@ #include "cipher.h" #include "kex.h" #include "log.h" - -int -kex_ecdh_name_to_nid(const char *kexname) -{ - if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) - fatal("%s: kexname too short \"%s\"", __func__, kexname); - return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); -} - -const EVP_MD * -kex_ecdh_name_to_evpmd(const char *kexname) -{ - int nid = kex_ecdh_name_to_nid(kexname); - - if (nid == -1) - fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname); - return key_ec_nid_to_evpmd(nid); -} +#include "digest.h" void kex_ecdh_hash( - const EVP_MD *evp_md, + int hash_alg, const EC_GROUP *ec_group, char *client_version_string, char *server_version_string, @@ -78,8 +61,7 @@ kex_ecdh_hash( u_char **hash, u_int *hashlen) { Buffer b; - EVP_MD_CTX md; - static u_char digest[EVP_MAX_MD_SIZE]; + static u_char digest[SSH_DIGEST_MAX_LENGTH]; buffer_init(&b); buffer_put_cstring(&b, client_version_string); @@ -101,17 +83,15 @@ kex_ecdh_hash( #ifdef DEBUG_KEX buffer_dump(&b); #endif - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestFinal(&md, digest, NULL); + if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0) + fatal("%s: ssh_digest_buffer failed", __func__); buffer_free(&b); #ifdef DEBUG_KEX - dump_digest("hash", digest, EVP_MD_size(evp_md)); + dump_digest("hash", digest, ssh_digest_bytes(hash_alg)); #endif *hash = digest; - *hashlen = EVP_MD_size(evp_md); + *hashlen = ssh_digest_bytes(hash_alg); } - #endif /* OPENSSL_HAS_ECC */ diff --git a/crypto/openssh/kexecdhc.c b/crypto/openssh/kexecdhc.c index 115d4bf834..2f7629cca3 100644 --- a/crypto/openssh/kexecdhc.c +++ b/crypto/openssh/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.7 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -57,11 +57,8 @@ kexecdh_client(Kex *kex) u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; u_int klen, slen, sbloblen, hashlen; - int curve_nid; - if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) - fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); - if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) + if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) fatal("%s: EC_KEY_new_by_curve_name failed", __func__); if (EC_KEY_generate_key(client_key) != 1) fatal("%s: EC_KEY_generate_key failed", __func__); @@ -122,12 +119,12 @@ kexecdh_client(Kex *kex) fatal("%s: BN_new failed", __func__); if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) fatal("%s: BN_bin2bn failed", __func__); - memset(kbuf, 0, klen); - xfree(kbuf); + explicit_bzero(kbuf, klen); + free(kbuf); /* calc and verify H */ kex_ecdh_hash( - kex->evp_md, + kex->hash_alg, group, kex->client_version_string, kex->server_version_string, @@ -139,14 +136,14 @@ kexecdh_client(Kex *kex) shared_secret, &hash, &hashlen ); - xfree(server_host_key_blob); + free(server_host_key_blob); EC_POINT_clear_free(server_public); EC_KEY_free(client_key); if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); - xfree(signature); + free(signature); /* save session id */ if (kex->session_id == NULL) { @@ -155,7 +152,7 @@ kexecdh_client(Kex *kex) memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, hashlen, shared_secret); + kex_derive_keys_bn(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } diff --git a/crypto/openssh/kexecdhs.c b/crypto/openssh/kexecdhs.c index 8c515dfa61..2700b7219a 100644 --- a/crypto/openssh/kexecdhs.c +++ b/crypto/openssh/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -37,12 +37,7 @@ #include "kex.h" #include "log.h" #include "packet.h" -#include "dh.h" #include "ssh2.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" #ifdef OPENSSL_HAS_ECC @@ -59,11 +54,8 @@ kexecdh_server(Kex *kex) u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; u_int klen, slen, sbloblen, hashlen; - int curve_nid; - if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) - fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); - if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) + if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) fatal("%s: EC_KEY_new_by_curve_name failed", __func__); if (EC_KEY_generate_key(server_key) != 1) fatal("%s: EC_KEY_generate_key failed", __func__); @@ -81,9 +73,6 @@ kexecdh_server(Kex *kex) if (server_host_public == NULL) fatal("Unsupported hostkey type %d", kex->hostkey_type); server_host_private = kex->load_host_private_key(kex->hostkey_type); - if (server_host_private == NULL) - fatal("Missing private key for hostkey type %d", - kex->hostkey_type); debug("expecting SSH2_MSG_KEX_ECDH_INIT"); packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); @@ -114,13 +103,13 @@ kexecdh_server(Kex *kex) fatal("%s: BN_new failed", __func__); if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) fatal("%s: BN_bin2bn failed", __func__); - memset(kbuf, 0, klen); - xfree(kbuf); + explicit_bzero(kbuf, klen); + free(kbuf); /* calc H */ key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); kex_ecdh_hash( - kex->evp_md, + kex->hash_alg, group, kex->client_version_string, kex->server_version_string, @@ -142,9 +131,8 @@ kexecdh_server(Kex *kex) } /* sign H */ - if (PRIVSEP(key_sign(server_host_private, &signature, &slen, - hash, hashlen)) < 0) - fatal("kexdh_server: key_sign failed"); + kex->sign(server_host_private, server_host_public, &signature, &slen, + hash, hashlen); /* destroy_sensitive_data(); */ @@ -155,12 +143,12 @@ kexecdh_server(Kex *kex) packet_put_string(signature, slen); packet_send(); - xfree(signature); - xfree(server_host_key_blob); + free(signature); + free(server_host_key_blob); /* have keys, free server key */ EC_KEY_free(server_key); - kex_derive_keys(kex, hash, hashlen, shared_secret); + kex_derive_keys_bn(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } diff --git a/crypto/openssh/kexgex.c b/crypto/openssh/kexgex.c index b60ab5c53c..c2e6bc16d5 100644 --- a/crypto/openssh/kexgex.c +++ b/crypto/openssh/kexgex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgex.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexgex.c,v 1.28 2014/01/09 23:20:00 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -36,10 +36,12 @@ #include "cipher.h" #include "kex.h" #include "ssh2.h" +#include "digest.h" +#include "log.h" void kexgex_hash( - const EVP_MD *evp_md, + int hash_alg, char *client_version_string, char *server_version_string, char *ckexinit, int ckexinitlen, @@ -52,8 +54,7 @@ kexgex_hash( u_char **hash, u_int *hashlen) { Buffer b; - static u_char digest[EVP_MAX_MD_SIZE]; - EVP_MD_CTX md; + static u_char digest[SSH_DIGEST_MAX_LENGTH]; buffer_init(&b); buffer_put_cstring(&b, client_version_string); @@ -84,15 +85,14 @@ kexgex_hash( #ifdef DEBUG_KEXDH buffer_dump(&b); #endif - - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestFinal(&md, digest, NULL); + if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0) + fatal("%s: ssh_digest_buffer failed", __func__); buffer_free(&b); - *hash = digest; - *hashlen = EVP_MD_size(evp_md); -#ifdef DEBUG_KEXDH - dump_digest("hash", digest, *hashlen); + +#ifdef DEBUG_KEX + dump_digest("hash", digest, ssh_digest_bytes(hash_alg)); #endif + *hash = digest; + *hashlen = ssh_digest_bytes(hash_alg); } diff --git a/crypto/openssh/kexgexc.c b/crypto/openssh/kexgexc.c index 79552d7098..355b7ba311 100644 --- a/crypto/openssh/kexgexc.c +++ b/crypto/openssh/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.17 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -58,7 +58,7 @@ kexgex_client(Kex *kex) int min, max, nbits; DH *dh; - nbits = dh_estimate(kex->we_need * 8); + nbits = dh_estimate(kex->dh_need * 8); if (datafellows & SSH_OLD_DHGEX) { /* Old GEX request */ @@ -162,15 +162,15 @@ kexgex_client(Kex *kex) fatal("kexgex_client: BN_new failed"); if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) fatal("kexgex_client: BN_bin2bn failed"); - memset(kbuf, 0, klen); - xfree(kbuf); + explicit_bzero(kbuf, klen); + free(kbuf); if (datafellows & SSH_OLD_DHGEX) min = max = -1; /* calc and verify H */ kexgex_hash( - kex->evp_md, + kex->hash_alg, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->my), buffer_len(&kex->my), @@ -186,13 +186,13 @@ kexgex_client(Kex *kex) /* have keys, free DH */ DH_free(dh); - xfree(server_host_key_blob); + free(server_host_key_blob); BN_clear_free(dh_server_pub); if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); - xfree(signature); + free(signature); /* save session id */ if (kex->session_id == NULL) { @@ -200,7 +200,7 @@ kexgex_client(Kex *kex) kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, hashlen, shared_secret); + kex_derive_keys_bn(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); diff --git a/crypto/openssh/kexgexs.c b/crypto/openssh/kexgexs.c index a5e3df7bcc..770ad28a8d 100644 --- a/crypto/openssh/kexgexs.c +++ b/crypto/openssh/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.19 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -68,10 +68,6 @@ kexgex_server(Kex *kex) if (server_host_public == NULL) fatal("Unsupported hostkey type %d", kex->hostkey_type); server_host_private = kex->load_host_private_key(kex->hostkey_type); - if (server_host_private == NULL) - fatal("Missing private key for hostkey type %d", - kex->hostkey_type); - type = packet_read(); switch (type) { @@ -154,8 +150,8 @@ kexgex_server(Kex *kex) fatal("kexgex_server: BN_new failed"); if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) fatal("kexgex_server: BN_bin2bn failed"); - memset(kbuf, 0, klen); - xfree(kbuf); + explicit_bzero(kbuf, klen); + free(kbuf); key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); @@ -164,7 +160,7 @@ kexgex_server(Kex *kex) /* calc H */ kexgex_hash( - kex->evp_md, + kex->hash_alg, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->peer), buffer_len(&kex->peer), @@ -187,9 +183,8 @@ kexgex_server(Kex *kex) } /* sign H */ - if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, - hashlen)) < 0) - fatal("kexgex_server: key_sign failed"); + kex->sign(server_host_private, server_host_public, &signature, &slen, + hash, hashlen); /* destroy_sensitive_data(); */ @@ -201,12 +196,12 @@ kexgex_server(Kex *kex) packet_put_string(signature, slen); packet_send(); - xfree(signature); - xfree(server_host_key_blob); + free(signature); + free(server_host_key_blob); /* have keys, free DH */ DH_free(dh); - kex_derive_keys(kex, hash, hashlen, shared_secret); + kex_derive_keys_bn(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c dissimilarity index 97% index 7e9099703e..206076159a 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -1,2273 +1,479 @@ -/* $OpenBSD: key.c,v 1.99 2012/05/23 03:28:28 djm Exp $ */ -/* - * read_bignum(): - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. - * Copyright (c) 2008 Alexander von Gernler. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include - -#include -#include - -#include -#include -#include - -#include "xmalloc.h" -#include "key.h" -#include "rsa.h" -#include "uuencode.h" -#include "buffer.h" -#include "log.h" -#include "misc.h" -#include "ssh2.h" - -static struct KeyCert * -cert_new(void) -{ - struct KeyCert *cert; - - cert = xcalloc(1, sizeof(*cert)); - buffer_init(&cert->certblob); - buffer_init(&cert->critical); - buffer_init(&cert->extensions); - cert->key_id = NULL; - cert->principals = NULL; - cert->signature_key = NULL; - return cert; -} - -Key * -key_new(int type) -{ - Key *k; - RSA *rsa; - DSA *dsa; - k = xcalloc(1, sizeof(*k)); - k->type = type; - k->ecdsa = NULL; - k->ecdsa_nid = -1; - k->dsa = NULL; - k->rsa = NULL; - k->cert = NULL; - switch (k->type) { - case KEY_RSA1: - case KEY_RSA: - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - if ((rsa = RSA_new()) == NULL) - fatal("key_new: RSA_new failed"); - if ((rsa->n = BN_new()) == NULL) - fatal("key_new: BN_new failed"); - if ((rsa->e = BN_new()) == NULL) - fatal("key_new: BN_new failed"); - k->rsa = rsa; - break; - case KEY_DSA: - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - if ((dsa = DSA_new()) == NULL) - fatal("key_new: DSA_new failed"); - if ((dsa->p = BN_new()) == NULL) - fatal("key_new: BN_new failed"); - if ((dsa->q = BN_new()) == NULL) - fatal("key_new: BN_new failed"); - if ((dsa->g = BN_new()) == NULL) - fatal("key_new: BN_new failed"); - if ((dsa->pub_key = BN_new()) == NULL) - fatal("key_new: BN_new failed"); - k->dsa = dsa; - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - /* Cannot do anything until we know the group */ - break; -#endif - case KEY_UNSPEC: - break; - default: - fatal("key_new: bad key type %d", k->type); - break; - } - - if (key_is_cert(k)) - k->cert = cert_new(); - - return k; -} - -void -key_add_private(Key *k) -{ - switch (k->type) { - case KEY_RSA1: - case KEY_RSA: - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - if ((k->rsa->d = BN_new()) == NULL) - fatal("key_new_private: BN_new failed"); - if ((k->rsa->iqmp = BN_new()) == NULL) - fatal("key_new_private: BN_new failed"); - if ((k->rsa->q = BN_new()) == NULL) - fatal("key_new_private: BN_new failed"); - if ((k->rsa->p = BN_new()) == NULL) - fatal("key_new_private: BN_new failed"); - if ((k->rsa->dmq1 = BN_new()) == NULL) - fatal("key_new_private: BN_new failed"); - if ((k->rsa->dmp1 = BN_new()) == NULL) - fatal("key_new_private: BN_new failed"); - break; - case KEY_DSA: - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - if ((k->dsa->priv_key = BN_new()) == NULL) - fatal("key_new_private: BN_new failed"); - break; - case KEY_ECDSA: - case KEY_ECDSA_CERT: - /* Cannot do anything until we know the group */ - break; - case KEY_UNSPEC: - break; - default: - break; - } -} - -Key * -key_new_private(int type) -{ - Key *k = key_new(type); - - key_add_private(k); - return k; -} - -static void -cert_free(struct KeyCert *cert) -{ - u_int i; - - buffer_free(&cert->certblob); - buffer_free(&cert->critical); - buffer_free(&cert->extensions); - if (cert->key_id != NULL) - xfree(cert->key_id); - for (i = 0; i < cert->nprincipals; i++) - xfree(cert->principals[i]); - if (cert->principals != NULL) - xfree(cert->principals); - if (cert->signature_key != NULL) - key_free(cert->signature_key); -} - -void -key_free(Key *k) -{ - if (k == NULL) - fatal("key_free: key is NULL"); - switch (k->type) { - case KEY_RSA1: - case KEY_RSA: - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - if (k->rsa != NULL) - RSA_free(k->rsa); - k->rsa = NULL; - break; - case KEY_DSA: - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - if (k->dsa != NULL) - DSA_free(k->dsa); - k->dsa = NULL; - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - if (k->ecdsa != NULL) - EC_KEY_free(k->ecdsa); - k->ecdsa = NULL; - break; -#endif - case KEY_UNSPEC: - break; - default: - fatal("key_free: bad key type %d", k->type); - break; - } - if (key_is_cert(k)) { - if (k->cert != NULL) - cert_free(k->cert); - k->cert = NULL; - } - - xfree(k); -} - -static int -cert_compare(struct KeyCert *a, struct KeyCert *b) -{ - if (a == NULL && b == NULL) - return 1; - if (a == NULL || b == NULL) - return 0; - if (buffer_len(&a->certblob) != buffer_len(&b->certblob)) - return 0; - if (timingsafe_bcmp(buffer_ptr(&a->certblob), buffer_ptr(&b->certblob), - buffer_len(&a->certblob)) != 0) - return 0; - return 1; -} - -/* - * Compare public portions of key only, allowing comparisons between - * certificates and plain keys too. - */ -int -key_equal_public(const Key *a, const Key *b) -{ -#ifdef OPENSSL_HAS_ECC - BN_CTX *bnctx; -#endif - - if (a == NULL || b == NULL || - key_type_plain(a->type) != key_type_plain(b->type)) - return 0; - - switch (a->type) { - case KEY_RSA1: - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - case KEY_RSA: - return a->rsa != NULL && b->rsa != NULL && - BN_cmp(a->rsa->e, b->rsa->e) == 0 && - BN_cmp(a->rsa->n, b->rsa->n) == 0; - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - case KEY_DSA: - return a->dsa != NULL && b->dsa != NULL && - BN_cmp(a->dsa->p, b->dsa->p) == 0 && - BN_cmp(a->dsa->q, b->dsa->q) == 0 && - BN_cmp(a->dsa->g, b->dsa->g) == 0 && - BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - if (a->ecdsa == NULL || b->ecdsa == NULL || - EC_KEY_get0_public_key(a->ecdsa) == NULL || - EC_KEY_get0_public_key(b->ecdsa) == NULL) - return 0; - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new failed", __func__); - if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa), - EC_KEY_get0_group(b->ecdsa), bnctx) != 0 || - EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa), - EC_KEY_get0_public_key(a->ecdsa), - EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) { - BN_CTX_free(bnctx); - return 0; - } - BN_CTX_free(bnctx); - return 1; -#endif /* OPENSSL_HAS_ECC */ - default: - fatal("key_equal: bad key type %d", a->type); - } - /* NOTREACHED */ -} - -int -key_equal(const Key *a, const Key *b) -{ - if (a == NULL || b == NULL || a->type != b->type) - return 0; - if (key_is_cert(a)) { - if (!cert_compare(a->cert, b->cert)) - return 0; - } - return key_equal_public(a, b); -} - -u_char* -key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) -{ - const EVP_MD *md = NULL; - EVP_MD_CTX ctx; - u_char *blob = NULL; - u_char *retval = NULL; - u_int len = 0; - int nlen, elen, otype; - - *dgst_raw_length = 0; - - switch (dgst_type) { - case SSH_FP_MD5: - md = EVP_md5(); - break; - case SSH_FP_SHA1: - md = EVP_sha1(); - break; -#ifdef HAVE_EVP_SHA256 - case SSH_FP_SHA256: - md = EVP_sha256(); - break; -#endif - default: - fatal("key_fingerprint_raw: bad digest type %d", - dgst_type); - } - switch (k->type) { - case KEY_RSA1: - nlen = BN_num_bytes(k->rsa->n); - elen = BN_num_bytes(k->rsa->e); - len = nlen + elen; - blob = xmalloc(len); - BN_bn2bin(k->rsa->n, blob); - BN_bn2bin(k->rsa->e, blob + nlen); - break; - case KEY_DSA: - case KEY_ECDSA: - case KEY_RSA: - key_to_blob(k, &blob, &len); - break; - case KEY_DSA_CERT_V00: - case KEY_RSA_CERT_V00: - case KEY_DSA_CERT: - case KEY_ECDSA_CERT: - case KEY_RSA_CERT: - /* We want a fingerprint of the _key_ not of the cert */ - otype = k->type; - k->type = key_type_plain(k->type); - key_to_blob(k, &blob, &len); - k->type = otype; - break; - case KEY_UNSPEC: - return retval; - default: - fatal("key_fingerprint_raw: bad key type %d", k->type); - break; - } - if (blob != NULL) { - retval = xmalloc(EVP_MAX_MD_SIZE); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, blob, len); - EVP_DigestFinal(&ctx, retval, dgst_raw_length); - memset(blob, 0, len); - xfree(blob); - } else { - fatal("key_fingerprint_raw: blob is null"); - } - return retval; -} - -static char * -key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) -{ - char *retval; - u_int i; - - retval = xcalloc(1, dgst_raw_len * 3 + 1); - for (i = 0; i < dgst_raw_len; i++) { - char hex[4]; - snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); - strlcat(retval, hex, dgst_raw_len * 3 + 1); - } - - /* Remove the trailing ':' character */ - retval[(dgst_raw_len * 3) - 1] = '\0'; - return retval; -} - -static char * -key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) -{ - char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; - char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', - 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; - u_int i, j = 0, rounds, seed = 1; - char *retval; - - rounds = (dgst_raw_len / 2) + 1; - retval = xcalloc((rounds * 6), sizeof(char)); - retval[j++] = 'x'; - for (i = 0; i < rounds; i++) { - u_int idx0, idx1, idx2, idx3, idx4; - if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) { - idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) + - seed) % 6; - idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15; - idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) + - (seed / 6)) % 6; - retval[j++] = vowels[idx0]; - retval[j++] = consonants[idx1]; - retval[j++] = vowels[idx2]; - if ((i + 1) < rounds) { - idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15; - idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15; - retval[j++] = consonants[idx3]; - retval[j++] = '-'; - retval[j++] = consonants[idx4]; - seed = ((seed * 5) + - ((((u_int)(dgst_raw[2 * i])) * 7) + - ((u_int)(dgst_raw[(2 * i) + 1])))) % 36; - } - } else { - idx0 = seed % 6; - idx1 = 16; - idx2 = seed / 6; - retval[j++] = vowels[idx0]; - retval[j++] = consonants[idx1]; - retval[j++] = vowels[idx2]; - } - } - retval[j++] = 'x'; - retval[j++] = '\0'; - return retval; -} - -/* - * Draw an ASCII-Art representing the fingerprint so human brain can - * profit from its built-in pattern recognition ability. - * This technique is called "random art" and can be found in some - * scientific publications like this original paper: - * - * "Hash Visualization: a New Technique to improve Real-World Security", - * Perrig A. and Song D., 1999, International Workshop on Cryptographic - * Techniques and E-Commerce (CrypTEC '99) - * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf - * - * The subject came up in a talk by Dan Kaminsky, too. - * - * If you see the picture is different, the key is different. - * If the picture looks the same, you still know nothing. - * - * The algorithm used here is a worm crawling over a discrete plane, - * leaving a trace (augmenting the field) everywhere it goes. - * Movement is taken from dgst_raw 2bit-wise. Bumping into walls - * makes the respective movement vector be ignored for this turn. - * Graphs are not unambiguous, because circles in graphs can be - * walked in either direction. - */ - -/* - * Field sizes for the random art. Have to be odd, so the starting point - * can be in the exact middle of the picture, and FLDBASE should be >=8 . - * Else pictures would be too dense, and drawing the frame would - * fail, too, because the key type would not fit in anymore. - */ -#define FLDBASE 8 -#define FLDSIZE_Y (FLDBASE + 1) -#define FLDSIZE_X (FLDBASE * 2 + 1) -static char * -key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k) -{ - /* - * Chars to be used after each other every time the worm - * intersects with itself. Matter of taste. - */ - char *augmentation_string = " .o+=*BOX@%&#/^SE"; - char *retval, *p; - u_char field[FLDSIZE_X][FLDSIZE_Y]; - u_int i, b; - int x, y; - size_t len = strlen(augmentation_string) - 1; - - retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2)); - - /* initialize field */ - memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char)); - x = FLDSIZE_X / 2; - y = FLDSIZE_Y / 2; - - /* process raw key */ - for (i = 0; i < dgst_raw_len; i++) { - int input; - /* each byte conveys four 2-bit move commands */ - input = dgst_raw[i]; - for (b = 0; b < 4; b++) { - /* evaluate 2 bit, rest is shifted later */ - x += (input & 0x1) ? 1 : -1; - y += (input & 0x2) ? 1 : -1; - - /* assure we are still in bounds */ - x = MAX(x, 0); - y = MAX(y, 0); - x = MIN(x, FLDSIZE_X - 1); - y = MIN(y, FLDSIZE_Y - 1); - - /* augment the field */ - if (field[x][y] < len - 2) - field[x][y]++; - input = input >> 2; - } - } - - /* mark starting point and end point*/ - field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1; - field[x][y] = len; - - /* fill in retval */ - snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type(k), key_size(k)); - p = strchr(retval, '\0'); - - /* output upper border */ - for (i = p - retval - 1; i < FLDSIZE_X; i++) - *p++ = '-'; - *p++ = '+'; - *p++ = '\n'; - - /* output content */ - for (y = 0; y < FLDSIZE_Y; y++) { - *p++ = '|'; - for (x = 0; x < FLDSIZE_X; x++) - *p++ = augmentation_string[MIN(field[x][y], len)]; - *p++ = '|'; - *p++ = '\n'; - } - - /* output lower border */ - *p++ = '+'; - for (i = 0; i < FLDSIZE_X; i++) - *p++ = '-'; - *p++ = '+'; - - return retval; -} - -char * -key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) -{ - char *retval = NULL; - u_char *dgst_raw; - u_int dgst_raw_len; - - dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len); - if (!dgst_raw) - fatal("key_fingerprint: null from key_fingerprint_raw()"); - switch (dgst_rep) { - case SSH_FP_HEX: - retval = key_fingerprint_hex(dgst_raw, dgst_raw_len); - break; - case SSH_FP_BUBBLEBABBLE: - retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len); - break; - case SSH_FP_RANDOMART: - retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k); - break; - default: - fatal("key_fingerprint: bad digest representation %d", - dgst_rep); - break; - } - memset(dgst_raw, 0, dgst_raw_len); - xfree(dgst_raw); - return retval; -} - -/* - * Reads a multiple-precision integer in decimal from the buffer, and advances - * the pointer. The integer must already be initialized. This function is - * permitted to modify the buffer. This leaves *cpp to point just beyond the - * last processed (and maybe modified) character. Note that this may modify - * the buffer containing the number. - */ -static int -read_bignum(char **cpp, BIGNUM * value) -{ - char *cp = *cpp; - int old; - - /* Skip any leading whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - - /* Check that it begins with a decimal digit. */ - if (*cp < '0' || *cp > '9') - return 0; - - /* Save starting position. */ - *cpp = cp; - - /* Move forward until all decimal digits skipped. */ - for (; *cp >= '0' && *cp <= '9'; cp++) - ; - - /* Save the old terminating character, and replace it by \0. */ - old = *cp; - *cp = 0; - - /* Parse the number. */ - if (BN_dec2bn(&value, *cpp) == 0) - return 0; - - /* Restore old terminating character. */ - *cp = old; - - /* Move beyond the number and return success. */ - *cpp = cp; - return 1; -} - -static int -write_bignum(FILE *f, BIGNUM *num) -{ - char *buf = BN_bn2dec(num); - if (buf == NULL) { - error("write_bignum: BN_bn2dec() failed"); - return 0; - } - fprintf(f, " %s", buf); - OPENSSL_free(buf); - return 1; -} - -/* returns 1 ok, -1 error */ -int -key_read(Key *ret, char **cpp) -{ - Key *k; - int success = -1; - char *cp, *space; - int len, n, type; - u_int bits; - u_char *blob; -#ifdef OPENSSL_HAS_ECC - int curve_nid = -1; -#endif - - cp = *cpp; - - switch (ret->type) { - case KEY_RSA1: - /* Get number of bits. */ - if (*cp < '0' || *cp > '9') - return -1; /* Bad bit count... */ - for (bits = 0; *cp >= '0' && *cp <= '9'; cp++) - bits = 10 * bits + *cp - '0'; - if (bits == 0) - return -1; - *cpp = cp; - /* Get public exponent, public modulus. */ - if (!read_bignum(cpp, ret->rsa->e)) - return -1; - if (!read_bignum(cpp, ret->rsa->n)) - return -1; - /* validate the claimed number of bits */ - if ((u_int)BN_num_bits(ret->rsa->n) != bits) { - verbose("key_read: claimed key size %d does not match " - "actual %d", bits, BN_num_bits(ret->rsa->n)); - return -1; - } - success = 1; - break; - case KEY_UNSPEC: - case KEY_RSA: - case KEY_DSA: - case KEY_ECDSA: - case KEY_DSA_CERT_V00: - case KEY_RSA_CERT_V00: - case KEY_DSA_CERT: - case KEY_ECDSA_CERT: - case KEY_RSA_CERT: - space = strchr(cp, ' '); - if (space == NULL) { - debug3("key_read: missing whitespace"); - return -1; - } - *space = '\0'; - type = key_type_from_name(cp); -#ifdef OPENSSL_HAS_ECC - if (key_type_plain(type) == KEY_ECDSA && - (curve_nid = key_ecdsa_nid_from_name(cp)) == -1) { - debug("key_read: invalid curve"); - return -1; - } -#endif - *space = ' '; - if (type == KEY_UNSPEC) { - debug3("key_read: missing keytype"); - return -1; - } - cp = space+1; - if (*cp == '\0') { - debug3("key_read: short string"); - return -1; - } - if (ret->type == KEY_UNSPEC) { - ret->type = type; - } else if (ret->type != type) { - /* is a key, but different type */ - debug3("key_read: type mismatch"); - return -1; - } - len = 2*strlen(cp); - blob = xmalloc(len); - n = uudecode(cp, blob, len); - if (n < 0) { - error("key_read: uudecode %s failed", cp); - xfree(blob); - return -1; - } - k = key_from_blob(blob, (u_int)n); - xfree(blob); - if (k == NULL) { - error("key_read: key_from_blob %s failed", cp); - return -1; - } - if (k->type != type) { - error("key_read: type mismatch: encoding error"); - key_free(k); - return -1; - } -#ifdef OPENSSL_HAS_ECC - if (key_type_plain(type) == KEY_ECDSA && - curve_nid != k->ecdsa_nid) { - error("key_read: type mismatch: EC curve mismatch"); - key_free(k); - return -1; - } -#endif -/*XXXX*/ - if (key_is_cert(ret)) { - if (!key_is_cert(k)) { - error("key_read: loaded key is not a cert"); - key_free(k); - return -1; - } - if (ret->cert != NULL) - cert_free(ret->cert); - ret->cert = k->cert; - k->cert = NULL; - } - if (key_type_plain(ret->type) == KEY_RSA) { - if (ret->rsa != NULL) - RSA_free(ret->rsa); - ret->rsa = k->rsa; - k->rsa = NULL; -#ifdef DEBUG_PK - RSA_print_fp(stderr, ret->rsa, 8); -#endif - } - if (key_type_plain(ret->type) == KEY_DSA) { - if (ret->dsa != NULL) - DSA_free(ret->dsa); - ret->dsa = k->dsa; - k->dsa = NULL; -#ifdef DEBUG_PK - DSA_print_fp(stderr, ret->dsa, 8); -#endif - } -#ifdef OPENSSL_HAS_ECC - if (key_type_plain(ret->type) == KEY_ECDSA) { - if (ret->ecdsa != NULL) - EC_KEY_free(ret->ecdsa); - ret->ecdsa = k->ecdsa; - ret->ecdsa_nid = k->ecdsa_nid; - k->ecdsa = NULL; - k->ecdsa_nid = -1; -#ifdef DEBUG_PK - key_dump_ec_key(ret->ecdsa); -#endif - } -#endif - success = 1; -/*XXXX*/ - key_free(k); - if (success != 1) - break; - /* advance cp: skip whitespace and data */ - while (*cp == ' ' || *cp == '\t') - cp++; - while (*cp != '\0' && *cp != ' ' && *cp != '\t') - cp++; - *cpp = cp; - break; - default: - fatal("key_read: bad key type: %d", ret->type); - break; - } - return success; -} - -int -key_write(const Key *key, FILE *f) -{ - int n, success = 0; - u_int len, bits = 0; - u_char *blob; - char *uu; - - if (key_is_cert(key)) { - if (key->cert == NULL) { - error("%s: no cert data", __func__); - return 0; - } - if (buffer_len(&key->cert->certblob) == 0) { - error("%s: no signed certificate blob", __func__); - return 0; - } - } - - switch (key->type) { - case KEY_RSA1: - if (key->rsa == NULL) - return 0; - /* size of modulus 'n' */ - bits = BN_num_bits(key->rsa->n); - fprintf(f, "%u", bits); - if (write_bignum(f, key->rsa->e) && - write_bignum(f, key->rsa->n)) - return 1; - error("key_write: failed for RSA key"); - return 0; - case KEY_DSA: - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - if (key->dsa == NULL) - return 0; - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - if (key->ecdsa == NULL) - return 0; - break; -#endif - case KEY_RSA: - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - if (key->rsa == NULL) - return 0; - break; - default: - return 0; - } - - key_to_blob(key, &blob, &len); - uu = xmalloc(2*len); - n = uuencode(blob, len, uu, 2*len); - if (n > 0) { - fprintf(f, "%s %s", key_ssh_name(key), uu); - success = 1; - } - xfree(blob); - xfree(uu); - - return success; -} - -const char * -key_type(const Key *k) -{ - switch (k->type) { - case KEY_RSA1: - return "RSA1"; - case KEY_RSA: - return "RSA"; - case KEY_DSA: - return "DSA"; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - return "ECDSA"; -#endif - case KEY_RSA_CERT_V00: - return "RSA-CERT-V00"; - case KEY_DSA_CERT_V00: - return "DSA-CERT-V00"; - case KEY_RSA_CERT: - return "RSA-CERT"; - case KEY_DSA_CERT: - return "DSA-CERT"; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - return "ECDSA-CERT"; -#endif - } - return "unknown"; -} - -const char * -key_cert_type(const Key *k) -{ - switch (k->cert->type) { - case SSH2_CERT_TYPE_USER: - return "user"; - case SSH2_CERT_TYPE_HOST: - return "host"; - default: - return "unknown"; - } -} - -static const char * -key_ssh_name_from_type_nid(int type, int nid) -{ - switch (type) { - case KEY_RSA: - return "ssh-rsa"; - case KEY_DSA: - return "ssh-dss"; - case KEY_RSA_CERT_V00: - return "ssh-rsa-cert-v00@openssh.com"; - case KEY_DSA_CERT_V00: - return "ssh-dss-cert-v00@openssh.com"; - case KEY_RSA_CERT: - return "ssh-rsa-cert-v01@openssh.com"; - case KEY_DSA_CERT: - return "ssh-dss-cert-v01@openssh.com"; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - switch (nid) { - case NID_X9_62_prime256v1: - return "ecdsa-sha2-nistp256"; - case NID_secp384r1: - return "ecdsa-sha2-nistp384"; - case NID_secp521r1: - return "ecdsa-sha2-nistp521"; - default: - break; - } - break; - case KEY_ECDSA_CERT: - switch (nid) { - case NID_X9_62_prime256v1: - return "ecdsa-sha2-nistp256-cert-v01@openssh.com"; - case NID_secp384r1: - return "ecdsa-sha2-nistp384-cert-v01@openssh.com"; - case NID_secp521r1: - return "ecdsa-sha2-nistp521-cert-v01@openssh.com"; - default: - break; - } - break; -#endif /* OPENSSL_HAS_ECC */ - } - return "ssh-unknown"; -} - -const char * -key_ssh_name(const Key *k) -{ - return key_ssh_name_from_type_nid(k->type, k->ecdsa_nid); -} - -const char * -key_ssh_name_plain(const Key *k) -{ - return key_ssh_name_from_type_nid(key_type_plain(k->type), - k->ecdsa_nid); -} - -u_int -key_size(const Key *k) -{ - switch (k->type) { - case KEY_RSA1: - case KEY_RSA: - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - return BN_num_bits(k->rsa->n); - case KEY_DSA: - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - return BN_num_bits(k->dsa->p); -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - return key_curve_nid_to_bits(k->ecdsa_nid); -#endif - } - return 0; -} - -static RSA * -rsa_generate_private_key(u_int bits) -{ - RSA *private = RSA_new(); - BIGNUM *f4 = BN_new(); - - if (private == NULL) - fatal("%s: RSA_new failed", __func__); - if (f4 == NULL) - fatal("%s: BN_new failed", __func__); - if (!BN_set_word(f4, RSA_F4)) - fatal("%s: BN_new failed", __func__); - if (!RSA_generate_key_ex(private, bits, f4, NULL)) - fatal("%s: key generation failed.", __func__); - BN_free(f4); - return private; -} - -static DSA* -dsa_generate_private_key(u_int bits) -{ - DSA *private = DSA_new(); - - if (private == NULL) - fatal("%s: DSA_new failed", __func__); - if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, - NULL, NULL)) - fatal("%s: DSA_generate_parameters failed", __func__); - if (!DSA_generate_key(private)) - fatal("%s: DSA_generate_key failed.", __func__); - return private; -} - -int -key_ecdsa_bits_to_nid(int bits) -{ - switch (bits) { -#ifdef OPENSSL_HAS_ECC - case 256: - return NID_X9_62_prime256v1; - case 384: - return NID_secp384r1; - case 521: - return NID_secp521r1; -#endif - default: - return -1; - } -} - -#ifdef OPENSSL_HAS_ECC -int -key_ecdsa_key_to_nid(EC_KEY *k) -{ - EC_GROUP *eg; - int nids[] = { - NID_X9_62_prime256v1, - NID_secp384r1, - NID_secp521r1, - -1 - }; - int nid; - u_int i; - BN_CTX *bnctx; - const EC_GROUP *g = EC_KEY_get0_group(k); - - /* - * The group may be stored in a ASN.1 encoded private key in one of two - * ways: as a "named group", which is reconstituted by ASN.1 object ID - * or explicit group parameters encoded into the key blob. Only the - * "named group" case sets the group NID for us, but we can figure - * it out for the other case by comparing against all the groups that - * are supported. - */ - if ((nid = EC_GROUP_get_curve_name(g)) > 0) - return nid; - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new() failed", __func__); - for (i = 0; nids[i] != -1; i++) { - if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) - fatal("%s: EC_GROUP_new_by_curve_name failed", - __func__); - if (EC_GROUP_cmp(g, eg, bnctx) == 0) - break; - EC_GROUP_free(eg); - } - BN_CTX_free(bnctx); - debug3("%s: nid = %d", __func__, nids[i]); - if (nids[i] != -1) { - /* Use the group with the NID attached */ - EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); - if (EC_KEY_set_group(k, eg) != 1) - fatal("%s: EC_KEY_set_group", __func__); - } - return nids[i]; -} - -static EC_KEY* -ecdsa_generate_private_key(u_int bits, int *nid) -{ - EC_KEY *private; - - if ((*nid = key_ecdsa_bits_to_nid(bits)) == -1) - fatal("%s: invalid key length", __func__); - if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) - fatal("%s: EC_KEY_new_by_curve_name failed", __func__); - if (EC_KEY_generate_key(private) != 1) - fatal("%s: EC_KEY_generate_key failed", __func__); - EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); - return private; -} -#endif /* OPENSSL_HAS_ECC */ - -Key * -key_generate(int type, u_int bits) -{ - Key *k = key_new(KEY_UNSPEC); - switch (type) { - case KEY_DSA: - k->dsa = dsa_generate_private_key(bits); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - k->ecdsa = ecdsa_generate_private_key(bits, &k->ecdsa_nid); - break; -#endif - case KEY_RSA: - case KEY_RSA1: - k->rsa = rsa_generate_private_key(bits); - break; - case KEY_RSA_CERT_V00: - case KEY_DSA_CERT_V00: - case KEY_RSA_CERT: - case KEY_DSA_CERT: - fatal("key_generate: cert keys cannot be generated directly"); - default: - fatal("key_generate: unknown type %d", type); - } - k->type = type; - return k; -} - -void -key_cert_copy(const Key *from_key, struct Key *to_key) -{ - u_int i; - const struct KeyCert *from; - struct KeyCert *to; - - if (to_key->cert != NULL) { - cert_free(to_key->cert); - to_key->cert = NULL; - } - - if ((from = from_key->cert) == NULL) - return; - - to = to_key->cert = cert_new(); - - buffer_append(&to->certblob, buffer_ptr(&from->certblob), - buffer_len(&from->certblob)); - - buffer_append(&to->critical, - buffer_ptr(&from->critical), buffer_len(&from->critical)); - buffer_append(&to->extensions, - buffer_ptr(&from->extensions), buffer_len(&from->extensions)); - - to->serial = from->serial; - to->type = from->type; - to->key_id = from->key_id == NULL ? NULL : xstrdup(from->key_id); - to->valid_after = from->valid_after; - to->valid_before = from->valid_before; - to->signature_key = from->signature_key == NULL ? - NULL : key_from_private(from->signature_key); - - to->nprincipals = from->nprincipals; - if (to->nprincipals > CERT_MAX_PRINCIPALS) - fatal("%s: nprincipals (%u) > CERT_MAX_PRINCIPALS (%u)", - __func__, to->nprincipals, CERT_MAX_PRINCIPALS); - if (to->nprincipals > 0) { - to->principals = xcalloc(from->nprincipals, - sizeof(*to->principals)); - for (i = 0; i < to->nprincipals; i++) - to->principals[i] = xstrdup(from->principals[i]); - } -} - -Key * -key_from_private(const Key *k) -{ - Key *n = NULL; - switch (k->type) { - case KEY_DSA: - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - n = key_new(k->type); - if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || - (BN_copy(n->dsa->q, k->dsa->q) == NULL) || - (BN_copy(n->dsa->g, k->dsa->g) == NULL) || - (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) - fatal("key_from_private: BN_copy failed"); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - n = key_new(k->type); - n->ecdsa_nid = k->ecdsa_nid; - if ((n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid)) == NULL) - fatal("%s: EC_KEY_new_by_curve_name failed", __func__); - if (EC_KEY_set_public_key(n->ecdsa, - EC_KEY_get0_public_key(k->ecdsa)) != 1) - fatal("%s: EC_KEY_set_public_key failed", __func__); - break; -#endif - case KEY_RSA: - case KEY_RSA1: - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - n = key_new(k->type); - if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || - (BN_copy(n->rsa->e, k->rsa->e) == NULL)) - fatal("key_from_private: BN_copy failed"); - break; - default: - fatal("key_from_private: unknown type %d", k->type); - break; - } - if (key_is_cert(k)) - key_cert_copy(k, n); - return n; -} - -int -key_type_from_name(char *name) -{ - if (strcmp(name, "rsa1") == 0) { - return KEY_RSA1; - } else if (strcmp(name, "rsa") == 0) { - return KEY_RSA; - } else if (strcmp(name, "dsa") == 0) { - return KEY_DSA; - } else if (strcmp(name, "ssh-rsa") == 0) { - return KEY_RSA; - } else if (strcmp(name, "ssh-dss") == 0) { - return KEY_DSA; -#ifdef OPENSSL_HAS_ECC - } else if (strcmp(name, "ecdsa") == 0 || - strcmp(name, "ecdsa-sha2-nistp256") == 0 || - strcmp(name, "ecdsa-sha2-nistp384") == 0 || - strcmp(name, "ecdsa-sha2-nistp521") == 0) { - return KEY_ECDSA; -#endif - } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) { - return KEY_RSA_CERT_V00; - } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { - return KEY_DSA_CERT_V00; - } else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) { - return KEY_RSA_CERT; - } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { - return KEY_DSA_CERT; -#ifdef OPENSSL_HAS_ECC - } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 || - strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 || - strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) { - return KEY_ECDSA_CERT; -#endif - } - - debug2("key_type_from_name: unknown key type '%s'", name); - return KEY_UNSPEC; -} - -int -key_ecdsa_nid_from_name(const char *name) -{ -#ifdef OPENSSL_HAS_ECC - if (strcmp(name, "ecdsa-sha2-nistp256") == 0 || - strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0) - return NID_X9_62_prime256v1; - if (strcmp(name, "ecdsa-sha2-nistp384") == 0 || - strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0) - return NID_secp384r1; - if (strcmp(name, "ecdsa-sha2-nistp521") == 0 || - strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) - return NID_secp521r1; -#endif /* OPENSSL_HAS_ECC */ - - debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name); - return -1; -} - -int -key_names_valid2(const char *names) -{ - char *s, *cp, *p; - - if (names == NULL || strcmp(names, "") == 0) - return 0; - s = cp = xstrdup(names); - for ((p = strsep(&cp, ",")); p && *p != '\0'; - (p = strsep(&cp, ","))) { - switch (key_type_from_name(p)) { - case KEY_RSA1: - case KEY_UNSPEC: - xfree(s); - return 0; - } - } - debug3("key names ok: [%s]", names); - xfree(s); - return 1; -} - -static int -cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) -{ - u_char *principals, *critical, *exts, *sig_key, *sig; - u_int signed_len, plen, clen, sklen, slen, kidlen, elen; - Buffer tmp; - char *principal; - int ret = -1; - int v00 = key->type == KEY_DSA_CERT_V00 || - key->type == KEY_RSA_CERT_V00; - - buffer_init(&tmp); - - /* Copy the entire key blob for verification and later serialisation */ - buffer_append(&key->cert->certblob, blob, blen); - - elen = 0; /* Not touched for v00 certs */ - principals = exts = critical = sig_key = sig = NULL; - if ((!v00 && buffer_get_int64_ret(&key->cert->serial, b) != 0) || - buffer_get_int_ret(&key->cert->type, b) != 0 || - (key->cert->key_id = buffer_get_cstring_ret(b, &kidlen)) == NULL || - (principals = buffer_get_string_ret(b, &plen)) == NULL || - buffer_get_int64_ret(&key->cert->valid_after, b) != 0 || - buffer_get_int64_ret(&key->cert->valid_before, b) != 0 || - (critical = buffer_get_string_ret(b, &clen)) == NULL || - (!v00 && (exts = buffer_get_string_ret(b, &elen)) == NULL) || - (v00 && buffer_get_string_ptr_ret(b, NULL) == NULL) || /* nonce */ - buffer_get_string_ptr_ret(b, NULL) == NULL || /* reserved */ - (sig_key = buffer_get_string_ret(b, &sklen)) == NULL) { - error("%s: parse error", __func__); - goto out; - } - - /* Signature is left in the buffer so we can calculate this length */ - signed_len = buffer_len(&key->cert->certblob) - buffer_len(b); - - if ((sig = buffer_get_string_ret(b, &slen)) == NULL) { - error("%s: parse error", __func__); - goto out; - } - - if (key->cert->type != SSH2_CERT_TYPE_USER && - key->cert->type != SSH2_CERT_TYPE_HOST) { - error("Unknown certificate type %u", key->cert->type); - goto out; - } - - buffer_append(&tmp, principals, plen); - while (buffer_len(&tmp) > 0) { - if (key->cert->nprincipals >= CERT_MAX_PRINCIPALS) { - error("%s: Too many principals", __func__); - goto out; - } - if ((principal = buffer_get_cstring_ret(&tmp, &plen)) == NULL) { - error("%s: Principals data invalid", __func__); - goto out; - } - key->cert->principals = xrealloc(key->cert->principals, - key->cert->nprincipals + 1, sizeof(*key->cert->principals)); - key->cert->principals[key->cert->nprincipals++] = principal; - } - - buffer_clear(&tmp); - - buffer_append(&key->cert->critical, critical, clen); - buffer_append(&tmp, critical, clen); - /* validate structure */ - while (buffer_len(&tmp) != 0) { - if (buffer_get_string_ptr_ret(&tmp, NULL) == NULL || - buffer_get_string_ptr_ret(&tmp, NULL) == NULL) { - error("%s: critical option data invalid", __func__); - goto out; - } - } - buffer_clear(&tmp); - - buffer_append(&key->cert->extensions, exts, elen); - buffer_append(&tmp, exts, elen); - /* validate structure */ - while (buffer_len(&tmp) != 0) { - if (buffer_get_string_ptr_ret(&tmp, NULL) == NULL || - buffer_get_string_ptr_ret(&tmp, NULL) == NULL) { - error("%s: extension data invalid", __func__); - goto out; - } - } - buffer_clear(&tmp); - - if ((key->cert->signature_key = key_from_blob(sig_key, - sklen)) == NULL) { - error("%s: Signature key invalid", __func__); - goto out; - } - if (key->cert->signature_key->type != KEY_RSA && - key->cert->signature_key->type != KEY_DSA && - key->cert->signature_key->type != KEY_ECDSA) { - error("%s: Invalid signature key type %s (%d)", __func__, - key_type(key->cert->signature_key), - key->cert->signature_key->type); - goto out; - } - - switch (key_verify(key->cert->signature_key, sig, slen, - buffer_ptr(&key->cert->certblob), signed_len)) { - case 1: - ret = 0; - break; /* Good signature */ - case 0: - error("%s: Invalid signature on certificate", __func__); - goto out; - case -1: - error("%s: Certificate signature verification failed", - __func__); - goto out; - } - - out: - buffer_free(&tmp); - if (principals != NULL) - xfree(principals); - if (critical != NULL) - xfree(critical); - if (exts != NULL) - xfree(exts); - if (sig_key != NULL) - xfree(sig_key); - if (sig != NULL) - xfree(sig); - return ret; -} - -Key * -key_from_blob(const u_char *blob, u_int blen) -{ - Buffer b; - int rlen, type; - char *ktype = NULL, *curve = NULL; - Key *key = NULL; -#ifdef OPENSSL_HAS_ECC - EC_POINT *q = NULL; - int nid = -1; -#endif - -#ifdef DEBUG_PK - dump_base64(stderr, blob, blen); -#endif - buffer_init(&b); - buffer_append(&b, blob, blen); - if ((ktype = buffer_get_cstring_ret(&b, NULL)) == NULL) { - error("key_from_blob: can't read key type"); - goto out; - } - - type = key_type_from_name(ktype); -#ifdef OPENSSL_HAS_ECC - if (key_type_plain(type) == KEY_ECDSA) - nid = key_ecdsa_nid_from_name(ktype); -#endif - - switch (type) { - case KEY_RSA_CERT: - (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ - /* FALLTHROUGH */ - case KEY_RSA: - case KEY_RSA_CERT_V00: - key = key_new(type); - if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || - buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { - error("key_from_blob: can't read rsa key"); - badkey: - key_free(key); - key = NULL; - goto out; - } -#ifdef DEBUG_PK - RSA_print_fp(stderr, key->rsa, 8); -#endif - break; - case KEY_DSA_CERT: - (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ - /* FALLTHROUGH */ - case KEY_DSA: - case KEY_DSA_CERT_V00: - key = key_new(type); - if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || - buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || - buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || - buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { - error("key_from_blob: can't read dsa key"); - goto badkey; - } -#ifdef DEBUG_PK - DSA_print_fp(stderr, key->dsa, 8); -#endif - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ - /* FALLTHROUGH */ - case KEY_ECDSA: - key = key_new(type); - key->ecdsa_nid = nid; - if ((curve = buffer_get_string_ret(&b, NULL)) == NULL) { - error("key_from_blob: can't read ecdsa curve"); - goto badkey; - } - if (key->ecdsa_nid != key_curve_name_to_nid(curve)) { - error("key_from_blob: ecdsa curve doesn't match type"); - goto badkey; - } - if (key->ecdsa != NULL) - EC_KEY_free(key->ecdsa); - if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) - == NULL) - fatal("key_from_blob: EC_KEY_new_by_curve_name failed"); - if ((q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL) - fatal("key_from_blob: EC_POINT_new failed"); - if (buffer_get_ecpoint_ret(&b, EC_KEY_get0_group(key->ecdsa), - q) == -1) { - error("key_from_blob: can't read ecdsa key point"); - goto badkey; - } - if (key_ec_validate_public(EC_KEY_get0_group(key->ecdsa), - q) != 0) - goto badkey; - if (EC_KEY_set_public_key(key->ecdsa, q) != 1) - fatal("key_from_blob: EC_KEY_set_public_key failed"); -#ifdef DEBUG_PK - key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); -#endif - break; -#endif /* OPENSSL_HAS_ECC */ - case KEY_UNSPEC: - key = key_new(type); - break; - default: - error("key_from_blob: cannot handle type %s", ktype); - goto out; - } - if (key_is_cert(key) && cert_parse(&b, key, blob, blen) == -1) { - error("key_from_blob: can't parse cert data"); - goto badkey; - } - rlen = buffer_len(&b); - if (key != NULL && rlen != 0) - error("key_from_blob: remaining bytes in key blob %d", rlen); - out: - if (ktype != NULL) - xfree(ktype); - if (curve != NULL) - xfree(curve); -#ifdef OPENSSL_HAS_ECC - if (q != NULL) - EC_POINT_free(q); -#endif - buffer_free(&b); - return key; -} - -int -key_to_blob(const Key *key, u_char **blobp, u_int *lenp) -{ - Buffer b; - int len; - - if (key == NULL) { - error("key_to_blob: key == NULL"); - return 0; - } - buffer_init(&b); - switch (key->type) { - case KEY_DSA_CERT_V00: - case KEY_RSA_CERT_V00: - case KEY_DSA_CERT: - case KEY_ECDSA_CERT: - case KEY_RSA_CERT: - /* Use the existing blob */ - buffer_append(&b, buffer_ptr(&key->cert->certblob), - buffer_len(&key->cert->certblob)); - break; - case KEY_DSA: - buffer_put_cstring(&b, key_ssh_name(key)); - buffer_put_bignum2(&b, key->dsa->p); - buffer_put_bignum2(&b, key->dsa->q); - buffer_put_bignum2(&b, key->dsa->g); - buffer_put_bignum2(&b, key->dsa->pub_key); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - buffer_put_cstring(&b, key_ssh_name(key)); - buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid)); - buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa), - EC_KEY_get0_public_key(key->ecdsa)); - break; -#endif - case KEY_RSA: - buffer_put_cstring(&b, key_ssh_name(key)); - buffer_put_bignum2(&b, key->rsa->e); - buffer_put_bignum2(&b, key->rsa->n); - break; - default: - error("key_to_blob: unsupported key type %d", key->type); - buffer_free(&b); - return 0; - } - len = buffer_len(&b); - if (lenp != NULL) - *lenp = len; - if (blobp != NULL) { - *blobp = xmalloc(len); - memcpy(*blobp, buffer_ptr(&b), len); - } - memset(buffer_ptr(&b), 0, len); - buffer_free(&b); - return len; -} - -int -key_sign( - const Key *key, - u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen) -{ - switch (key->type) { - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - case KEY_DSA: - return ssh_dss_sign(key, sigp, lenp, data, datalen); -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - return ssh_ecdsa_sign(key, sigp, lenp, data, datalen); -#endif - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - case KEY_RSA: - return ssh_rsa_sign(key, sigp, lenp, data, datalen); - default: - error("key_sign: invalid key type %d", key->type); - return -1; - } -} - -/* - * key_verify returns 1 for a correct signature, 0 for an incorrect signature - * and -1 on error. - */ -int -key_verify( - const Key *key, - const u_char *signature, u_int signaturelen, - const u_char *data, u_int datalen) -{ - if (signaturelen == 0) - return -1; - - switch (key->type) { - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - case KEY_DSA: - return ssh_dss_verify(key, signature, signaturelen, data, datalen); -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - return ssh_ecdsa_verify(key, signature, signaturelen, data, datalen); -#endif - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - case KEY_RSA: - return ssh_rsa_verify(key, signature, signaturelen, data, datalen); - default: - error("key_verify: invalid key type %d", key->type); - return -1; - } -} - -/* Converts a private to a public key */ -Key * -key_demote(const Key *k) -{ - Key *pk; - - pk = xcalloc(1, sizeof(*pk)); - pk->type = k->type; - pk->flags = k->flags; - pk->ecdsa_nid = k->ecdsa_nid; - pk->dsa = NULL; - pk->ecdsa = NULL; - pk->rsa = NULL; - - switch (k->type) { - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - key_cert_copy(k, pk); - /* FALLTHROUGH */ - case KEY_RSA1: - case KEY_RSA: - if ((pk->rsa = RSA_new()) == NULL) - fatal("key_demote: RSA_new failed"); - if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) - fatal("key_demote: BN_dup failed"); - if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) - fatal("key_demote: BN_dup failed"); - break; - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - key_cert_copy(k, pk); - /* FALLTHROUGH */ - case KEY_DSA: - if ((pk->dsa = DSA_new()) == NULL) - fatal("key_demote: DSA_new failed"); - if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) - fatal("key_demote: BN_dup failed"); - if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) - fatal("key_demote: BN_dup failed"); - if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL) - fatal("key_demote: BN_dup failed"); - if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) - fatal("key_demote: BN_dup failed"); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - key_cert_copy(k, pk); - /* FALLTHROUGH */ - case KEY_ECDSA: - if ((pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid)) == NULL) - fatal("key_demote: EC_KEY_new_by_curve_name failed"); - if (EC_KEY_set_public_key(pk->ecdsa, - EC_KEY_get0_public_key(k->ecdsa)) != 1) - fatal("key_demote: EC_KEY_set_public_key failed"); - break; -#endif - default: - fatal("key_free: bad key type %d", k->type); - break; - } - - return (pk); -} - -int -key_is_cert(const Key *k) -{ - if (k == NULL) - return 0; - switch (k->type) { - case KEY_RSA_CERT_V00: - case KEY_DSA_CERT_V00: - case KEY_RSA_CERT: - case KEY_DSA_CERT: - case KEY_ECDSA_CERT: - return 1; - default: - return 0; - } -} - -/* Return the cert-less equivalent to a certified key type */ -int -key_type_plain(int type) -{ - switch (type) { - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - return KEY_RSA; - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - return KEY_DSA; - case KEY_ECDSA_CERT: - return KEY_ECDSA; - default: - return type; - } -} - -/* Convert a KEY_RSA or KEY_DSA to their _CERT equivalent */ -int -key_to_certified(Key *k, int legacy) -{ - switch (k->type) { - case KEY_RSA: - k->cert = cert_new(); - k->type = legacy ? KEY_RSA_CERT_V00 : KEY_RSA_CERT; - return 0; - case KEY_DSA: - k->cert = cert_new(); - k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT; - return 0; - case KEY_ECDSA: - if (legacy) - fatal("%s: legacy ECDSA certificates are not supported", - __func__); - k->cert = cert_new(); - k->type = KEY_ECDSA_CERT; - return 0; - default: - error("%s: key has incorrect type %s", __func__, key_type(k)); - return -1; - } -} - -/* Convert a KEY_RSA_CERT or KEY_DSA_CERT to their raw key equivalent */ -int -key_drop_cert(Key *k) -{ - switch (k->type) { - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - cert_free(k->cert); - k->type = KEY_RSA; - return 0; - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - cert_free(k->cert); - k->type = KEY_DSA; - return 0; - case KEY_ECDSA_CERT: - cert_free(k->cert); - k->type = KEY_ECDSA; - return 0; - default: - error("%s: key has incorrect type %s", __func__, key_type(k)); - return -1; - } -} - -/* - * Sign a KEY_RSA_CERT, KEY_DSA_CERT or KEY_ECDSA_CERT, (re-)generating - * the signed certblob - */ -int -key_certify(Key *k, Key *ca) -{ - Buffer principals; - u_char *ca_blob, *sig_blob, nonce[32]; - u_int i, ca_len, sig_len; - - if (k->cert == NULL) { - error("%s: key lacks cert info", __func__); - return -1; - } - - if (!key_is_cert(k)) { - error("%s: certificate has unknown type %d", __func__, - k->cert->type); - return -1; - } - - if (ca->type != KEY_RSA && ca->type != KEY_DSA && - ca->type != KEY_ECDSA) { - error("%s: CA key has unsupported type %s", __func__, - key_type(ca)); - return -1; - } - - key_to_blob(ca, &ca_blob, &ca_len); - - buffer_clear(&k->cert->certblob); - buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); - - /* -v01 certs put nonce first */ - arc4random_buf(&nonce, sizeof(nonce)); - if (!key_cert_is_legacy(k)) - buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); - - switch (k->type) { - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - buffer_put_bignum2(&k->cert->certblob, k->dsa->p); - buffer_put_bignum2(&k->cert->certblob, k->dsa->q); - buffer_put_bignum2(&k->cert->certblob, k->dsa->g); - buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - buffer_put_cstring(&k->cert->certblob, - key_curve_nid_to_name(k->ecdsa_nid)); - buffer_put_ecpoint(&k->cert->certblob, - EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa)); - break; -#endif - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - buffer_put_bignum2(&k->cert->certblob, k->rsa->e); - buffer_put_bignum2(&k->cert->certblob, k->rsa->n); - break; - default: - error("%s: key has incorrect type %s", __func__, key_type(k)); - buffer_clear(&k->cert->certblob); - xfree(ca_blob); - return -1; - } - - /* -v01 certs have a serial number next */ - if (!key_cert_is_legacy(k)) - buffer_put_int64(&k->cert->certblob, k->cert->serial); - - buffer_put_int(&k->cert->certblob, k->cert->type); - buffer_put_cstring(&k->cert->certblob, k->cert->key_id); - - buffer_init(&principals); - for (i = 0; i < k->cert->nprincipals; i++) - buffer_put_cstring(&principals, k->cert->principals[i]); - buffer_put_string(&k->cert->certblob, buffer_ptr(&principals), - buffer_len(&principals)); - buffer_free(&principals); - - buffer_put_int64(&k->cert->certblob, k->cert->valid_after); - buffer_put_int64(&k->cert->certblob, k->cert->valid_before); - buffer_put_string(&k->cert->certblob, - buffer_ptr(&k->cert->critical), buffer_len(&k->cert->critical)); - - /* -v01 certs have non-critical options here */ - if (!key_cert_is_legacy(k)) { - buffer_put_string(&k->cert->certblob, - buffer_ptr(&k->cert->extensions), - buffer_len(&k->cert->extensions)); - } - - /* -v00 certs put the nonce at the end */ - if (key_cert_is_legacy(k)) - buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); - - buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ - buffer_put_string(&k->cert->certblob, ca_blob, ca_len); - xfree(ca_blob); - - /* Sign the whole mess */ - if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob), - buffer_len(&k->cert->certblob)) != 0) { - error("%s: signature operation failed", __func__); - buffer_clear(&k->cert->certblob); - return -1; - } - /* Append signature and we are done */ - buffer_put_string(&k->cert->certblob, sig_blob, sig_len); - xfree(sig_blob); - - return 0; -} - -int -key_cert_check_authority(const Key *k, int want_host, int require_principal, - const char *name, const char **reason) -{ - u_int i, principal_matches; - time_t now = time(NULL); - - if (want_host) { - if (k->cert->type != SSH2_CERT_TYPE_HOST) { - *reason = "Certificate invalid: not a host certificate"; - return -1; - } - } else { - if (k->cert->type != SSH2_CERT_TYPE_USER) { - *reason = "Certificate invalid: not a user certificate"; - return -1; - } - } - if (now < 0) { - error("%s: system clock lies before epoch", __func__); - *reason = "Certificate invalid: not yet valid"; - return -1; - } - if ((u_int64_t)now < k->cert->valid_after) { - *reason = "Certificate invalid: not yet valid"; - return -1; - } - if ((u_int64_t)now >= k->cert->valid_before) { - *reason = "Certificate invalid: expired"; - return -1; - } - if (k->cert->nprincipals == 0) { - if (require_principal) { - *reason = "Certificate lacks principal list"; - return -1; - } - } else if (name != NULL) { - principal_matches = 0; - for (i = 0; i < k->cert->nprincipals; i++) { - if (strcmp(name, k->cert->principals[i]) == 0) { - principal_matches = 1; - break; - } - } - if (!principal_matches) { - *reason = "Certificate invalid: name is not a listed " - "principal"; - return -1; - } - } - return 0; -} - -int -key_cert_is_legacy(Key *k) -{ - switch (k->type) { - case KEY_DSA_CERT_V00: - case KEY_RSA_CERT_V00: - return 1; - default: - return 0; - } -} - -/* XXX: these are really begging for a table-driven approach */ -int -key_curve_name_to_nid(const char *name) -{ -#ifdef OPENSSL_HAS_ECC - if (strcmp(name, "nistp256") == 0) - return NID_X9_62_prime256v1; - else if (strcmp(name, "nistp384") == 0) - return NID_secp384r1; - else if (strcmp(name, "nistp521") == 0) - return NID_secp521r1; -#endif - - debug("%s: unsupported EC curve name \"%.100s\"", __func__, name); - return -1; -} - -u_int -key_curve_nid_to_bits(int nid) -{ - switch (nid) { -#ifdef OPENSSL_HAS_ECC - case NID_X9_62_prime256v1: - return 256; - case NID_secp384r1: - return 384; - case NID_secp521r1: - return 521; -#endif - default: - error("%s: unsupported EC curve nid %d", __func__, nid); - return 0; - } -} - -const char * -key_curve_nid_to_name(int nid) -{ -#ifdef OPENSSL_HAS_ECC - if (nid == NID_X9_62_prime256v1) - return "nistp256"; - else if (nid == NID_secp384r1) - return "nistp384"; - else if (nid == NID_secp521r1) - return "nistp521"; -#endif - error("%s: unsupported EC curve nid %d", __func__, nid); - return NULL; -} - -#ifdef OPENSSL_HAS_ECC -const EVP_MD * -key_ec_nid_to_evpmd(int nid) -{ - int kbits = key_curve_nid_to_bits(nid); - - if (kbits == 0) - fatal("%s: invalid nid %d", __func__, nid); - /* RFC5656 section 6.2.1 */ - if (kbits <= 256) - return EVP_sha256(); - else if (kbits <= 384) - return EVP_sha384(); - else - return EVP_sha512(); -} - -int -key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) -{ - BN_CTX *bnctx; - EC_POINT *nq = NULL; - BIGNUM *order, *x, *y, *tmp; - int ret = -1; - - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new failed", __func__); - BN_CTX_start(bnctx); - - /* - * We shouldn't ever hit this case because bignum_get_ecpoint() - * refuses to load GF2m points. - */ - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != - NID_X9_62_prime_field) { - error("%s: group is not a prime field", __func__); - goto out; - } - - /* Q != infinity */ - if (EC_POINT_is_at_infinity(group, public)) { - error("%s: received degenerate public key (infinity)", - __func__); - goto out; - } - - if ((x = BN_CTX_get(bnctx)) == NULL || - (y = BN_CTX_get(bnctx)) == NULL || - (order = BN_CTX_get(bnctx)) == NULL || - (tmp = BN_CTX_get(bnctx)) == NULL) - fatal("%s: BN_CTX_get failed", __func__); - - /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ - if (EC_GROUP_get_order(group, order, bnctx) != 1) - fatal("%s: EC_GROUP_get_order failed", __func__); - if (EC_POINT_get_affine_coordinates_GFp(group, public, - x, y, bnctx) != 1) - fatal("%s: EC_POINT_get_affine_coordinates_GFp", __func__); - if (BN_num_bits(x) <= BN_num_bits(order) / 2) { - error("%s: public key x coordinate too small: " - "bits(x) = %d, bits(order)/2 = %d", __func__, - BN_num_bits(x), BN_num_bits(order) / 2); - goto out; - } - if (BN_num_bits(y) <= BN_num_bits(order) / 2) { - error("%s: public key y coordinate too small: " - "bits(y) = %d, bits(order)/2 = %d", __func__, - BN_num_bits(x), BN_num_bits(order) / 2); - goto out; - } - - /* nQ == infinity (n == order of subgroup) */ - if ((nq = EC_POINT_new(group)) == NULL) - fatal("%s: BN_CTX_tmp failed", __func__); - if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1) - fatal("%s: EC_GROUP_mul failed", __func__); - if (EC_POINT_is_at_infinity(group, nq) != 1) { - error("%s: received degenerate public key (nQ != infinity)", - __func__); - goto out; - } - - /* x < order - 1, y < order - 1 */ - if (!BN_sub(tmp, order, BN_value_one())) - fatal("%s: BN_sub failed", __func__); - if (BN_cmp(x, tmp) >= 0) { - error("%s: public key x coordinate >= group order - 1", - __func__); - goto out; - } - if (BN_cmp(y, tmp) >= 0) { - error("%s: public key y coordinate >= group order - 1", - __func__); - goto out; - } - ret = 0; - out: - BN_CTX_free(bnctx); - EC_POINT_free(nq); - return ret; -} - -int -key_ec_validate_private(const EC_KEY *key) -{ - BN_CTX *bnctx; - BIGNUM *order, *tmp; - int ret = -1; - - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new failed", __func__); - BN_CTX_start(bnctx); - - if ((order = BN_CTX_get(bnctx)) == NULL || - (tmp = BN_CTX_get(bnctx)) == NULL) - fatal("%s: BN_CTX_get failed", __func__); - - /* log2(private) > log2(order)/2 */ - if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1) - fatal("%s: EC_GROUP_get_order failed", __func__); - if (BN_num_bits(EC_KEY_get0_private_key(key)) <= - BN_num_bits(order) / 2) { - error("%s: private key too small: " - "bits(y) = %d, bits(order)/2 = %d", __func__, - BN_num_bits(EC_KEY_get0_private_key(key)), - BN_num_bits(order) / 2); - goto out; - } - - /* private < order - 1 */ - if (!BN_sub(tmp, order, BN_value_one())) - fatal("%s: BN_sub failed", __func__); - if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) { - error("%s: private key >= group order - 1", __func__); - goto out; - } - ret = 0; - out: - BN_CTX_free(bnctx); - return ret; -} - -#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) -void -key_dump_ec_point(const EC_GROUP *group, const EC_POINT *point) -{ - BIGNUM *x, *y; - BN_CTX *bnctx; - - if (point == NULL) { - fputs("point=(NULL)\n", stderr); - return; - } - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new failed", __func__); - BN_CTX_start(bnctx); - if ((x = BN_CTX_get(bnctx)) == NULL || (y = BN_CTX_get(bnctx)) == NULL) - fatal("%s: BN_CTX_get failed", __func__); - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != - NID_X9_62_prime_field) - fatal("%s: group is not a prime field", __func__); - if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, bnctx) != 1) - fatal("%s: EC_POINT_get_affine_coordinates_GFp", __func__); - fputs("x=", stderr); - BN_print_fp(stderr, x); - fputs("\ny=", stderr); - BN_print_fp(stderr, y); - fputs("\n", stderr); - BN_CTX_free(bnctx); -} - -void -key_dump_ec_key(const EC_KEY *key) -{ - const BIGNUM *exponent; - - key_dump_ec_point(EC_KEY_get0_group(key), EC_KEY_get0_public_key(key)); - fputs("exponent=", stderr); - if ((exponent = EC_KEY_get0_private_key(key)) == NULL) - fputs("(NULL)", stderr); - else - BN_print_fp(stderr, EC_KEY_get0_private_key(key)); - fputs("\n", stderr); -} -#endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */ -#endif /* OPENSSL_HAS_ECC */ +/* $OpenBSD: key.c,v 1.122 2014/07/22 01:18:50 dtucker Exp $ */ +/* + * placed in the public domain + */ + +#include "includes.h" + +#include +#include +#include +#include +#include + +#define SSH_KEY_NO_DEFINE +#include "key.h" + +#include "compat.h" +#include "sshkey.h" +#include "ssherr.h" +#include "log.h" +#include "authfile.h" + +void +key_add_private(Key *k) +{ + int r; + + if ((r = sshkey_add_private(k)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +Key * +key_new_private(int type) +{ + Key *ret = NULL; + + if ((ret = sshkey_new_private(type)) == NULL) + fatal("%s: failed", __func__); + return ret; +} + +u_char* +key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + u_int *dgst_raw_length) +{ + u_char *ret = NULL; + size_t dlen; + int r; + + if (dgst_raw_length != NULL) + *dgst_raw_length = 0; + if ((r = sshkey_fingerprint_raw(k, dgst_type, &ret, &dlen)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + if (dlen > INT_MAX) + fatal("%s: giant len %zu", __func__, dlen); + *dgst_raw_length = dlen; + return ret; +} + +int +key_read(Key *ret, char **cpp) +{ + return sshkey_read(ret, cpp) == 0 ? 1 : -1; +} + +int +key_write(const Key *key, FILE *f) +{ + return sshkey_write(key, f) == 0 ? 1 : 0; +} + +Key * +key_generate(int type, u_int bits) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_generate(type, bits, &ret)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return ret; +} + +void +key_cert_copy(const Key *from_key, Key *to_key) +{ + int r; + + if ((r = sshkey_cert_copy(from_key, to_key)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +Key * +key_from_private(const Key *k) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_from_private(k, &ret)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return ret; +} + +static void +fatal_on_fatal_errors(int r, const char *func, int extra_fatal) +{ + if (r == SSH_ERR_INTERNAL_ERROR || + r == SSH_ERR_ALLOC_FAIL || + (extra_fatal != 0 && r == extra_fatal)) + fatal("%s: %s", func, ssh_err(r)); +} + +Key * +key_from_blob(const u_char *blob, u_int blen) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_from_blob(blob, blen, &ret)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +int +key_to_blob(const Key *key, u_char **blobp, u_int *lenp) +{ + u_char *blob; + size_t blen; + int r; + + if (blobp != NULL) + *blobp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + error("%s: %s", __func__, ssh_err(r)); + return 0; + } + if (blen > INT_MAX) + fatal("%s: giant len %zu", __func__, blen); + if (blobp != NULL) + *blobp = blob; + if (lenp != NULL) + *lenp = blen; + return blen; +} + +int +key_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) +{ + int r; + u_char *sig; + size_t siglen; + + if (sigp != NULL) + *sigp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshkey_sign(key, &sig, &siglen, + data, datalen, datafellows)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + error("%s: %s", __func__, ssh_err(r)); + return -1; + } + if (siglen > INT_MAX) + fatal("%s: giant len %zu", __func__, siglen); + if (sigp != NULL) + *sigp = sig; + if (lenp != NULL) + *lenp = siglen; + return 0; +} + +int +key_verify(const Key *key, const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) +{ + int r; + + if ((r = sshkey_verify(key, signature, signaturelen, + data, datalen, datafellows)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + error("%s: %s", __func__, ssh_err(r)); + return r == SSH_ERR_SIGNATURE_INVALID ? 0 : -1; + } + return 1; +} + +Key * +key_demote(const Key *k) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_demote(k, &ret)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return ret; +} + +int +key_to_certified(Key *k, int legacy) +{ + int r; + + if ((r = sshkey_to_certified(k, legacy)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +int +key_drop_cert(Key *k) +{ + int r; + + if ((r = sshkey_drop_cert(k)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +int +key_certify(Key *k, Key *ca) +{ + int r; + + if ((r = sshkey_certify(k, ca)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +int +key_cert_check_authority(const Key *k, int want_host, int require_principal, + const char *name, const char **reason) +{ + int r; + + if ((r = sshkey_cert_check_authority(k, want_host, require_principal, + name, reason)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) +int +key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) +{ + int r; + + if ((r = sshkey_ec_validate_public(group, public)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +int +key_ec_validate_private(const EC_KEY *key) +{ + int r; + + if ((r = sshkey_ec_validate_private(key)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} +#endif /* WITH_OPENSSL */ + +void +key_private_serialize(const Key *key, struct sshbuf *b) +{ + int r; + + if ((r = sshkey_private_serialize(key, b)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +Key * +key_private_deserialize(struct sshbuf *blob) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_private_deserialize(blob, &ret)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +/* authfile.c */ + +int +key_save_private(Key *key, const char *filename, const char *passphrase, + const char *comment, int force_new_format, const char *new_format_cipher, + int new_format_rounds) +{ + int r; + + if ((r = sshkey_save_private(key, filename, passphrase, comment, + force_new_format, new_format_cipher, new_format_rounds)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + error("%s: %s", __func__, ssh_err(r)); + return 0; + } + return 1; +} + +int +key_load_file(int fd, const char *filename, struct sshbuf *blob) +{ + int r; + + if ((r = sshkey_load_file(fd, filename, blob)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + error("%s: %s", __func__, ssh_err(r)); + return 0; + } + return 1; +} + +Key * +key_load_cert(const char *filename) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_cert(filename, &ret)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR) + debug("%s: %s", __func__, ssh_err(r)); + else + error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; + +} + +Key * +key_load_public(const char *filename, char **commentp) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_public(filename, &ret, commentp)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR) + debug("%s: %s", __func__, ssh_err(r)); + else + error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +Key * +key_load_private(const char *path, const char *passphrase, + char **commentp) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || + r == SSH_ERR_KEY_WRONG_PASSPHRASE) + debug("%s: %s", __func__, ssh_err(r)); + else + error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +Key * +key_load_private_cert(int type, const char *filename, const char *passphrase, + int *perm_ok) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private_cert(type, filename, passphrase, + &ret, perm_ok)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || + r == SSH_ERR_KEY_WRONG_PASSPHRASE) + debug("%s: %s", __func__, ssh_err(r)); + else + error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +Key * +key_load_private_type(int type, const char *filename, const char *passphrase, + char **commentp, int *perm_ok) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private_type(type, filename, passphrase, + &ret, commentp, perm_ok)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || + (r == SSH_ERR_KEY_WRONG_PASSPHRASE)) + debug("%s: %s", __func__, ssh_err(r)); + else + error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +#ifdef WITH_OPENSSL +Key * +key_load_private_pem(int fd, int type, const char *passphrase, + char **commentp) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private_pem(fd, type, passphrase, + &ret, commentp)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) + debug("%s: %s", __func__, ssh_err(r)); + else + error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} +#endif /* WITH_OPENSSL */ + +int +key_perm_ok(int fd, const char *filename) +{ + return sshkey_perm_ok(fd, filename) == 0 ? 1 : 0; +} + +int +key_in_file(Key *key, const char *filename, int strict_type) +{ + int r; + + if ((r = sshkey_in_file(key, filename, strict_type)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) + return 0; + error("%s: %s", __func__, ssh_err(r)); + return r == SSH_ERR_KEY_NOT_FOUND ? 0 : -1; + } + return 1; +} diff --git a/crypto/openssh/key.h b/crypto/openssh/key.h dissimilarity index 63% index 39e5577f6b..c6401a576f 100644 --- a/crypto/openssh/key.h +++ b/crypto/openssh/key.h @@ -1,152 +1,111 @@ -/* $OpenBSD: key.h,v 1.34 2012/05/23 03:28:28 djm Exp $ */ - -/* - * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef KEY_H -#define KEY_H - -#include "buffer.h" -#include -#include -#ifdef OPENSSL_HAS_ECC -#include -#endif - -typedef struct Key Key; -enum types { - KEY_RSA1, - KEY_RSA, - KEY_DSA, - KEY_ECDSA, - KEY_RSA_CERT, - KEY_DSA_CERT, - KEY_ECDSA_CERT, - KEY_RSA_CERT_V00, - KEY_DSA_CERT_V00, - KEY_UNSPEC -}; -enum fp_type { - SSH_FP_SHA1, - SSH_FP_MD5, - SSH_FP_SHA256 -}; -enum fp_rep { - SSH_FP_HEX, - SSH_FP_BUBBLEBABBLE, - SSH_FP_RANDOMART -}; - -/* key is stored in external hardware */ -#define KEY_FLAG_EXT 0x0001 - -#define CERT_MAX_PRINCIPALS 256 -struct KeyCert { - Buffer certblob; /* Kept around for use on wire */ - u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ - u_int64_t serial; - char *key_id; - u_int nprincipals; - char **principals; - u_int64_t valid_after, valid_before; - Buffer critical; - Buffer extensions; - Key *signature_key; -}; - -struct Key { - int type; - int flags; - RSA *rsa; - DSA *dsa; - int ecdsa_nid; /* NID of curve */ -#ifdef OPENSSL_HAS_ECC - EC_KEY *ecdsa; -#else - void *ecdsa; -#endif - struct KeyCert *cert; -}; - -Key *key_new(int); -void key_add_private(Key *); -Key *key_new_private(int); -void key_free(Key *); -Key *key_demote(const Key *); -int key_equal_public(const Key *, const Key *); -int key_equal(const Key *, const Key *); -char *key_fingerprint(Key *, enum fp_type, enum fp_rep); -u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); -const char *key_type(const Key *); -const char *key_cert_type(const Key *); -int key_write(const Key *, FILE *); -int key_read(Key *, char **); -u_int key_size(const Key *); - -Key *key_generate(int, u_int); -Key *key_from_private(const Key *); -int key_type_from_name(char *); -int key_is_cert(const Key *); -int key_type_plain(int); -int key_to_certified(Key *, int); -int key_drop_cert(Key *); -int key_certify(Key *, Key *); -void key_cert_copy(const Key *, struct Key *); -int key_cert_check_authority(const Key *, int, int, const char *, - const char **); -int key_cert_is_legacy(Key *); - -int key_ecdsa_nid_from_name(const char *); -int key_curve_name_to_nid(const char *); -const char * key_curve_nid_to_name(int); -u_int key_curve_nid_to_bits(int); -int key_ecdsa_bits_to_nid(int); -#ifdef OPENSSL_HAS_ECC -int key_ecdsa_key_to_nid(EC_KEY *); -const EVP_MD * key_ec_nid_to_evpmd(int nid); -int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); -int key_ec_validate_private(const EC_KEY *); -#endif - -Key *key_from_blob(const u_char *, u_int); -int key_to_blob(const Key *, u_char **, u_int *); -const char *key_ssh_name(const Key *); -const char *key_ssh_name_plain(const Key *); -int key_names_valid2(const char *); - -int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); -int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); - -int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); -int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); -int ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); -int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); -int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); -int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); - -#if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK)) -void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); -void key_dump_ec_key(const EC_KEY *); -#endif - -#endif +/* $OpenBSD: key.h,v 1.42 2014/06/24 01:13:21 djm Exp $ */ + +/* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef KEY_H +#define KEY_H + +#include "sshkey.h" + +typedef struct sshkey Key; + +#define types sshkey_types +#define fp_type sshkey_fp_type +#define fp_rep sshkey_fp_rep + +#ifndef SSH_KEY_NO_DEFINE +#define key_new sshkey_new +#define key_free sshkey_free +#define key_equal_public sshkey_equal_public +#define key_equal sshkey_equal +#define key_fingerprint sshkey_fingerprint +#define key_type sshkey_type +#define key_cert_type sshkey_cert_type +#define key_ssh_name sshkey_ssh_name +#define key_ssh_name_plain sshkey_ssh_name_plain +#define key_type_from_name sshkey_type_from_name +#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name +#define key_type_is_cert sshkey_type_is_cert +#define key_size sshkey_size +#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid +#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid +#define key_names_valid2 sshkey_names_valid2 +#define key_is_cert sshkey_is_cert +#define key_type_plain sshkey_type_plain +#define key_cert_is_legacy sshkey_cert_is_legacy +#define key_curve_name_to_nid sshkey_curve_name_to_nid +#define key_curve_nid_to_bits sshkey_curve_nid_to_bits +#define key_curve_nid_to_name sshkey_curve_nid_to_name +#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg +#define key_dump_ec_point sshkey_dump_ec_point +#define key_dump_ec_key sshkey_dump_ec_key +#define key_fingerprint sshkey_fingerprint +#endif + +void key_add_private(Key *); +Key *key_new_private(int); +void key_free(Key *); +Key *key_demote(const Key *); +u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); +int key_write(const Key *, FILE *); +int key_read(Key *, char **); + +Key *key_generate(int, u_int); +Key *key_from_private(const Key *); +int key_to_certified(Key *, int); +int key_drop_cert(Key *); +int key_certify(Key *, Key *); +void key_cert_copy(const Key *, Key *); +int key_cert_check_authority(const Key *, int, int, const char *, + const char **); +char *key_alg_list(int, int); + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) +int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); +int key_ec_validate_private(const EC_KEY *); +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ + +Key *key_from_blob(const u_char *, u_int); +int key_to_blob(const Key *, u_char **, u_int *); + +int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); + +void key_private_serialize(const Key *, struct sshbuf *); +Key *key_private_deserialize(struct sshbuf *); + +/* authfile.c */ +int key_save_private(Key *, const char *, const char *, const char *, + int, const char *, int); +int key_load_file(int, const char *, struct sshbuf *); +Key *key_load_cert(const char *); +Key *key_load_public(const char *, char **); +Key *key_load_private(const char *, const char *, char **); +Key *key_load_private_cert(int, const char *, const char *, int *); +Key *key_load_private_type(int, const char *, const char *, char **, int *); +Key *key_load_private_pem(int, int, const char *, char **); +int key_perm_ok(int, const char *); +int key_in_file(Key *, const char *, int); + +#endif diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c new file mode 100644 index 0000000000..eb31df90fd --- /dev/null +++ b/crypto/openssh/krl.c @@ -0,0 +1,1240 @@ +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $OpenBSD: krl.c,v 1.17 2014/06/24 01:13:21 djm Exp $ */ + +#include "includes.h" + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "buffer.h" +#include "key.h" +#include "authfile.h" +#include "misc.h" +#include "log.h" +#include "xmalloc.h" + +#include "krl.h" + +/* #define DEBUG_KRL */ +#ifdef DEBUG_KRL +# define KRL_DBG(x) debug3 x +#else +# define KRL_DBG(x) +#endif + +/* + * Trees of revoked serial numbers, key IDs and keys. This allows + * quick searching, querying and producing lists in canonical order. + */ + +/* Tree of serial numbers. XXX make smarter: really need a real sparse bitmap */ +struct revoked_serial { + u_int64_t lo, hi; + RB_ENTRY(revoked_serial) tree_entry; +}; +static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b); +RB_HEAD(revoked_serial_tree, revoked_serial); +RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp); + +/* Tree of key IDs */ +struct revoked_key_id { + char *key_id; + RB_ENTRY(revoked_key_id) tree_entry; +}; +static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b); +RB_HEAD(revoked_key_id_tree, revoked_key_id); +RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp); + +/* Tree of blobs (used for keys and fingerprints) */ +struct revoked_blob { + u_char *blob; + u_int len; + RB_ENTRY(revoked_blob) tree_entry; +}; +static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b); +RB_HEAD(revoked_blob_tree, revoked_blob); +RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp); + +/* Tracks revoked certs for a single CA */ +struct revoked_certs { + Key *ca_key; + struct revoked_serial_tree revoked_serials; + struct revoked_key_id_tree revoked_key_ids; + TAILQ_ENTRY(revoked_certs) entry; +}; +TAILQ_HEAD(revoked_certs_list, revoked_certs); + +struct ssh_krl { + u_int64_t krl_version; + u_int64_t generated_date; + u_int64_t flags; + char *comment; + struct revoked_blob_tree revoked_keys; + struct revoked_blob_tree revoked_sha1s; + struct revoked_certs_list revoked_certs; +}; + +/* Return equal if a and b overlap */ +static int +serial_cmp(struct revoked_serial *a, struct revoked_serial *b) +{ + if (a->hi >= b->lo && a->lo <= b->hi) + return 0; + return a->lo < b->lo ? -1 : 1; +} + +static int +key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b) +{ + return strcmp(a->key_id, b->key_id); +} + +static int +blob_cmp(struct revoked_blob *a, struct revoked_blob *b) +{ + int r; + + if (a->len != b->len) { + if ((r = memcmp(a->blob, b->blob, MIN(a->len, b->len))) != 0) + return r; + return a->len > b->len ? 1 : -1; + } else + return memcmp(a->blob, b->blob, a->len); +} + +struct ssh_krl * +ssh_krl_init(void) +{ + struct ssh_krl *krl; + + if ((krl = calloc(1, sizeof(*krl))) == NULL) + return NULL; + RB_INIT(&krl->revoked_keys); + RB_INIT(&krl->revoked_sha1s); + TAILQ_INIT(&krl->revoked_certs); + return krl; +} + +static void +revoked_certs_free(struct revoked_certs *rc) +{ + struct revoked_serial *rs, *trs; + struct revoked_key_id *rki, *trki; + + RB_FOREACH_SAFE(rs, revoked_serial_tree, &rc->revoked_serials, trs) { + RB_REMOVE(revoked_serial_tree, &rc->revoked_serials, rs); + free(rs); + } + RB_FOREACH_SAFE(rki, revoked_key_id_tree, &rc->revoked_key_ids, trki) { + RB_REMOVE(revoked_key_id_tree, &rc->revoked_key_ids, rki); + free(rki->key_id); + free(rki); + } + if (rc->ca_key != NULL) + key_free(rc->ca_key); +} + +void +ssh_krl_free(struct ssh_krl *krl) +{ + struct revoked_blob *rb, *trb; + struct revoked_certs *rc, *trc; + + if (krl == NULL) + return; + + free(krl->comment); + RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_keys, trb) { + RB_REMOVE(revoked_blob_tree, &krl->revoked_keys, rb); + free(rb->blob); + free(rb); + } + RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_sha1s, trb) { + RB_REMOVE(revoked_blob_tree, &krl->revoked_sha1s, rb); + free(rb->blob); + free(rb); + } + TAILQ_FOREACH_SAFE(rc, &krl->revoked_certs, entry, trc) { + TAILQ_REMOVE(&krl->revoked_certs, rc, entry); + revoked_certs_free(rc); + } +} + +void +ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version) +{ + krl->krl_version = version; +} + +void +ssh_krl_set_comment(struct ssh_krl *krl, const char *comment) +{ + free(krl->comment); + if ((krl->comment = strdup(comment)) == NULL) + fatal("%s: strdup", __func__); +} + +/* + * Find the revoked_certs struct for a CA key. If allow_create is set then + * create a new one in the tree if one did not exist already. + */ +static int +revoked_certs_for_ca_key(struct ssh_krl *krl, const Key *ca_key, + struct revoked_certs **rcp, int allow_create) +{ + struct revoked_certs *rc; + + *rcp = NULL; + TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { + if (key_equal(rc->ca_key, ca_key)) { + *rcp = rc; + return 0; + } + } + if (!allow_create) + return 0; + /* If this CA doesn't exist in the list then add it now */ + if ((rc = calloc(1, sizeof(*rc))) == NULL) + return -1; + if ((rc->ca_key = key_from_private(ca_key)) == NULL) { + free(rc); + return -1; + } + RB_INIT(&rc->revoked_serials); + RB_INIT(&rc->revoked_key_ids); + TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry); + debug3("%s: new CA %s", __func__, key_type(ca_key)); + *rcp = rc; + return 0; +} + +static int +insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) +{ + struct revoked_serial rs, *ers, *crs, *irs; + + KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); + memset(&rs, 0, sizeof(rs)); + rs.lo = lo; + rs.hi = hi; + ers = RB_NFIND(revoked_serial_tree, rt, &rs); + if (ers == NULL || serial_cmp(ers, &rs) != 0) { + /* No entry matches. Just insert */ + if ((irs = malloc(sizeof(rs))) == NULL) + return -1; + memcpy(irs, &rs, sizeof(*irs)); + ers = RB_INSERT(revoked_serial_tree, rt, irs); + if (ers != NULL) { + KRL_DBG(("%s: bad: ers != NULL", __func__)); + /* Shouldn't happen */ + free(irs); + return -1; + } + ers = irs; + } else { + KRL_DBG(("%s: overlap found %llu:%llu", __func__, + ers->lo, ers->hi)); + /* + * The inserted entry overlaps an existing one. Grow the + * existing entry. + */ + if (ers->lo > lo) + ers->lo = lo; + if (ers->hi < hi) + ers->hi = hi; + } + /* + * The inserted or revised range might overlap or abut adjacent ones; + * coalesce as necessary. + */ + + /* Check predecessors */ + while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) { + KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi)); + if (ers->lo != 0 && crs->hi < ers->lo - 1) + break; + /* This entry overlaps. */ + if (crs->lo < ers->lo) { + ers->lo = crs->lo; + KRL_DBG(("%s: pred extend %llu:%llu", __func__, + ers->lo, ers->hi)); + } + RB_REMOVE(revoked_serial_tree, rt, crs); + free(crs); + } + /* Check successors */ + while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) { + KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi)); + if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1) + break; + /* This entry overlaps. */ + if (crs->hi > ers->hi) { + ers->hi = crs->hi; + KRL_DBG(("%s: succ extend %llu:%llu", __func__, + ers->lo, ers->hi)); + } + RB_REMOVE(revoked_serial_tree, rt, crs); + free(crs); + } + KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi)); + return 0; +} + +int +ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const Key *ca_key, + u_int64_t serial) +{ + return ssh_krl_revoke_cert_by_serial_range(krl, ca_key, serial, serial); +} + +int +ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, const Key *ca_key, + u_int64_t lo, u_int64_t hi) +{ + struct revoked_certs *rc; + + if (lo > hi || lo == 0) + return -1; + if (revoked_certs_for_ca_key(krl, ca_key, &rc, 1) != 0) + return -1; + return insert_serial_range(&rc->revoked_serials, lo, hi); +} + +int +ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const Key *ca_key, + const char *key_id) +{ + struct revoked_key_id *rki, *erki; + struct revoked_certs *rc; + + if (revoked_certs_for_ca_key(krl, ca_key, &rc, 1) != 0) + return -1; + + debug3("%s: revoke %s", __func__, key_id); + if ((rki = calloc(1, sizeof(*rki))) == NULL || + (rki->key_id = strdup(key_id)) == NULL) { + free(rki); + fatal("%s: strdup", __func__); + } + erki = RB_INSERT(revoked_key_id_tree, &rc->revoked_key_ids, rki); + if (erki != NULL) { + free(rki->key_id); + free(rki); + } + return 0; +} + +/* Convert "key" to a public key blob without any certificate information */ +static int +plain_key_blob(const Key *key, u_char **blob, u_int *blen) +{ + Key *kcopy; + int r; + + if ((kcopy = key_from_private(key)) == NULL) + return -1; + if (key_is_cert(kcopy)) { + if (key_drop_cert(kcopy) != 0) { + error("%s: key_drop_cert", __func__); + key_free(kcopy); + return -1; + } + } + r = key_to_blob(kcopy, blob, blen); + free(kcopy); + return r; +} + +/* Revoke a key blob. Ownership of blob is transferred to the tree */ +static int +revoke_blob(struct revoked_blob_tree *rbt, u_char *blob, u_int len) +{ + struct revoked_blob *rb, *erb; + + if ((rb = calloc(1, sizeof(*rb))) == NULL) + return -1; + rb->blob = blob; + rb->len = len; + erb = RB_INSERT(revoked_blob_tree, rbt, rb); + if (erb != NULL) { + free(rb->blob); + free(rb); + } + return 0; +} + +int +ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key) +{ + u_char *blob; + u_int len; + + debug3("%s: revoke type %s", __func__, key_type(key)); + if (plain_key_blob(key, &blob, &len) < 0) + return -1; + return revoke_blob(&krl->revoked_keys, blob, len); +} + +int +ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const Key *key) +{ + u_char *blob; + u_int len; + + debug3("%s: revoke type %s by sha1", __func__, key_type(key)); + if ((blob = key_fingerprint_raw(key, SSH_FP_SHA1, &len)) == NULL) + return -1; + return revoke_blob(&krl->revoked_sha1s, blob, len); +} + +int +ssh_krl_revoke_key(struct ssh_krl *krl, const Key *key) +{ + if (!key_is_cert(key)) + return ssh_krl_revoke_key_sha1(krl, key); + + if (key_cert_is_legacy(key) || key->cert->serial == 0) { + return ssh_krl_revoke_cert_by_key_id(krl, + key->cert->signature_key, + key->cert->key_id); + } else { + return ssh_krl_revoke_cert_by_serial(krl, + key->cert->signature_key, + key->cert->serial); + } +} + +/* + * Select a copact next section type to emit in a KRL based on the + * current section type, the run length of contiguous revoked serial + * numbers and the gaps from the last and to the next revoked serial. + * Applies a mostly-accurate bit cost model to select the section type + * that will minimise the size of the resultant KRL. + */ +static int +choose_next_state(int current_state, u_int64_t contig, int final, + u_int64_t last_gap, u_int64_t next_gap, int *force_new_section) +{ + int new_state; + u_int64_t cost, cost_list, cost_range, cost_bitmap, cost_bitmap_restart; + + /* + * Avoid unsigned overflows. + * The limits are high enough to avoid confusing the calculations. + */ + contig = MIN(contig, 1ULL<<31); + last_gap = MIN(last_gap, 1ULL<<31); + next_gap = MIN(next_gap, 1ULL<<31); + + /* + * Calculate the cost to switch from the current state to candidates. + * NB. range sections only ever contain a single range, so their + * switching cost is independent of the current_state. + */ + cost_list = cost_bitmap = cost_bitmap_restart = 0; + cost_range = 8; + switch (current_state) { + case KRL_SECTION_CERT_SERIAL_LIST: + cost_bitmap_restart = cost_bitmap = 8 + 64; + break; + case KRL_SECTION_CERT_SERIAL_BITMAP: + cost_list = 8; + cost_bitmap_restart = 8 + 64; + break; + case KRL_SECTION_CERT_SERIAL_RANGE: + case 0: + cost_bitmap_restart = cost_bitmap = 8 + 64; + cost_list = 8; + } + + /* Estimate base cost in bits of each section type */ + cost_list += 64 * contig + (final ? 0 : 8+64); + cost_range += (2 * 64) + (final ? 0 : 8+64); + cost_bitmap += last_gap + contig + (final ? 0 : MIN(next_gap, 8+64)); + cost_bitmap_restart += contig + (final ? 0 : MIN(next_gap, 8+64)); + + /* Convert to byte costs for actual comparison */ + cost_list = (cost_list + 7) / 8; + cost_bitmap = (cost_bitmap + 7) / 8; + cost_bitmap_restart = (cost_bitmap_restart + 7) / 8; + cost_range = (cost_range + 7) / 8; + + /* Now pick the best choice */ + *force_new_section = 0; + new_state = KRL_SECTION_CERT_SERIAL_BITMAP; + cost = cost_bitmap; + if (cost_range < cost) { + new_state = KRL_SECTION_CERT_SERIAL_RANGE; + cost = cost_range; + } + if (cost_list < cost) { + new_state = KRL_SECTION_CERT_SERIAL_LIST; + cost = cost_list; + } + if (cost_bitmap_restart < cost) { + new_state = KRL_SECTION_CERT_SERIAL_BITMAP; + *force_new_section = 1; + cost = cost_bitmap_restart; + } + debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" + "list %llu range %llu bitmap %llu new bitmap %llu, " + "selected 0x%02x%s", __func__, (long long unsigned)contig, + (long long unsigned)last_gap, (long long unsigned)next_gap, final, + (long long unsigned)cost_list, (long long unsigned)cost_range, + (long long unsigned)cost_bitmap, + (long long unsigned)cost_bitmap_restart, new_state, + *force_new_section ? " restart" : ""); + return new_state; +} + +/* Generate a KRL_SECTION_CERTIFICATES KRL section */ +static int +revoked_certs_generate(struct revoked_certs *rc, Buffer *buf) +{ + int final, force_new_sect, r = -1; + u_int64_t i, contig, gap, last = 0, bitmap_start = 0; + struct revoked_serial *rs, *nrs; + struct revoked_key_id *rki; + int next_state, state = 0; + Buffer sect; + u_char *kblob = NULL; + u_int klen; + BIGNUM *bitmap = NULL; + + /* Prepare CA scope key blob if we have one supplied */ + if (key_to_blob(rc->ca_key, &kblob, &klen) == 0) + return -1; + + buffer_init(§); + + /* Store the header */ + buffer_put_string(buf, kblob, klen); + buffer_put_string(buf, NULL, 0); /* Reserved */ + + free(kblob); + + /* Store the revoked serials. */ + for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials); + rs != NULL; + rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { + debug3("%s: serial %llu:%llu state 0x%02x", __func__, + (long long unsigned)rs->lo, (long long unsigned)rs->hi, + state); + + /* Check contiguous length and gap to next section (if any) */ + nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs); + final = nrs == NULL; + gap = nrs == NULL ? 0 : nrs->lo - rs->hi; + contig = 1 + (rs->hi - rs->lo); + + /* Choose next state based on these */ + next_state = choose_next_state(state, contig, final, + state == 0 ? 0 : rs->lo - last, gap, &force_new_sect); + + /* + * If the current section is a range section or has a different + * type to the next section, then finish it off now. + */ + if (state != 0 && (force_new_sect || next_state != state || + state == KRL_SECTION_CERT_SERIAL_RANGE)) { + debug3("%s: finish state 0x%02x", __func__, state); + switch (state) { + case KRL_SECTION_CERT_SERIAL_LIST: + case KRL_SECTION_CERT_SERIAL_RANGE: + break; + case KRL_SECTION_CERT_SERIAL_BITMAP: + buffer_put_bignum2(§, bitmap); + BN_free(bitmap); + bitmap = NULL; + break; + } + buffer_put_char(buf, state); + buffer_put_string(buf, + buffer_ptr(§), buffer_len(§)); + buffer_clear(§); + } + + /* If we are starting a new section then prepare it now */ + if (next_state != state || force_new_sect) { + debug3("%s: start state 0x%02x", __func__, next_state); + state = next_state; + buffer_clear(§); + switch (state) { + case KRL_SECTION_CERT_SERIAL_LIST: + case KRL_SECTION_CERT_SERIAL_RANGE: + break; + case KRL_SECTION_CERT_SERIAL_BITMAP: + if ((bitmap = BN_new()) == NULL) + goto out; + bitmap_start = rs->lo; + buffer_put_int64(§, bitmap_start); + break; + } + } + + /* Perform section-specific processing */ + switch (state) { + case KRL_SECTION_CERT_SERIAL_LIST: + for (i = 0; i < contig; i++) + buffer_put_int64(§, rs->lo + i); + break; + case KRL_SECTION_CERT_SERIAL_RANGE: + buffer_put_int64(§, rs->lo); + buffer_put_int64(§, rs->hi); + break; + case KRL_SECTION_CERT_SERIAL_BITMAP: + if (rs->lo - bitmap_start > INT_MAX) { + error("%s: insane bitmap gap", __func__); + goto out; + } + for (i = 0; i < contig; i++) { + if (BN_set_bit(bitmap, + rs->lo + i - bitmap_start) != 1) + goto out; + } + break; + } + last = rs->hi; + } + /* Flush the remaining section, if any */ + if (state != 0) { + debug3("%s: serial final flush for state 0x%02x", + __func__, state); + switch (state) { + case KRL_SECTION_CERT_SERIAL_LIST: + case KRL_SECTION_CERT_SERIAL_RANGE: + break; + case KRL_SECTION_CERT_SERIAL_BITMAP: + buffer_put_bignum2(§, bitmap); + BN_free(bitmap); + bitmap = NULL; + break; + } + buffer_put_char(buf, state); + buffer_put_string(buf, + buffer_ptr(§), buffer_len(§)); + } + debug3("%s: serial done ", __func__); + + /* Now output a section for any revocations by key ID */ + buffer_clear(§); + RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) { + debug3("%s: key ID %s", __func__, rki->key_id); + buffer_put_cstring(§, rki->key_id); + } + if (buffer_len(§) != 0) { + buffer_put_char(buf, KRL_SECTION_CERT_KEY_ID); + buffer_put_string(buf, buffer_ptr(§), + buffer_len(§)); + } + r = 0; + out: + if (bitmap != NULL) + BN_free(bitmap); + buffer_free(§); + return r; +} + +int +ssh_krl_to_blob(struct ssh_krl *krl, Buffer *buf, const Key **sign_keys, + u_int nsign_keys) +{ + int r = -1; + struct revoked_certs *rc; + struct revoked_blob *rb; + Buffer sect; + u_char *kblob = NULL, *sblob = NULL; + u_int klen, slen, i; + + if (krl->generated_date == 0) + krl->generated_date = time(NULL); + + buffer_init(§); + + /* Store the header */ + buffer_append(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1); + buffer_put_int(buf, KRL_FORMAT_VERSION); + buffer_put_int64(buf, krl->krl_version); + buffer_put_int64(buf, krl->generated_date); + buffer_put_int64(buf, krl->flags); + buffer_put_string(buf, NULL, 0); + buffer_put_cstring(buf, krl->comment ? krl->comment : ""); + + /* Store sections for revoked certificates */ + TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { + if (revoked_certs_generate(rc, §) != 0) + goto out; + buffer_put_char(buf, KRL_SECTION_CERTIFICATES); + buffer_put_string(buf, buffer_ptr(§), + buffer_len(§)); + } + + /* Finally, output sections for revocations by public key/hash */ + buffer_clear(§); + RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) { + debug3("%s: key len %u ", __func__, rb->len); + buffer_put_string(§, rb->blob, rb->len); + } + if (buffer_len(§) != 0) { + buffer_put_char(buf, KRL_SECTION_EXPLICIT_KEY); + buffer_put_string(buf, buffer_ptr(§), + buffer_len(§)); + } + buffer_clear(§); + RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) { + debug3("%s: hash len %u ", __func__, rb->len); + buffer_put_string(§, rb->blob, rb->len); + } + if (buffer_len(§) != 0) { + buffer_put_char(buf, KRL_SECTION_FINGERPRINT_SHA1); + buffer_put_string(buf, buffer_ptr(§), + buffer_len(§)); + } + + for (i = 0; i < nsign_keys; i++) { + if (key_to_blob(sign_keys[i], &kblob, &klen) == 0) + goto out; + + debug3("%s: signature key len %u", __func__, klen); + buffer_put_char(buf, KRL_SECTION_SIGNATURE); + buffer_put_string(buf, kblob, klen); + + if (key_sign(sign_keys[i], &sblob, &slen, + buffer_ptr(buf), buffer_len(buf)) == -1) + goto out; + debug3("%s: signature sig len %u", __func__, slen); + buffer_put_string(buf, sblob, slen); + } + + r = 0; + out: + free(kblob); + free(sblob); + buffer_free(§); + return r; +} + +static void +format_timestamp(u_int64_t timestamp, char *ts, size_t nts) +{ + time_t t; + struct tm *tm; + + t = timestamp; + tm = localtime(&t); + *ts = '\0'; + strftime(ts, nts, "%Y%m%dT%H%M%S", tm); +} + +static int +parse_revoked_certs(Buffer *buf, struct ssh_krl *krl) +{ + int ret = -1, nbits; + u_char type; + const u_char *blob; + u_int blen; + Buffer subsect; + u_int64_t serial, serial_lo, serial_hi; + BIGNUM *bitmap = NULL; + char *key_id = NULL; + Key *ca_key = NULL; + + buffer_init(&subsect); + + if ((blob = buffer_get_string_ptr_ret(buf, &blen)) == NULL || + buffer_get_string_ptr_ret(buf, NULL) == NULL) { /* reserved */ + error("%s: buffer error", __func__); + goto out; + } + if ((ca_key = key_from_blob(blob, blen)) == NULL) + goto out; + + while (buffer_len(buf) > 0) { + if (buffer_get_char_ret(&type, buf) != 0 || + (blob = buffer_get_string_ptr_ret(buf, &blen)) == NULL) { + error("%s: buffer error", __func__); + goto out; + } + buffer_clear(&subsect); + buffer_append(&subsect, blob, blen); + debug3("%s: subsection type 0x%02x", __func__, type); + /* buffer_dump(&subsect); */ + + switch (type) { + case KRL_SECTION_CERT_SERIAL_LIST: + while (buffer_len(&subsect) > 0) { + if (buffer_get_int64_ret(&serial, + &subsect) != 0) { + error("%s: buffer error", __func__); + goto out; + } + if (ssh_krl_revoke_cert_by_serial(krl, ca_key, + serial) != 0) { + error("%s: update failed", __func__); + goto out; + } + } + break; + case KRL_SECTION_CERT_SERIAL_RANGE: + if (buffer_get_int64_ret(&serial_lo, &subsect) != 0 || + buffer_get_int64_ret(&serial_hi, &subsect) != 0) { + error("%s: buffer error", __func__); + goto out; + } + if (ssh_krl_revoke_cert_by_serial_range(krl, ca_key, + serial_lo, serial_hi) != 0) { + error("%s: update failed", __func__); + goto out; + } + break; + case KRL_SECTION_CERT_SERIAL_BITMAP: + if ((bitmap = BN_new()) == NULL) { + error("%s: BN_new", __func__); + goto out; + } + if (buffer_get_int64_ret(&serial_lo, &subsect) != 0 || + buffer_get_bignum2_ret(&subsect, bitmap) != 0) { + error("%s: buffer error", __func__); + goto out; + } + if ((nbits = BN_num_bits(bitmap)) < 0) { + error("%s: bitmap bits < 0", __func__); + goto out; + } + for (serial = 0; serial < (u_int)nbits; serial++) { + if (serial > 0 && serial_lo + serial == 0) { + error("%s: bitmap wraps u64", __func__); + goto out; + } + if (!BN_is_bit_set(bitmap, serial)) + continue; + if (ssh_krl_revoke_cert_by_serial(krl, ca_key, + serial_lo + serial) != 0) { + error("%s: update failed", __func__); + goto out; + } + } + BN_free(bitmap); + bitmap = NULL; + break; + case KRL_SECTION_CERT_KEY_ID: + while (buffer_len(&subsect) > 0) { + if ((key_id = buffer_get_cstring_ret(&subsect, + NULL)) == NULL) { + error("%s: buffer error", __func__); + goto out; + } + if (ssh_krl_revoke_cert_by_key_id(krl, ca_key, + key_id) != 0) { + error("%s: update failed", __func__); + goto out; + } + free(key_id); + key_id = NULL; + } + break; + default: + error("Unsupported KRL certificate section %u", type); + goto out; + } + if (buffer_len(&subsect) > 0) { + error("KRL certificate section contains unparsed data"); + goto out; + } + } + + ret = 0; + out: + if (ca_key != NULL) + key_free(ca_key); + if (bitmap != NULL) + BN_free(bitmap); + free(key_id); + buffer_free(&subsect); + return ret; +} + + +/* Attempt to parse a KRL, checking its signature (if any) with sign_ca_keys. */ +int +ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, + const Key **sign_ca_keys, u_int nsign_ca_keys) +{ + Buffer copy, sect; + struct ssh_krl *krl; + char timestamp[64]; + int ret = -1, r, sig_seen; + Key *key = NULL, **ca_used = NULL; + u_char type, *rdata = NULL; + const u_char *blob; + u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; + + nca_used = 0; + *krlp = NULL; + if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || + memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { + debug3("%s: not a KRL", __func__); + /* + * Return success but a NULL *krlp here to signal that the + * file might be a simple list of keys. + */ + return 0; + } + + /* Take a copy of the KRL buffer so we can verify its signature later */ + buffer_init(©); + buffer_append(©, buffer_ptr(buf), buffer_len(buf)); + + buffer_init(§); + buffer_consume(©, sizeof(KRL_MAGIC) - 1); + + if ((krl = ssh_krl_init()) == NULL) { + error("%s: alloc failed", __func__); + goto out; + } + + if (buffer_get_int_ret(&format_version, ©) != 0) { + error("%s: KRL truncated", __func__); + goto out; + } + if (format_version != KRL_FORMAT_VERSION) { + error("%s: KRL unsupported format version %u", + __func__, format_version); + goto out; + } + if (buffer_get_int64_ret(&krl->krl_version, ©) != 0 || + buffer_get_int64_ret(&krl->generated_date, ©) != 0 || + buffer_get_int64_ret(&krl->flags, ©) != 0 || + buffer_get_string_ptr_ret(©, NULL) == NULL || /* reserved */ + (krl->comment = buffer_get_cstring_ret(©, NULL)) == NULL) { + error("%s: buffer error", __func__); + goto out; + } + + format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); + debug("KRL version %llu generated at %s%s%s", + (long long unsigned)krl->krl_version, timestamp, + *krl->comment ? ": " : "", krl->comment); + + /* + * 1st pass: verify signatures, if any. This is done to avoid + * detailed parsing of data whose provenance is unverified. + */ + sig_seen = 0; + sects_off = buffer_len(buf) - buffer_len(©); + while (buffer_len(©) > 0) { + if (buffer_get_char_ret(&type, ©) != 0 || + (blob = buffer_get_string_ptr_ret(©, &blen)) == NULL) { + error("%s: buffer error", __func__); + goto out; + } + debug3("%s: first pass, section 0x%02x", __func__, type); + if (type != KRL_SECTION_SIGNATURE) { + if (sig_seen) { + error("KRL contains non-signature section " + "after signature"); + goto out; + } + /* Not interested for now. */ + continue; + } + sig_seen = 1; + /* First string component is the signing key */ + if ((key = key_from_blob(blob, blen)) == NULL) { + error("%s: invalid signature key", __func__); + goto out; + } + sig_off = buffer_len(buf) - buffer_len(©); + /* Second string component is the signature itself */ + if ((blob = buffer_get_string_ptr_ret(©, &blen)) == NULL) { + error("%s: buffer error", __func__); + goto out; + } + /* Check signature over entire KRL up to this point */ + if (key_verify(key, blob, blen, + buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) { + error("bad signaure on KRL"); + goto out; + } + /* Check if this key has already signed this KRL */ + for (i = 0; i < nca_used; i++) { + if (key_equal(ca_used[i], key)) { + error("KRL signed more than once with " + "the same key"); + goto out; + } + } + /* Record keys used to sign the KRL */ + ca_used = xrealloc(ca_used, nca_used + 1, sizeof(*ca_used)); + ca_used[nca_used++] = key; + key = NULL; + break; + } + + /* + * 2nd pass: parse and load the KRL, skipping the header to the point + * where the section start. + */ + buffer_append(©, (u_char*)buffer_ptr(buf) + sects_off, + buffer_len(buf) - sects_off); + while (buffer_len(©) > 0) { + if (buffer_get_char_ret(&type, ©) != 0 || + (blob = buffer_get_string_ptr_ret(©, &blen)) == NULL) { + error("%s: buffer error", __func__); + goto out; + } + debug3("%s: second pass, section 0x%02x", __func__, type); + buffer_clear(§); + buffer_append(§, blob, blen); + + switch (type) { + case KRL_SECTION_CERTIFICATES: + if ((r = parse_revoked_certs(§, krl)) != 0) + goto out; + break; + case KRL_SECTION_EXPLICIT_KEY: + case KRL_SECTION_FINGERPRINT_SHA1: + while (buffer_len(§) > 0) { + if ((rdata = buffer_get_string_ret(§, + &rlen)) == NULL) { + error("%s: buffer error", __func__); + goto out; + } + if (type == KRL_SECTION_FINGERPRINT_SHA1 && + rlen != 20) { + error("%s: bad SHA1 length", __func__); + goto out; + } + if (revoke_blob( + type == KRL_SECTION_EXPLICIT_KEY ? + &krl->revoked_keys : &krl->revoked_sha1s, + rdata, rlen) != 0) + goto out; + rdata = NULL; /* revoke_blob frees blob */ + } + break; + case KRL_SECTION_SIGNATURE: + /* Handled above, but still need to stay in synch */ + buffer_clear(§); + if ((blob = buffer_get_string_ptr_ret(©, + &blen)) == NULL) { + error("%s: buffer error", __func__); + goto out; + } + break; + default: + error("Unsupported KRL section %u", type); + goto out; + } + if (buffer_len(§) > 0) { + error("KRL section contains unparsed data"); + goto out; + } + } + + /* Check that the key(s) used to sign the KRL weren't revoked */ + sig_seen = 0; + for (i = 0; i < nca_used; i++) { + if (ssh_krl_check_key(krl, ca_used[i]) == 0) + sig_seen = 1; + else { + key_free(ca_used[i]); + ca_used[i] = NULL; + } + } + if (nca_used && !sig_seen) { + error("All keys used to sign KRL were revoked"); + goto out; + } + + /* If we have CA keys, then verify that one was used to sign the KRL */ + if (sig_seen && nsign_ca_keys != 0) { + sig_seen = 0; + for (i = 0; !sig_seen && i < nsign_ca_keys; i++) { + for (j = 0; j < nca_used; j++) { + if (ca_used[j] == NULL) + continue; + if (key_equal(ca_used[j], sign_ca_keys[i])) { + sig_seen = 1; + break; + } + } + } + if (!sig_seen) { + error("KRL not signed with any trusted key"); + goto out; + } + } + + *krlp = krl; + ret = 0; + out: + if (ret != 0) + ssh_krl_free(krl); + for (i = 0; i < nca_used; i++) { + if (ca_used[i] != NULL) + key_free(ca_used[i]); + } + free(ca_used); + free(rdata); + if (key != NULL) + key_free(key); + buffer_free(©); + buffer_free(§); + return ret; +} + +/* Checks whether a given key/cert is revoked. Does not check its CA */ +static int +is_key_revoked(struct ssh_krl *krl, const Key *key) +{ + struct revoked_blob rb, *erb; + struct revoked_serial rs, *ers; + struct revoked_key_id rki, *erki; + struct revoked_certs *rc; + + /* Check explicitly revoked hashes first */ + memset(&rb, 0, sizeof(rb)); + if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL) + return -1; + erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); + free(rb.blob); + if (erb != NULL) { + debug("%s: revoked by key SHA1", __func__); + return -1; + } + + /* Next, explicit keys */ + memset(&rb, 0, sizeof(rb)); + if (plain_key_blob(key, &rb.blob, &rb.len) < 0) + return -1; + erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); + free(rb.blob); + if (erb != NULL) { + debug("%s: revoked by explicit key", __func__); + return -1; + } + + if (!key_is_cert(key)) + return 0; + + /* Check cert revocation */ + if (revoked_certs_for_ca_key(krl, key->cert->signature_key, + &rc, 0) != 0) + return -1; + if (rc == NULL) + return 0; /* No entry for this CA */ + + /* Check revocation by cert key ID */ + memset(&rki, 0, sizeof(rki)); + rki.key_id = key->cert->key_id; + erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki); + if (erki != NULL) { + debug("%s: revoked by key ID", __func__); + return -1; + } + + /* + * Legacy cert formats lack serial numbers. Zero serials numbers + * are ignored (it's the default when the CA doesn't specify one). + */ + if (key_cert_is_legacy(key) || key->cert->serial == 0) + return 0; + + memset(&rs, 0, sizeof(rs)); + rs.lo = rs.hi = key->cert->serial; + ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs); + if (ers != NULL) { + KRL_DBG(("%s: %llu matched %llu:%llu", __func__, + key->cert->serial, ers->lo, ers->hi)); + debug("%s: revoked by serial", __func__); + return -1; + } + KRL_DBG(("%s: %llu no match", __func__, key->cert->serial)); + + return 0; +} + +int +ssh_krl_check_key(struct ssh_krl *krl, const Key *key) +{ + int r; + + debug2("%s: checking key", __func__); + if ((r = is_key_revoked(krl, key)) != 0) + return r; + if (key_is_cert(key)) { + debug2("%s: checking CA key", __func__); + if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0) + return r; + } + debug3("%s: key okay", __func__); + return 0; +} + +/* Returns 0 on success, -1 on error or key revoked, -2 if path is not a KRL */ +int +ssh_krl_file_contains_key(const char *path, const Key *key) +{ + Buffer krlbuf; + struct ssh_krl *krl; + int revoked, fd; + + if (path == NULL) + return 0; + + if ((fd = open(path, O_RDONLY)) == -1) { + error("open %s: %s", path, strerror(errno)); + error("Revoked keys file not accessible - refusing public key " + "authentication"); + return -1; + } + buffer_init(&krlbuf); + if (!key_load_file(fd, path, &krlbuf)) { + close(fd); + buffer_free(&krlbuf); + error("Revoked keys file not readable - refusing public key " + "authentication"); + return -1; + } + close(fd); + if (ssh_krl_from_blob(&krlbuf, &krl, NULL, 0) != 0) { + buffer_free(&krlbuf); + error("Invalid KRL, refusing public key " + "authentication"); + return -1; + } + buffer_free(&krlbuf); + if (krl == NULL) { + debug3("%s: %s is not a KRL file", __func__, path); + return -2; + } + debug2("%s: checking KRL %s", __func__, path); + revoked = ssh_krl_check_key(krl, key) != 0; + ssh_krl_free(krl); + return revoked ? -1 : 0; +} diff --git a/crypto/openssh/krl.h b/crypto/openssh/krl.h new file mode 100644 index 0000000000..2c43f5bb25 --- /dev/null +++ b/crypto/openssh/krl.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $OpenBSD: krl.h,v 1.2 2013/01/18 00:24:58 djm Exp $ */ + +#ifndef _KRL_H +#define _KRL_H + +/* Functions to manage key revocation lists */ + +#define KRL_MAGIC "SSHKRL\n\0" +#define KRL_FORMAT_VERSION 1 + +/* KRL section types */ +#define KRL_SECTION_CERTIFICATES 1 +#define KRL_SECTION_EXPLICIT_KEY 2 +#define KRL_SECTION_FINGERPRINT_SHA1 3 +#define KRL_SECTION_SIGNATURE 4 + +/* KRL_SECTION_CERTIFICATES subsection types */ +#define KRL_SECTION_CERT_SERIAL_LIST 0x20 +#define KRL_SECTION_CERT_SERIAL_RANGE 0x21 +#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 +#define KRL_SECTION_CERT_KEY_ID 0x23 + +struct ssh_krl; + +struct ssh_krl *ssh_krl_init(void); +void ssh_krl_free(struct ssh_krl *krl); +void ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version); +void ssh_krl_set_sign_key(struct ssh_krl *krl, const Key *sign_key); +void ssh_krl_set_comment(struct ssh_krl *krl, const char *comment); +int ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const Key *ca_key, + u_int64_t serial); +int ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, const Key *ca_key, + u_int64_t lo, u_int64_t hi); +int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const Key *ca_key, + const char *key_id); +int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key); +int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const Key *key); +int ssh_krl_revoke_key(struct ssh_krl *krl, const Key *key); +int ssh_krl_to_blob(struct ssh_krl *krl, Buffer *buf, const Key **sign_keys, + u_int nsign_keys); +int ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, + const Key **sign_ca_keys, u_int nsign_ca_keys); +int ssh_krl_check_key(struct ssh_krl *krl, const Key *key); +int ssh_krl_file_contains_key(const char *path, const Key *key); + +#endif /* _KRL_H */ + diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c index ad5a10b478..32e1d2e451 100644 --- a/crypto/openssh/log.c +++ b/crypto/openssh/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.42 2011/06/17 21:44:30 djm Exp $ */ +/* $OpenBSD: log.c,v 1.45 2013/05/16 09:08:41 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -38,6 +38,7 @@ #include +#include #include #include #include @@ -45,7 +46,7 @@ #include #include #include -#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) # include #endif @@ -54,6 +55,7 @@ static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 1; +static int log_stderr_fd = STDERR_FILENO; static int log_facility = LOG_AUTH; static char *argv0; static log_handler_fn *log_handler; @@ -329,6 +331,35 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) #endif } +void +log_change_level(LogLevel new_log_level) +{ + /* no-op if log_init has not been called */ + if (argv0 == NULL) + return; + log_init(argv0, new_log_level, log_facility, log_on_stderr); +} + +int +log_is_on_stderr(void) +{ + return log_on_stderr; +} + +/* redirect what would usually get written to stderr to specified file */ +void +log_redirect_stderr_to(const char *logfile) +{ + int fd; + + if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) { + fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile, + strerror(errno)); + exit(1); + } + log_stderr_fd = fd; +} + #define MSGBUFSIZ 1024 void @@ -414,7 +445,7 @@ do_log(LogLevel level, const char *fmt, va_list args) log_handler = tmp_handler; } else if (log_on_stderr) { snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); - write(STDERR_FILENO, msgbuf, strlen(msgbuf)); + (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); } else { #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); diff --git a/crypto/openssh/log.h b/crypto/openssh/log.h index 1b8d2142b5..ae7df25d34 100644 --- a/crypto/openssh/log.h +++ b/crypto/openssh/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.18 2011/06/17 21:44:30 djm Exp $ */ +/* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -49,6 +49,9 @@ typedef enum { typedef void (log_handler_fn)(LogLevel, const char *, void *); void log_init(char *, LogLevel, SyslogFacility, int); +void log_change_level(LogLevel); +int log_is_on_stderr(void); +void log_redirect_stderr_to(const char *); SyslogFacility log_facility_number(char *); const char * log_facility_name(SyslogFacility); diff --git a/crypto/openssh/loginrec.c b/crypto/openssh/loginrec.c index 32941c985e..4219b9aef3 100644 --- a/crypto/openssh/loginrec.c +++ b/crypto/openssh/loginrec.c @@ -180,10 +180,6 @@ # include #endif -#ifdef HAVE_LIBUTIL_H -# include -#endif - /** ** prototypes for helper functions in this file **/ @@ -314,9 +310,13 @@ login_get_lastlog(struct logininfo *li, const uid_t uid) fatal("%s: Cannot find account for uid %ld", __func__, (long)uid); - /* No MIN_SIZEOF here - we absolutely *must not* truncate the - * username (XXX - so check for trunc!) */ - strlcpy(li->username, pw->pw_name, sizeof(li->username)); + if (strlcpy(li->username, pw->pw_name, sizeof(li->username)) >= + sizeof(li->username)) { + error("%s: username too long (%lu > max %lu)", __func__, + (unsigned long)strlen(pw->pw_name), + (unsigned long)sizeof(li->username) - 1); + return NULL; + } if (getlast_entry(li)) return (li); @@ -324,7 +324,6 @@ login_get_lastlog(struct logininfo *li, const uid_t uid) return (NULL); } - /* * login_alloc_entry(int, char*, char*, char*) - Allocate and initialise * a logininfo structure @@ -351,7 +350,7 @@ logininfo *login_alloc_entry(pid_t pid, const char *username, void login_free_entry(struct logininfo *li) { - xfree(li); + free(li); } diff --git a/crypto/openssh/mac.c b/crypto/openssh/mac.c index 9b450e4e24..402dc984ce 100644 --- a/crypto/openssh/mac.c +++ b/crypto/openssh/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */ +/* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -27,8 +27,6 @@ #include -#include - #include #include #include @@ -42,66 +40,107 @@ #include "mac.h" #include "misc.h" +#include "digest.h" +#include "hmac.h" #include "umac.h" #include "openbsd-compat/openssl-compat.h" -#define SSH_EVP 1 /* OpenSSL EVP-based MAC */ +#define SSH_DIGEST 1 /* SSH_DIGEST_XXX */ #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ +#define SSH_UMAC128 3 -struct { +struct macalg { char *name; int type; - const EVP_MD * (*mdfunc)(void); + int alg; int truncatebits; /* truncate digest if != 0 */ int key_len; /* just for UMAC */ int len; /* just for UMAC */ -} macs[] = { - { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 }, - { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, + int etm; /* Encrypt-then-MAC */ +}; + +static const struct macalg macs[] = { + /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ + { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, + { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, +#ifdef HAVE_EVP_SHA256 + { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 }, + { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 }, +#endif + { "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 }, + { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, + { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, + { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, + { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, + { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, + + /* Encrypt-then-MAC variants */ + { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, + { "hmac-sha1-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 }, #ifdef HAVE_EVP_SHA256 - { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 }, - { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 }, + { "hmac-sha2-256-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 }, + { "hmac-sha2-512-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 }, #endif - { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, - { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, - { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, - { "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, - { "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64 }, - { NULL, 0, NULL, 0, -1, -1 } + { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, + { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, + { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, + { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, + { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, + + { NULL, 0, 0, 0, 0, 0, 0 } }; +/* Returns a list of supported MACs separated by the specified char. */ +char * +mac_alg_list(char sep) +{ + char *ret = NULL; + size_t nlen, rlen = 0; + const struct macalg *m; + + for (m = macs; m->name != NULL; m++) { + if (ret != NULL) + ret[rlen++] = sep; + nlen = strlen(m->name); + ret = xrealloc(ret, 1, rlen + nlen + 2); + memcpy(ret + rlen, m->name, nlen + 1); + rlen += nlen; + } + return ret; +} + static void -mac_setup_by_id(Mac *mac, int which) +mac_setup_by_alg(Mac *mac, const struct macalg *macalg) { - int evp_len; - mac->type = macs[which].type; - if (mac->type == SSH_EVP) { - mac->evp_md = (*macs[which].mdfunc)(); - if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0) - fatal("mac %s len %d", mac->name, evp_len); - mac->key_len = mac->mac_len = (u_int)evp_len; + mac->type = macalg->type; + if (mac->type == SSH_DIGEST) { + if ((mac->hmac_ctx = ssh_hmac_start(macalg->alg)) == NULL) + fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); + mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); } else { - mac->mac_len = macs[which].len / 8; - mac->key_len = macs[which].key_len / 8; + mac->mac_len = macalg->len / 8; + mac->key_len = macalg->key_len / 8; mac->umac_ctx = NULL; } - if (macs[which].truncatebits != 0) - mac->mac_len = macs[which].truncatebits / 8; + if (macalg->truncatebits != 0) + mac->mac_len = macalg->truncatebits / 8; + mac->etm = macalg->etm; } int mac_setup(Mac *mac, char *name) { - int i; - - for (i = 0; macs[i].name; i++) { - if (strcmp(name, macs[i].name) == 0) { - if (mac != NULL) - mac_setup_by_id(mac, i); - debug2("mac_setup: found %s", name); - return (0); + const struct macalg *m; + + for (m = macs; m->name != NULL; m++) { + if (strcmp(name, m->name) != 0) + continue; + if (mac != NULL) { + mac_setup_by_alg(mac, m); + debug2("mac_setup: setup %s", name); } + return (0); } debug2("mac_setup: unknown %s", name); return (-1); @@ -111,17 +150,19 @@ int mac_init(Mac *mac) { if (mac->key == NULL) - fatal("mac_init: no key"); + fatal("%s: no key", __func__); switch (mac->type) { - case SSH_EVP: - if (mac->evp_md == NULL) + case SSH_DIGEST: + if (mac->hmac_ctx == NULL || + ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) return -1; - HMAC_CTX_init(&mac->evp_ctx); - HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md); return 0; case SSH_UMAC: mac->umac_ctx = umac_new(mac->key); return 0; + case SSH_UMAC128: + mac->umac_ctx = umac128_new(mac->key); + return 0; default: return -1; } @@ -130,31 +171,41 @@ mac_init(Mac *mac) u_char * mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) { - static u_char m[EVP_MAX_MD_SIZE]; - u_char b[4], nonce[8]; + static union { + u_char m[EVP_MAX_MD_SIZE]; + u_int64_t for_align; + } u; + u_char b[4]; + u_char nonce[8]; - if (mac->mac_len > sizeof(m)) - fatal("mac_compute: mac too long %u %lu", - mac->mac_len, (u_long)sizeof(m)); + if (mac->mac_len > sizeof(u)) + fatal("mac_compute: mac too long %u %zu", + mac->mac_len, sizeof(u)); switch (mac->type) { - case SSH_EVP: + case SSH_DIGEST: put_u32(b, seqno); /* reset HMAC context */ - HMAC_Init(&mac->evp_ctx, NULL, 0, NULL); - HMAC_Update(&mac->evp_ctx, b, sizeof(b)); - HMAC_Update(&mac->evp_ctx, data, datalen); - HMAC_Final(&mac->evp_ctx, m, NULL); + if (ssh_hmac_init(mac->hmac_ctx, NULL, 0) < 0 || + ssh_hmac_update(mac->hmac_ctx, b, sizeof(b)) < 0 || + ssh_hmac_update(mac->hmac_ctx, data, datalen) < 0 || + ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) + fatal("ssh_hmac failed"); break; case SSH_UMAC: put_u64(nonce, seqno); umac_update(mac->umac_ctx, data, datalen); - umac_final(mac->umac_ctx, m, nonce); + umac_final(mac->umac_ctx, u.m, nonce); + break; + case SSH_UMAC128: + put_u64(nonce, seqno); + umac128_update(mac->umac_ctx, data, datalen); + umac128_final(mac->umac_ctx, u.m, nonce); break; default: fatal("mac_compute: unknown MAC type"); } - return (m); + return (u.m); } void @@ -163,9 +214,12 @@ mac_clear(Mac *mac) if (mac->type == SSH_UMAC) { if (mac->umac_ctx != NULL) umac_delete(mac->umac_ctx); - } else if (mac->evp_md != NULL) - HMAC_cleanup(&mac->evp_ctx); - mac->evp_md = NULL; + } else if (mac->type == SSH_UMAC128) { + if (mac->umac_ctx != NULL) + umac128_delete(mac->umac_ctx); + } else if (mac->hmac_ctx != NULL) + ssh_hmac_free(mac->hmac_ctx); + mac->hmac_ctx = NULL; mac->umac_ctx = NULL; } @@ -183,13 +237,11 @@ mac_valid(const char *names) (p = strsep(&cp, MAC_SEP))) { if (mac_setup(NULL, p) < 0) { debug("bad mac %s [%s]", p, names); - xfree(maclist); + free(maclist); return (0); - } else { - debug3("mac ok: %s [%s]", p, names); } } debug3("macs ok: [%s]", names); - xfree(maclist); + free(maclist); return (1); } diff --git a/crypto/openssh/mac.h b/crypto/openssh/mac.h index 39f564dd30..fbe18c463b 100644 --- a/crypto/openssh/mac.h +++ b/crypto/openssh/mac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.h,v 1.6 2007/06/07 19:37:34 pvalchev Exp $ */ +/* $OpenBSD: mac.h,v 1.8 2013/11/07 11:58:27 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -24,6 +24,7 @@ */ int mac_valid(const char *); +char *mac_alg_list(char); int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); diff --git a/crypto/openssh/match.c b/crypto/openssh/match.c index 2389477789..c35e328963 100644 --- a/crypto/openssh/match.c +++ b/crypto/openssh/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */ +/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,6 +40,7 @@ #include #include +#include #include #include "xmalloc.h" @@ -140,8 +141,8 @@ match_pattern_list(const char *string, const char *pattern, u_int len, for (subi = 0; i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; subi++, i++) - sub[subi] = dolower && isupper(pattern[i]) ? - (char)tolower(pattern[i]) : pattern[i]; + sub[subi] = dolower && isupper((u_char)pattern[i]) ? + tolower((u_char)pattern[i]) : pattern[i]; /* If subpattern too long, return failure (no match). */ if (subi >= sizeof(sub) - 1) return 0; @@ -226,14 +227,14 @@ match_user(const char *user, const char *host, const char *ipaddr, if ((ret = match_pattern(user, pat)) == 1) ret = match_host_and_ip(host, ipaddr, p); - xfree(pat); + free(pat); return ret; } /* * Returns first item from client-list that is also supported by server-list, - * caller must xfree() returned string. + * caller must free the returned string. */ #define MAX_PROP 40 #define SEP "," @@ -264,15 +265,15 @@ match_list(const char *client, const char *server, u_int *next) if (next != NULL) *next = (cp == NULL) ? strlen(c) : (u_int)(cp - c); - xfree(c); - xfree(s); + free(c); + free(s); return ret; } } } if (next != NULL) *next = strlen(c); - xfree(c); - xfree(s); + free(c); + free(s); return NULL; } diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index a7a23dcc6e..94b05b08e2 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.86 2011/09/05 05:59:08 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.94 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -29,6 +29,7 @@ #include #include #include +#include #include #include @@ -43,6 +44,7 @@ #include #include +#include #include #include #include @@ -127,7 +129,7 @@ unset_nonblock(int fd) const char * ssh_gai_strerror(int gaierr) { - if (gaierr == EAI_SYSTEM) + if (gaierr == EAI_SYSTEM && errno != 0) return strerror(errno); return gai_strerror(gaierr); } @@ -206,16 +208,18 @@ pwcopy(struct passwd *pw) copy->pw_name = xstrdup(pw->pw_name); copy->pw_passwd = xstrdup(pw->pw_passwd); +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS copy->pw_gecos = xstrdup(pw->pw_gecos); +#endif copy->pw_uid = pw->pw_uid; copy->pw_gid = pw->pw_gid; -#ifdef HAVE_PW_EXPIRE_IN_PASSWD +#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE copy->pw_expire = pw->pw_expire; #endif -#ifdef HAVE_PW_CHANGE_IN_PASSWD +#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE copy->pw_change = pw->pw_change; #endif -#ifdef HAVE_PW_CLASS_IN_PASSWD +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS copy->pw_class = xstrdup(pw->pw_class); #endif copy->pw_dir = xstrdup(pw->pw_dir); @@ -251,13 +255,13 @@ a2tun(const char *s, int *remote) *remote = SSH_TUNID_ANY; sp = xstrdup(s); if ((ep = strchr(sp, ':')) == NULL) { - xfree(sp); + free(sp); return (a2tun(s, NULL)); } ep[0] = '\0'; ep++; *remote = a2tun(ep, NULL); tun = a2tun(sp, NULL); - xfree(sp); + free(sp); return (*remote == SSH_TUNID_ERR ? *remote : tun); } @@ -490,7 +494,7 @@ replacearg(arglist *args, u_int which, char *fmt, ...) if (which >= args->num) fatal("replacearg: tried to replace invalid arg %d >= %d", which, args->num); - xfree(args->list[which]); + free(args->list[which]); args->list[which] = cp; } @@ -501,8 +505,8 @@ freeargs(arglist *args) if (args->list != NULL) { for (i = 0; i < args->num; i++) - xfree(args->list[i]); - xfree(args->list); + free(args->list[i]); + free(args->list); args->nalloc = args->num = 0; args->list = NULL; } @@ -515,8 +519,8 @@ freeargs(arglist *args) char * tilde_expand_filename(const char *filename, uid_t uid) { - const char *path; - char user[128], ret[MAXPATHLEN]; + const char *path, *sep; + char user[128], *ret; struct passwd *pw; u_int len, slash; @@ -536,22 +540,21 @@ tilde_expand_filename(const char *filename, uid_t uid) } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ fatal("tilde_expand_filename: No such uid %ld", (long)uid); - if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret)) - fatal("tilde_expand_filename: Path too long"); - /* Make sure directory has a trailing '/' */ len = strlen(pw->pw_dir); - if ((len == 0 || pw->pw_dir[len - 1] != '/') && - strlcat(ret, "/", sizeof(ret)) >= sizeof(ret)) - fatal("tilde_expand_filename: Path too long"); + if (len == 0 || pw->pw_dir[len - 1] != '/') + sep = "/"; + else + sep = ""; /* Skip leading '/' from specified path */ if (path != NULL) filename = path + 1; - if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret)) + + if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= MAXPATHLEN) fatal("tilde_expand_filename: Path too long"); - return (xstrdup(ret)); + return (ret); } /* @@ -786,6 +789,20 @@ get_u32(const void *vp) return (v); } +u_int32_t +get_u32_le(const void *vp) +{ + const u_char *p = (const u_char *)vp; + u_int32_t v; + + v = (u_int32_t)p[0]; + v |= (u_int32_t)p[1] << 8; + v |= (u_int32_t)p[2] << 16; + v |= (u_int32_t)p[3] << 24; + + return (v); +} + u_int16_t get_u16(const void *vp) { @@ -824,6 +841,16 @@ put_u32(void *vp, u_int32_t v) p[3] = (u_char)v & 0xff; } +void +put_u32_le(void *vp, u_int32_t v) +{ + u_char *p = (u_char *)vp; + + p[0] = (u_char)v & 0xff; + p[1] = (u_char)(v >> 8) & 0xff; + p[2] = (u_char)(v >> 16) & 0xff; + p[3] = (u_char)(v >> 24) & 0xff; +} void put_u16(void *vp, u_int16_t v) @@ -853,6 +880,31 @@ ms_to_timeval(struct timeval *tv, int ms) tv->tv_usec = (ms % 1000) * 1000; } +time_t +monotime(void) +{ +#if defined(HAVE_CLOCK_GETTIME) && \ + (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME)) + struct timespec ts; + static int gettime_failed = 0; + + if (!gettime_failed) { +#if defined(CLOCK_BOOTTIME) + if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) + return (ts.tv_sec); +#endif +#if defined(CLOCK_MONOTONIC) + if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) + return (ts.tv_sec); +#endif + debug3("clock_gettime: %s", strerror(errno)); + gettime_failed = 1; + } +#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */ + + return time(NULL); +} + void bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) { @@ -998,6 +1050,60 @@ iptos2str(int iptos) snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos); return iptos_str; } + +void +lowercase(char *s) +{ + for (; *s; s++) + *s = tolower((u_char)*s); +} + +int +unix_listener(const char *path, int backlog, int unlink_first) +{ + struct sockaddr_un sunaddr; + int saved_errno, sock; + + memset(&sunaddr, 0, sizeof(sunaddr)); + sunaddr.sun_family = AF_UNIX; + if (strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { + error("%s: \"%s\" too long for Unix domain socket", __func__, + path); + errno = ENAMETOOLONG; + return -1; + } + + sock = socket(PF_UNIX, SOCK_STREAM, 0); + if (sock < 0) { + saved_errno = errno; + error("socket: %.100s", strerror(errno)); + errno = saved_errno; + return -1; + } + if (unlink_first == 1) { + if (unlink(path) != 0 && errno != ENOENT) + error("unlink(%s): %.100s", path, strerror(errno)); + } + if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { + saved_errno = errno; + error("bind: %.100s", strerror(errno)); + close(sock); + error("%s: cannot bind to path: %s", __func__, path); + errno = saved_errno; + return -1; + } + if (listen(sock, backlog) < 0) { + saved_errno = errno; + error("listen: %.100s", strerror(errno)); + close(sock); + unlink(path); + error("%s: cannot listen on path: %s", __func__, path); + errno = saved_errno; + return -1; + } + return sock; +} + void sock_set_v6only(int s) { diff --git a/crypto/openssh/misc.h b/crypto/openssh/misc.h index f3142a95e5..374c33ce14 100644 --- a/crypto/openssh/misc.h +++ b/crypto/openssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */ +/* $OpenBSD: misc.h,v 1.54 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen @@ -15,6 +15,25 @@ #ifndef _MISC_H #define _MISC_H +/* Data structure for representing a forwarding request. */ +struct Forward { + char *listen_host; /* Host (address) to listen on. */ + int listen_port; /* Port to forward. */ + char *listen_path; /* Path to bind domain socket. */ + char *connect_host; /* Host to connect. */ + int connect_port; /* Port to connect on connect_host. */ + char *connect_path; /* Path to connect domain socket. */ + int allocated_port; /* Dynamically allocated listen port */ + int handle; /* Handle for dynamic listen ports */ +}; + +/* Common server and client forwarding options. */ +struct ForwardOptions { + int gateway_ports; /* Allow remote connects to forwarded ports. */ + mode_t streamlocal_bind_mask; /* umask for streamlocal binds */ + int streamlocal_bind_unlink; /* unlink socket before bind */ +}; + /* misc.c */ char *chop(char *); @@ -35,6 +54,10 @@ char *tohex(const void *, size_t); void sanitise_stdfd(void); void ms_subtract_diff(struct timeval *, int *); void ms_to_timeval(struct timeval *, int); +time_t monotime(void); +void lowercase(char *s); +int unix_listener(const char *, int, int); + void sock_set_v6only(int); struct passwd *pwcopy(struct passwd *); @@ -65,6 +88,9 @@ int tun_open(int, int); #define SSH_TUNID_ERR (SSH_TUNID_ANY - 1) #define SSH_TUNID_MAX (SSH_TUNID_ANY - 2) +/* Fake port to indicate that host field is really a path. */ +#define PORT_STREAMLOCAL -2 + /* Functions to extract or store big-endian words of various sizes */ u_int64_t get_u64(const void *) __attribute__((__bounded__( __minbytes__, 1, 8))); @@ -79,6 +105,12 @@ void put_u32(void *, u_int32_t) void put_u16(void *, u_int16_t) __attribute__((__bounded__( __minbytes__, 1, 2))); +/* Little-endian store/load, used by umac.c */ +u_int32_t get_u32_le(const void *) + __attribute__((__bounded__(__minbytes__, 1, 4))); +void put_u32_le(void *, u_int32_t) + __attribute__((__bounded__(__minbytes__, 1, 4))); + struct bwlimit { size_t buflen; u_int64_t rate, thresh, lamt; diff --git a/crypto/openssh/moduli b/crypto/openssh/moduli index 3bb155de9e..49f76ee986 100644 --- a/crypto/openssh/moduli +++ b/crypto/openssh/moduli @@ -1,206 +1,199 @@ -# $OpenBSD: moduli,v 1.7 2012/07/20 00:39:57 dtucker Exp $ +# $OpenBSD: moduli,v 1.8 2012/08/29 05:06:54 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20120705004026 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844A94DCF -20120705004028 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844B1694B -20120705004036 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844E34093 -20120705004039 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844F41247 -20120705004040 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844F8B39B -20120705004042 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284500D22F -20120705004044 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284504854B -20120705004047 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428451642A3 -20120705004049 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428451B31D3 -20120705004052 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428452B05CB -20120705004053 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428452BB06B -20120705004057 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284544D6EF -20120705004101 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428454FBFBF -20120705004103 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284556870F -20120705004104 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428455A1DCF -20120705004106 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428455A71F3 -20120705004107 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428455C229B -20120705004109 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845624C8F -20120705004111 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845650AD7 -20120705004113 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284572AE77 -20120705004116 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428457F0DE7 -20120705004119 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428458D623F -20120705004121 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284598C1BF -20120705004122 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284598FF9F -20120705004127 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845B559BF -20120705004129 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845BA77E7 -20120705004131 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845C3989F -20120705004132 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845C5A23F -20120705004134 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845CAF1DB -20120705004136 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845D1CB5B -20120705004137 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845D4528F -20120705004139 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845DCBCB3 -20120705004143 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845EE91B7 -20120705004144 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845EFF1A7 -20120705004145 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845F363FB -20120705004146 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845F3738B -20120705004148 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845F437CF -20120705004150 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284601A3BF -20120705004152 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284603421F -20120705004153 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284605C5B7 -20120705004155 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428460AF7CB -20120705004159 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242846266533 -20120705004201 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242846287DD3 -20120705004204 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242846397273 -20120705004206 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284646FA83 -20120705004207 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242846475ED3 -20120705004210 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284651649F -20120705004212 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284659876B -20120705004213 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284659F8F3 -20120705004214 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428465BD413 -20120705004216 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428465F222B -20120705004217 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284660995B -20120705004221 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428467B9247 -20120705004227 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428468DAF87 -20120705004230 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428468E1A13 -20120705004838 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F7205887 -20120705004853 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F73B39C7 -20120705004937 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F7A3E153 -20120705005002 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F7DB4473 -20120705005017 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F7F7293F -20120705005025 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F802FE8B -20120705005048 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F836B5D3 -20120705005117 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F878CDEB -20120705005122 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F87AB3EB -20120705005140 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F89EAA43 -20120705005148 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8AA75F3 -20120705005201 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8C2EAAB -20120705005215 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8DEAC73 -20120705005221 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8E3C303 -20120705005231 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8F51EFF -20120705005246 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F9115B97 -20120705005317 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F95737CF -20120705005324 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F960A5F7 -20120705005339 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F97DBAB3 -20120705005353 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F999A9CF -20120705005453 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FA253557 -20120705005516 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FA597D23 -20120705005521 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FA5B9B1B -20120705005600 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FAB57F73 -20120705005606 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FABBBAFB -20120705005632 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FAF58CB3 -20120705005640 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FB01659B -20120705005645 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FB04D9E7 -20120705005659 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FB205C67 -20120705011229 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205DA381EB -20120705011307 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205DAEFA5B -20120705011647 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205E09B2B7 -20120705011825 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205E30C613 -20120705011957 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205E5B7E3F -20120705012217 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205E9ED607 -20120705012259 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205EB4E9E3 -20120705012319 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205EBDF313 -20120705012338 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205EC9AD5F -20120705012817 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205F79773F -20120705012947 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205FB2897B -20120705013020 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205FC0CFAB -20120705013559 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20606541A3 -20120705013637 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D206078A9DF -20120705013859 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2060C181BB -20120705014010 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2060DFB1BB -20120705014101 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2060F217A3 -20120705014248 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2061182263 -20120705014325 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2061214FC3 -20120705014539 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D206162E447 -20120705014658 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D206186D1F3 -20120705014856 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2061D0EF73 -20120705015000 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2062023BFB -20120705015045 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20621EDDEB -20120705015234 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2062752373 -20120705015345 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2062B97207 -20120705015734 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20636C6B0F -20120705015750 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2063752183 -20120705015806 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20637DAF9B -20120705015900 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2063B134BB -20120705015921 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2063C148EB -20120705020044 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20640F2047 -20120705020232 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20647E3FEB -20120705020339 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2064C2CC83 -20120705020502 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2065162F7B -20120705020512 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2065194343 -20120705020523 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20651C2E2B -20120705020541 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D206528BA2F -20120705021818 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54165EF071CF -20120705022441 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54165F6DCFB7 -20120705024326 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541660E5F72B -20120705025034 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416617271AB -20120705025525 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541661CDD5AF -20120705025705 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541661E6A71F -20120705025752 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541661EE2413 -20120705030403 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541662662DC7 -20120705030432 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416626728EF -20120705030953 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541662CA2463 -20120705031728 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416635CAC93 -20120705032458 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541663EC109F -20120705032902 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166431CB8F -20120705033016 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166441BDC3 -20120705033652 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541664BF1503 -20120705033740 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541664C48A73 -20120705034025 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541664F440CF -20120705034138 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541665048ECB -20120705034458 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416653F1BC7 -20120705040416 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541666BE5B43 -20120705041326 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416676F9AD3 -20120705041429 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416677BBDD7 -20120705041928 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541667DA5427 -20120705042013 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541667E0CDA7 -20120705044833 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166A1D45AB -20120705045307 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166A71DD37 -20120705050710 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166B8634A3 -20120705051048 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166BC572CB -20120705051219 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166BDA113F -20120705051634 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166C28FFCB -20120705052331 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166CAA425B -20120705052812 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166D041A0B -20120705053701 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166DA81DB7 -20120705055127 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166EC251D7 -20120705055500 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F01CF6B -20120705055603 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F0EF763 -20120705055831 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F39358B -20120705060133 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F5FDC7B -20120705060444 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F8017B3 -20120705060616 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F8A763B -20120705074615 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E404D4A9FF -20120705075624 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E405259C43 -20120705075814 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4052CF1E3 -20120705082750 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E405CAF157 -20120705091841 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40777DB37 -20120705094647 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40863BD9B -20120705113042 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40BE821C7 -20120705113614 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40C0EADAB -20120705113856 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40C1D4D93 -20120705115824 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40CBE3D6B -20120705122406 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40D792E73 -20120705123711 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40DDA1F9F -20120705124452 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40E149903 -20120705133408 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40F205063 -20120705133854 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40F36CB23 -20120705140912 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40FF3C14B -20120705151048 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41130009B -20120705154517 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E411EA83DB -20120705155613 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4123EC08F -20120705162202 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4130DF347 -20120705162423 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41319263F -20120705163533 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4136A686F -20120705170312 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4144BD02B -20120705175100 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E415E0D6BB -20120705190344 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E418110983 -20120705191532 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4186E4BE3 -20120705193904 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41933A90B -20120705201440 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41A1607FF -20120705202233 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41A3C4B5F -20120705204542 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41AFA0127 -20120705205809 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41B59BD9B -20120705213138 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41C73B903 -20120705214528 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41CE1ACFB -20120705215449 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41D2A1E9B -20120705225456 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41F236C7F -20120705231339 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41FB99943 -20120705232933 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4203D8FB3 -20120705233827 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E420804A5B -20120705234448 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E420AC9D9F +20120821044040 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A770E2EC9F +20120821044046 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7711F2C6B +20120821044047 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771225323 +20120821044048 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7712507AB +20120821044050 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7712A2DB3 +20120821044051 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7712CACEF +20120821044053 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7713959C3 +20120821044057 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7715BBA13 +20120821044103 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A77191592F +20120821044104 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771938E1F +20120821044106 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771A1E127 +20120821044108 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771B3CDFB +20120821044109 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771B71913 +20120821044111 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771C2759F +20120821044113 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771CF8ABF +20120821044114 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771D2B49B +20120821044116 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771DF6193 +20120821044117 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771E67E33 +20120821044120 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771FA581B +20120821044121 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772027DDB +20120821044123 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772093F8B +20120821044124 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7720EEF6F +20120821044125 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A77216CAD7 +20120821044126 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A77219A90B +20120821044129 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7722A0103 +20120821044130 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772343DBF +20120821044133 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772460C3F +20120821044137 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7726A4E0F +20120821044138 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772716D8B +20120821044141 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7728D719B +20120821044143 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A77297AA8B +20120821044145 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772A8794B +20120821044147 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772B4D6AB +20120821044149 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772BD325F +20120821044150 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772BDAE07 +20120821044151 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772C95CE3 +20120821044502 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F96361507 +20120821044515 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F965885BF +20120821044519 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F966006C7 +20120821044528 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9674A0EB +20120821044539 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F969457F3 +20120821044544 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F969BE79B +20120821044606 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F96E1E827 +20120821044623 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9714284B +20120821044630 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97231CB7 +20120821044636 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F972E01DF +20120821044647 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F974BCED3 +20120821044650 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F974C3A43 +20120821044653 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F974E8F73 +20120821044701 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9763403B +20120821044705 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9767666B +20120821044708 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9768D81F +20120821044726 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F979FD437 +20120821044729 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97A29BC7 +20120821044732 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97A56447 +20120821044737 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97AEDBDB +20120821044740 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97B187F3 +20120821044746 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97BC6EE3 +20120821044757 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97DCCDEB +20120821044817 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F981975F7 +20120821044831 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F983EC267 +20120821044841 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F985A032F +20120821044846 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9863B0AB +20120821044852 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F986E5C7F +20120821044911 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F98A8FF6B +20120821044917 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F98B40E4B +20120821044924 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F98C5840F +20120821044940 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F98F22CEB +20120821044947 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99040FFF +20120821044954 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99139AE3 +20120821045010 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9940BEFB +20120821045017 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9954379F +20120821045020 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99548C23 +20120821045023 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99562FC3 +20120821045028 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9960CDCF +20120821045038 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F997AC0B3 +20120821045045 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F998D9B6B +20120821045050 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9994BB77 +20120821045059 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99AC001B +20120821045101 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99AC5547 +20120821045107 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99B86567 +20120821045110 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99BA2677 +20120821045128 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99EF4523 +20120821045154 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9A419DAB +20120821045214 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9A7D1E67 +20120821045218 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9A826443 +20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 +20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB +20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 +20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F +20120821050118 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293682361D5F +20120821050218 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936828ADA17 +20120821050243 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293682A8A7CB +20120821050427 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368341AC87 +20120821050515 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936837F8657 +20120821050545 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293683A3DFD3 +20120821050554 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293683A9635F +20120821050636 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293683DF582B +20120821050648 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293683E86803 +20120821050758 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684495A13 +20120821050807 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936844FAB5B +20120821050849 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368486D99B +20120821050916 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684A776A7 +20120821050942 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684C4FF73 +20120821051003 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684DB980F +20120821051010 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684DD4FBF +20120821051158 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685721537 +20120821051206 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685768253 +20120821051231 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685930F13 +20120821051240 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685987B0B +20120821051324 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685D5E36B +20120821051349 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685F3AB7F +20120821051424 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293686206187 +20120821051516 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368668EB4B +20120821051540 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368686EB87 +20120821051622 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293686BCCF13 +20120821051703 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293686F13B9F +20120821051715 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293686FB2D4F +20120821051837 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936876ED7DF +20120821051843 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936876F05DB +20120821051930 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293687AEDE8F +20120821052131 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293688637CFF +20120821053137 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942284EA9F +20120821053209 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94228B7F67 +20120821053317 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9422A2B3C7 +20120821053841 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94232DEF87 +20120821054039 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942359AB7B +20120821054334 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9423A371A7 +20120821054455 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9423C1CEEF +20120821054844 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9424273F1F +20120821055307 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9424987667 +20120821055436 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9424B90BAB +20120821055700 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9424F6C7CF +20120821060224 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94258ADCEF +20120821060334 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9425A1FCEB +20120821060420 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9425AEBF43 +20120821060927 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942634C34F +20120821061829 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94272F0D4F +20120821062020 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94275B00B7 +20120821062241 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9427941F5F +20120821063416 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9428D5E367 +20120821063648 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942917E127 +20120821064052 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9429825A2B +20120821064951 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942A74C4EB +20120821065736 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942B4640D3 +20120821071146 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942CCD6D1B +20120821071337 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942CF9321B +20120821072545 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942E48654F +20120821075022 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9430F1B6A3 +20120821080229 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9432356F63 +20120821081230 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94333D9363 +20120821081746 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9433C6A7A7 +20120821081811 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9433C94C93 +20120821084945 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45B27D047 +20120821091240 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45C370A33 +20120821092428 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45CBB9FBB +20120821093047 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45D001E73 +20120821095420 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45E104D6F +20120821095624 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45E21E2BF +20120821102749 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45F9B1B7B +20120821105854 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4610E205F +20120821110658 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA461631FBF +20120821110744 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA461635E3B +20120821115206 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4636E0DF7 +20120821121256 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4645F38B3 +20120821121421 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46467609B +20120821122649 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA464F87D6B +20120821122854 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46508F94B +20120821125200 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4661CBC5B +20120821130613 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA466BC6B33 +20120821131115 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA466ED9CC7 +20120821132817 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA467B278B3 +20120821135349 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA468D8351B +20120821141206 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA469A817A7 +20120821144909 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46B488EF7 +20120821150021 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46BC5D5E7 +20120821153843 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46D774723 +20120821162006 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46F5488DB +20120821170404 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA47157A067 +20120821173305 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA472A1E94B +20120821173936 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA472E0E57F +20120821174533 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4731F7433 +20120821180053 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA473C7CE3F +20120821180952 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4742A8237 +20120821181124 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA474343C5B +20120821183540 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4754D89DB +20120821183852 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA47569B47F +20120821184512 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA475AC57DB +20120821184603 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA475AD78CB +20120821184701 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA475B0038F +20120821185939 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4763BD72F +20120821190630 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA476853BB7 +20120821190945 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA476A47843 +20120821195501 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA478A96AEF 20120705232031 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B241215BB 20120705233800 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B246EC93B 20120706002709 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2582B477 diff --git a/crypto/openssh/moduli.5 b/crypto/openssh/moduli.5 index 0e01b9414b..ef0de08506 100644 --- a/crypto/openssh/moduli.5 +++ b/crypto/openssh/moduli.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: moduli.5,v 1.15 2010/10/14 20:41:28 jmc Exp $ +.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $ .\" .\" Copyright (c) 2008 Damien Miller .\" @@ -13,7 +13,7 @@ .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: October 14 2010 $ +.Dd $Mdocdate: September 26 2012 $ .Dt MODULI 5 .Os .Sh NAME @@ -61,7 +61,7 @@ Unknown, not tested. .It 2 "Safe" prime; (p-1)/2 is also prime. .It 4 -Sophie Germain; (p+1)*2 is also prime. +Sophie Germain; 2p+1 is also prime. .El .Pp Moduli candidates initially produced by @@ -115,8 +115,13 @@ that best meets the size requirement. .Sh SEE ALSO .Xr ssh-keygen 1 , .Xr sshd 8 +.Sh STANDARDS .Rs +.%A M. Friedl +.%A N. Provos +.%A W. Simpson +.%D March 2006 .%R RFC 4419 -.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" +.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol .%D 2006 .Re diff --git a/crypto/openssh/moduli.c b/crypto/openssh/moduli.c index 5267bb9abe..bb4dd7beb4 100644 --- a/crypto/openssh/moduli.c +++ b/crypto/openssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */ +/* $OpenBSD: moduli.c,v 1.28 2013/10/24 00:49:49 dtucker Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -56,6 +56,7 @@ #include "xmalloc.h" #include "dh.h" #include "log.h" +#include "misc.h" #include "openbsd-compat/openssl-compat.h" @@ -433,9 +434,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) time(&time_stop); - xfree(LargeSieve); - xfree(SmallSieve); - xfree(TinySieve); + free(LargeSieve); + free(SmallSieve); + free(TinySieve); logit("%.24s Found %u candidates", ctime(&time_stop), r); @@ -488,6 +489,79 @@ read_checkpoint(char *cpfile) return lineno; } +static unsigned long +count_lines(FILE *f) +{ + unsigned long count = 0; + char lp[QLINESIZE + 1]; + + if (fseek(f, 0, SEEK_SET) != 0) { + debug("input file is not seekable"); + return ULONG_MAX; + } + while (fgets(lp, QLINESIZE + 1, f) != NULL) + count++; + rewind(f); + debug("input file has %lu lines", count); + return count; +} + +static char * +fmt_time(time_t seconds) +{ + int day, hr, min; + static char buf[128]; + + min = (seconds / 60) % 60; + hr = (seconds / 60 / 60) % 24; + day = seconds / 60 / 60 / 24; + if (day > 0) + snprintf(buf, sizeof buf, "%dd %d:%02d", day, hr, min); + else + snprintf(buf, sizeof buf, "%d:%02d", hr, min); + return buf; +} + +static void +print_progress(unsigned long start_lineno, unsigned long current_lineno, + unsigned long end_lineno) +{ + static time_t time_start, time_prev; + time_t time_now, elapsed; + unsigned long num_to_process, processed, remaining, percent, eta; + double time_per_line; + char *eta_str; + + time_now = monotime(); + if (time_start == 0) { + time_start = time_prev = time_now; + return; + } + /* print progress after 1m then once per 5m */ + if (time_now - time_prev < 5 * 60) + return; + time_prev = time_now; + elapsed = time_now - time_start; + processed = current_lineno - start_lineno; + remaining = end_lineno - current_lineno; + num_to_process = end_lineno - start_lineno; + time_per_line = (double)elapsed / processed; + /* if we don't know how many we're processing just report count+time */ + time(&time_now); + if (end_lineno == ULONG_MAX) { + logit("%.24s processed %lu in %s", ctime(&time_now), + processed, fmt_time(elapsed)); + return; + } + percent = 100 * processed / num_to_process; + eta = time_per_line * remaining; + eta_str = xstrdup(fmt_time(eta)); + logit("%.24s processed %lu of %lu (%lu%%) in %s, ETA %s", + ctime(&time_now), processed, num_to_process, percent, + fmt_time(elapsed), eta_str); + free(eta_str); +} + /* * perform a Miller-Rabin primality test * on the list of candidates @@ -512,6 +586,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, return (-1); } + if (num_lines == 0) + end_lineno = count_lines(in); + else + end_lineno = start_lineno + num_lines; + time(&time_start); if ((p = BN_new()) == NULL) @@ -526,26 +605,25 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, if (checkpoint_file != NULL) last_processed = read_checkpoint(checkpoint_file); - if (start_lineno > last_processed) - last_processed = start_lineno; - if (num_lines == 0) - end_lineno = ULONG_MAX; + last_processed = start_lineno = MAX(last_processed, start_lineno); + if (end_lineno == ULONG_MAX) + debug("process from line %lu from pipe", last_processed); else - end_lineno = last_processed + num_lines; - debug2("process line %lu to line %lu", last_processed, end_lineno); + debug("process from line %lu to line %lu", last_processed, + end_lineno); res = 0; lp = xmalloc(QLINESIZE + 1); while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) { count_in++; - if (checkpoint_file != NULL) { - if (count_in <= last_processed) { - debug3("skipping line %u, before checkpoint", - count_in); - continue; - } - write_checkpoint(checkpoint_file, count_in); + if (count_in <= last_processed) { + debug3("skipping line %u, before checkpoint or " + "specified start line", count_in); + continue; } + if (checkpoint_file != NULL) + write_checkpoint(checkpoint_file, count_in); + print_progress(start_lineno, count_in, end_lineno); if (strlen(lp) < 14 || *lp == '!' || *lp == '#') { debug2("%10u: comment or short line", count_in); continue; @@ -709,7 +787,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, } time(&time_stop); - xfree(lp); + free(lp); BN_free(p); BN_free(q); BN_CTX_free(ctx); diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index e9802a3fd3..dbe29f128d 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.117 2012/06/22 12:30:26 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.135 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -40,9 +40,10 @@ #endif #include #include -#include #include #include +#include +#include #include #ifdef HAVE_POLL_H #include @@ -56,7 +57,9 @@ #include #endif +#ifdef WITH_OPENSSL #include +#endif #include "openbsd-compat/sys-queue.h" #include "atomicio.h" @@ -84,6 +87,7 @@ #include "sshlogin.h" #include "canohost.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "monitor.h" #include "monitor_mm.h" @@ -92,11 +96,10 @@ #endif #include "monitor_wrap.h" #include "monitor_fdpass.h" -#include "misc.h" #include "compat.h" #include "ssh2.h" -#include "jpake.h" #include "roaming.h" +#include "authfd.h" #ifdef GSSAPI static Gssctxt *gsscontext = NULL; @@ -160,11 +163,6 @@ int mm_answer_rsa_challenge(int, Buffer *); int mm_answer_rsa_response(int, Buffer *); int mm_answer_sesskey(int, Buffer *); int mm_answer_sessid(int, Buffer *); -int mm_answer_jpake_get_pwdata(int, Buffer *); -int mm_answer_jpake_step1(int, Buffer *); -int mm_answer_jpake_step2(int, Buffer *); -int mm_answer_jpake_key_confirm(int, Buffer *); -int mm_answer_jpake_check_confirm(int, Buffer *); #ifdef USE_PAM int mm_answer_pam_start(int, Buffer *); @@ -190,7 +188,10 @@ int mm_answer_audit_command(int, Buffer *); static int monitor_read_log(struct monitor *); static Authctxt *authctxt; + +#ifdef WITH_SSH1 static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ +#endif /* local state for key verify */ static u_char *key_blob = NULL; @@ -199,6 +200,7 @@ static int key_blobtype = MM_NOKEY; static char *hostbased_cuser = NULL; static char *hostbased_chost = NULL; static char *auth_method = "unknown"; +static char *auth_submethod = NULL; static u_int session_id2_len = 0; static u_char *session_id2 = NULL; static pid_t monitor_child_pid; @@ -219,7 +221,9 @@ struct mon_table { #define MON_PERMIT 0x1000 /* Request is permitted */ struct mon_table mon_dispatch_proto20[] = { +#ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, +#endif {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, @@ -252,18 +256,13 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, #endif -#ifdef JPAKE - {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata}, - {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1}, - {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2}, - {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm}, - {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm}, -#endif {0, 0, NULL} }; struct mon_table mon_dispatch_postauth20[] = { +#ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, +#endif {MONITOR_REQ_SIGN, 0, mm_answer_sign}, {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, @@ -276,6 +275,7 @@ struct mon_table mon_dispatch_postauth20[] = { }; struct mon_table mon_dispatch_proto15[] = { +#ifdef WITH_SSH1 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, @@ -303,10 +303,12 @@ struct mon_table mon_dispatch_proto15[] = { #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, #endif +#endif /* WITH_SSH1 */ {0, 0, NULL} }; struct mon_table mon_dispatch_postauth15[] = { +#ifdef WITH_SSH1 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, @@ -314,6 +316,7 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, #endif +#endif /* WITH_SSH1 */ {0, 0, NULL} }; @@ -352,7 +355,7 @@ void monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) { struct mon_table *ent; - int authenticated = 0; + int authenticated = 0, partial = 0; debug3("preauth child monitor started"); @@ -379,8 +382,26 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) /* The first few requests do not require asynchronous access */ while (!authenticated) { + partial = 0; auth_method = "unknown"; + auth_submethod = NULL; authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); + + /* Special handling for multiple required authentications */ + if (options.num_auth_methods != 0) { + if (!compat20) + fatal("AuthenticationMethods is not supported" + "with SSH protocol 1"); + if (authenticated && + !auth2_update_methods_lists(authctxt, + auth_method, auth_submethod)) { + debug3("%s: method %s: partial", __func__, + auth_method); + authenticated = 0; + partial = 1; + } + } + if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", @@ -401,28 +422,14 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) } #endif } - if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { - auth_log(authctxt, authenticated, auth_method, - compat20 ? " ssh2" : ""); + auth_log(authctxt, authenticated, partial, + auth_method, auth_submethod); if (!authenticated) authctxt->failures++; } -#ifdef JPAKE - /* Cleanup JPAKE context after authentication */ - if (ent->flags & MON_AUTHDECIDE) { - if (authctxt->jpake_ctx != NULL) { - jpake_free(authctxt->jpake_ctx); - authctxt->jpake_ctx = NULL; - } - } -#endif } - /* Drain any buffered messages from the child */ - while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) - ; - if (!authctxt->valid) fatal("%s: authenticated invalid user", __func__); if (strcmp(auth_method, "unknown") == 0) @@ -433,6 +440,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) mm_get_keystate(pmonitor); + /* Drain any buffered messages from the child */ + while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) + ; + close(pmonitor->m_sendfd); close(pmonitor->m_log_recvfd); pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; @@ -460,6 +471,9 @@ monitor_child_postauth(struct monitor *pmonitor) signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); signal(SIGINT, &monitor_child_handler); +#ifdef SIGXFSZ + signal(SIGXFSZ, SIG_IGN); +#endif if (compat20) { mon_dispatch = mon_dispatch_postauth20; @@ -532,7 +546,7 @@ monitor_read_log(struct monitor *pmonitor) do_log2(level, "%s [preauth]", msg); buffer_free(&logmsg); - xfree(msg); + free(msg); return 0; } @@ -547,7 +561,7 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, struct pollfd pfd[2]; for (;;) { - bzero(&pfd, sizeof(pfd)); + memset(&pfd, 0, sizeof(pfd)); pfd[0].fd = pmonitor->m_sendfd; pfd[0].events = POLLIN; pfd[1].fd = pmonitor->m_log_recvfd; @@ -623,12 +637,9 @@ static void monitor_reset_key_state(void) { /* reset state */ - if (key_blob != NULL) - xfree(key_blob); - if (hostbased_cuser != NULL) - xfree(hostbased_cuser); - if (hostbased_chost != NULL) - xfree(hostbased_chost); + free(key_blob); + free(hostbased_cuser); + free(hostbased_chost); key_blob = NULL; key_bloblen = 0; key_blobtype = MM_NOKEY; @@ -636,6 +647,7 @@ monitor_reset_key_state(void) hostbased_chost = NULL; } +#ifdef WITH_OPENSSL int mm_answer_moduli(int sock, Buffer *m) { @@ -670,6 +682,9 @@ mm_answer_moduli(int sock, Buffer *m) mm_request_send(sock, MONITOR_ANS_MODULI, m); return (0); } +#endif + +extern AuthenticationConnection *auth_conn; int mm_answer_sign(int sock, Buffer *m) @@ -699,18 +714,24 @@ mm_answer_sign(int sock, Buffer *m) memcpy(session_id2, p, session_id2_len); } - if ((key = get_hostkey_by_index(keyid)) == NULL) + if ((key = get_hostkey_by_index(keyid)) != NULL) { + if (key_sign(key, &signature, &siglen, p, datlen) < 0) + fatal("%s: key_sign failed", __func__); + } else if ((key = get_hostkey_public_by_index(keyid)) != NULL && + auth_conn != NULL) { + if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p, + datlen) < 0) + fatal("%s: ssh_agent_sign failed", __func__); + } else fatal("%s: no hostkey from index %d", __func__, keyid); - if (key_sign(key, &signature, &siglen, p, datlen) < 0) - fatal("%s: key_sign failed", __func__); debug3("%s: signature %p(%u)", __func__, signature, siglen); buffer_clear(m); buffer_put_string(m, signature, siglen); - xfree(p); - xfree(signature); + free(p); + free(signature); mm_request_send(sock, MONITOR_ANS_SIGN, m); @@ -741,7 +762,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) authctxt->user = xstrdup(username); setproctitle("%s [priv]", pwent ? username : "unknown"); - xfree(username); + free(username); buffer_clear(m); @@ -759,8 +780,10 @@ mm_answer_pwnamallow(int sock, Buffer *m) buffer_put_string(m, pwent, sizeof(struct passwd)); buffer_put_cstring(m, pwent->pw_name); buffer_put_cstring(m, "*"); +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS buffer_put_cstring(m, pwent->pw_gecos); -#ifdef HAVE_PW_CLASS_IN_PASSWD +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS buffer_put_cstring(m, pwent->pw_class); #endif buffer_put_cstring(m, pwent->pw_dir); @@ -781,7 +804,17 @@ mm_answer_pwnamallow(int sock, Buffer *m) COPY_MATCH_STRING_OPTS(); #undef M_CP_STROPT #undef M_CP_STRARRAYOPT - + + /* Create valid auth method lists */ + if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { + /* + * The monitor will continue long enough to let the child + * run to it's packet_disconnect(), but it must not allow any + * authentication to succeed. + */ + debug("%s: no valid authentication method lists", __func__); + } + debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); mm_request_send(sock, MONITOR_ANS_PWNAM, m); @@ -809,9 +842,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m) banner = auth2_read_banner(); buffer_put_cstring(m, banner != NULL ? banner : ""); mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); - - if (banner != NULL) - xfree(banner); + free(banner); return (0); } @@ -827,7 +858,7 @@ mm_answer_authserv(int sock, Buffer *m) __func__, authctxt->service, authctxt->style); if (strlen(authctxt->style) == 0) { - xfree(authctxt->style); + free(authctxt->style); authctxt->style = NULL; } @@ -846,8 +877,8 @@ mm_answer_authpassword(int sock, Buffer *m) /* Only authenticate if the context is valid */ authenticated = options.password_authentication && auth_password(authctxt, passwd); - memset(passwd, 0, strlen(passwd)); - xfree(passwd); + explicit_bzero(passwd, strlen(passwd)); + free(passwd); buffer_clear(m); buffer_put_int(m, authenticated); @@ -887,10 +918,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m) mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); if (success) { - xfree(name); - xfree(infotxt); - xfree(prompts); - xfree(echo_on); + free(name); + free(infotxt); + free(prompts); + free(echo_on); } return (0); @@ -910,7 +941,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) auth_userresponse(authctxt->as, response, 0); authctxt->as = NULL; debug3("%s: <%s> = <%d>", __func__, response, authok); - xfree(response); + free(response); buffer_clear(m); buffer_put_int(m, authok); @@ -918,7 +949,11 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) debug3("%s: sending authenticated: %d", __func__, authok); mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); - auth_method = "bsdauth"; + if (compat20) { + auth_method = "keyboard-interactive"; + auth_submethod = "bsdauth"; + } else + auth_method = "bsdauth"; return (authok != 0); } @@ -959,7 +994,7 @@ mm_answer_skeyrespond(int sock, Buffer *m) skey_haskey(authctxt->pw->pw_name) == 0 && skey_passcheck(authctxt->pw->pw_name, response) != -1); - xfree(response); + free(response); buffer_clear(m); buffer_put_int(m, authok); @@ -1044,20 +1079,19 @@ mm_answer_pam_query(int sock, Buffer *m) buffer_clear(m); buffer_put_int(m, ret); buffer_put_cstring(m, name); - xfree(name); + free(name); buffer_put_cstring(m, info); - xfree(info); + free(info); buffer_put_int(m, num); for (i = 0; i < num; ++i) { buffer_put_cstring(m, prompts[i]); - xfree(prompts[i]); + free(prompts[i]); buffer_put_int(m, echo_on[i]); } - if (prompts != NULL) - xfree(prompts); - if (echo_on != NULL) - xfree(echo_on); - auth_method = "keyboard-interactive/pam"; + free(prompts); + free(echo_on); + auth_method = "keyboard-interactive"; + auth_submethod = "pam"; mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); return (0); } @@ -1078,15 +1112,16 @@ mm_answer_pam_respond(int sock, Buffer *m) resp[i] = buffer_get_string(m, NULL); ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); for (i = 0; i < num; ++i) - xfree(resp[i]); - xfree(resp); + free(resp[i]); + free(resp); } else { ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); } buffer_clear(m); buffer_put_int(m, ret); mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); - auth_method = "keyboard-interactive/pam"; + auth_method = "keyboard-interactive"; + auth_submethod = "pam"; if (ret == 0) sshpam_authok = sshpam_ctxt; return (0); @@ -1100,7 +1135,8 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) (sshpam_device.free_ctx)(sshpam_ctxt); buffer_clear(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); - auth_method = "keyboard-interactive/pam"; + auth_method = "keyboard-interactive"; + auth_submethod = "pam"; return (sshpam_authok == sshpam_ctxt); } #endif @@ -1135,6 +1171,7 @@ mm_answer_keyallowed(int sock, Buffer *m) case MM_USERKEY: allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); + pubkey_auth_info(authctxt, key, NULL); auth_method = "publickey"; if (options.pubkey_authentication && allowed != 1) auth_clear_options(); @@ -1143,8 +1180,12 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed = options.hostbased_authentication && hostbased_key_allowed(authctxt->pw, cuser, chost, key); + pubkey_auth_info(authctxt, key, + "client user \"%.100s\", client host \"%.100s\"", + cuser, chost); auth_method = "hostbased"; break; +#ifdef WITH_SSH1 case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && @@ -1154,6 +1195,7 @@ mm_answer_keyallowed(int sock, Buffer *m) auth_clear_options(); auth_method = "rsa"; break; +#endif default: fatal("%s: unknown key type %d", __func__, type); break; @@ -1174,10 +1216,10 @@ mm_answer_keyallowed(int sock, Buffer *m) hostbased_chost = chost; } else { /* Log failed attempt */ - auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : ""); - xfree(blob); - xfree(cuser); - xfree(chost); + auth_log(authctxt, 0, 0, auth_method, NULL); + free(blob); + free(cuser); + free(chost); } debug3("%s: key %p is %s", @@ -1199,7 +1241,7 @@ static int monitor_valid_userblob(u_char *data, u_int datalen) { Buffer b; - char *p; + char *p, *userstyle; u_int len; int fail = 0; @@ -1220,26 +1262,30 @@ monitor_valid_userblob(u_char *data, u_int datalen) (len != session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; - xfree(p); + free(p); } if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; - p = buffer_get_string(&b, NULL); - if (strcmp(authctxt->user, p) != 0) { + p = buffer_get_cstring(&b, NULL); + xasprintf(&userstyle, "%s%s%s", authctxt->user, + authctxt->style ? ":" : "", + authctxt->style ? authctxt->style : ""); + if (strcmp(userstyle, p) != 0) { logit("wrong user name passed to monitor: expected %s != %.100s", - authctxt->user, p); + userstyle, p); fail++; } - xfree(p); + free(userstyle); + free(p); buffer_skip_string(&b); if (datafellows & SSH_BUG_PKAUTH) { if (!buffer_get_char(&b)) fail++; } else { - p = buffer_get_string(&b, NULL); + p = buffer_get_cstring(&b, NULL); if (strcmp("publickey", p) != 0) fail++; - xfree(p); + free(p); if (!buffer_get_char(&b)) fail++; buffer_skip_string(&b); @@ -1256,7 +1302,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, char *chost) { Buffer b; - char *p; + char *p, *userstyle; u_int len; int fail = 0; @@ -1268,22 +1314,26 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, (len != session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; - xfree(p); + free(p); if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; - p = buffer_get_string(&b, NULL); - if (strcmp(authctxt->user, p) != 0) { + p = buffer_get_cstring(&b, NULL); + xasprintf(&userstyle, "%s%s%s", authctxt->user, + authctxt->style ? ":" : "", + authctxt->style ? authctxt->style : ""); + if (strcmp(userstyle, p) != 0) { logit("wrong user name passed to monitor: expected %s != %.100s", - authctxt->user, p); + userstyle, p); fail++; } - xfree(p); + free(userstyle); + free(p); buffer_skip_string(&b); /* service */ - p = buffer_get_string(&b, NULL); + p = buffer_get_cstring(&b, NULL); if (strcmp(p, "hostbased") != 0) fail++; - xfree(p); + free(p); buffer_skip_string(&b); /* pkalg */ buffer_skip_string(&b); /* pkblob */ @@ -1293,13 +1343,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, p[len - 1] = '\0'; if (strcmp(p, chost) != 0) fail++; - xfree(p); + free(p); /* verify client user */ p = buffer_get_string(&b, NULL); if (strcmp(p, cuser) != 0) fail++; - xfree(p); + free(p); if (buffer_len(&b) != 0) fail++; @@ -1348,9 +1398,9 @@ mm_answer_keyverify(int sock, Buffer *m) __func__, key, (verified == 1) ? "verified" : "unverified"); key_free(key); - xfree(blob); - xfree(signature); - xfree(data); + free(blob); + free(signature); + free(data); auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; @@ -1478,10 +1528,11 @@ mm_answer_pty_cleanup(int sock, Buffer *m) if ((s = session_by_tty(tty)) != NULL) mm_session_close(s); buffer_clear(m); - xfree(tty); + free(tty); return (0); } +#ifdef WITH_SSH1 int mm_answer_sesskey(int sock, Buffer *m) { @@ -1610,7 +1661,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m) monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); - xfree(blob); + free(blob); key_free(key); return (0); } @@ -1642,9 +1693,9 @@ mm_answer_rsa_response(int sock, Buffer *m) fatal("%s: received bad response to challenge", __func__); success = auth_rsa_verify_response(key, ssh1_challenge, response); - xfree(blob); + free(blob); key_free(key); - xfree(response); + free(response); auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; @@ -1659,6 +1710,7 @@ mm_answer_rsa_response(int sock, Buffer *m) return (success); } +#endif int mm_answer_term(int sock, Buffer *req) @@ -1723,7 +1775,7 @@ mm_answer_audit_command(int socket, Buffer *m) cmd = buffer_get_string(m, &len); /* sanity check command, if so how? */ audit_run_command(cmd); - xfree(cmd); + free(cmd); return (0); } #endif /* SSH_AUDIT_EVENTS */ @@ -1738,20 +1790,20 @@ monitor_apply_keystate(struct monitor *pmonitor) packet_set_protocol_flags(child_state.ssh1protoflags); packet_set_encryption_key(child_state.ssh1key, child_state.ssh1keylen, child_state.ssh1cipher); - xfree(child_state.ssh1key); + free(child_state.ssh1key); } /* for rc4 and other stateful ciphers */ packet_set_keycontext(MODE_OUT, child_state.keyout); - xfree(child_state.keyout); + free(child_state.keyout); packet_set_keycontext(MODE_IN, child_state.keyin); - xfree(child_state.keyin); + free(child_state.keyin); if (!compat20) { packet_set_iv(MODE_OUT, child_state.ivout); - xfree(child_state.ivout); + free(child_state.ivout); packet_set_iv(MODE_IN, child_state.ivin); - xfree(child_state.ivin); + free(child_state.ivin); } memcpy(&incoming_stream, &child_state.incoming, @@ -1763,18 +1815,24 @@ monitor_apply_keystate(struct monitor *pmonitor) if (options.compression) mm_init_compression(pmonitor->m_zlib); + packet_set_postauth(); + + if (options.rekey_limit || options.rekey_interval) + packet_set_rekey_limits((u_int32_t)options.rekey_limit, + (time_t)options.rekey_interval); + /* Network I/O buffers */ /* XXX inefficient for large buffers, need: buffer_init_from_string */ buffer_clear(packet_get_input()); buffer_append(packet_get_input(), child_state.input, child_state.ilen); - memset(child_state.input, 0, child_state.ilen); - xfree(child_state.input); + explicit_bzero(child_state.input, child_state.ilen); + free(child_state.input); buffer_clear(packet_get_output()); buffer_append(packet_get_output(), child_state.output, child_state.olen); - memset(child_state.output, 0, child_state.olen); - xfree(child_state.output); + explicit_bzero(child_state.output, child_state.olen); + free(child_state.output); /* Roaming */ if (compat20) @@ -1795,22 +1853,25 @@ mm_get_kex(Buffer *m) timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#endif + kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); kex->kex_type = buffer_get_int(m); blob = buffer_get_string(m, &bloblen); buffer_init(&kex->my); buffer_append(&kex->my, blob, bloblen); - xfree(blob); + free(blob); blob = buffer_get_string(m, &bloblen); buffer_init(&kex->peer); buffer_append(&kex->peer, blob, bloblen); - xfree(blob); + free(blob); kex->done = 1; kex->flags = buffer_get_int(m); kex->client_version_string = buffer_get_string(m, NULL); @@ -1818,6 +1879,7 @@ mm_get_kex(Buffer *m) kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; + kex->sign = sshd_hostkey_sign; return (kex); } @@ -1853,12 +1915,12 @@ mm_get_keystate(struct monitor *pmonitor) blob = buffer_get_string(&m, &bloblen); current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); - xfree(blob); + free(blob); debug3("%s: Waiting for second key", __func__); blob = buffer_get_string(&m, &bloblen); current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); - xfree(blob); + free(blob); /* Now get sequence numbers for the packets */ seqnr = buffer_get_int(&m); @@ -1883,13 +1945,13 @@ mm_get_keystate(struct monitor *pmonitor) if (plen != sizeof(child_state.outgoing)) fatal("%s: bad request size", __func__); memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); - xfree(p); + free(p); p = buffer_get_string(&m, &plen); if (plen != sizeof(child_state.incoming)) fatal("%s: bad request size", __func__); memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); - xfree(p); + free(p); /* Network I/O buffers */ debug3("%s: Getting Network I/O buffers", __func__); @@ -2011,7 +2073,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) major = ssh_gssapi_server_ctx(&gsscontext, &goid); - xfree(goid.elements); + free(goid.elements); buffer_clear(m); buffer_put_int(m, major); @@ -2036,7 +2098,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) in.value = buffer_get_string(m, &len); in.length = len; major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); - xfree(in.value); + free(in.value); buffer_clear(m); buffer_put_int(m, major); @@ -2068,8 +2130,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m) ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); - xfree(gssbuf.value); - xfree(mic.value); + free(gssbuf.value); + free(mic.value); buffer_clear(m); buffer_put_int(m, ret); @@ -2102,205 +2164,3 @@ mm_answer_gss_userok(int sock, Buffer *m) } #endif /* GSSAPI */ -#ifdef JPAKE -int -mm_answer_jpake_step1(int sock, Buffer *m) -{ - struct jpake_ctx *pctx; - u_char *x3_proof, *x4_proof; - u_int x3_proof_len, x4_proof_len; - - if (!options.zero_knowledge_password_authentication) - fatal("zero_knowledge_password_authentication disabled"); - - if (authctxt->jpake_ctx != NULL) - fatal("%s: authctxt->jpake_ctx already set (%p)", - __func__, authctxt->jpake_ctx); - authctxt->jpake_ctx = pctx = jpake_new(); - - jpake_step1(pctx->grp, - &pctx->server_id, &pctx->server_id_len, - &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4, - &x3_proof, &x3_proof_len, - &x4_proof, &x4_proof_len); - - JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__)); - - buffer_clear(m); - - buffer_put_string(m, pctx->server_id, pctx->server_id_len); - buffer_put_bignum2(m, pctx->g_x3); - buffer_put_bignum2(m, pctx->g_x4); - buffer_put_string(m, x3_proof, x3_proof_len); - buffer_put_string(m, x4_proof, x4_proof_len); - - debug3("%s: sending step1", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m); - - bzero(x3_proof, x3_proof_len); - bzero(x4_proof, x4_proof_len); - xfree(x3_proof); - xfree(x4_proof); - - monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); - monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); - - return 0; -} - -int -mm_answer_jpake_get_pwdata(int sock, Buffer *m) -{ - struct jpake_ctx *pctx = authctxt->jpake_ctx; - char *hash_scheme, *salt; - - if (pctx == NULL) - fatal("%s: pctx == NULL", __func__); - - auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt); - - buffer_clear(m); - /* pctx->s is sensitive, not returned to slave */ - buffer_put_cstring(m, hash_scheme); - buffer_put_cstring(m, salt); - - debug3("%s: sending pwdata", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m); - - bzero(hash_scheme, strlen(hash_scheme)); - bzero(salt, strlen(salt)); - xfree(hash_scheme); - xfree(salt); - - monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); - - return 0; -} - -int -mm_answer_jpake_step2(int sock, Buffer *m) -{ - struct jpake_ctx *pctx = authctxt->jpake_ctx; - u_char *x1_proof, *x2_proof, *x4_s_proof; - u_int x1_proof_len, x2_proof_len, x4_s_proof_len; - - if (pctx == NULL) - fatal("%s: pctx == NULL", __func__); - - if ((pctx->g_x1 = BN_new()) == NULL || - (pctx->g_x2 = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - buffer_get_bignum2(m, pctx->g_x1); - buffer_get_bignum2(m, pctx->g_x2); - pctx->client_id = buffer_get_string(m, &pctx->client_id_len); - x1_proof = buffer_get_string(m, &x1_proof_len); - x2_proof = buffer_get_string(m, &x2_proof_len); - - jpake_step2(pctx->grp, pctx->s, pctx->g_x3, - pctx->g_x1, pctx->g_x2, pctx->x4, - pctx->client_id, pctx->client_id_len, - pctx->server_id, pctx->server_id_len, - x1_proof, x1_proof_len, - x2_proof, x2_proof_len, - &pctx->b, - &x4_s_proof, &x4_s_proof_len); - - JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__)); - - bzero(x1_proof, x1_proof_len); - bzero(x2_proof, x2_proof_len); - xfree(x1_proof); - xfree(x2_proof); - - buffer_clear(m); - - buffer_put_bignum2(m, pctx->b); - buffer_put_string(m, x4_s_proof, x4_s_proof_len); - - debug3("%s: sending step2", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); - - bzero(x4_s_proof, x4_s_proof_len); - xfree(x4_s_proof); - - monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); - - return 0; -} - -int -mm_answer_jpake_key_confirm(int sock, Buffer *m) -{ - struct jpake_ctx *pctx = authctxt->jpake_ctx; - u_char *x2_s_proof; - u_int x2_s_proof_len; - - if (pctx == NULL) - fatal("%s: pctx == NULL", __func__); - - if ((pctx->a = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - buffer_get_bignum2(m, pctx->a); - x2_s_proof = buffer_get_string(m, &x2_s_proof_len); - - jpake_key_confirm(pctx->grp, pctx->s, pctx->a, - pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2, - pctx->server_id, pctx->server_id_len, - pctx->client_id, pctx->client_id_len, - session_id2, session_id2_len, - x2_s_proof, x2_s_proof_len, - &pctx->k, - &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len); - - JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__)); - - bzero(x2_s_proof, x2_s_proof_len); - buffer_clear(m); - - /* pctx->k is sensitive, not sent */ - buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); - - debug3("%s: sending confirmation hash", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m); - - monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1); - - return 0; -} - -int -mm_answer_jpake_check_confirm(int sock, Buffer *m) -{ - int authenticated = 0; - u_char *peer_confirm_hash; - u_int peer_confirm_hash_len; - struct jpake_ctx *pctx = authctxt->jpake_ctx; - - if (pctx == NULL) - fatal("%s: pctx == NULL", __func__); - - peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len); - - authenticated = jpake_check_confirm(pctx->k, - pctx->client_id, pctx->client_id_len, - session_id2, session_id2_len, - peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid; - - JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); - - bzero(peer_confirm_hash, peer_confirm_hash_len); - xfree(peer_confirm_hash); - - buffer_clear(m); - buffer_put_int(m, authenticated); - - debug3("%s: sending result %d", __func__, authenticated); - mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m); - - monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1); - - auth_method = "jpake-01@openssh.com"; - return authenticated; -} - -#endif /* JPAKE */ diff --git a/crypto/openssh/monitor.h b/crypto/openssh/monitor.h index 5e7d552fb6..5bc41b513a 100644 --- a/crypto/openssh/monitor.h +++ b/crypto/openssh/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.16 2011/06/17 21:44:31 djm Exp $ */ +/* $OpenBSD: monitor.h,v 1.18 2014/01/29 06:18:35 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -28,44 +28,43 @@ #ifndef _MONITOR_H_ #define _MONITOR_H_ +/* Please keep *_REQ_* values on even numbers and *_ANS_* on odd numbers */ enum monitor_reqtype { - MONITOR_REQ_MODULI, MONITOR_ANS_MODULI, - MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV, - MONITOR_REQ_SIGN, MONITOR_ANS_SIGN, - MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM, - MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER, - MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD, - MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY, - MONITOR_REQ_BSDAUTHRESPOND, MONITOR_ANS_BSDAUTHRESPOND, - MONITOR_REQ_SKEYQUERY, MONITOR_ANS_SKEYQUERY, - MONITOR_REQ_SKEYRESPOND, MONITOR_ANS_SKEYRESPOND, - MONITOR_REQ_KEYALLOWED, MONITOR_ANS_KEYALLOWED, - MONITOR_REQ_KEYVERIFY, MONITOR_ANS_KEYVERIFY, - MONITOR_REQ_KEYEXPORT, - MONITOR_REQ_PTY, MONITOR_ANS_PTY, - MONITOR_REQ_PTYCLEANUP, - MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY, - MONITOR_REQ_SESSID, - MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED, - MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, - MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, - MONITOR_REQ_GSSSETUP, MONITOR_ANS_GSSSETUP, - MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP, - MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK, - MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC, - MONITOR_REQ_PAM_START, - MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT, - MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX, - MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, - MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, - MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, - MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, - MONITOR_REQ_TERM, - MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, - MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, - MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, - MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, - MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, + MONITOR_REQ_MODULI = 0, MONITOR_ANS_MODULI = 1, + MONITOR_REQ_FREE = 2, + MONITOR_REQ_AUTHSERV = 4, + MONITOR_REQ_SIGN = 6, MONITOR_ANS_SIGN = 7, + MONITOR_REQ_PWNAM = 8, MONITOR_ANS_PWNAM = 9, + MONITOR_REQ_AUTH2_READ_BANNER = 10, MONITOR_ANS_AUTH2_READ_BANNER = 11, + MONITOR_REQ_AUTHPASSWORD = 12, MONITOR_ANS_AUTHPASSWORD = 13, + MONITOR_REQ_BSDAUTHQUERY = 14, MONITOR_ANS_BSDAUTHQUERY = 15, + MONITOR_REQ_BSDAUTHRESPOND = 16, MONITOR_ANS_BSDAUTHRESPOND = 17, + MONITOR_REQ_SKEYQUERY = 18, MONITOR_ANS_SKEYQUERY = 19, + MONITOR_REQ_SKEYRESPOND = 20, MONITOR_ANS_SKEYRESPOND = 21, + MONITOR_REQ_KEYALLOWED = 22, MONITOR_ANS_KEYALLOWED = 23, + MONITOR_REQ_KEYVERIFY = 24, MONITOR_ANS_KEYVERIFY = 25, + MONITOR_REQ_KEYEXPORT = 26, + MONITOR_REQ_PTY = 28, MONITOR_ANS_PTY = 29, + MONITOR_REQ_PTYCLEANUP = 30, + MONITOR_REQ_SESSKEY = 32, MONITOR_ANS_SESSKEY = 33, + MONITOR_REQ_SESSID = 34, + MONITOR_REQ_RSAKEYALLOWED = 36, MONITOR_ANS_RSAKEYALLOWED = 37, + MONITOR_REQ_RSACHALLENGE = 38, MONITOR_ANS_RSACHALLENGE = 39, + MONITOR_REQ_RSARESPONSE = 40, MONITOR_ANS_RSARESPONSE = 41, + MONITOR_REQ_GSSSETUP = 42, MONITOR_ANS_GSSSETUP = 43, + MONITOR_REQ_GSSSTEP = 44, MONITOR_ANS_GSSSTEP = 45, + MONITOR_REQ_GSSUSEROK = 46, MONITOR_ANS_GSSUSEROK = 47, + MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49, + MONITOR_REQ_TERM = 50, + + MONITOR_REQ_PAM_START = 100, + MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103, + MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105, + MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107, + MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109, + MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, + MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, + }; struct mm_master; diff --git a/crypto/openssh/monitor_fdpass.c b/crypto/openssh/monitor_fdpass.c index 7eb6f5c6e1..100fa56609 100644 --- a/crypto/openssh/monitor_fdpass.c +++ b/crypto/openssh/monitor_fdpass.c @@ -34,12 +34,17 @@ #endif #include -#ifdef HAVE_POLL_H -#include -#endif #include #include +#ifdef HAVE_POLL_H +# include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif + #include "log.h" #include "monitor_fdpass.h" diff --git a/crypto/openssh/monitor_mm.c b/crypto/openssh/monitor_mm.c index faf9f3dcb4..0ba0658a14 100644 --- a/crypto/openssh/monitor_mm.c +++ b/crypto/openssh/monitor_mm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.c,v 1.16 2009/06/22 05:39:28 dtucker Exp $ */ +/* $OpenBSD: monitor_mm.c,v 1.19 2014/01/04 17:50:55 tedu Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -35,6 +35,8 @@ #include #include +#include +#include #include #include "xmalloc.h" @@ -45,7 +47,7 @@ static int mm_compare(struct mm_share *a, struct mm_share *b) { - long diff = (char *)a->address - (char *)b->address; + ptrdiff_t diff = (char *)a->address - (char *)b->address; if (diff == 0) return (0); @@ -64,7 +66,7 @@ mm_make_entry(struct mm_master *mm, struct mmtree *head, struct mm_share *tmp, *tmp2; if (mm->mmalloc == NULL) - tmp = xmalloc(sizeof(struct mm_share)); + tmp = xcalloc(1, sizeof(struct mm_share)); else tmp = mm_xmalloc(mm->mmalloc, sizeof(struct mm_share)); tmp->address = address; @@ -72,8 +74,8 @@ mm_make_entry(struct mm_master *mm, struct mmtree *head, tmp2 = RB_INSERT(mmtree, head, tmp); if (tmp2 != NULL) - fatal("mm_make_entry(%p): double address %p->%p(%lu)", - mm, tmp2, address, (u_long)size); + fatal("mm_make_entry(%p): double address %p->%p(%zu)", + mm, tmp2, address, size); return (tmp); } @@ -87,7 +89,7 @@ mm_create(struct mm_master *mmalloc, size_t size) struct mm_master *mm; if (mmalloc == NULL) - mm = xmalloc(sizeof(struct mm_master)); + mm = xcalloc(1, sizeof(struct mm_master)); else mm = mm_xmalloc(mmalloc, sizeof(struct mm_master)); @@ -100,7 +102,7 @@ mm_create(struct mm_master *mmalloc, size_t size) address = xmmap(size); if (address == (void *)MAP_FAILED) - fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); + fatal("mmap(%zu): %s", size, strerror(errno)); mm->address = address; mm->size = size; @@ -124,7 +126,7 @@ mm_freelist(struct mm_master *mmalloc, struct mmtree *head) next = RB_NEXT(mmtree, head, mms); RB_REMOVE(mmtree, head, mms); if (mmalloc == NULL) - xfree(mms); + free(mms); else mm_free(mmalloc, mms); } @@ -140,14 +142,14 @@ mm_destroy(struct mm_master *mm) #ifdef HAVE_MMAP if (munmap(mm->address, mm->size) == -1) - fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, + fatal("munmap(%p, %zu): %s", mm->address, mm->size, strerror(errno)); #else fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif if (mm->mmalloc == NULL) - xfree(mm); + free(mm); else mm_free(mm->mmalloc, mm); } @@ -159,7 +161,8 @@ mm_xmalloc(struct mm_master *mm, size_t size) address = mm_malloc(mm, size); if (address == NULL) - fatal("%s: mm_malloc(%lu)", __func__, (u_long)size); + fatal("%s: mm_malloc(%zu)", __func__, size); + memset(address, 0, size); return (address); } @@ -193,12 +196,12 @@ mm_malloc(struct mm_master *mm, size_t size) /* Does not change order in RB tree */ mms->size -= size; - mms->address = (u_char *)mms->address + size; + mms->address = (char *)mms->address + size; if (mms->size == 0) { RB_REMOVE(mmtree, &mm->rb_free, mms); if (mm->mmalloc == NULL) - xfree(mms); + free(mms); else mm_free(mm->mmalloc, mms); } @@ -246,15 +249,15 @@ mm_free(struct mm_master *mm, void *address) /* Check if range does not overlap */ if (prev != NULL && MM_ADDRESS_END(prev) > address) - fatal("mm_free: memory corruption: %p(%lu) > %p", - prev->address, (u_long)prev->size, address); + fatal("mm_free: memory corruption: %p(%zu) > %p", + prev->address, prev->size, address); /* See if we can merge backwards */ if (prev != NULL && MM_ADDRESS_END(prev) == address) { prev->size += mms->size; RB_REMOVE(mmtree, &mm->rb_free, mms); if (mm->mmalloc == NULL) - xfree(mms); + free(mms); else mm_free(mm->mmalloc, mms); } else @@ -269,8 +272,8 @@ mm_free(struct mm_master *mm, void *address) return; if (MM_ADDRESS_END(prev) > mms->address) - fatal("mm_free: memory corruption: %p < %p(%lu)", - mms->address, prev->address, (u_long)prev->size); + fatal("mm_free: memory corruption: %p < %p(%zu)", + mms->address, prev->address, prev->size); if (MM_ADDRESS_END(prev) != mms->address) return; @@ -278,7 +281,7 @@ mm_free(struct mm_master *mm, void *address) RB_REMOVE(mmtree, &mm->rb_free, mms); if (mm->mmalloc == NULL) - xfree(mms); + free(mms); else mm_free(mm->mmalloc, mms); } @@ -341,12 +344,12 @@ mm_share_sync(struct mm_master **pmm, struct mm_master **pmmalloc) void mm_memvalid(struct mm_master *mm, void *address, size_t size) { - void *end = (u_char *)address + size; + void *end = (char *)address + size; if (address < mm->address) fatal("mm_memvalid: address too small: %p", address); if (end < address) fatal("mm_memvalid: end < address: %p < %p", end, address); - if (end > (void *)((u_char *)mm->address + mm->size)) + if (end > MM_ADDRESS_END(mm)) fatal("mm_memvalid: address too large: %p", address); } diff --git a/crypto/openssh/monitor_mm.h b/crypto/openssh/monitor_mm.h index c890f77097..f1fae7e3bf 100644 --- a/crypto/openssh/monitor_mm.h +++ b/crypto/openssh/monitor_mm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.h,v 1.5 2008/04/29 11:20:31 otto Exp $ */ +/* $OpenBSD: monitor_mm.h,v 1.6 2014/01/04 17:50:55 tedu Exp $ */ /* * Copyright 2002 Niels Provos @@ -47,7 +47,7 @@ RB_PROTOTYPE(mmtree, mm_share, next, mm_compare) #define MM_MINSIZE 128 -#define MM_ADDRESS_END(x) (void *)((u_char *)(x)->address + (x)->size) +#define MM_ADDRESS_END(x) (void *)((char *)(x)->address + (x)->size) struct mm_master *mm_create(struct mm_master *, size_t); void mm_destroy(struct mm_master *); diff --git a/crypto/openssh/monitor_wrap.c b/crypto/openssh/monitor_wrap.c index 1f60658e98..45dc16951e 100644 --- a/crypto/openssh/monitor_wrap.c +++ b/crypto/openssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.73 2011/06/17 21:44:31 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.80 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -38,14 +38,18 @@ #include #include +#ifdef WITH_OPENSSL #include #include #include +#endif #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" +#ifdef WITH_OPENSSL #include "dh.h" +#endif #include "buffer.h" #include "key.h" #include "cipher.h" @@ -71,8 +75,6 @@ #include "atomicio.h" #include "monitor_fdpass.h" #include "misc.h" -#include "schnorr.h" -#include "jpake.h" #include "uuencode.h" #include "channels.h" @@ -176,6 +178,7 @@ mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m) rtype, type); } +#ifdef WITH_OPENSSL DH * mm_choose_dh(int min, int nbits, int max) { @@ -209,6 +212,7 @@ mm_choose_dh(int min, int nbits, int max) return (dh_new_group(g, p)); } +#endif int mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) @@ -259,8 +263,10 @@ mm_getpwnamallow(const char *username) fatal("%s: struct passwd size mismatch", __func__); pw->pw_name = buffer_get_string(&m, NULL); pw->pw_passwd = buffer_get_string(&m, NULL); +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS pw->pw_gecos = buffer_get_string(&m, NULL); -#ifdef HAVE_PW_CLASS_IN_PASSWD +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS pw->pw_class = buffer_get_string(&m, NULL); #endif pw->pw_dir = buffer_get_string(&m, NULL); @@ -286,7 +292,7 @@ out: #undef M_CP_STRARRAYOPT copy_set_server_options(&options, newopts, 1); - xfree(newopts); + free(newopts); buffer_free(&m); @@ -312,7 +318,7 @@ mm_auth2_read_banner(void) /* treat empty banner as missing banner */ if (strlen(banner) == 0) { - xfree(banner); + free(banner); banner = NULL; } return (banner); @@ -405,7 +411,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) buffer_put_cstring(&m, user ? user : ""); buffer_put_cstring(&m, host ? host : ""); buffer_put_string(&m, blob, len); - xfree(blob); + free(blob); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); @@ -448,7 +454,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) buffer_put_string(&m, blob, len); buffer_put_string(&m, sig, siglen); buffer_put_string(&m, data, datalen); - xfree(blob); + free(blob); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); @@ -480,7 +486,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) buffer_init(&b); buffer_append(&b, blob, blen); - newkey = xmalloc(sizeof(*newkey)); + newkey = xcalloc(1, sizeof(*newkey)); enc = &newkey->enc; mac = &newkey->mac; comp = &newkey->comp; @@ -491,25 +497,24 @@ mm_newkeys_from_blob(u_char *blob, int blen) enc->enabled = buffer_get_int(&b); enc->block_size = buffer_get_int(&b); enc->key = buffer_get_string(&b, &enc->key_len); - enc->iv = buffer_get_string(&b, &len); - if (len != enc->block_size) - fatal("%s: bad ivlen: expected %u != %u", __func__, - enc->block_size, len); + enc->iv = buffer_get_string(&b, &enc->iv_len); if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) fatal("%s: bad cipher name %s or pointer %p", __func__, enc->name, enc->cipher); /* Mac structure */ - mac->name = buffer_get_string(&b, NULL); - if (mac->name == NULL || mac_setup(mac, mac->name) == -1) - fatal("%s: can not setup mac %s", __func__, mac->name); - mac->enabled = buffer_get_int(&b); - mac->key = buffer_get_string(&b, &len); - if (len > mac->key_len) - fatal("%s: bad mac key length: %u > %d", __func__, len, - mac->key_len); - mac->key_len = len; + if (cipher_authlen(enc->cipher) == 0) { + mac->name = buffer_get_string(&b, NULL); + if (mac->name == NULL || mac_setup(mac, mac->name) == -1) + fatal("%s: can not setup mac %s", __func__, mac->name); + mac->enabled = buffer_get_int(&b); + mac->key = buffer_get_string(&b, &len); + if (len > mac->key_len) + fatal("%s: bad mac key length: %u > %d", __func__, len, + mac->key_len); + mac->key_len = len; + } /* Comp structure */ comp->type = buffer_get_int(&b); @@ -551,13 +556,15 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) buffer_put_int(&b, enc->enabled); buffer_put_int(&b, enc->block_size); buffer_put_string(&b, enc->key, enc->key_len); - packet_get_keyiv(mode, enc->iv, enc->block_size); - buffer_put_string(&b, enc->iv, enc->block_size); + packet_get_keyiv(mode, enc->iv, enc->iv_len); + buffer_put_string(&b, enc->iv, enc->iv_len); /* Mac structure */ - buffer_put_cstring(&b, mac->name); - buffer_put_int(&b, mac->enabled); - buffer_put_string(&b, mac->key, mac->key_len); + if (cipher_authlen(enc->cipher) == 0) { + buffer_put_cstring(&b, mac->name); + buffer_put_int(&b, mac->enabled); + buffer_put_string(&b, mac->key, mac->key_len); + } /* Comp structure */ buffer_put_int(&b, comp->type); @@ -571,7 +578,7 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) *blobp = xmalloc(len); memcpy(*blobp, buffer_ptr(&b), len); } - memset(buffer_ptr(&b), 0, len); + explicit_bzero(buffer_ptr(&b), len); buffer_free(&b); return len; } @@ -615,13 +622,13 @@ mm_send_keystate(struct monitor *monitor) key = xmalloc(keylen+1); /* add 1 if keylen == 0 */ keylen = packet_get_encryption_key(key); buffer_put_string(&m, key, keylen); - memset(key, 0, keylen); - xfree(key); + explicit_bzero(key, keylen); + free(key); ivlen = packet_get_keyiv_len(MODE_OUT); packet_get_keyiv(MODE_OUT, iv, ivlen); buffer_put_string(&m, iv, ivlen); - ivlen = packet_get_keyiv_len(MODE_OUT); + ivlen = packet_get_keyiv_len(MODE_IN); packet_get_keyiv(MODE_IN, iv, ivlen); buffer_put_string(&m, iv, ivlen); goto skip; @@ -639,13 +646,13 @@ mm_send_keystate(struct monitor *monitor) fatal("%s: conversion of newkeys failed", __func__); buffer_put_string(&m, blob, bloblen); - xfree(blob); + free(blob); if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen)) fatal("%s: conversion of newkeys failed", __func__); buffer_put_string(&m, blob, bloblen); - xfree(blob); + free(blob); packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); buffer_put_int(&m, seqnr); @@ -665,13 +672,13 @@ mm_send_keystate(struct monitor *monitor) p = xmalloc(plen+1); packet_get_keycontext(MODE_OUT, p); buffer_put_string(&m, p, plen); - xfree(p); + free(p); plen = packet_get_keycontext(MODE_IN, NULL); p = xmalloc(plen+1); packet_get_keycontext(MODE_IN, p); buffer_put_string(&m, p, plen); - xfree(p); + free(p); /* Compression state */ debug3("%s: Sending compression state", __func__); @@ -733,10 +740,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) buffer_free(&m); strlcpy(namebuf, p, namebuflen); /* Possible truncation */ - xfree(p); + free(p); buffer_append(&loginmsg, msg, strlen(msg)); - xfree(msg); + free(msg); if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) @@ -802,7 +809,7 @@ mm_do_pam_account(void) ret = buffer_get_int(&m); msg = buffer_get_string(&m, NULL); buffer_append(&loginmsg, msg, strlen(msg)); - xfree(msg); + free(msg); buffer_free(&m); @@ -911,6 +918,7 @@ mm_terminate(void) buffer_free(&m); } +#ifdef WITH_SSH1 int mm_ssh1_session_key(BIGNUM *num) { @@ -930,6 +938,7 @@ mm_ssh1_session_key(BIGNUM *num) return (rsafail); } +#endif static void mm_chall_setup(char **name, char **infotxt, u_int *numprompts, @@ -1032,7 +1041,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt, mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); - xfree(challenge); + free(challenge); return (0); } @@ -1077,6 +1086,7 @@ mm_ssh1_session_id(u_char session_id[16]) buffer_free(&m); } +#ifdef WITH_SSH1 int mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { @@ -1106,7 +1116,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) if ((key = key_from_blob(blob, blen)) == NULL) fatal("%s: key_from_blob failed", __func__); *rkey = key; - xfree(blob); + free(blob); } buffer_free(&m); @@ -1133,7 +1143,7 @@ mm_auth_rsa_generate_challenge(Key *key) buffer_init(&m); buffer_put_string(&m, blob, blen); - xfree(blob); + free(blob); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); @@ -1162,7 +1172,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) buffer_init(&m); buffer_put_string(&m, blob, blen); buffer_put_string(&m, response, 16); - xfree(blob); + free(blob); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); @@ -1172,6 +1182,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } +#endif #ifdef SSH_AUDIT_EVENTS void @@ -1289,164 +1300,3 @@ mm_ssh_gssapi_userok(char *user) } #endif /* GSSAPI */ -#ifdef JPAKE -void -mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s, - char **hash_scheme, char **salt) -{ - Buffer m; - - debug3("%s entering", __func__); - - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, - MONITOR_REQ_JPAKE_GET_PWDATA, &m); - - debug3("%s: waiting for MONITOR_ANS_JPAKE_GET_PWDATA", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_JPAKE_GET_PWDATA, &m); - - *hash_scheme = buffer_get_string(&m, NULL); - *salt = buffer_get_string(&m, NULL); - - buffer_free(&m); -} - -void -mm_jpake_step1(struct modp_group *grp, - u_char **id, u_int *id_len, - BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2, - u_char **priv1_proof, u_int *priv1_proof_len, - u_char **priv2_proof, u_int *priv2_proof_len) -{ - Buffer m; - - debug3("%s entering", __func__); - - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, - MONITOR_REQ_JPAKE_STEP1, &m); - - debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP1", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_JPAKE_STEP1, &m); - - if ((*priv1 = BN_new()) == NULL || - (*priv2 = BN_new()) == NULL || - (*g_priv1 = BN_new()) == NULL || - (*g_priv2 = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - *id = buffer_get_string(&m, id_len); - /* priv1 and priv2 are, well, private */ - buffer_get_bignum2(&m, *g_priv1); - buffer_get_bignum2(&m, *g_priv2); - *priv1_proof = buffer_get_string(&m, priv1_proof_len); - *priv2_proof = buffer_get_string(&m, priv2_proof_len); - - buffer_free(&m); -} - -void -mm_jpake_step2(struct modp_group *grp, BIGNUM *s, - BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2, - const u_char *theirid, u_int theirid_len, - const u_char *myid, u_int myid_len, - const u_char *theirpub1_proof, u_int theirpub1_proof_len, - const u_char *theirpub2_proof, u_int theirpub2_proof_len, - BIGNUM **newpub, - u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len) -{ - Buffer m; - - debug3("%s entering", __func__); - - buffer_init(&m); - /* monitor already has all bignums except theirpub1, theirpub2 */ - buffer_put_bignum2(&m, theirpub1); - buffer_put_bignum2(&m, theirpub2); - /* monitor already knows our id */ - buffer_put_string(&m, theirid, theirid_len); - buffer_put_string(&m, theirpub1_proof, theirpub1_proof_len); - buffer_put_string(&m, theirpub2_proof, theirpub2_proof_len); - - mm_request_send(pmonitor->m_recvfd, - MONITOR_REQ_JPAKE_STEP2, &m); - - debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP2", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_JPAKE_STEP2, &m); - - if ((*newpub = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - buffer_get_bignum2(&m, *newpub); - *newpub_exponent_proof = buffer_get_string(&m, - newpub_exponent_proof_len); - - buffer_free(&m); -} - -void -mm_jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val, - BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2, - BIGNUM *theirpub1, BIGNUM *theirpub2, - const u_char *my_id, u_int my_id_len, - const u_char *their_id, u_int their_id_len, - const u_char *sess_id, u_int sess_id_len, - const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len, - BIGNUM **k, - u_char **confirm_hash, u_int *confirm_hash_len) -{ - Buffer m; - - debug3("%s entering", __func__); - - buffer_init(&m); - /* monitor already has all bignums except step2_val */ - buffer_put_bignum2(&m, step2_val); - /* monitor already knows all the ids */ - buffer_put_string(&m, theirpriv2_s_proof, theirpriv2_s_proof_len); - - mm_request_send(pmonitor->m_recvfd, - MONITOR_REQ_JPAKE_KEY_CONFIRM, &m); - - debug3("%s: waiting for MONITOR_ANS_JPAKE_KEY_CONFIRM", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_JPAKE_KEY_CONFIRM, &m); - - /* 'k' is sensitive and stays in the monitor */ - *confirm_hash = buffer_get_string(&m, confirm_hash_len); - - buffer_free(&m); -} - -int -mm_jpake_check_confirm(const BIGNUM *k, - const u_char *peer_id, u_int peer_id_len, - const u_char *sess_id, u_int sess_id_len, - const u_char *peer_confirm_hash, u_int peer_confirm_hash_len) -{ - Buffer m; - int success = 0; - - debug3("%s entering", __func__); - - buffer_init(&m); - /* k is dummy in slave, ignored */ - /* monitor knows all the ids */ - buffer_put_string(&m, peer_confirm_hash, peer_confirm_hash_len); - mm_request_send(pmonitor->m_recvfd, - MONITOR_REQ_JPAKE_CHECK_CONFIRM, &m); - - debug3("%s: waiting for MONITOR_ANS_JPAKE_CHECK_CONFIRM", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_JPAKE_CHECK_CONFIRM, &m); - - success = buffer_get_int(&m); - buffer_free(&m); - - debug3("%s: success = %d", __func__, success); - return success; -} -#endif /* JPAKE */ diff --git a/crypto/openssh/monitor_wrap.h b/crypto/openssh/monitor_wrap.h index 0c7f2e3848..18c25010d9 100644 --- a/crypto/openssh/monitor_wrap.h +++ b/crypto/openssh/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.23 2011/06/17 21:44:31 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.24 2014/01/29 06:18:35 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -102,26 +102,6 @@ int mm_bsdauth_respond(void *, u_int, char **); int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); int mm_skey_respond(void *, u_int, char **); -/* jpake */ -struct modp_group; -void mm_auth2_jpake_get_pwdata(struct Authctxt *, BIGNUM **, char **, char **); -void mm_jpake_step1(struct modp_group *, u_char **, u_int *, - BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **, - u_char **, u_int *, u_char **, u_int *); -void mm_jpake_step2(struct modp_group *, BIGNUM *, - BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - const u_char *, u_int, const u_char *, u_int, - const u_char *, u_int, const u_char *, u_int, - BIGNUM **, u_char **, u_int *); -void mm_jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *, - BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - const u_char *, u_int, const u_char *, u_int, - const u_char *, u_int, const u_char *, u_int, - BIGNUM **, u_char **, u_int *); -int mm_jpake_check_confirm(const BIGNUM *, - const u_char *, u_int, const u_char *, u_int, const u_char *, u_int); - - /* zlib allocation hooks */ void *mm_zalloc(struct mm_master *, u_int, u_int); diff --git a/crypto/openssh/mux.c b/crypto/openssh/mux.c index 5e0e65ff3d..48f7a050fd 100644 --- a/crypto/openssh/mux.c +++ b/crypto/openssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.36 2012/07/06 01:37:21 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.48 2014/07/17 07:22:19 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -63,10 +63,6 @@ # include #endif -#ifdef HAVE_LIBUTIL_H -# include -#endif - #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "log.h" @@ -109,6 +105,11 @@ struct mux_session_confirm_ctx { u_int rid; }; +/* Context for stdio fwd open confirmation callback */ +struct mux_stdio_confirm_ctx { + u_int rid; +}; + /* Context for global channel callback */ struct mux_channel_confirm_ctx { u_int cid; /* channel id */ @@ -161,6 +162,7 @@ struct mux_master_state { #define MUX_FWD_DYNAMIC 3 static void mux_session_confirm(int, int, void *); +static void mux_stdio_confirm(int, int, void *); static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *); static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *); @@ -223,7 +225,8 @@ mux_master_control_cleanup_cb(int cid, void *unused) __func__, c->self, c->remote_id); c->remote_id = -1; sc->ctl_chan = -1; - if (sc->type != SSH_CHANNEL_OPEN) { + if (sc->type != SSH_CHANNEL_OPEN && + sc->type != SSH_CHANNEL_OPENING) { debug2("%s: channel %d: not open", __func__, sc->self); chan_mark_dead(sc); } else { @@ -290,13 +293,13 @@ process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r) char *value = buffer_get_string_ret(m, NULL); if (name == NULL || value == NULL) { - if (name != NULL) - xfree(name); + free(name); + free(value); goto malf; } debug2("Unrecognised slave extension \"%s\"", name); - xfree(name); - xfree(value); + free(name); + free(value); } state->hello_rcvd = 1; return 0; @@ -327,21 +330,17 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) (cctx->term = buffer_get_string_ret(m, &len)) == NULL || (cmd = buffer_get_string_ret(m, &len)) == NULL) { malf: - if (cmd != NULL) - xfree(cmd); - if (reserved != NULL) - xfree(reserved); + free(cmd); + free(reserved); for (j = 0; j < env_len; j++) - xfree(cctx->env[j]); - if (env_len > 0) - xfree(cctx->env); - if (cctx->term != NULL) - xfree(cctx->term); - xfree(cctx); + free(cctx->env[j]); + free(cctx->env); + free(cctx->term); + free(cctx); error("%s: malformed message", __func__); return -1; } - xfree(reserved); + free(reserved); reserved = NULL; while (buffer_len(m) > 0) { @@ -349,7 +348,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) if ((cp = buffer_get_string_ret(m, &len)) == NULL) goto malf; if (!env_permitted(cp)) { - xfree(cp); + free(cp); continue; } cctx->env = xrealloc(cctx->env, env_len + 2, @@ -370,7 +369,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) buffer_init(&cctx->cmd); buffer_append(&cctx->cmd, cmd, strlen(cmd)); - xfree(cmd); + free(cmd); cmd = NULL; /* Gather fds from client */ @@ -381,12 +380,11 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) for (j = 0; j < i; j++) close(new_fd[j]); for (j = 0; j < env_len; j++) - xfree(cctx->env[j]); - if (env_len > 0) - xfree(cctx->env); - xfree(cctx->term); + free(cctx->env[j]); + free(cctx->env); + free(cctx->term); buffer_free(&cctx->cmd); - xfree(cctx); + free(cctx); /* prepare reply */ buffer_put_int(r, MUX_S_FAILURE); @@ -411,14 +409,14 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) close(new_fd[0]); close(new_fd[1]); close(new_fd[2]); - xfree(cctx->term); + free(cctx->term); if (env_len != 0) { for (i = 0; i < env_len; i++) - xfree(cctx->env[i]); - xfree(cctx->env); + free(cctx->env[i]); + free(cctx->env); } buffer_free(&cctx->cmd); - xfree(cctx); + free(cctx); return 0; } @@ -517,29 +515,33 @@ process_mux_terminate(u_int rid, Channel *c, Buffer *m, Buffer *r) } static char * -format_forward(u_int ftype, Forward *fwd) +format_forward(u_int ftype, struct Forward *fwd) { char *ret; switch (ftype) { case MUX_FWD_LOCAL: xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d", + (fwd->listen_path != NULL) ? fwd->listen_path : (fwd->listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : + (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") : fwd->listen_host, fwd->listen_port, + (fwd->connect_path != NULL) ? fwd->connect_path : fwd->connect_host, fwd->connect_port); break; case MUX_FWD_DYNAMIC: xasprintf(&ret, "dynamic forward %.200s:%d -> *", (fwd->listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : + (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") : fwd->listen_host, fwd->listen_port); break; case MUX_FWD_REMOTE: xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d", + (fwd->listen_path != NULL) ? fwd->listen_path : (fwd->listen_host == NULL) ? "LOCALHOST" : fwd->listen_host, fwd->listen_port, + (fwd->connect_path != NULL) ? fwd->connect_path : fwd->connect_host, fwd->connect_port); break; default: @@ -559,14 +561,18 @@ compare_host(const char *a, const char *b) } static int -compare_forward(Forward *a, Forward *b) +compare_forward(struct Forward *a, struct Forward *b) { if (!compare_host(a->listen_host, b->listen_host)) return 0; + if (!compare_host(a->listen_path, b->listen_path)) + return 0; if (a->listen_port != b->listen_port) return 0; if (!compare_host(a->connect_host, b->connect_host)) return 0; + if (!compare_host(a->connect_path, b->connect_path)) + return 0; if (a->connect_port != b->connect_port) return 0; @@ -578,7 +584,7 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) { struct mux_channel_confirm_ctx *fctx = ctxt; char *failmsg = NULL; - Forward *rfwd; + struct Forward *rfwd; Channel *c; Buffer out; @@ -595,7 +601,8 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) rfwd = &options.remote_forwards[fctx->fid]; debug("%s: %s for: listen %d, connect %s:%d", __func__, type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", - rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); + rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path : + rfwd->connect_host, rfwd->connect_port); if (type == SSH2_MSG_REQUEST_SUCCESS) { if (rfwd->listen_port == 0) { rfwd->allocated_port = packet_get_int(); @@ -615,15 +622,19 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) } else { if (rfwd->listen_port == 0) channel_update_permitted_opens(rfwd->handle, -1); - xasprintf(&failmsg, "remote port forwarding failed for " - "listen port %d", rfwd->listen_port); + if (rfwd->listen_path != NULL) + xasprintf(&failmsg, "remote port forwarding failed for " + "listen path %s", rfwd->listen_path); + else + xasprintf(&failmsg, "remote port forwarding failed for " + "listen port %d", rfwd->listen_port); } fail: error("%s: %s", __func__, failmsg); buffer_put_int(&out, MUX_S_FAILURE); buffer_put_int(&out, fctx->rid); buffer_put_cstring(&out, failmsg); - xfree(failmsg); + free(failmsg); out: buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); buffer_free(&out); @@ -635,31 +646,46 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) static int process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) { - Forward fwd; + struct Forward fwd; char *fwd_desc = NULL; + char *listen_addr, *connect_addr; u_int ftype; + u_int lport, cport; int i, ret = 0, freefwd = 1; - fwd.listen_host = fwd.connect_host = NULL; + /* XXX - lport/cport check redundant */ if (buffer_get_int_ret(&ftype, m) != 0 || - (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&fwd.listen_port, m) != 0 || - (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&fwd.connect_port, m) != 0) { + (listen_addr = buffer_get_string_ret(m, NULL)) == NULL || + buffer_get_int_ret(&lport, m) != 0 || + (connect_addr = buffer_get_string_ret(m, NULL)) == NULL || + buffer_get_int_ret(&cport, m) != 0 || + (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) || + (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) { error("%s: malformed message", __func__); ret = -1; goto out; } - - if (*fwd.listen_host == '\0') { - xfree(fwd.listen_host); - fwd.listen_host = NULL; + if (*listen_addr == '\0') { + free(listen_addr); + listen_addr = NULL; } - if (*fwd.connect_host == '\0') { - xfree(fwd.connect_host); - fwd.connect_host = NULL; + if (*connect_addr == '\0') { + free(connect_addr); + connect_addr = NULL; } + memset(&fwd, 0, sizeof(fwd)); + fwd.listen_port = lport; + if (fwd.listen_port == PORT_STREAMLOCAL) + fwd.listen_path = listen_addr; + else + fwd.listen_host = listen_addr; + fwd.connect_port = cport; + if (fwd.connect_port == PORT_STREAMLOCAL) + fwd.connect_path = connect_addr; + else + fwd.connect_host = connect_addr; + debug2("%s: channel %d: request %s", __func__, c->self, (fwd_desc = format_forward(ftype, &fwd))); @@ -667,27 +693,30 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) ftype != MUX_FWD_DYNAMIC) { logit("%s: invalid forwarding type %u", __func__, ftype); invalid: - if (fwd.listen_host) - xfree(fwd.listen_host); - if (fwd.connect_host) - xfree(fwd.connect_host); + free(listen_addr); + free(connect_addr); buffer_put_int(r, MUX_S_FAILURE); buffer_put_int(r, rid); buffer_put_cstring(r, "Invalid forwarding request"); return 0; } - if (fwd.listen_port >= 65536) { + if (ftype == MUX_FWD_DYNAMIC && fwd.listen_path) { + logit("%s: streamlocal and dynamic forwards " + "are mutually exclusive", __func__); + goto invalid; + } + if (fwd.listen_port != PORT_STREAMLOCAL && fwd.listen_port >= 65536) { logit("%s: invalid listen port %u", __func__, fwd.listen_port); goto invalid; } - if (fwd.connect_port >= 65536 || (ftype != MUX_FWD_DYNAMIC && - ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) { + if ((fwd.connect_port != PORT_STREAMLOCAL && fwd.connect_port >= 65536) + || (ftype != MUX_FWD_DYNAMIC && ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) { logit("%s: invalid connect port %u", __func__, fwd.connect_port); goto invalid; } - if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL) { + if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL && fwd.connect_path == NULL) { logit("%s: missing connect host", __func__); goto invalid; } @@ -738,9 +767,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) } if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) { - if (channel_setup_local_fwd_listener(fwd.listen_host, - fwd.listen_port, fwd.connect_host, fwd.connect_port, - options.gateway_ports) < 0) { + if (!channel_setup_local_fwd_listener(&fwd, + &options.fwd_opts)) { fail: logit("slave-requested %s failed", fwd_desc); buffer_put_int(r, MUX_S_FAILURE); @@ -753,8 +781,7 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) } else { struct mux_channel_confirm_ctx *fctx; - fwd.handle = channel_request_remote_forwarding(fwd.listen_host, - fwd.listen_port, fwd.connect_host, fwd.connect_port); + fwd.handle = channel_request_remote_forwarding(&fwd); if (fwd.handle < 0) goto fail; add_remote_forward(&options, &fwd); @@ -772,13 +799,12 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) buffer_put_int(r, MUX_S_OK); buffer_put_int(r, rid); out: - if (fwd_desc != NULL) - xfree(fwd_desc); + free(fwd_desc); if (freefwd) { - if (fwd.listen_host != NULL) - xfree(fwd.listen_host); - if (fwd.connect_host != NULL) - xfree(fwd.connect_host); + free(fwd.listen_host); + free(fwd.listen_path); + free(fwd.connect_host); + free(fwd.connect_path); } return ret; } @@ -786,32 +812,47 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) static int process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) { - Forward fwd, *found_fwd; + struct Forward fwd, *found_fwd; char *fwd_desc = NULL; const char *error_reason = NULL; + char *listen_addr = NULL, *connect_addr = NULL; u_int ftype; - int i, listen_port, ret = 0; + int i, ret = 0; + u_int lport, cport; - fwd.listen_host = fwd.connect_host = NULL; if (buffer_get_int_ret(&ftype, m) != 0 || - (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&fwd.listen_port, m) != 0 || - (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&fwd.connect_port, m) != 0) { + (listen_addr = buffer_get_string_ret(m, NULL)) == NULL || + buffer_get_int_ret(&lport, m) != 0 || + (connect_addr = buffer_get_string_ret(m, NULL)) == NULL || + buffer_get_int_ret(&cport, m) != 0 || + (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) || + (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) { error("%s: malformed message", __func__); ret = -1; goto out; } - if (*fwd.listen_host == '\0') { - xfree(fwd.listen_host); - fwd.listen_host = NULL; + if (*listen_addr == '\0') { + free(listen_addr); + listen_addr = NULL; } - if (*fwd.connect_host == '\0') { - xfree(fwd.connect_host); - fwd.connect_host = NULL; + if (*connect_addr == '\0') { + free(connect_addr); + connect_addr = NULL; } + memset(&fwd, 0, sizeof(fwd)); + fwd.listen_port = lport; + if (fwd.listen_port == PORT_STREAMLOCAL) + fwd.listen_path = listen_addr; + else + fwd.listen_host = listen_addr; + fwd.connect_port = cport; + if (fwd.connect_port == PORT_STREAMLOCAL) + fwd.connect_path = connect_addr; + else + fwd.connect_host = connect_addr; + debug2("%s: channel %d: request cancel %s", __func__, c->self, (fwd_desc = format_forward(ftype, &fwd))); @@ -846,18 +887,14 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) * This shouldn't fail unless we confused the host/port * between options.remote_forwards and permitted_opens. * However, for dynamic allocated listen ports we need - * to lookup the actual listen port. + * to use the actual listen port. */ - listen_port = (fwd.listen_port == 0) ? - found_fwd->allocated_port : fwd.listen_port; - if (channel_request_rforward_cancel(fwd.listen_host, - listen_port) == -1) + if (channel_request_rforward_cancel(found_fwd) == -1) error_reason = "port not in permitted opens"; } else { /* local and dynamic forwards */ /* Ditto */ - if (channel_cancel_lport_listener(fwd.listen_host, - fwd.listen_port, fwd.connect_port, - options.gateway_ports) == -1) + if (channel_cancel_lport_listener(&fwd, fwd.connect_port, + &options.fwd_opts) == -1) error_reason = "port not found"; } @@ -865,11 +902,12 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) buffer_put_int(r, MUX_S_OK); buffer_put_int(r, rid); - if (found_fwd->listen_host != NULL) - xfree(found_fwd->listen_host); - if (found_fwd->connect_host != NULL) - xfree(found_fwd->connect_host); + free(found_fwd->listen_host); + free(found_fwd->listen_path); + free(found_fwd->connect_host); + free(found_fwd->connect_path); found_fwd->listen_host = found_fwd->connect_host = NULL; + found_fwd->listen_path = found_fwd->connect_path = NULL; found_fwd->listen_port = found_fwd->connect_port = 0; } else { buffer_put_int(r, MUX_S_FAILURE); @@ -877,12 +915,9 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) buffer_put_cstring(r, error_reason); } out: - if (fwd_desc != NULL) - xfree(fwd_desc); - if (fwd.listen_host != NULL) - xfree(fwd.listen_host); - if (fwd.connect_host != NULL) - xfree(fwd.connect_host); + free(fwd_desc); + free(listen_addr); + free(connect_addr); return ret; } @@ -894,19 +929,18 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) char *reserved, *chost; u_int cport, i, j; int new_fd[2]; + struct mux_stdio_confirm_ctx *cctx; chost = reserved = NULL; if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || (chost = buffer_get_string_ret(m, NULL)) == NULL || buffer_get_int_ret(&cport, m) != 0) { - if (reserved != NULL) - xfree(reserved); - if (chost != NULL) - xfree(chost); + free(reserved); + free(chost); error("%s: malformed message", __func__); return -1; } - xfree(reserved); + free(reserved); debug2("%s: channel %d: request stdio fwd to %s:%u", __func__, c->self, chost, cport); @@ -918,7 +952,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) __func__, i); for (j = 0; j < i; j++) close(new_fd[j]); - xfree(chost); + free(chost); /* prepare reply */ buffer_put_int(r, MUX_S_FAILURE); @@ -942,7 +976,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) cleanup: close(new_fd[0]); close(new_fd[1]); - xfree(chost); + free(chost); return 0; } @@ -975,15 +1009,60 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1); - /* prepare reply */ - /* XXX defer until channel confirmed */ - buffer_put_int(r, MUX_S_SESSION_OPENED); - buffer_put_int(r, rid); - buffer_put_int(r, nc->self); + cctx = xcalloc(1, sizeof(*cctx)); + cctx->rid = rid; + channel_register_open_confirm(nc->self, mux_stdio_confirm, cctx); + c->mux_pause = 1; /* stop handling messages until open_confirm done */ + /* reply is deferred, sent by mux_session_confirm */ return 0; } +/* Callback on open confirmation in mux master for a mux stdio fwd session. */ +static void +mux_stdio_confirm(int id, int success, void *arg) +{ + struct mux_stdio_confirm_ctx *cctx = arg; + Channel *c, *cc; + Buffer reply; + + if (cctx == NULL) + fatal("%s: cctx == NULL", __func__); + if ((c = channel_by_id(id)) == NULL) + fatal("%s: no channel for id %d", __func__, id); + if ((cc = channel_by_id(c->ctl_chan)) == NULL) + fatal("%s: channel %d lacks control channel %d", __func__, + id, c->ctl_chan); + + if (!success) { + debug3("%s: sending failure reply", __func__); + /* prepare reply */ + buffer_init(&reply); + buffer_put_int(&reply, MUX_S_FAILURE); + buffer_put_int(&reply, cctx->rid); + buffer_put_cstring(&reply, "Session open refused by peer"); + goto done; + } + + debug3("%s: sending success reply", __func__); + /* prepare reply */ + buffer_init(&reply); + buffer_put_int(&reply, MUX_S_SESSION_OPENED); + buffer_put_int(&reply, cctx->rid); + buffer_put_int(&reply, c->self); + + done: + /* Send reply */ + buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply)); + buffer_free(&reply); + + if (cc->mux_pause <= 0) + fatal("%s: mux_pause %d", __func__, cc->mux_pause); + cc->mux_pause = 0; /* start processing messages again */ + c->open_confirm_ctx = NULL; + free(cctx); +} + static int process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r) { @@ -1004,7 +1083,7 @@ process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r) if (mux_listener_channel != NULL) { channel_free(mux_listener_channel); client_stop_mux(); - xfree(options.control_path); + free(options.control_path); options.control_path = NULL; mux_listener_channel = NULL; muxserver_sock = -1; @@ -1023,7 +1102,7 @@ mux_master_read_cb(Channel *c) { struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx; Buffer in, out; - void *ptr; + const u_char *ptr; u_int type, rid, have, i; int ret = -1; @@ -1104,7 +1183,7 @@ mux_exit_message(Channel *c, int exitval) Buffer m; Channel *mux_chan; - debug3("%s: channel %d: exit message, evitval %d", __func__, c->self, + debug3("%s: channel %d: exit message, exitval %d", __func__, c->self, exitval); if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL) @@ -1146,12 +1225,11 @@ mux_tty_alloc_failed(Channel *c) void muxserver_listen(void) { - struct sockaddr_un addr; - socklen_t sun_len; mode_t old_umask; char *orig_control_path = options.control_path; char rbuf[16+1]; u_int i, r; + int oerrno; if (options.control_path == NULL || options.control_master == SSHCTL_MASTER_NO) @@ -1176,24 +1254,12 @@ muxserver_listen(void) xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf); debug3("%s: temporary control path %s", __func__, options.control_path); - memset(&addr, '\0', sizeof(addr)); - addr.sun_family = AF_UNIX; - sun_len = offsetof(struct sockaddr_un, sun_path) + - strlen(options.control_path) + 1; - - if (strlcpy(addr.sun_path, options.control_path, - sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) { - error("ControlPath \"%s\" too long for Unix domain socket", - options.control_path); - goto disable_mux_master; - } - - if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) - fatal("%s socket(): %s", __func__, strerror(errno)); - old_umask = umask(0177); - if (bind(muxserver_sock, (struct sockaddr *)&addr, sun_len) == -1) { - if (errno == EINVAL || errno == EADDRINUSE) { + muxserver_sock = unix_listener(options.control_path, 64, 0); + oerrno = errno; + umask(old_umask); + if (muxserver_sock < 0) { + if (oerrno == EINVAL || oerrno == EADDRINUSE) { error("ControlSocket %s already exists, " "disabling multiplexing", options.control_path); disable_mux_master: @@ -1201,18 +1267,16 @@ muxserver_listen(void) close(muxserver_sock); muxserver_sock = -1; } - xfree(orig_control_path); - xfree(options.control_path); + free(orig_control_path); + free(options.control_path); options.control_path = NULL; options.control_master = SSHCTL_MASTER_NO; return; - } else - fatal("%s bind(): %s", __func__, strerror(errno)); + } else { + /* unix_listener() logs the error */ + cleanup_exit(255); + } } - umask(old_umask); - - if (listen(muxserver_sock, 64) == -1) - fatal("%s listen(): %s", __func__, strerror(errno)); /* Now atomically "move" the mux socket into position */ if (link(options.control_path, orig_control_path) != 0) { @@ -1227,7 +1291,7 @@ muxserver_listen(void) goto disable_mux_master; } unlink(options.control_path); - xfree(options.control_path); + free(options.control_path); options.control_path = orig_control_path; set_nonblock(muxserver_sock); @@ -1312,13 +1376,13 @@ mux_session_confirm(int id, int success, void *arg) cc->mux_pause = 0; /* start processing messages again */ c->open_confirm_ctx = NULL; buffer_free(&cctx->cmd); - xfree(cctx->term); + free(cctx->term); if (cctx->env != NULL) { for (i = 0; cctx->env[i] != NULL; i++) - xfree(cctx->env[i]); - xfree(cctx->env); + free(cctx->env[i]); + free(cctx->env); } - xfree(cctx); + free(cctx); } /* ** Multiplexing client support */ @@ -1442,13 +1506,15 @@ mux_client_read_packet(int fd, Buffer *m) { Buffer queue; u_int need, have; - void *ptr; + const u_char *ptr; int oerrno; buffer_init(&queue); if (mux_client_read(fd, &queue, 4) != 0) { if ((oerrno = errno) == EPIPE) - debug3("%s: read header failed: %s", __func__, strerror(errno)); + debug3("%s: read header failed: %s", __func__, + strerror(errno)); + buffer_free(&queue); errno = oerrno; return -1; } @@ -1456,6 +1522,7 @@ mux_client_read_packet(int fd, Buffer *m) if (mux_client_read(fd, &queue, need) != 0) { oerrno = errno; debug3("%s: read body failed: %s", __func__, strerror(errno)); + buffer_free(&queue); errno = oerrno; return -1; } @@ -1502,8 +1569,8 @@ mux_client_hello_exchange(int fd) char *value = buffer_get_string(&m, NULL); debug2("Unrecognised master extension \"%s\"", name); - xfree(name); - xfree(value); + free(name); + free(value); } buffer_free(&m); return 0; @@ -1603,7 +1670,7 @@ mux_client_request_terminate(int fd) } static int -mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd) +mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) { Buffer m; char *e, *fwd_desc; @@ -1612,17 +1679,25 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd) fwd_desc = format_forward(ftype, fwd); debug("Requesting %s %s", cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); - xfree(fwd_desc); + free(fwd_desc); buffer_init(&m); buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); buffer_put_int(&m, muxclient_request_id); buffer_put_int(&m, ftype); - buffer_put_cstring(&m, - fwd->listen_host == NULL ? "" : fwd->listen_host); + if (fwd->listen_path != NULL) { + buffer_put_cstring(&m, fwd->listen_path); + } else { + buffer_put_cstring(&m, + fwd->listen_host == NULL ? "" : fwd->listen_host); + } buffer_put_int(&m, fwd->listen_port); - buffer_put_cstring(&m, - fwd->connect_host == NULL ? "" : fwd->connect_host); + if (fwd->connect_path != NULL) { + buffer_put_cstring(&m, fwd->connect_path); + } else { + buffer_put_cstring(&m, + fwd->connect_host == NULL ? "" : fwd->connect_host); + } buffer_put_int(&m, fwd->connect_port); if (mux_client_write_packet(fd, &m) != 0) @@ -1932,7 +2007,7 @@ mux_client_request_stdio_fwd(int fd) case MUX_S_FAILURE: e = buffer_get_string(&m, NULL); buffer_free(&m); - fatal("%s: stdio forwarding request failed: %s", __func__, e); + fatal("Stdio forwarding request failed: %s", e); default: buffer_free(&m); error("%s: unexpected response from master 0x%08x", diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h index b9b819c0ae..b35b2b8bdf 100644 --- a/crypto/openssh/myproposal.h +++ b/crypto/openssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */ +/* $OpenBSD: myproposal.h,v 1.41 2014/07/11 13:54:34 tedu Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,7 +26,10 @@ #include +/* conditional algorithm support */ + #ifdef OPENSSL_HAS_ECC +#ifdef OPENSSL_HAS_NISTP521 # define KEX_ECDH_METHODS \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," \ @@ -40,71 +43,155 @@ "ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp521," #else +# define KEX_ECDH_METHODS \ + "ecdh-sha2-nistp256," \ + "ecdh-sha2-nistp384," +# define HOSTKEY_ECDSA_CERT_METHODS \ + "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," +# define HOSTKEY_ECDSA_METHODS \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," +#endif +#else # define KEX_ECDH_METHODS # define HOSTKEY_ECDSA_CERT_METHODS # define HOSTKEY_ECDSA_METHODS #endif -/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ -#if OPENSSL_VERSION_NUMBER >= 0x00907000L +#ifdef OPENSSL_HAVE_EVPGCM +# define AESGCM_CIPHER_MODES \ + "aes128-gcm@openssh.com,aes256-gcm@openssh.com," +#else +# define AESGCM_CIPHER_MODES +#endif + +#ifdef HAVE_EVP_SHA256 # define KEX_SHA256_METHODS \ "diffie-hellman-group-exchange-sha256," +#define SHA2_HMAC_MODES \ + "hmac-sha2-256," \ + "hmac-sha2-512," #else # define KEX_SHA256_METHODS +# define SHA2_HMAC_MODES #endif -# define KEX_DEFAULT_KEX \ +#ifdef WITH_OPENSSL +# ifdef HAVE_EVP_SHA256 +# define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org," +# else +# define KEX_CURVE25519_METHODS "" +# endif +#define KEX_SERVER_KEX \ + KEX_CURVE25519_METHODS \ KEX_ECDH_METHODS \ KEX_SHA256_METHODS \ + "diffie-hellman-group14-sha1" + +#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \ "diffie-hellman-group-exchange-sha1," \ - "diffie-hellman-group14-sha1," \ "diffie-hellman-group1-sha1" #define KEX_DEFAULT_PK_ALG \ HOSTKEY_ECDSA_CERT_METHODS \ + "ssh-ed25519-cert-v01@openssh.com," \ "ssh-rsa-cert-v01@openssh.com," \ "ssh-dss-cert-v01@openssh.com," \ "ssh-rsa-cert-v00@openssh.com," \ "ssh-dss-cert-v00@openssh.com," \ HOSTKEY_ECDSA_METHODS \ + "ssh-ed25519," \ "ssh-rsa," \ "ssh-dss" -#define KEX_DEFAULT_ENCRYPT \ +/* the actual algorithms */ + +#define KEX_SERVER_ENCRYPT \ "aes128-ctr,aes192-ctr,aes256-ctr," \ + AESGCM_CIPHER_MODES \ + "chacha20-poly1305@openssh.com" + +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ "arcfour256,arcfour128," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" -#ifdef HAVE_EVP_SHA256 -#define SHA2_HMAC_MODES \ + +#define KEX_SERVER_MAC \ + "umac-64-etm@openssh.com," \ + "umac-128-etm@openssh.com," \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha1-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ "hmac-sha2-256," \ - "hmac-sha2-512," -#else -# define SHA2_HMAC_MODES -#endif -#define KEX_DEFAULT_MAC \ + "hmac-sha2-512," \ + "hmac-sha1" + +#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ + "hmac-md5-etm@openssh.com," \ + "hmac-ripemd160-etm@openssh.com," \ + "hmac-sha1-96-etm@openssh.com," \ + "hmac-md5-96-etm@openssh.com," \ "hmac-md5," \ - "hmac-sha1," \ - "umac-64@openssh.com," \ - SHA2_HMAC_MODES \ "hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ "hmac-sha1-96," \ "hmac-md5-96" +#else + +#define KEX_SERVER_KEX \ + "curve25519-sha256@libssh.org" +#define KEX_DEFAULT_PK_ALG \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-ed25519" +#define KEX_SERVER_ENCRYPT \ + "aes128-ctr,aes192-ctr,aes256-ctr," \ + "chacha20-poly1305@openssh.com" +#define KEX_SERVER_MAC \ + "umac-64-etm@openssh.com," \ + "umac-128-etm@openssh.com," \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha1-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512," \ + "hmac-sha1" + +#define KEX_CLIENT_KEX KEX_SERVER_KEX +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT +#define KEX_CLIENT_MAC KEX_SERVER_MAC + +#endif /* WITH_OPENSSL */ + #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" +#define KEX_CLIENT \ + KEX_CLIENT_KEX, \ + KEX_DEFAULT_PK_ALG, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_MAC, \ + KEX_CLIENT_MAC, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_LANG, \ + KEX_DEFAULT_LANG -static char *myproposal[PROPOSAL_MAX] = { - KEX_DEFAULT_KEX, - KEX_DEFAULT_PK_ALG, - KEX_DEFAULT_ENCRYPT, - KEX_DEFAULT_ENCRYPT, - KEX_DEFAULT_MAC, - KEX_DEFAULT_MAC, - KEX_DEFAULT_COMP, - KEX_DEFAULT_COMP, - KEX_DEFAULT_LANG, +#define KEX_SERVER \ + KEX_SERVER_KEX, \ + KEX_DEFAULT_PK_ALG, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_MAC, \ + KEX_SERVER_MAC, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_LANG, \ KEX_DEFAULT_LANG -}; + diff --git a/crypto/openssh/openbsd-compat/arc4random.c b/crypto/openssh/openbsd-compat/arc4random.c new file mode 100644 index 0000000000..09dbfda164 --- /dev/null +++ b/crypto/openssh/openbsd-compat/arc4random.c @@ -0,0 +1,294 @@ +/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */ + +/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * ChaCha based random number generator for OpenBSD. + */ + +#include "includes.h" + +#include +#include +#include +#include + +#ifndef HAVE_ARC4RANDOM + +#include +#include + +#include "log.h" + +#define KEYSTREAM_ONLY +#include "chacha_private.h" + +#ifdef __GNUC__ +#define inline __inline +#else /* !__GNUC__ */ +#define inline +#endif /* !__GNUC__ */ + +/* OpenSSH isn't multithreaded */ +#define _ARC4_LOCK() +#define _ARC4_UNLOCK() + +#define KEYSZ 32 +#define IVSZ 8 +#define BLOCKSZ 64 +#define RSBUFSZ (16*BLOCKSZ) +static int rs_initialized; +static pid_t rs_stir_pid; +static chacha_ctx rs; /* chacha context for random keystream */ +static u_char rs_buf[RSBUFSZ]; /* keystream blocks */ +static size_t rs_have; /* valid bytes at end of rs_buf */ +static size_t rs_count; /* bytes till reseed */ + +static inline void _rs_rekey(u_char *dat, size_t datlen); + +static inline void +_rs_init(u_char *buf, size_t n) +{ + if (n < KEYSZ + IVSZ) + return; + chacha_keysetup(&rs, buf, KEYSZ * 8, 0); + chacha_ivsetup(&rs, buf + KEYSZ); +} + +static void +_rs_stir(void) +{ + u_char rnd[KEYSZ + IVSZ]; + + if (RAND_bytes(rnd, sizeof(rnd)) <= 0) + fatal("Couldn't obtain random bytes (error %ld)", + ERR_get_error()); + + if (!rs_initialized) { + rs_initialized = 1; + _rs_init(rnd, sizeof(rnd)); + } else + _rs_rekey(rnd, sizeof(rnd)); + explicit_bzero(rnd, sizeof(rnd)); + + /* invalidate rs_buf */ + rs_have = 0; + memset(rs_buf, 0, RSBUFSZ); + + rs_count = 1600000; +} + +static inline void +_rs_stir_if_needed(size_t len) +{ + pid_t pid = getpid(); + + if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) { + rs_stir_pid = pid; + _rs_stir(); + } else + rs_count -= len; +} + +static inline void +_rs_rekey(u_char *dat, size_t datlen) +{ +#ifndef KEYSTREAM_ONLY + memset(rs_buf, 0,RSBUFSZ); +#endif + /* fill rs_buf with the keystream */ + chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ); + /* mix in optional user provided data */ + if (dat) { + size_t i, m; + + m = MIN(datlen, KEYSZ + IVSZ); + for (i = 0; i < m; i++) + rs_buf[i] ^= dat[i]; + } + /* immediately reinit for backtracking resistance */ + _rs_init(rs_buf, KEYSZ + IVSZ); + memset(rs_buf, 0, KEYSZ + IVSZ); + rs_have = RSBUFSZ - KEYSZ - IVSZ; +} + +static inline void +_rs_random_buf(void *_buf, size_t n) +{ + u_char *buf = (u_char *)_buf; + size_t m; + + _rs_stir_if_needed(n); + while (n > 0) { + if (rs_have > 0) { + m = MIN(n, rs_have); + memcpy(buf, rs_buf + RSBUFSZ - rs_have, m); + memset(rs_buf + RSBUFSZ - rs_have, 0, m); + buf += m; + n -= m; + rs_have -= m; + } + if (rs_have == 0) + _rs_rekey(NULL, 0); + } +} + +static inline void +_rs_random_u32(u_int32_t *val) +{ + _rs_stir_if_needed(sizeof(*val)); + if (rs_have < sizeof(*val)) + _rs_rekey(NULL, 0); + memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val)); + memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val)); + rs_have -= sizeof(*val); + return; +} + +void +arc4random_stir(void) +{ + _ARC4_LOCK(); + _rs_stir(); + _ARC4_UNLOCK(); +} + +void +arc4random_addrandom(u_char *dat, int datlen) +{ + int m; + + _ARC4_LOCK(); + if (!rs_initialized) + _rs_stir(); + while (datlen > 0) { + m = MIN(datlen, KEYSZ + IVSZ); + _rs_rekey(dat, m); + dat += m; + datlen -= m; + } + _ARC4_UNLOCK(); +} + +u_int32_t +arc4random(void) +{ + u_int32_t val; + + _ARC4_LOCK(); + _rs_random_u32(&val); + _ARC4_UNLOCK(); + return val; +} + +/* + * If we are providing arc4random, then we can provide a more efficient + * arc4random_buf(). + */ +# ifndef HAVE_ARC4RANDOM_BUF +void +arc4random_buf(void *buf, size_t n) +{ + _ARC4_LOCK(); + _rs_random_buf(buf, n); + _ARC4_UNLOCK(); +} +# endif /* !HAVE_ARC4RANDOM_BUF */ +#endif /* !HAVE_ARC4RANDOM */ + +/* arc4random_buf() that uses platform arc4random() */ +#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) +void +arc4random_buf(void *_buf, size_t n) +{ + size_t i; + u_int32_t r = 0; + char *buf = (char *)_buf; + + for (i = 0; i < n; i++) { + if (i % 4 == 0) + r = arc4random(); + buf[i] = r & 0xff; + r >>= 8; + } + explicit_bzero(&r, sizeof(r)); +} +#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */ + +#ifndef HAVE_ARC4RANDOM_UNIFORM +/* + * Calculate a uniformly distributed random number less than upper_bound + * avoiding "modulo bias". + * + * Uniformity is achieved by generating new random numbers until the one + * returned is outside the range [0, 2**32 % upper_bound). This + * guarantees the selected random number will be inside + * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) + * after reduction modulo upper_bound. + */ +u_int32_t +arc4random_uniform(u_int32_t upper_bound) +{ + u_int32_t r, min; + + if (upper_bound < 2) + return 0; + + /* 2**32 % x == (2**32 - x) % x */ + min = -upper_bound % upper_bound; + + /* + * This could theoretically loop forever but each retry has + * p > 0.5 (worst case, usually far better) of selecting a + * number inside the range we need, so it should rarely need + * to re-roll. + */ + for (;;) { + r = arc4random(); + if (r >= min) + break; + } + + return r % upper_bound; +} +#endif /* !HAVE_ARC4RANDOM_UNIFORM */ + +#if 0 +/*-------- Test code for i386 --------*/ +#include +#include +int +main(int argc, char **argv) +{ + const int iter = 1000000; + int i; + pctrval v; + + v = rdtsc(); + for (i = 0; i < iter; i++) + arc4random(); + v = rdtsc() - v; + v /= iter; + + printf("%qd cycles\n", v); + exit(0); +} +#endif diff --git a/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c b/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c new file mode 100644 index 0000000000..91b6ba07be --- /dev/null +++ b/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c @@ -0,0 +1,170 @@ +/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */ +/* + * Copyright (c) 2013 Ted Unangst + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifndef HAVE_BCRYPT_PBKDF + +#include +#include + +#ifdef HAVE_STDLIB_H +# include +#endif +#include + +#ifdef HAVE_BLF_H +# include +#endif + +#include "crypto_api.h" +#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES + +/* + * pkcs #5 pbkdf2 implementation using the "bcrypt" hash + * + * The bcrypt hash function is derived from the bcrypt password hashing + * function with the following modifications: + * 1. The input password and salt are preprocessed with SHA512. + * 2. The output length is expanded to 256 bits. + * 3. Subsequently the magic string to be encrypted is lengthened and modifed + * to "OxychromaticBlowfishSwatDynamite" + * 4. The hash function is defined to perform 64 rounds of initial state + * expansion. (More rounds are performed by iterating the hash.) + * + * Note that this implementation pulls the SHA512 operations into the caller + * as a performance optimization. + * + * One modification from official pbkdf2. Instead of outputting key material + * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to + * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an + * attacker can merely run once through the outer loop below, but the user + * always runs it twice. Shuffling output bytes requires computing the + * entirety of the key material to assemble any subkey. This is something a + * wise caller could do; we just do it for you. + */ + +#define BCRYPT_BLOCKS 8 +#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4) + +static void +bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out) +{ + blf_ctx state; + u_int8_t ciphertext[BCRYPT_HASHSIZE] = + "OxychromaticBlowfishSwatDynamite"; + uint32_t cdata[BCRYPT_BLOCKS]; + int i; + uint16_t j; + size_t shalen = SHA512_DIGEST_LENGTH; + + /* key expansion */ + Blowfish_initstate(&state); + Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); + for (i = 0; i < 64; i++) { + Blowfish_expand0state(&state, sha2salt, shalen); + Blowfish_expand0state(&state, sha2pass, shalen); + } + + /* encryption */ + j = 0; + for (i = 0; i < BCRYPT_BLOCKS; i++) + cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), + &j); + for (i = 0; i < 64; i++) + blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); + + /* copy out */ + for (i = 0; i < BCRYPT_BLOCKS; i++) { + out[4 * i + 3] = (cdata[i] >> 24) & 0xff; + out[4 * i + 2] = (cdata[i] >> 16) & 0xff; + out[4 * i + 1] = (cdata[i] >> 8) & 0xff; + out[4 * i + 0] = cdata[i] & 0xff; + } + + /* zap */ + memset(ciphertext, 0, sizeof(ciphertext)); + memset(cdata, 0, sizeof(cdata)); + memset(&state, 0, sizeof(state)); +} + +int +bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, + u_int8_t *key, size_t keylen, unsigned int rounds) +{ + u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; + u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; + u_int8_t out[BCRYPT_HASHSIZE]; + u_int8_t tmpout[BCRYPT_HASHSIZE]; + u_int8_t *countsalt; + size_t i, j, amt, stride; + uint32_t count; + + /* nothing crazy */ + if (rounds < 1) + return -1; + if (passlen == 0 || saltlen == 0 || keylen == 0 || + keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20) + return -1; + if ((countsalt = calloc(1, saltlen + 4)) == NULL) + return -1; + stride = (keylen + sizeof(out) - 1) / sizeof(out); + amt = (keylen + stride - 1) / stride; + + memcpy(countsalt, salt, saltlen); + + /* collapse password */ + crypto_hash_sha512(sha2pass, pass, passlen); + + /* generate key, sizeof(out) at a time */ + for (count = 1; keylen > 0; count++) { + countsalt[saltlen + 0] = (count >> 24) & 0xff; + countsalt[saltlen + 1] = (count >> 16) & 0xff; + countsalt[saltlen + 2] = (count >> 8) & 0xff; + countsalt[saltlen + 3] = count & 0xff; + + /* first round, salt is salt */ + crypto_hash_sha512(sha2salt, countsalt, saltlen + 4); + + bcrypt_hash(sha2pass, sha2salt, tmpout); + memcpy(out, tmpout, sizeof(out)); + + for (i = 1; i < rounds; i++) { + /* subsequent rounds, salt is previous output */ + crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout)); + bcrypt_hash(sha2pass, sha2salt, tmpout); + for (j = 0; j < sizeof(out); j++) + out[j] ^= tmpout[j]; + } + + /* + * pbkdf2 deviation: ouput the key material non-linearly. + */ + amt = MIN(amt, keylen); + for (i = 0; i < amt; i++) + key[i * stride + (count - 1)] = out[i]; + keylen -= amt; + } + + /* zap */ + memset(out, 0, sizeof(out)); + memset(countsalt, 0, saltlen + 4); + free(countsalt); + + return 0; +} +#endif /* HAVE_BCRYPT_PBKDF */ diff --git a/crypto/openssh/openbsd-compat/blf.h b/crypto/openssh/openbsd-compat/blf.h new file mode 100644 index 0000000000..f1ac5a5c2b --- /dev/null +++ b/crypto/openssh/openbsd-compat/blf.h @@ -0,0 +1,88 @@ +/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */ +/* + * Blowfish - a fast block cipher designed by Bruce Schneier + * + * Copyright 1997 Niels Provos + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _BLF_H_ +#define _BLF_H_ + +#include "includes.h" + +#if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) + +/* Schneier specifies a maximum key length of 56 bytes. + * This ensures that every key bit affects every cipher + * bit. However, the subkeys can hold up to 72 bytes. + * Warning: For normal blowfish encryption only 56 bytes + * of the key affect all cipherbits. + */ + +#define BLF_N 16 /* Number of Subkeys */ +#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ +#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */ + +/* Blowfish context */ +typedef struct BlowfishContext { + u_int32_t S[4][256]; /* S-Boxes */ + u_int32_t P[BLF_N + 2]; /* Subkeys */ +} blf_ctx; + +/* Raw access to customized Blowfish + * blf_key is just: + * Blowfish_initstate( state ) + * Blowfish_expand0state( state, key, keylen ) + */ + +void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *); +void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *); +void Blowfish_initstate(blf_ctx *); +void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); +void Blowfish_expandstate +(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); + +/* Standard Blowfish */ + +void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); +void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); +void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); + +void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); +void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); + +void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); +void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); + +/* Converts u_int8_t to u_int32_t */ +u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *); + +#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */ +#endif /* _BLF_H */ + diff --git a/crypto/openssh/openbsd-compat/blowfish.c b/crypto/openssh/openbsd-compat/blowfish.c new file mode 100644 index 0000000000..6c419549e7 --- /dev/null +++ b/crypto/openssh/openbsd-compat/blowfish.c @@ -0,0 +1,694 @@ +/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */ +/* + * Blowfish block cipher for OpenBSD + * Copyright 1997 Niels Provos + * All rights reserved. + * + * Implementation advice by David Mazieres . + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code is derived from section 14.3 and the given source + * in section V of Applied Cryptography, second edition. + * Blowfish is an unpatented fast block cipher designed by + * Bruce Schneier. + */ + +#include "includes.h" + +#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ + !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) + +#if 0 +#include /* used for debugging */ +#include +#endif + +#include +#include + +#undef inline +#ifdef __GNUC__ +#define inline __inline +#else /* !__GNUC__ */ +#define inline +#endif /* !__GNUC__ */ + +/* Function for Feistel Networks */ + +#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ + + (s)[0x100 + (((x)>>16)&0xFF)]) \ + ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ + + (s)[0x300 + ( (x) &0xFF)]) + +#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) + +void +Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) +{ + u_int32_t Xl; + u_int32_t Xr; + u_int32_t *s = c->S[0]; + u_int32_t *p = c->P; + + Xl = *xl; + Xr = *xr; + + Xl ^= p[0]; + BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); + BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); + BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); + BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); + BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); + BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); + BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); + BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); + + *xl = Xr ^ p[17]; + *xr = Xl; +} + +void +Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) +{ + u_int32_t Xl; + u_int32_t Xr; + u_int32_t *s = c->S[0]; + u_int32_t *p = c->P; + + Xl = *xl; + Xr = *xr; + + Xl ^= p[17]; + BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); + BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); + BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); + BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); + BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); + BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); + BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); + BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); + + *xl = Xr ^ p[0]; + *xr = Xl; +} + +void +Blowfish_initstate(blf_ctx *c) +{ + /* P-box and S-box tables initialized with digits of Pi */ + + static const blf_ctx initstate = + { { + { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, + { + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, + { + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, + { + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} + }, + { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b + } }; + + *c = initstate; +} + +u_int32_t +Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, + u_int16_t *current) +{ + u_int8_t i; + u_int16_t j; + u_int32_t temp; + + temp = 0x00000000; + j = *current; + + for (i = 0; i < 4; i++, j++) { + if (j >= databytes) + j = 0; + temp = (temp << 8) | data[j]; + } + + *current = j; + return temp; +} + +void +Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) +{ + u_int16_t i; + u_int16_t j; + u_int16_t k; + u_int32_t temp; + u_int32_t datal; + u_int32_t datar; + + j = 0; + for (i = 0; i < BLF_N + 2; i++) { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = Blowfish_stream2word(key, keybytes, &j); + c->P[i] = c->P[i] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for (i = 0; i < BLF_N + 2; i += 2) { + Blowfish_encipher(c, &datal, &datar); + + c->P[i] = datal; + c->P[i + 1] = datar; + } + + for (i = 0; i < 4; i++) { + for (k = 0; k < 256; k += 2) { + Blowfish_encipher(c, &datal, &datar); + + c->S[i][k] = datal; + c->S[i][k + 1] = datar; + } + } +} + + +void +Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, + const u_int8_t *key, u_int16_t keybytes) +{ + u_int16_t i; + u_int16_t j; + u_int16_t k; + u_int32_t temp; + u_int32_t datal; + u_int32_t datar; + + j = 0; + for (i = 0; i < BLF_N + 2; i++) { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = Blowfish_stream2word(key, keybytes, &j); + c->P[i] = c->P[i] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for (i = 0; i < BLF_N + 2; i += 2) { + datal ^= Blowfish_stream2word(data, databytes, &j); + datar ^= Blowfish_stream2word(data, databytes, &j); + Blowfish_encipher(c, &datal, &datar); + + c->P[i] = datal; + c->P[i + 1] = datar; + } + + for (i = 0; i < 4; i++) { + for (k = 0; k < 256; k += 2) { + datal ^= Blowfish_stream2word(data, databytes, &j); + datar ^= Blowfish_stream2word(data, databytes, &j); + Blowfish_encipher(c, &datal, &datar); + + c->S[i][k] = datal; + c->S[i][k + 1] = datar; + } + } + +} + +void +blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) +{ + /* Initialize S-boxes and subkeys with Pi */ + Blowfish_initstate(c); + + /* Transform S-boxes and subkeys with key */ + Blowfish_expand0state(c, k, len); +} + +void +blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) +{ + u_int32_t *d; + u_int16_t i; + + d = data; + for (i = 0; i < blocks; i++) { + Blowfish_encipher(c, d, d + 1); + d += 2; + } +} + +void +blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) +{ + u_int32_t *d; + u_int16_t i; + + d = data; + for (i = 0; i < blocks; i++) { + Blowfish_decipher(c, d, d + 1); + d += 2; + } +} + +void +blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i; + + for (i = 0; i < len; i += 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_encipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + data += 8; + } +} + +void +blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i; + + for (i = 0; i < len; i += 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + data += 8; + } +} + +void +blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i, j; + + for (i = 0; i < len; i += 8) { + for (j = 0; j < 8; j++) + data[j] ^= iv[j]; + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_encipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + iv = data; + data += 8; + } +} + +void +blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int8_t *iv; + u_int32_t i, j; + + iv = data + len - 16; + data = data + len - 8; + for (i = len - 8; i >= 8; i -= 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + for (j = 0; j < 8; j++) + data[j] ^= iv[j]; + iv -= 8; + data -= 8; + } + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + for (j = 0; j < 8; j++) + data[j] ^= iva[j]; +} + +#if 0 +void +report(u_int32_t data[], u_int16_t len) +{ + u_int16_t i; + for (i = 0; i < len; i += 2) + printf("Block %0hd: %08lx %08lx.\n", + i / 2, data[i], data[i + 1]); +} +void +main(void) +{ + + blf_ctx c; + char key[] = "AAAAA"; + char key2[] = "abcdefghijklmnopqrstuvwxyz"; + + u_int32_t data[10]; + u_int32_t data2[] = + {0x424c4f57l, 0x46495348l}; + + u_int16_t i; + + /* First test */ + for (i = 0; i < 10; i++) + data[i] = i; + + blf_key(&c, (u_int8_t *) key, 5); + blf_enc(&c, data, 5); + blf_dec(&c, data, 1); + blf_dec(&c, data + 2, 4); + printf("Should read as 0 - 9.\n"); + report(data, 10); + + /* Second test */ + blf_key(&c, (u_int8_t *) key2, strlen(key2)); + blf_enc(&c, data2, 1); + printf("\nShould read as: 0x324ed0fe 0xf413a203.\n"); + report(data2, 2); + blf_dec(&c, data2, 1); + report(data2, 2); +} +#endif + +#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ + !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */ + diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h index b4bcd04b7a..79cb2a197c 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h @@ -1,7 +1,7 @@ -/* $Id: bsd-cygwin_util.h,v 1.15 2012/08/28 09:57:19 dtucker Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.18 2014/05/27 04:34:43 djm Exp $ */ /* - * Copyright (c) 2000, 2001, 2011 Corinna Vinschen + * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -36,24 +36,31 @@ #undef ERROR -#define WIN32_LEAN_AND_MEAN +/* Avoid including windows headers. */ +typedef void *HANDLE; +#define INVALID_HANDLE_VALUE ((HANDLE) -1) +#define DNLEN 16 +#define UNLEN 256 + +/* Cygwin functions for which declarations are only available when including + windows headers, so we have to define them here explicitely. */ +extern HANDLE cygwin_logon_user (const struct passwd *, const char *); +extern void cygwin_set_impersonation_token (const HANDLE); -#include #include #include -/* Make sure _WIN32 isn't defined later in the code, otherwise headers from - other packages might get the wrong idea about the target system. */ -#ifdef _WIN32 -#undef _WIN32 -#endif +#define CYGWIN_SSH_PRIVSEP_USER (cygwin_ssh_privsep_user()) +const char *cygwin_ssh_privsep_user(); int binary_open(const char *, int , ...); int check_ntsec(const char *); char **fetch_windows_environment(void); void free_windows_environment(char **); +#ifndef NO_BINARY_OPEN #define open binary_open +#endif #endif /* HAVE_CYGWIN */ diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c index 3ef373f566..65e800397c 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.c +++ b/crypto/openssh/openbsd-compat/bsd-misc.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include "xmalloc.h" @@ -165,6 +166,17 @@ int nanosleep(const struct timespec *req, struct timespec *rem) } #endif +#if !defined(HAVE_USLEEP) +int usleep(unsigned int useconds) +{ + struct timespec ts; + + ts.tv_sec = useconds / 1000000; + ts.tv_nsec = (useconds % 1000000) * 1000; + return nanosleep(&ts, NULL); +} +#endif + #ifndef HAVE_TCGETPGRP pid_t tcgetpgrp(int fd) @@ -242,8 +254,25 @@ strdup(const char *str) #endif #ifndef HAVE_ISBLANK -int isblank(int c) +int +isblank(int c) { return (c == ' ' || c == '\t'); } #endif + +#ifndef HAVE_GETPGID +pid_t +getpgid(pid_t pid) +{ +#if defined(HAVE_GETPGRP) && !defined(GETPGRP_VOID) + return getpgrp(pid); +#elif defined(HAVE_GETPGRP) + if (pid == 0) + return getpgrp(); +#endif + + errno = ESRCH; + return -1; +} +#endif diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h index eac5217ca5..65c18ec2f0 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.h +++ b/crypto/openssh/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.21 2012/07/03 22:50:10 dtucker Exp $ */ +/* $Id: bsd-misc.h,v 1.25 2013/08/04 11:48:41 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller @@ -80,6 +80,10 @@ struct timespec { int nanosleep(const struct timespec *, struct timespec *); #endif +#ifndef HAVE_USLEEP +int usleep(unsigned int useconds); +#endif + #ifndef HAVE_TCGETPGRP pid_t tcgetpgrp(int); #endif @@ -102,4 +106,20 @@ mysig_t mysignal(int sig, mysig_t act); int isblank(int); #endif +#ifndef HAVE_GETPGID +pid_t getpgid(pid_t); +#endif + +#ifndef HAVE_ENDGRENT +# define endgrent() {} +#endif + +#ifndef HAVE_KRB5_GET_ERROR_MESSAGE +# define krb5_get_error_message krb5_get_err_text +#endif + +#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE +# define krb5_free_error_message(a,b) while(0) +#endif + #endif /* _BSD_MISC_H */ diff --git a/crypto/openssh/openbsd-compat/bsd-setres_id.c b/crypto/openssh/openbsd-compat/bsd-setres_id.c new file mode 100644 index 0000000000..018bde8c76 --- /dev/null +++ b/crypto/openssh/openbsd-compat/bsd-setres_id.c @@ -0,0 +1,100 @@ +/* $Id: bsd-setres_id.c,v 1.2 2013/12/07 21:23:09 djm Exp $ */ + +/* + * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include + +#include +#include +#include + +#include "log.h" + +#if !defined(HAVE_SETRESGID) || defined(BROKEN_SETRESGID) +int +setresgid(gid_t rgid, gid_t egid, gid_t sgid) +{ + int ret = 0, saved_errno; + + if (rgid != sgid) { + errno = ENOSYS; + return -1; + } +#if defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID) + if (setregid(rgid, egid) < 0) { + saved_errno = errno; + error("setregid %u: %.100s", rgid, strerror(errno)); + errno = saved_errno; + ret = -1; + } +#else + if (setegid(egid) < 0) { + saved_errno = errno; + error("setegid %u: %.100s", (u_int)egid, strerror(errno)); + errno = saved_errno; + ret = -1; + } + if (setgid(rgid) < 0) { + saved_errno = errno; + error("setgid %u: %.100s", rgid, strerror(errno)); + errno = saved_errno; + ret = -1; + } +#endif + return ret; +} +#endif + +#if !defined(HAVE_SETRESUID) || defined(BROKEN_SETRESUID) +int +setresuid(uid_t ruid, uid_t euid, uid_t suid) +{ + int ret = 0, saved_errno; + + if (ruid != suid) { + errno = ENOSYS; + return -1; + } +#if defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID) + if (setreuid(ruid, euid) < 0) { + saved_errno = errno; + error("setreuid %u: %.100s", ruid, strerror(errno)); + errno = saved_errno; + ret = -1; + } +#else + +# ifndef SETEUID_BREAKS_SETUID + if (seteuid(euid) < 0) { + saved_errno = errno; + error("seteuid %u: %.100s", euid, strerror(errno)); + errno = saved_errno; + ret = -1; + } +# endif + if (setuid(ruid) < 0) { + saved_errno = errno; + error("setuid %u: %.100s", ruid, strerror(errno)); + errno = saved_errno; + ret = -1; + } +#endif + return ret; +} +#endif diff --git a/crypto/openssh/ssh-pkcs11.h b/crypto/openssh/openbsd-compat/bsd-setres_id.h similarity index 73% copy from crypto/openssh/ssh-pkcs11.h copy to crypto/openssh/openbsd-compat/bsd-setres_id.h index 59f456adf0..6c269e0b91 100644 --- a/crypto/openssh/ssh-pkcs11.h +++ b/crypto/openssh/openbsd-compat/bsd-setres_id.h @@ -1,6 +1,7 @@ -/* $OpenBSD: ssh-pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ +/* $Id: bsd-setres_id.h,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */ + /* - * Copyright (c) 2010 Markus Friedl. All rights reserved. + * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +15,10 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -int pkcs11_init(int); -void pkcs11_terminate(void); -int pkcs11_add_provider(char *, char *, Key ***); -int pkcs11_del_provider(char *); + +#ifndef HAVE_SETRESGID +int setresgid(gid_t, gid_t, gid_t); +#endif +#ifndef HAVE_SETRESUID +int setresuid(uid_t, uid_t, uid_t); +#endif diff --git a/crypto/openssh/openbsd-compat/bsd-statvfs.h b/crypto/openssh/openbsd-compat/bsd-statvfs.h index da215ffc68..dfd6099741 100644 --- a/crypto/openssh/openbsd-compat/bsd-statvfs.h +++ b/crypto/openssh/openbsd-compat/bsd-statvfs.h @@ -1,7 +1,7 @@ -/* $Id: bsd-statvfs.h,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */ +/* $Id: bsd-statvfs.h,v 1.3 2014/01/17 07:48:22 dtucker Exp $ */ /* - * Copyright (c) 2008 Darren Tucker + * Copyright (c) 2008,2014 Darren Tucker * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -18,14 +18,17 @@ #include "includes.h" +#if !defined(HAVE_STATVFS) || !defined(HAVE_FSTATVFS) + #include +#ifdef HAVE_SYS_MOUNT_H +#include +#endif #ifdef HAVE_SYS_STATFS_H #include #endif -#ifndef HAVE_STATVFS - #ifndef HAVE_FSBLKCNT_T typedef unsigned long fsblkcnt_t; #endif diff --git a/crypto/openssh/openbsd-compat/chacha_private.h b/crypto/openssh/openbsd-compat/chacha_private.h new file mode 100644 index 0000000000..7c3680fa6d --- /dev/null +++ b/crypto/openssh/openbsd-compat/chacha_private.h @@ -0,0 +1,222 @@ +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ + +typedef unsigned char u8; +typedef unsigned int u32; + +typedef struct +{ + u32 input[16]; /* could be compressed */ +} chacha_ctx; + +#define U8C(v) (v##U) +#define U32C(v) (v##U) + +#define U8V(v) ((u8)(v) & U8C(0xFF)) +#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) + +#define ROTL32(v, n) \ + (U32V((v) << (n)) | ((v) >> (32 - (n)))) + +#define U8TO32_LITTLE(p) \ + (((u32)((p)[0]) ) | \ + ((u32)((p)[1]) << 8) | \ + ((u32)((p)[2]) << 16) | \ + ((u32)((p)[3]) << 24)) + +#define U32TO8_LITTLE(p, v) \ + do { \ + (p)[0] = U8V((v) ); \ + (p)[1] = U8V((v) >> 8); \ + (p)[2] = U8V((v) >> 16); \ + (p)[3] = U8V((v) >> 24); \ + } while (0) + +#define ROTATE(v,c) (ROTL32(v,c)) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ + a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); + +static const char sigma[16] = "expand 32-byte k"; +static const char tau[16] = "expand 16-byte k"; + +static void +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +{ + const char *constants; + + x->input[4] = U8TO32_LITTLE(k + 0); + x->input[5] = U8TO32_LITTLE(k + 4); + x->input[6] = U8TO32_LITTLE(k + 8); + x->input[7] = U8TO32_LITTLE(k + 12); + if (kbits == 256) { /* recommended */ + k += 16; + constants = sigma; + } else { /* kbits == 128 */ + constants = tau; + } + x->input[8] = U8TO32_LITTLE(k + 0); + x->input[9] = U8TO32_LITTLE(k + 4); + x->input[10] = U8TO32_LITTLE(k + 8); + x->input[11] = U8TO32_LITTLE(k + 12); + x->input[0] = U8TO32_LITTLE(constants + 0); + x->input[1] = U8TO32_LITTLE(constants + 4); + x->input[2] = U8TO32_LITTLE(constants + 8); + x->input[3] = U8TO32_LITTLE(constants + 12); +} + +static void +chacha_ivsetup(chacha_ctx *x,const u8 *iv) +{ + x->input[12] = 0; + x->input[13] = 0; + x->input[14] = U8TO32_LITTLE(iv + 0); + x->input[15] = U8TO32_LITTLE(iv + 4); +} + +static void +chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + u8 *ctarget = NULL; + u8 tmp[64]; + u_int i; + + if (!bytes) return; + + j0 = x->input[0]; + j1 = x->input[1]; + j2 = x->input[2]; + j3 = x->input[3]; + j4 = x->input[4]; + j5 = x->input[5]; + j6 = x->input[6]; + j7 = x->input[7]; + j8 = x->input[8]; + j9 = x->input[9]; + j10 = x->input[10]; + j11 = x->input[11]; + j12 = x->input[12]; + j13 = x->input[13]; + j14 = x->input[14]; + j15 = x->input[15]; + + for (;;) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) tmp[i] = m[i]; + m = tmp; + ctarget = c; + c = tmp; + } + x0 = j0; + x1 = j1; + x2 = j2; + x3 = j3; + x4 = j4; + x5 = j5; + x6 = j6; + x7 = j7; + x8 = j8; + x9 = j9; + x10 = j10; + x11 = j11; + x12 = j12; + x13 = j13; + x14 = j14; + x15 = j15; + for (i = 20;i > 0;i -= 2) { + QUARTERROUND( x0, x4, x8,x12) + QUARTERROUND( x1, x5, x9,x13) + QUARTERROUND( x2, x6,x10,x14) + QUARTERROUND( x3, x7,x11,x15) + QUARTERROUND( x0, x5,x10,x15) + QUARTERROUND( x1, x6,x11,x12) + QUARTERROUND( x2, x7, x8,x13) + QUARTERROUND( x3, x4, x9,x14) + } + x0 = PLUS(x0,j0); + x1 = PLUS(x1,j1); + x2 = PLUS(x2,j2); + x3 = PLUS(x3,j3); + x4 = PLUS(x4,j4); + x5 = PLUS(x5,j5); + x6 = PLUS(x6,j6); + x7 = PLUS(x7,j7); + x8 = PLUS(x8,j8); + x9 = PLUS(x9,j9); + x10 = PLUS(x10,j10); + x11 = PLUS(x11,j11); + x12 = PLUS(x12,j12); + x13 = PLUS(x13,j13); + x14 = PLUS(x14,j14); + x15 = PLUS(x15,j15); + +#ifndef KEYSTREAM_ONLY + x0 = XOR(x0,U8TO32_LITTLE(m + 0)); + x1 = XOR(x1,U8TO32_LITTLE(m + 4)); + x2 = XOR(x2,U8TO32_LITTLE(m + 8)); + x3 = XOR(x3,U8TO32_LITTLE(m + 12)); + x4 = XOR(x4,U8TO32_LITTLE(m + 16)); + x5 = XOR(x5,U8TO32_LITTLE(m + 20)); + x6 = XOR(x6,U8TO32_LITTLE(m + 24)); + x7 = XOR(x7,U8TO32_LITTLE(m + 28)); + x8 = XOR(x8,U8TO32_LITTLE(m + 32)); + x9 = XOR(x9,U8TO32_LITTLE(m + 36)); + x10 = XOR(x10,U8TO32_LITTLE(m + 40)); + x11 = XOR(x11,U8TO32_LITTLE(m + 44)); + x12 = XOR(x12,U8TO32_LITTLE(m + 48)); + x13 = XOR(x13,U8TO32_LITTLE(m + 52)); + x14 = XOR(x14,U8TO32_LITTLE(m + 56)); + x15 = XOR(x15,U8TO32_LITTLE(m + 60)); +#endif + + j12 = PLUSONE(j12); + if (!j12) { + j13 = PLUSONE(j13); + /* stopping at 2^70 bytes per nonce is user's responsibility */ + } + + U32TO8_LITTLE(c + 0,x0); + U32TO8_LITTLE(c + 4,x1); + U32TO8_LITTLE(c + 8,x2); + U32TO8_LITTLE(c + 12,x3); + U32TO8_LITTLE(c + 16,x4); + U32TO8_LITTLE(c + 20,x5); + U32TO8_LITTLE(c + 24,x6); + U32TO8_LITTLE(c + 28,x7); + U32TO8_LITTLE(c + 32,x8); + U32TO8_LITTLE(c + 36,x9); + U32TO8_LITTLE(c + 40,x10); + U32TO8_LITTLE(c + 44,x11); + U32TO8_LITTLE(c + 48,x12); + U32TO8_LITTLE(c + 52,x13); + U32TO8_LITTLE(c + 56,x14); + U32TO8_LITTLE(c + 60,x15); + + if (bytes <= 64) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) ctarget[i] = c[i]; + } + x->input[12] = j12; + x->input[13] = j13; + return; + } + bytes -= 64; + c += 64; +#ifndef KEYSTREAM_ONLY + m += 64; +#endif + } +} diff --git a/crypto/openssh/openbsd-compat/explicit_bzero.c b/crypto/openssh/openbsd-compat/explicit_bzero.c new file mode 100644 index 0000000000..3c85a4843a --- /dev/null +++ b/crypto/openssh/openbsd-compat/explicit_bzero.c @@ -0,0 +1,40 @@ +/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */ +/* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */ +/* + * Public domain. + * Written by Ted Unangst + */ + +#include "includes.h" + +/* + * explicit_bzero - don't let the compiler optimize away bzero + */ + +#ifndef HAVE_EXPLICIT_BZERO + +#ifdef HAVE_MEMSET_S + +void +explicit_bzero(void *p, size_t n) +{ + (void)memset_s(p, n, 0, n); +} + +#else /* HAVE_MEMSET_S */ + +/* + * Indirect bzero through a volatile pointer to hopefully avoid + * dead-store optimisation eliminating the call. + */ +static void (* volatile ssh_bzero)(void *, size_t) = bzero; + +void +explicit_bzero(void *p, size_t n) +{ + ssh_bzero(p, n); +} + +#endif /* HAVE_MEMSET_S */ + +#endif /* HAVE_EXPLICIT_BZERO */ diff --git a/crypto/openssh/openbsd-compat/getopt.h b/crypto/openssh/openbsd-compat/getopt.h new file mode 100644 index 0000000000..8eb12447ed --- /dev/null +++ b/crypto/openssh/openbsd-compat/getopt.h @@ -0,0 +1,74 @@ +/* $OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $ */ +/* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */ + +/*- + * Copyright (c) 2000 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Dieter Baron and Thomas Klausner. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _GETOPT_H_ +#define _GETOPT_H_ + +/* + * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions + */ +#define no_argument 0 +#define required_argument 1 +#define optional_argument 2 + +struct option { + /* name of long option */ + const char *name; + /* + * one of no_argument, required_argument, and optional_argument: + * whether option takes an argument + */ + int has_arg; + /* if not NULL, set *flag to val when option found */ + int *flag; + /* if flag not NULL, value to set *flag to; else return value */ + int val; +}; + +int getopt_long(int, char * const *, const char *, + const struct option *, int *); +int getopt_long_only(int, char * const *, const char *, + const struct option *, int *); +#ifndef _GETOPT_DEFINED_ +#define _GETOPT_DEFINED_ +int getopt(int, char * const *, const char *); +int getsubopt(char **, char * const *, char **); + +extern char *optarg; /* getopt(3) external variables */ +extern int opterr; +extern int optind; +extern int optopt; +extern int optreset; +extern char *suboptarg; /* getsubopt(3) external variable */ +#endif + +#endif /* !_GETOPT_H_ */ diff --git a/crypto/openssh/openbsd-compat/getopt_long.c b/crypto/openssh/openbsd-compat/getopt_long.c new file mode 100644 index 0000000000..e289474305 --- /dev/null +++ b/crypto/openssh/openbsd-compat/getopt_long.c @@ -0,0 +1,532 @@ +/* $OpenBSD: getopt_long.c,v 1.25 2011/03/05 22:10:11 guenther Exp $ */ +/* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */ + +/* + * Copyright (c) 2002 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ +/*- + * Copyright (c) 2000 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Dieter Baron and Thomas Klausner. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt_long.c */ +#include "includes.h" + +#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) + +/* + * Some defines to make it easier to keep the code in sync with upstream. + * getopt opterr optind optopt optreset optarg are all in defines.h which is + * pulled in by includes.h. + */ +#define warnx logit + +#if 0 +#include +#include +#endif +#include +#include +#include +#include + +#include "log.h" + +int opterr = 1; /* if error message should be printed */ +int optind = 1; /* index into parent argv vector */ +int optopt = '?'; /* character checked for validity */ +int optreset; /* reset getopt */ +char *optarg; /* argument associated with option */ + +#define PRINT_ERROR ((opterr) && (*options != ':')) + +#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ +#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ +#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ + +/* return values */ +#define BADCH (int)'?' +#define BADARG ((*options == ':') ? (int)':' : (int)'?') +#define INORDER (int)1 + +#define EMSG "" + +static int getopt_internal(int, char * const *, const char *, + const struct option *, int *, int); +static int parse_long_options(char * const *, const char *, + const struct option *, int *, int); +static int gcd(int, int); +static void permute_args(int, int, int, char * const *); + +static char *place = EMSG; /* option letter processing */ + +/* XXX: set optreset to 1 rather than these two */ +static int nonopt_start = -1; /* first non option argument (for permute) */ +static int nonopt_end = -1; /* first option after non options (for permute) */ + +/* Error messages */ +static const char recargchar[] = "option requires an argument -- %c"; +static const char recargstring[] = "option requires an argument -- %s"; +static const char ambig[] = "ambiguous option -- %.*s"; +static const char noarg[] = "option doesn't take an argument -- %.*s"; +static const char illoptchar[] = "unknown option -- %c"; +static const char illoptstring[] = "unknown option -- %s"; + +/* + * Compute the greatest common divisor of a and b. + */ +static int +gcd(int a, int b) +{ + int c; + + c = a % b; + while (c != 0) { + a = b; + b = c; + c = a % b; + } + + return (b); +} + +/* + * Exchange the block from nonopt_start to nonopt_end with the block + * from nonopt_end to opt_end (keeping the same order of arguments + * in each block). + */ +static void +permute_args(int panonopt_start, int panonopt_end, int opt_end, + char * const *nargv) +{ + int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; + char *swap; + + /* + * compute lengths of blocks and number and size of cycles + */ + nnonopts = panonopt_end - panonopt_start; + nopts = opt_end - panonopt_end; + ncycle = gcd(nnonopts, nopts); + cyclelen = (opt_end - panonopt_start) / ncycle; + + for (i = 0; i < ncycle; i++) { + cstart = panonopt_end+i; + pos = cstart; + for (j = 0; j < cyclelen; j++) { + if (pos >= panonopt_end) + pos -= nnonopts; + else + pos += nopts; + swap = nargv[pos]; + /* LINTED const cast */ + ((char **) nargv)[pos] = nargv[cstart]; + /* LINTED const cast */ + ((char **)nargv)[cstart] = swap; + } + } +} + +/* + * parse_long_options -- + * Parse long options in argc/argv argument vector. + * Returns -1 if short_too is set and the option does not match long_options. + */ +static int +parse_long_options(char * const *nargv, const char *options, + const struct option *long_options, int *idx, int short_too) +{ + char *current_argv, *has_equal; + size_t current_argv_len; + int i, match; + + current_argv = place; + match = -1; + + optind++; + + if ((has_equal = strchr(current_argv, '=')) != NULL) { + /* argument found (--option=arg) */ + current_argv_len = has_equal - current_argv; + has_equal++; + } else + current_argv_len = strlen(current_argv); + + for (i = 0; long_options[i].name; i++) { + /* find matching long option */ + if (strncmp(current_argv, long_options[i].name, + current_argv_len)) + continue; + + if (strlen(long_options[i].name) == current_argv_len) { + /* exact match */ + match = i; + break; + } + /* + * If this is a known short option, don't allow + * a partial match of a single character. + */ + if (short_too && current_argv_len == 1) + continue; + + if (match == -1) /* partial match */ + match = i; + else { + /* ambiguous abbreviation */ + if (PRINT_ERROR) + warnx(ambig, (int)current_argv_len, + current_argv); + optopt = 0; + return (BADCH); + } + } + if (match != -1) { /* option found */ + if (long_options[match].has_arg == no_argument + && has_equal) { + if (PRINT_ERROR) + warnx(noarg, (int)current_argv_len, + current_argv); + /* + * XXX: GNU sets optopt to val regardless of flag + */ + if (long_options[match].flag == NULL) + optopt = long_options[match].val; + else + optopt = 0; + return (BADARG); + } + if (long_options[match].has_arg == required_argument || + long_options[match].has_arg == optional_argument) { + if (has_equal) + optarg = has_equal; + else if (long_options[match].has_arg == + required_argument) { + /* + * optional argument doesn't use next nargv + */ + optarg = nargv[optind++]; + } + } + if ((long_options[match].has_arg == required_argument) + && (optarg == NULL)) { + /* + * Missing argument; leading ':' indicates no error + * should be generated. + */ + if (PRINT_ERROR) + warnx(recargstring, + current_argv); + /* + * XXX: GNU sets optopt to val regardless of flag + */ + if (long_options[match].flag == NULL) + optopt = long_options[match].val; + else + optopt = 0; + --optind; + return (BADARG); + } + } else { /* unknown option */ + if (short_too) { + --optind; + return (-1); + } + if (PRINT_ERROR) + warnx(illoptstring, current_argv); + optopt = 0; + return (BADCH); + } + if (idx) + *idx = match; + if (long_options[match].flag) { + *long_options[match].flag = long_options[match].val; + return (0); + } else + return (long_options[match].val); +} + +/* + * getopt_internal -- + * Parse argc/argv argument vector. Called by user level routines. + */ +static int +getopt_internal(int nargc, char * const *nargv, const char *options, + const struct option *long_options, int *idx, int flags) +{ + char *oli; /* option letter list index */ + int optchar, short_too; + static int posixly_correct = -1; + + if (options == NULL) + return (-1); + + /* + * XXX Some GNU programs (like cvs) set optind to 0 instead of + * XXX using optreset. Work around this braindamage. + */ + if (optind == 0) + optind = optreset = 1; + + /* + * Disable GNU extensions if POSIXLY_CORRECT is set or options + * string begins with a '+'. + */ + if (posixly_correct == -1 || optreset) + posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); + if (*options == '-') + flags |= FLAG_ALLARGS; + else if (posixly_correct || *options == '+') + flags &= ~FLAG_PERMUTE; + if (*options == '+' || *options == '-') + options++; + + optarg = NULL; + if (optreset) + nonopt_start = nonopt_end = -1; +start: + if (optreset || !*place) { /* update scanning pointer */ + optreset = 0; + if (optind >= nargc) { /* end of argument vector */ + place = EMSG; + if (nonopt_end != -1) { + /* do permutation, if we have to */ + permute_args(nonopt_start, nonopt_end, + optind, nargv); + optind -= nonopt_end - nonopt_start; + } + else if (nonopt_start != -1) { + /* + * If we skipped non-options, set optind + * to the first of them. + */ + optind = nonopt_start; + } + nonopt_start = nonopt_end = -1; + return (-1); + } + if (*(place = nargv[optind]) != '-' || + (place[1] == '\0' && strchr(options, '-') == NULL)) { + place = EMSG; /* found non-option */ + if (flags & FLAG_ALLARGS) { + /* + * GNU extension: + * return non-option as argument to option 1 + */ + optarg = nargv[optind++]; + return (INORDER); + } + if (!(flags & FLAG_PERMUTE)) { + /* + * If no permutation wanted, stop parsing + * at first non-option. + */ + return (-1); + } + /* do permutation */ + if (nonopt_start == -1) + nonopt_start = optind; + else if (nonopt_end != -1) { + permute_args(nonopt_start, nonopt_end, + optind, nargv); + nonopt_start = optind - + (nonopt_end - nonopt_start); + nonopt_end = -1; + } + optind++; + /* process next argument */ + goto start; + } + if (nonopt_start != -1 && nonopt_end == -1) + nonopt_end = optind; + + /* + * If we have "-" do nothing, if "--" we are done. + */ + if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { + optind++; + place = EMSG; + /* + * We found an option (--), so if we skipped + * non-options, we have to permute. + */ + if (nonopt_end != -1) { + permute_args(nonopt_start, nonopt_end, + optind, nargv); + optind -= nonopt_end - nonopt_start; + } + nonopt_start = nonopt_end = -1; + return (-1); + } + } + + /* + * Check long options if: + * 1) we were passed some + * 2) the arg is not just "-" + * 3) either the arg starts with -- we are getopt_long_only() + */ + if (long_options != NULL && place != nargv[optind] && + (*place == '-' || (flags & FLAG_LONGONLY))) { + short_too = 0; + if (*place == '-') + place++; /* --foo long option */ + else if (*place != ':' && strchr(options, *place) != NULL) + short_too = 1; /* could be short option too */ + + optchar = parse_long_options(nargv, options, long_options, + idx, short_too); + if (optchar != -1) { + place = EMSG; + return (optchar); + } + } + + if ((optchar = (int)*place++) == (int)':' || + (optchar == (int)'-' && *place != '\0') || + (oli = strchr(options, optchar)) == NULL) { + /* + * If the user specified "-" and '-' isn't listed in + * options, return -1 (non-option) as per POSIX. + * Otherwise, it is an unknown option character (or ':'). + */ + if (optchar == (int)'-' && *place == '\0') + return (-1); + if (!*place) + ++optind; + if (PRINT_ERROR) + warnx(illoptchar, optchar); + optopt = optchar; + return (BADCH); + } + if (long_options != NULL && optchar == 'W' && oli[1] == ';') { + /* -W long-option */ + if (*place) /* no space */ + /* NOTHING */; + else if (++optind >= nargc) { /* no arg */ + place = EMSG; + if (PRINT_ERROR) + warnx(recargchar, optchar); + optopt = optchar; + return (BADARG); + } else /* white space */ + place = nargv[optind]; + optchar = parse_long_options(nargv, options, long_options, + idx, 0); + place = EMSG; + return (optchar); + } + if (*++oli != ':') { /* doesn't take argument */ + if (!*place) + ++optind; + } else { /* takes (optional) argument */ + optarg = NULL; + if (*place) /* no white space */ + optarg = place; + else if (oli[1] != ':') { /* arg not optional */ + if (++optind >= nargc) { /* no arg */ + place = EMSG; + if (PRINT_ERROR) + warnx(recargchar, optchar); + optopt = optchar; + return (BADARG); + } else + optarg = nargv[optind]; + } + place = EMSG; + ++optind; + } + /* dump back option letter */ + return (optchar); +} + +/* + * getopt -- + * Parse argc/argv argument vector. + * + * [eventually this will replace the BSD getopt] + */ +int +getopt(int nargc, char * const *nargv, const char *options) +{ + + /* + * We don't pass FLAG_PERMUTE to getopt_internal() since + * the BSD getopt(3) (unlike GNU) has never done this. + * + * Furthermore, since many privileged programs call getopt() + * before dropping privileges it makes sense to keep things + * as simple (and bug-free) as possible. + */ + return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); +} + +#if 0 +/* + * getopt_long -- + * Parse argc/argv argument vector. + */ +int +getopt_long(int nargc, char * const *nargv, const char *options, + const struct option *long_options, int *idx) +{ + + return (getopt_internal(nargc, nargv, options, long_options, idx, + FLAG_PERMUTE)); +} + +/* + * getopt_long_only -- + * Parse argc/argv argument vector. + */ +int +getopt_long_only(int nargc, char * const *nargv, const char *options, + const struct option *long_options, int *idx) +{ + + return (getopt_internal(nargc, nargv, options, long_options, idx, + FLAG_PERMUTE|FLAG_LONGONLY)); +} +#endif + +#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ diff --git a/crypto/openssh/openbsd-compat/kludge-fd_set.c b/crypto/openssh/openbsd-compat/kludge-fd_set.c new file mode 100644 index 0000000000..6c2ffb64bd --- /dev/null +++ b/crypto/openssh/openbsd-compat/kludge-fd_set.c @@ -0,0 +1,28 @@ +/* Placed in the public domain. */ + +/* + * _FORTIFY_SOURCE includes a misguided check for FD_SET(n)/FD_ISSET(b) + * where n > FD_SETSIZE. This breaks OpenSSH and other programs that + * explicitly allocate fd_sets. To avoid this, we wrap FD_SET in a + * function compiled without _FORTIFY_SOURCE. + */ + +#include "config.h" + +#if defined(HAVE_FEATURES_H) && defined(_FORTIFY_SOURCE) +# include +# if defined(__GNU_LIBRARY__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) +# undef _FORTIFY_SOURCE +# undef __USE_FORTIFY_LEVEL +# include +void kludge_FD_SET(int n, fd_set *set) { + FD_SET(n, set); +} +int kludge_FD_ISSET(int n, fd_set *set) { + return FD_ISSET(n, set); +} +# endif /* __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) */ +# endif /* __GNU_LIBRARY__ && __GLIBC_PREREQ */ +#endif /* HAVE_FEATURES_H && _FORTIFY_SOURCE */ + diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h index 807acf6267..ce6abae823 100644 --- a/crypto/openssh/openbsd-compat/openbsd-compat.h +++ b/crypto/openssh/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.52 2011/09/23 01:16:11 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.62 2014/09/30 23:43:08 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -44,6 +44,7 @@ #include "vis.h" #include "getrrsetbyname.h" #include "sha2.h" +#include "blf.h" #ifndef HAVE_BASENAME char *basename(const char *path); @@ -111,6 +112,10 @@ char *dirname(const char *path); int fmt_scaled(long long number, char *result); #endif +#ifndef HAVE_SCAN_SCALED +int scan_scaled(char *, long long *); +#endif + #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) char *inet_ntoa(struct in_addr in); #endif @@ -139,6 +144,7 @@ int getgrouplist(const char *, gid_t, gid_t *, int *); #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) int BSDgetopt(int argc, char * const *argv, const char *opts); +#include "openbsd-compat/getopt.h" #endif #if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 @@ -149,15 +155,20 @@ int writev(int, struct iovec *, int); /* Home grown routines */ #include "bsd-misc.h" +#include "bsd-setres_id.h" #include "bsd-statvfs.h" #include "bsd-waitpid.h" #include "bsd-poll.h" #ifndef HAVE_GETPEEREID int getpeereid(int , uid_t *, gid_t *); -#endif +#endif -#ifndef HAVE_ARC4RANDOM +#ifdef HAVE_ARC4RANDOM +# ifndef HAVE_ARC4RANDOM_STIR +# define arc4random_stir() +# endif +#else unsigned int arc4random(void); void arc4random_stir(void); #endif /* !HAVE_ARC4RANDOM */ @@ -189,10 +200,23 @@ int snprintf(char *, size_t, SNPRINTF_CONST char *, ...); long long strtoll(const char *, char **, int); #endif +#ifndef HAVE_STRTOUL +unsigned long strtoul(const char *, char **, int); +#endif + +#ifndef HAVE_STRTOULL +unsigned long long strtoull(const char *, char **, int); +#endif + #ifndef HAVE_STRTONUM long long strtonum(const char *, long long, long long, const char **); #endif +/* multibyte character support */ +#ifndef HAVE_MBLEN +# define mblen(x, y) 1 +#endif + #if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) # include #endif @@ -217,6 +241,15 @@ char *group_from_gid(gid_t, int); int timingsafe_bcmp(const void *, const void *, size_t); #endif +#ifndef HAVE_BCRYPT_PBKDF +int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t, + u_int8_t *, size_t, unsigned int); +#endif + +#ifndef HAVE_EXPLICIT_BZERO +void explicit_bzero(void *p, size_t n); +#endif + void *xmmap(size_t size); char *xcrypt(const char *password, const char *salt); char *shadow_pw(struct passwd *pw); @@ -235,4 +268,20 @@ char *shadow_pw(struct passwd *pw); #include "port-tun.h" #include "port-uw.h" +/* _FORTIFY_SOURCE breaks FD_ISSET(n)/FD_SET(n) for n > FD_SETSIZE. Avoid. */ +#if defined(HAVE_FEATURES_H) && defined(_FORTIFY_SOURCE) +# include +# if defined(__GNU_LIBRARY__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) +# include /* Ensure include guard is defined */ +# undef FD_SET +# undef FD_ISSET +# define FD_SET(n, set) kludge_FD_SET(n, set) +# define FD_ISSET(n, set) kludge_FD_ISSET(n, set) +void kludge_FD_SET(int, fd_set *); +int kludge_FD_ISSET(int, fd_set *); +# endif /* __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) */ +# endif /* __GNU_LIBRARY__ && __GLIBC_PREREQ */ +#endif /* HAVE_FEATURES_H && _FORTIFY_SOURCE */ + #endif /* _OPENBSD_COMPAT_H */ diff --git a/crypto/openssh/openbsd-compat/openssl-compat.c b/crypto/openssh/openbsd-compat/openssl-compat.c dissimilarity index 62% index 5189cab616..36570e4ade 100644 --- a/crypto/openssh/openbsd-compat/openssl-compat.c +++ b/crypto/openssh/openbsd-compat/openssl-compat.c @@ -1,146 +1,80 @@ -/* $Id: openssl-compat.c,v 1.14 2011/05/10 01:13:38 dtucker Exp $ */ - -/* - * Copyright (c) 2005 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include - -#ifdef USE_OPENSSL_ENGINE -# include -# include -#endif - -#ifndef HAVE_RSA_GET_DEFAULT_METHOD -# include -#endif - -#include "log.h" - -#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS -#include "openssl-compat.h" - -#ifdef SSH_OLD_EVP -int -ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv, int enc) -{ - EVP_CipherInit(evp, type, key, iv, enc); - return 1; -} - -int -ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len) -{ - EVP_Cipher(evp, dst, src, len); - return 1; -} - -int -ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) -{ - EVP_CIPHER_CTX_cleanup(evp); - return 1; -} -#endif - -#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID -int -ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) -{ - EVP_DigestUpdate(ctx, d, cnt); - return 1; -} -#endif - -#ifndef HAVE_BN_IS_PRIME_EX -int -BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb) -{ - if (cb != NULL) - fatal("%s: callback args not supported", __func__); - return BN_is_prime(p, nchecks, NULL, ctx, NULL); -} -#endif - -#ifndef HAVE_RSA_GENERATE_KEY_EX -int -RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb) -{ - RSA *new_rsa, tmp_rsa; - unsigned long e; - - if (cb != NULL) - fatal("%s: callback args not supported", __func__); - e = BN_get_word(bn_e); - if (e == 0xffffffffL) - fatal("%s: value of e too large", __func__); - new_rsa = RSA_generate_key(bits, e, NULL, NULL); - if (new_rsa == NULL) - return 0; - /* swap rsa/new_rsa then free new_rsa */ - tmp_rsa = *rsa; - *rsa = *new_rsa; - *new_rsa = tmp_rsa; - RSA_free(new_rsa); - return 1; -} -#endif - -#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX -int -DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, - int seed_len, int *counter_ret, unsigned long *h_ret, void *cb) -{ - DSA *new_dsa, tmp_dsa; - - if (cb != NULL) - fatal("%s: callback args not supported", __func__); - new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len, - counter_ret, h_ret, NULL, NULL); - if (new_dsa == NULL) - return 0; - /* swap dsa/new_dsa then free new_dsa */ - tmp_dsa = *dsa; - *dsa = *new_dsa; - *new_dsa = tmp_dsa; - DSA_free(new_dsa); - return 1; -} -#endif - -#ifndef HAVE_RSA_GET_DEFAULT_METHOD -RSA_METHOD * -RSA_get_default_method(void) -{ - return RSA_PKCS1_SSLeay(); -} -#endif - -#ifdef USE_OPENSSL_ENGINE -void -ssh_OpenSSL_add_all_algorithms(void) -{ - OpenSSL_add_all_algorithms(); - - /* Enable use of crypto hardware */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - OPENSSL_config(NULL); -} -#endif +/* $Id: openssl-compat.c,v 1.19 2014/07/02 05:28:07 djm Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS +#include "includes.h" + +#include +#include + +#ifdef USE_OPENSSL_ENGINE +# include +# include +#endif + +#include "log.h" + +#include "openssl-compat.h" + +/* + * OpenSSL version numbers: MNNFFPPS: major minor fix patch status + * We match major, minor, fix and status (not patch) for <1.0.0. + * After that, we acceptable compatible fix versions (so we + * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed + * within a patch series. + */ + +int +ssh_compatible_openssl(long headerver, long libver) +{ + long mask, hfix, lfix; + + /* exact match is always OK */ + if (headerver == libver) + return 1; + + /* for versions < 1.0.0, major,minor,fix,status must match */ + if (headerver < 0x1000000f) { + mask = 0xfffff00fL; /* major,minor,fix,status */ + return (headerver & mask) == (libver & mask); + } + + /* + * For versions >= 1.0.0, major,minor,status must match and library + * fix version must be equal to or newer than the header. + */ + mask = 0xfff0000fL; /* major,minor,status */ + hfix = (headerver & 0x000ff000) >> 12; + lfix = (libver & 0x000ff000) >> 12; + if ( (headerver & mask) == (libver & mask) && lfix >= hfix) + return 1; + return 0; +} + +#ifdef USE_OPENSSL_ENGINE +void +ssh_OpenSSL_add_all_algorithms(void) +{ + OpenSSL_add_all_algorithms(); + + /* Enable use of crypto hardware */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + OPENSSL_config(NULL); +} +#endif diff --git a/crypto/openssh/openbsd-compat/openssl-compat.h b/crypto/openssh/openbsd-compat/openssl-compat.h dissimilarity index 60% index a151eff38b..3695d412b0 100644 --- a/crypto/openssh/openbsd-compat/openssl-compat.h +++ b/crypto/openssh/openbsd-compat/openssl-compat.h @@ -1,139 +1,93 @@ -/* $Id: openssl-compat.h,v 1.20 2012/01/17 03:03:39 dtucker Exp $ */ - -/* - * Copyright (c) 2005 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" -#include -#include -#include -#include - -/* Only in 0.9.8 */ -#ifndef OPENSSL_DSA_MAX_MODULUS_BITS -# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 -#endif -#ifndef OPENSSL_RSA_MAX_MODULUS_BITS -# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 -#endif - -/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ -#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) -# define OPENSSL_free(x) Free(x) -#endif - -#if OPENSSL_VERSION_NUMBER < 0x00906000L -# define SSH_OLD_EVP -# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) -#endif - -#if OPENSSL_VERSION_NUMBER < 0x1000000fL -# define LIBCRYPTO_EVP_INL_TYPE unsigned int -#else -# define LIBCRYPTO_EVP_INL_TYPE size_t -#endif - -#if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES) -# define USE_BUILTIN_RIJNDAEL -#endif - -#ifdef USE_BUILTIN_RIJNDAEL -# include "rijndael.h" -# define AES_KEY rijndael_ctx -# define AES_BLOCK_SIZE 16 -# define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b) -# define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1) -# define EVP_aes_128_cbc evp_rijndael -# define EVP_aes_192_cbc evp_rijndael -# define EVP_aes_256_cbc evp_rijndael -extern const EVP_CIPHER *evp_rijndael(void); -extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); -#endif - -#if !defined(EVP_CTRL_SET_ACSS_MODE) -# if (OPENSSL_VERSION_NUMBER >= 0x00907000L) -# define USE_CIPHER_ACSS 1 -extern const EVP_CIPHER *evp_acss(void); -# define EVP_acss evp_acss -# else -# define EVP_acss NULL -# endif -#endif - -/* OpenSSL 0.9.8e returns cipher key len not context key len */ -#if (OPENSSL_VERSION_NUMBER == 0x0090805fL) -# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) -#endif - -#ifndef HAVE_RSA_GET_DEFAULT_METHOD -RSA_METHOD *RSA_get_default_method(void); -#endif - -/* - * We overload some of the OpenSSL crypto functions with ssh_* equivalents - * which cater for older and/or less featureful OpenSSL version. - * - * In order for the compat library to call the real functions, it must - * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and - * implement the ssh_* equivalents. - */ -#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS - -# ifdef SSH_OLD_EVP -# ifdef EVP_Cipher -# undef EVP_Cipher -# endif -# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) -# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) -# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) -# endif /* SSH_OLD_EVP */ - -# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID -# define EVP_DigestUpdate(a,b,c) ssh_EVP_DigestUpdate((a),(b),(c)) -# endif - -# ifdef USE_OPENSSL_ENGINE -# ifdef OpenSSL_add_all_algorithms -# undef OpenSSL_add_all_algorithms -# endif -# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() -# endif - -# ifndef HAVE_BN_IS_PRIME_EX -int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, void *); -# endif - -# ifndef HAVE_DSA_GENERATE_PARAMETERS_EX -int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *, - unsigned long *, void *); -# endif - -# ifndef HAVE_RSA_GENERATE_KEY_EX -int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *); -# endif - -int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, - unsigned char *, int); -int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); -int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); -void ssh_OpenSSL_add_all_algorithms(void); - -# ifndef HAVE_HMAC_CTX_INIT -# define HMAC_CTX_init(a) -# endif - -#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ - +/* $Id: openssl-compat.h,v 1.31 2014/08/29 18:18:29 djm Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _OPENSSL_COMPAT_H +#define _OPENSSL_COMPAT_H + +#include "includes.h" +#include +#include +#include +#include + +int ssh_compatible_openssl(long, long); + +#if (OPENSSL_VERSION_NUMBER <= 0x0090805fL) +# error OpenSSL 0.9.8f or greater is required +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10000001L +# define LIBCRYPTO_EVP_INL_TYPE unsigned int +#else +# define LIBCRYPTO_EVP_INL_TYPE size_t +#endif + +#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +#endif +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif + +#ifndef OPENSSL_HAVE_EVPCTR +# define EVP_aes_128_ctr evp_aes_128_ctr +# define EVP_aes_192_ctr evp_aes_128_ctr +# define EVP_aes_256_ctr evp_aes_128_ctr +const EVP_CIPHER *evp_aes_128_ctr(void); +void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); +#endif + +/* Avoid some #ifdef. Code that uses these is unreachable without GCM */ +#if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) +# define EVP_CTRL_GCM_SET_IV_FIXED -1 +# define EVP_CTRL_GCM_IV_GEN -1 +# define EVP_CTRL_GCM_SET_TAG -1 +# define EVP_CTRL_GCM_GET_TAG -1 +#endif + +/* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */ +#ifndef HAVE_EVP_CIPHER_CTX_CTRL +# ifdef OPENSSL_HAVE_EVPGCM +# error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */ +# else +# define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0) +# endif +#endif + +/* + * We overload some of the OpenSSL crypto functions with ssh_* equivalents + * to automatically handle OpenSSL engine initialisation. + * + * In order for the compat library to call the real functions, it must + * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and + * implement the ssh_* equivalents. + */ +#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS + +# ifdef USE_OPENSSL_ENGINE +# ifdef OpenSSL_add_all_algorithms +# undef OpenSSL_add_all_algorithms +# endif +# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() +# endif + +void ssh_OpenSSL_add_all_algorithms(void); + +#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ + +#endif /* _OPENSSL_COMPAT_H */ diff --git a/crypto/openssh/openbsd-compat/strtoull.c b/crypto/openssh/openbsd-compat/strtoull.c new file mode 100644 index 0000000000..f7c818c527 --- /dev/null +++ b/crypto/openssh/openbsd-compat/strtoull.c @@ -0,0 +1,110 @@ +/* $OpenBSD: strtoull.c,v 1.5 2005/08/08 08:05:37 espie Exp $ */ +/*- + * Copyright (c) 1992 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoull.c */ + +#include "includes.h" +#ifndef HAVE_STRTOULL + +#include + +#include +#include +#include +#include + +/* + * Convert a string to an unsigned long long. + * + * Ignores `locale' stuff. Assumes that the upper and lower case + * alphabets and digits are each contiguous. + */ +unsigned long long +strtoull(const char *nptr, char **endptr, int base) +{ + const char *s; + unsigned long long acc, cutoff; + int c; + int neg, any, cutlim; + + /* + * See strtoq for comments as to the logic used. + */ + s = nptr; + do { + c = (unsigned char) *s++; + } while (isspace(c)); + if (c == '-') { + neg = 1; + c = *s++; + } else { + neg = 0; + if (c == '+') + c = *s++; + } + if ((base == 0 || base == 16) && + c == '0' && (*s == 'x' || *s == 'X')) { + c = s[1]; + s += 2; + base = 16; + } + if (base == 0) + base = c == '0' ? 8 : 10; + + cutoff = ULLONG_MAX / (unsigned long long)base; + cutlim = ULLONG_MAX % (unsigned long long)base; + for (acc = 0, any = 0;; c = (unsigned char) *s++) { + if (isdigit(c)) + c -= '0'; + else if (isalpha(c)) + c -= isupper(c) ? 'A' - 10 : 'a' - 10; + else + break; + if (c >= base) + break; + if (any < 0) + continue; + if (acc > cutoff || (acc == cutoff && c > cutlim)) { + any = -1; + acc = ULLONG_MAX; + errno = ERANGE; + } else { + any = 1; + acc *= (unsigned long long)base; + acc += c; + } + } + if (neg && any > 0) + acc = -acc; + if (endptr != 0) + *endptr = (char *) (any ? s - 1 : nptr); + return (acc); +} +#endif /* !HAVE_STRTOULL */ diff --git a/crypto/openssh/openbsd-compat/sys-queue.h b/crypto/openssh/openbsd-compat/sys-queue.h index 5cf0587bd1..28aaaa37a8 100644 --- a/crypto/openssh/openbsd-compat/sys-queue.h +++ b/crypto/openssh/openbsd-compat/sys-queue.h @@ -1,4 +1,4 @@ -/* $OpenBSD: queue.h,v 1.32 2007/04/30 18:42:34 pedro Exp $ */ +/* $OpenBSD: queue.h,v 1.36 2012/04/11 13:29:14 naddy Exp $ */ /* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ /* @@ -202,10 +202,10 @@ struct { \ (var) != SLIST_END(head); \ (var) = SLIST_NEXT(var, field)) -#define SLIST_FOREACH_PREVPTR(var, varp, head, field) \ - for ((varp) = &SLIST_FIRST((head)); \ - ((var) = *(varp)) != SLIST_END(head); \ - (varp) = &SLIST_NEXT((var), field)) +#define SLIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = SLIST_FIRST(head); \ + (var) && ((tvar) = SLIST_NEXT(var, field), 1); \ + (var) = (tvar)) /* * Singly-linked List functions. @@ -224,7 +224,7 @@ struct { \ (head)->slh_first = (elm); \ } while (0) -#define SLIST_REMOVE_NEXT(head, elm, field) do { \ +#define SLIST_REMOVE_AFTER(elm, field) do { \ (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \ } while (0) @@ -276,6 +276,11 @@ struct { \ (var)!= LIST_END(head); \ (var) = LIST_NEXT(var, field)) +#define LIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = LIST_FIRST(head); \ + (var) && ((tvar) = LIST_NEXT(var, field), 1); \ + (var) = (tvar)) + /* * List functions. */ @@ -354,6 +359,11 @@ struct { \ (var) != SIMPLEQ_END(head); \ (var) = SIMPLEQ_NEXT(var, field)) +#define SIMPLEQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = SIMPLEQ_FIRST(head); \ + (var) && ((tvar) = SIMPLEQ_NEXT(var, field), 1); \ + (var) = (tvar)) + /* * Simple queue functions. */ @@ -385,6 +395,12 @@ struct { \ (head)->sqh_last = &(head)->sqh_first; \ } while (0) +#define SIMPLEQ_REMOVE_AFTER(head, elm, field) do { \ + if (((elm)->field.sqe_next = (elm)->field.sqe_next->field.sqe_next) \ + == NULL) \ + (head)->sqh_last = &(elm)->field.sqe_next; \ +} while (0) + /* * Tail queue definitions. */ @@ -422,11 +438,24 @@ struct { \ (var) != TAILQ_END(head); \ (var) = TAILQ_NEXT(var, field)) +#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = TAILQ_FIRST(head); \ + (var) != TAILQ_END(head) && \ + ((tvar) = TAILQ_NEXT(var, field), 1); \ + (var) = (tvar)) + + #define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ for((var) = TAILQ_LAST(head, headname); \ (var) != TAILQ_END(head); \ (var) = TAILQ_PREV(var, headname, field)) +#define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ + for ((var) = TAILQ_LAST(head, headname); \ + (var) != TAILQ_END(head) && \ + ((tvar) = TAILQ_PREV(var, headname, field), 1); \ + (var) = (tvar)) + /* * Tail queue functions. */ @@ -526,11 +555,23 @@ struct { \ (var) != CIRCLEQ_END(head); \ (var) = CIRCLEQ_NEXT(var, field)) +#define CIRCLEQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = CIRCLEQ_FIRST(head); \ + (var) != CIRCLEQ_END(head) && \ + ((tvar) = CIRCLEQ_NEXT(var, field), 1); \ + (var) = (tvar)) + #define CIRCLEQ_FOREACH_REVERSE(var, head, field) \ for((var) = CIRCLEQ_LAST(head); \ (var) != CIRCLEQ_END(head); \ (var) = CIRCLEQ_PREV(var, field)) +#define CIRCLEQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ + for ((var) = CIRCLEQ_LAST(head, headname); \ + (var) != CIRCLEQ_END(head) && \ + ((tvar) = CIRCLEQ_PREV(var, headname, field), 1); \ + (var) = (tvar)) + /* * Circular queue functions. */ diff --git a/crypto/openssh/openbsd-compat/sys-tree.h b/crypto/openssh/openbsd-compat/sys-tree.h index d4949b5e76..7f7546ecdb 100644 --- a/crypto/openssh/openbsd-compat/sys-tree.h +++ b/crypto/openssh/openbsd-compat/sys-tree.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tree.h,v 1.10 2007/10/29 23:49:41 djm Exp $ */ +/* $OpenBSD: tree.h,v 1.13 2011/07/09 00:19:45 pirofti Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -26,6 +26,11 @@ /* OPENBSD ORIGINAL: sys/sys/tree.h */ +#include "config.h" +#ifdef NO_ATTRIBUTE_ON_RETURN_TYPE +# define __attribute__(x) +#endif + #ifndef _SYS_TREE_H_ #define _SYS_TREE_H_ @@ -331,7 +336,7 @@ struct { \ } while (0) #ifndef RB_AUGMENT -#define RB_AUGMENT(x) +#define RB_AUGMENT(x) do {} while (0) #endif #define RB_ROTATE_LEFT(head, elm, tmp, field) do { \ @@ -375,21 +380,31 @@ struct { \ } while (0) /* Generates prototypes and inline functions */ -#define RB_PROTOTYPE(name, type, field, cmp) \ -void name##_RB_INSERT_COLOR(struct name *, struct type *); \ -void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\ -struct type *name##_RB_REMOVE(struct name *, struct type *); \ -struct type *name##_RB_INSERT(struct name *, struct type *); \ -struct type *name##_RB_FIND(struct name *, struct type *); \ -struct type *name##_RB_NEXT(struct type *); \ -struct type *name##_RB_MINMAX(struct name *, int); - +#define RB_PROTOTYPE(name, type, field, cmp) \ + RB_PROTOTYPE_INTERNAL(name, type, field, cmp,) +#define RB_PROTOTYPE_STATIC(name, type, field, cmp) \ + RB_PROTOTYPE_INTERNAL(name, type, field, cmp, __attribute__((__unused__)) static) +#define RB_PROTOTYPE_INTERNAL(name, type, field, cmp, attr) \ +attr void name##_RB_INSERT_COLOR(struct name *, struct type *); \ +attr void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\ +attr struct type *name##_RB_REMOVE(struct name *, struct type *); \ +attr struct type *name##_RB_INSERT(struct name *, struct type *); \ +attr struct type *name##_RB_FIND(struct name *, struct type *); \ +attr struct type *name##_RB_NFIND(struct name *, struct type *); \ +attr struct type *name##_RB_NEXT(struct type *); \ +attr struct type *name##_RB_PREV(struct type *); \ +attr struct type *name##_RB_MINMAX(struct name *, int); \ + \ /* Main rb operation. * Moves node close to the key of elm to top */ -#define RB_GENERATE(name, type, field, cmp) \ -void \ +#define RB_GENERATE(name, type, field, cmp) \ + RB_GENERATE_INTERNAL(name, type, field, cmp,) +#define RB_GENERATE_STATIC(name, type, field, cmp) \ + RB_GENERATE_INTERNAL(name, type, field, cmp, __attribute__((__unused__)) static) +#define RB_GENERATE_INTERNAL(name, type, field, cmp, attr) \ +attr void \ name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \ { \ struct type *parent, *gparent, *tmp; \ @@ -433,7 +448,7 @@ name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \ RB_COLOR(head->rbh_root, field) = RB_BLACK; \ } \ \ -void \ +attr void \ name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) \ { \ struct type *tmp; \ @@ -509,7 +524,7 @@ name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) RB_COLOR(elm, field) = RB_BLACK; \ } \ \ -struct type * \ +attr struct type * \ name##_RB_REMOVE(struct name *head, struct type *elm) \ { \ struct type *child, *parent, *old = elm; \ @@ -577,7 +592,7 @@ color: \ } \ \ /* Inserts a node into the RB tree */ \ -struct type * \ +attr struct type * \ name##_RB_INSERT(struct name *head, struct type *elm) \ { \ struct type *tmp; \ @@ -608,7 +623,7 @@ name##_RB_INSERT(struct name *head, struct type *elm) \ } \ \ /* Finds the node with the same key as elm */ \ -struct type * \ +attr struct type * \ name##_RB_FIND(struct name *head, struct type *elm) \ { \ struct type *tmp = RB_ROOT(head); \ @@ -625,7 +640,29 @@ name##_RB_FIND(struct name *head, struct type *elm) \ return (NULL); \ } \ \ -struct type * \ +/* Finds the first node greater than or equal to the search key */ \ +attr struct type * \ +name##_RB_NFIND(struct name *head, struct type *elm) \ +{ \ + struct type *tmp = RB_ROOT(head); \ + struct type *res = NULL; \ + int comp; \ + while (tmp) { \ + comp = cmp(elm, tmp); \ + if (comp < 0) { \ + res = tmp; \ + tmp = RB_LEFT(tmp, field); \ + } \ + else if (comp > 0) \ + tmp = RB_RIGHT(tmp, field); \ + else \ + return (tmp); \ + } \ + return (res); \ +} \ + \ +/* ARGSUSED */ \ +attr struct type * \ name##_RB_NEXT(struct type *elm) \ { \ if (RB_RIGHT(elm, field)) { \ @@ -646,7 +683,29 @@ name##_RB_NEXT(struct type *elm) \ return (elm); \ } \ \ -struct type * \ +/* ARGSUSED */ \ +attr struct type * \ +name##_RB_PREV(struct type *elm) \ +{ \ + if (RB_LEFT(elm, field)) { \ + elm = RB_LEFT(elm, field); \ + while (RB_RIGHT(elm, field)) \ + elm = RB_RIGHT(elm, field); \ + } else { \ + if (RB_PARENT(elm, field) && \ + (elm == RB_RIGHT(RB_PARENT(elm, field), field))) \ + elm = RB_PARENT(elm, field); \ + else { \ + while (RB_PARENT(elm, field) && \ + (elm == RB_LEFT(RB_PARENT(elm, field), field)))\ + elm = RB_PARENT(elm, field); \ + elm = RB_PARENT(elm, field); \ + } \ + } \ + return (elm); \ +} \ + \ +attr struct type * \ name##_RB_MINMAX(struct name *head, int val) \ { \ struct type *tmp = RB_ROOT(head); \ @@ -667,7 +726,9 @@ name##_RB_MINMAX(struct name *head, int val) \ #define RB_INSERT(name, x, y) name##_RB_INSERT(x, y) #define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y) #define RB_FIND(name, x, y) name##_RB_FIND(x, y) +#define RB_NFIND(name, x, y) name##_RB_NFIND(x, y) #define RB_NEXT(name, x, y) name##_RB_NEXT(y) +#define RB_PREV(name, x, y) name##_RB_PREV(y) #define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF) #define RB_MAX(name, x) name##_RB_MINMAX(x, RB_INF) @@ -676,4 +737,19 @@ name##_RB_MINMAX(struct name *head, int val) \ (x) != NULL; \ (x) = name##_RB_NEXT(x)) +#define RB_FOREACH_SAFE(x, name, head, y) \ + for ((x) = RB_MIN(name, head); \ + ((x) != NULL) && ((y) = name##_RB_NEXT(x), 1); \ + (x) = (y)) + +#define RB_FOREACH_REVERSE(x, name, head) \ + for ((x) = RB_MAX(name, head); \ + (x) != NULL; \ + (x) = name##_RB_PREV(x)) + +#define RB_FOREACH_REVERSE_SAFE(x, name, head, y) \ + for ((x) = RB_MAX(name, head); \ + ((x) != NULL) && ((y) = name##_RB_PREV(x), 1); \ + (x) = (y)) + #endif /* _SYS_TREE_H_ */ diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index d0c66fe57c..6e7b87757f 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.176 2012/01/25 19:40:09 markus Exp $ */ +/* $OpenBSD: packet.c,v 1.198 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -58,6 +58,7 @@ #include #include #include +#include #include "xmalloc.h" #include "buffer.h" @@ -65,7 +66,6 @@ #include "crc32.h" #include "compress.h" #include "deattack.h" -#include "channels.h" #include "compat.h" #include "ssh1.h" #include "ssh2.h" @@ -76,7 +76,9 @@ #include "log.h" #include "canohost.h" #include "misc.h" +#include "channels.h" #include "ssh.h" +#include "ssherr.h" #include "roaming.h" #ifdef PACKET_DEBUG @@ -165,9 +167,14 @@ struct session_state { Newkeys *newkeys[MODE_MAX]; struct packet_state p_read, p_send; + /* Volume-based rekeying */ u_int64_t max_blocks_in, max_blocks_out; u_int32_t rekey_limit; + /* Time-based rekeying */ + time_t rekey_interval; /* how often in seconds */ + time_t rekey_time; /* time of last rekeying */ + /* Session key for protocol v1 */ u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; u_int ssh1_keylen; @@ -215,7 +222,8 @@ alloc_session_state(void) void packet_set_connection(int fd_in, int fd_out) { - Cipher *none = cipher_by_name("none"); + const Cipher *none = cipher_by_name("none"); + int r; if (none == NULL) fatal("packet_set_connection: cannot load cipher 'none'"); @@ -223,10 +231,11 @@ packet_set_connection(int fd_in, int fd_out) active_state = alloc_session_state(); active_state->connection_in = fd_in; active_state->connection_out = fd_out; - cipher_init(&active_state->send_context, none, (const u_char *)"", - 0, NULL, 0, CIPHER_ENCRYPT); - cipher_init(&active_state->receive_context, none, (const u_char *)"", - 0, NULL, 0, CIPHER_DECRYPT); + if ((r = cipher_init(&active_state->send_context, none, + (const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 || + (r = cipher_init(&active_state->receive_context, none, + (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) + fatal("%s: cipher_init: %s", __func__, ssh_err(r)); active_state->newkeys[MODE_IN] = active_state->newkeys[MODE_OUT] = NULL; if (!active_state->initialized) { active_state->initialized = 1; @@ -275,7 +284,7 @@ packet_stop_discard(void) static void packet_start_discard(Enc *enc, Mac *mac, u_int packet_length, u_int discard) { - if (enc == NULL || !cipher_is_cbc(enc->cipher)) + if (enc == NULL || !cipher_is_cbc(enc->cipher) || (mac && mac->etm)) packet_disconnect("Packet corrupt"); if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled) active_state->packet_discard_mac = mac; @@ -323,13 +332,15 @@ void packet_get_keyiv(int mode, u_char *iv, u_int len) { CipherContext *cc; + int r; if (mode == MODE_OUT) cc = &active_state->send_context; else cc = &active_state->receive_context; - cipher_get_keyiv(cc, iv, len); + if ((r = cipher_get_keyiv(cc, iv, len)) != 0) + fatal("%s: cipher_get_keyiv: %s", __func__, ssh_err(r)); } int @@ -375,13 +386,15 @@ void packet_set_iv(int mode, u_char *dat) { CipherContext *cc; + int r; if (mode == MODE_OUT) cc = &active_state->send_context; else cc = &active_state->receive_context; - cipher_set_keyiv(cc, dat); + if ((r = cipher_set_keyiv(cc, dat)) != 0) + fatal("%s: cipher_set_keyiv: %s", __func__, ssh_err(r)); } int @@ -545,7 +558,8 @@ packet_start_compression(int level) void packet_set_encryption_key(const u_char *key, u_int keylen, int number) { - Cipher *cipher = cipher_by_number(number); + const Cipher *cipher = cipher_by_number(number); + int r; if (cipher == NULL) fatal("packet_set_encryption_key: unknown cipher number %d", number); @@ -555,10 +569,11 @@ packet_set_encryption_key(const u_char *key, u_int keylen, int number) fatal("packet_set_encryption_key: keylen too big: %d", keylen); memcpy(active_state->ssh1_key, key, keylen); active_state->ssh1_keylen = keylen; - cipher_init(&active_state->send_context, cipher, key, keylen, NULL, - 0, CIPHER_ENCRYPT); - cipher_init(&active_state->receive_context, cipher, key, keylen, NULL, - 0, CIPHER_DECRYPT); + if ((r = cipher_init(&active_state->send_context, cipher, + key, keylen, NULL, 0, CIPHER_ENCRYPT)) != 0 || + (r = cipher_init(&active_state->receive_context, cipher, + key, keylen, NULL, 0, CIPHER_DECRYPT)) != 0) + fatal("%s: cipher_init: %s", __func__, ssh_err(r)); } u_int @@ -624,6 +639,7 @@ packet_put_raw(const void *buf, u_int len) buffer_append(&active_state->outgoing_packet, buf, len); } +#ifdef WITH_OPENSSL void packet_put_bignum(BIGNUM * value) { @@ -635,6 +651,7 @@ packet_put_bignum2(BIGNUM * value) { buffer_put_bignum2(&active_state->outgoing_packet, value); } +#endif #ifdef OPENSSL_HAS_ECC void @@ -707,9 +724,10 @@ packet_send1(void) buffer_append(&active_state->output, buf, 4); cp = buffer_append_space(&active_state->output, buffer_len(&active_state->outgoing_packet)); - cipher_crypt(&active_state->send_context, cp, + if (cipher_crypt(&active_state->send_context, 0, cp, buffer_ptr(&active_state->outgoing_packet), - buffer_len(&active_state->outgoing_packet)); + buffer_len(&active_state->outgoing_packet), 0, 0) != 0) + fatal("%s: cipher_crypt failed", __func__); #ifdef PACKET_DEBUG fprintf(stderr, "encrypted: "); @@ -735,7 +753,7 @@ set_newkeys(int mode) Comp *comp; CipherContext *cc; u_int64_t *max_blocks; - int crypt_type; + int r, crypt_type; debug2("set_newkeys: mode %d", mode); @@ -757,13 +775,16 @@ set_newkeys(int mode) mac = &active_state->newkeys[mode]->mac; comp = &active_state->newkeys[mode]->comp; mac_clear(mac); - xfree(enc->name); - xfree(enc->iv); - xfree(enc->key); - xfree(mac->name); - xfree(mac->key); - xfree(comp->name); - xfree(active_state->newkeys[mode]); + explicit_bzero(enc->iv, enc->iv_len); + explicit_bzero(enc->key, enc->key_len); + explicit_bzero(mac->key, mac->key_len); + free(enc->name); + free(enc->iv); + free(enc->key); + free(mac->name); + free(mac->key); + free(comp->name); + free(active_state->newkeys[mode]); } active_state->newkeys[mode] = kex_get_newkeys(mode); if (active_state->newkeys[mode] == NULL) @@ -771,15 +792,16 @@ set_newkeys(int mode) enc = &active_state->newkeys[mode]->enc; mac = &active_state->newkeys[mode]->mac; comp = &active_state->newkeys[mode]->comp; - if (mac_init(mac) == 0) + if (cipher_authlen(enc->cipher) == 0 && mac_init(mac) == 0) mac->enabled = 1; DBG(debug("cipher_init_context: %d", mode)); - cipher_init(cc, enc->cipher, enc->key, enc->key_len, - enc->iv, enc->block_size, crypt_type); + if ((r = cipher_init(cc, enc->cipher, enc->key, enc->key_len, + enc->iv, enc->iv_len, crypt_type)) != 0) + fatal("%s: cipher_init: %s", __func__, ssh_err(r)); /* Deleting the keys does not gain extra security */ - /* memset(enc->iv, 0, enc->block_size); - memset(enc->key, 0, enc->key_len); - memset(mac->key, 0, mac->key_len); */ + /* explicit_bzero(enc->iv, enc->block_size); + explicit_bzero(enc->key, enc->key_len); + explicit_bzero(mac->key, mac->key_len); */ if ((comp->type == COMP_ZLIB || (comp->type == COMP_DELAYED && active_state->after_authentication)) && comp->enabled == 0) { @@ -842,9 +864,8 @@ static void packet_send2_wrapped(void) { u_char type, *cp, *macbuf = NULL; - u_char padlen, pad; - u_int packet_length = 0; - u_int i, len; + u_char padlen, pad = 0; + u_int i, len, authlen = 0, aadlen = 0; u_int32_t rnd = 0; Enc *enc = NULL; Mac *mac = NULL; @@ -855,8 +876,12 @@ packet_send2_wrapped(void) enc = &active_state->newkeys[MODE_OUT]->enc; mac = &active_state->newkeys[MODE_OUT]->mac; comp = &active_state->newkeys[MODE_OUT]->comp; + /* disable mac for authenticated encryption */ + if ((authlen = cipher_authlen(enc->cipher)) != 0) + mac = NULL; } block_size = enc ? enc->block_size : 8; + aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; cp = buffer_ptr(&active_state->outgoing_packet); type = cp[5]; @@ -889,6 +914,7 @@ packet_send2_wrapped(void) * calc size of padding, alloc space, get random data, * minimum padding is 4 bytes */ + len -= aadlen; /* packet length is not encrypted for EtM modes */ padlen = block_size - (len % block_size); if (padlen < 4) padlen += block_size; @@ -898,8 +924,8 @@ packet_send2_wrapped(void) roundup(active_state->extra_pad, block_size); pad = active_state->extra_pad - ((len + padlen) % active_state->extra_pad); - debug3("packet_send2: adding %d (len %d padlen %d extra_pad %d)", - pad, len, padlen, active_state->extra_pad); + DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)", + __func__, pad, len, padlen, active_state->extra_pad)); padlen += pad; active_state->extra_pad = 0; } @@ -914,31 +940,40 @@ packet_send2_wrapped(void) } } else { /* clear padding */ - memset(cp, 0, padlen); + explicit_bzero(cp, padlen); } - /* packet_length includes payload, padding and padding length field */ - packet_length = buffer_len(&active_state->outgoing_packet) - 4; + /* sizeof (packet_len + pad_len + payload + padding) */ + len = buffer_len(&active_state->outgoing_packet); cp = buffer_ptr(&active_state->outgoing_packet); - put_u32(cp, packet_length); + /* packet_length includes payload, padding and padding length field */ + put_u32(cp, len - 4); cp[4] = padlen; - DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); + DBG(debug("send: len %d (includes padlen %d, aadlen %d)", + len, padlen, aadlen)); /* compute MAC over seqnr and packet(length fields, payload, padding) */ - if (mac && mac->enabled) { + if (mac && mac->enabled && !mac->etm) { macbuf = mac_compute(mac, active_state->p_send.seqnr, - buffer_ptr(&active_state->outgoing_packet), - buffer_len(&active_state->outgoing_packet)); + buffer_ptr(&active_state->outgoing_packet), len); DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); } /* encrypt packet and append to output buffer. */ - cp = buffer_append_space(&active_state->output, - buffer_len(&active_state->outgoing_packet)); - cipher_crypt(&active_state->send_context, cp, - buffer_ptr(&active_state->outgoing_packet), - buffer_len(&active_state->outgoing_packet)); + cp = buffer_append_space(&active_state->output, len + authlen); + if (cipher_crypt(&active_state->send_context, active_state->p_send.seqnr, + cp, buffer_ptr(&active_state->outgoing_packet), + len - aadlen, aadlen, authlen) != 0) + fatal("%s: cipher_crypt failed", __func__); /* append unencrypted MAC */ - if (mac && mac->enabled) + if (mac && mac->enabled) { + if (mac->etm) { + /* EtM: compute mac over aadlen + cipher text */ + macbuf = mac_compute(mac, + active_state->p_send.seqnr, cp, len); + DBG(debug("done calc MAC(EtM) out #%d", + active_state->p_send.seqnr)); + } buffer_append(&active_state->output, macbuf, mac->mac_len); + } #ifdef PACKET_DEBUG fprintf(stderr, "encrypted: "); buffer_dump(&active_state->output); @@ -949,8 +984,8 @@ packet_send2_wrapped(void) if (++active_state->p_send.packets == 0) if (!(datafellows & SSH_BUG_NOREKEY)) fatal("XXX too many packets with same key"); - active_state->p_send.blocks += (packet_length + 4) / block_size; - active_state->p_send.bytes += packet_length + 4; + active_state->p_send.blocks += len / block_size; + active_state->p_send.bytes += len; buffer_clear(&active_state->outgoing_packet); if (type == SSH2_MSG_NEWKEYS) @@ -975,7 +1010,7 @@ packet_send2(void) (type == SSH2_MSG_SERVICE_REQUEST) || (type == SSH2_MSG_SERVICE_ACCEPT)) { debug("enqueue packet: %u", type); - p = xmalloc(sizeof(*p)); + p = xcalloc(1, sizeof(*p)); p->type = type; memcpy(&p->payload, &active_state->outgoing_packet, sizeof(Buffer)); @@ -994,6 +1029,7 @@ packet_send2(void) /* after a NEWKEYS message we can send the complete queue */ if (type == SSH2_MSG_NEWKEYS) { active_state->rekeying = 0; + active_state->rekey_time = monotime(); while ((p = TAILQ_FIRST(&active_state->outgoing))) { type = p->type; debug("dequeue packet: %u", type); @@ -1001,7 +1037,7 @@ packet_send2(void) memcpy(&active_state->outgoing_packet, &p->payload, sizeof(Buffer)); TAILQ_REMOVE(&active_state->outgoing, p, next); - xfree(p); + free(p); packet_send2_wrapped(); } } @@ -1026,7 +1062,7 @@ packet_send(void) int packet_read_seqnr(u_int32_t *seqnr_p) { - int type, len, ret, ms_remain, cont; + int type, len, ret, cont, ms_remain = 0; fd_set *setp; char buf[8192]; struct timeval timeout, start, *timeoutp = NULL; @@ -1051,7 +1087,7 @@ packet_read_seqnr(u_int32_t *seqnr_p) packet_check_eom(); /* If we got a packet, return it. */ if (type != SSH_MSG_NONE) { - xfree(setp); + free(setp); return type; } /* @@ -1186,8 +1222,9 @@ packet_read_poll1(void) /* Decrypt data to incoming_packet. */ buffer_clear(&active_state->incoming_packet); cp = buffer_append_space(&active_state->incoming_packet, padded_len); - cipher_crypt(&active_state->receive_context, cp, - buffer_ptr(&active_state->input), padded_len); + if (cipher_crypt(&active_state->receive_context, 0, cp, + buffer_ptr(&active_state->input), padded_len, 0, 0) != 0) + fatal("%s: cipher_crypt failed", __func__); buffer_consume(&active_state->input, padded_len); @@ -1235,8 +1272,8 @@ static int packet_read_poll2(u_int32_t *seqnr_p) { u_int padlen, need; - u_char *macbuf, *cp, type; - u_int maclen, block_size; + u_char *macbuf = NULL, *cp, type; + u_int maclen, authlen = 0, aadlen = 0, block_size; Enc *enc = NULL; Mac *mac = NULL; Comp *comp = NULL; @@ -1248,11 +1285,31 @@ packet_read_poll2(u_int32_t *seqnr_p) enc = &active_state->newkeys[MODE_IN]->enc; mac = &active_state->newkeys[MODE_IN]->mac; comp = &active_state->newkeys[MODE_IN]->comp; + /* disable mac for authenticated encryption */ + if ((authlen = cipher_authlen(enc->cipher)) != 0) + mac = NULL; } maclen = mac && mac->enabled ? mac->mac_len : 0; block_size = enc ? enc->block_size : 8; + aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; - if (active_state->packlen == 0) { + if (aadlen && active_state->packlen == 0) { + if (cipher_get_length(&active_state->receive_context, + &active_state->packlen, + active_state->p_read.seqnr, + buffer_ptr(&active_state->input), + buffer_len(&active_state->input)) != 0) + return SSH_MSG_NONE; + if (active_state->packlen < 1 + 4 || + active_state->packlen > PACKET_MAX_SIZE) { +#ifdef PACKET_DEBUG + buffer_dump(&active_state->input); +#endif + logit("Bad packet length %u.", active_state->packlen); + packet_disconnect("Packet corrupt"); + } + buffer_clear(&active_state->incoming_packet); + } else if (active_state->packlen == 0) { /* * check if input size is less than the cipher block size, * decrypt first block and extract length of incoming packet @@ -1262,8 +1319,10 @@ packet_read_poll2(u_int32_t *seqnr_p) buffer_clear(&active_state->incoming_packet); cp = buffer_append_space(&active_state->incoming_packet, block_size); - cipher_crypt(&active_state->receive_context, cp, - buffer_ptr(&active_state->input), block_size); + if (cipher_crypt(&active_state->receive_context, + active_state->p_read.seqnr, cp, + buffer_ptr(&active_state->input), block_size, 0, 0) != 0) + fatal("Decryption integrity check failed"); cp = buffer_ptr(&active_state->incoming_packet); active_state->packlen = get_u32(cp); if (active_state->packlen < 1 + 4 || @@ -1276,13 +1335,21 @@ packet_read_poll2(u_int32_t *seqnr_p) PACKET_MAX_SIZE); return SSH_MSG_NONE; } - DBG(debug("input: packet len %u", active_state->packlen+4)); buffer_consume(&active_state->input, block_size); } - /* we have a partial packet of block_size bytes */ - need = 4 + active_state->packlen - block_size; - DBG(debug("partial packet %d, need %d, maclen %d", block_size, - need, maclen)); + DBG(debug("input: packet len %u", active_state->packlen+4)); + if (aadlen) { + /* only the payload is encrypted */ + need = active_state->packlen; + } else { + /* + * the payload size and the payload are encrypted, but we + * have a partial packet of block_size bytes + */ + need = 4 + active_state->packlen - block_size; + } + DBG(debug("partial packet: block %d, need %d, maclen %d, authlen %d," + " aadlen %d", block_size, need, maclen, authlen, aadlen)); if (need % block_size != 0) { logit("padding error: need %d block %d mod %d", need, block_size, need % block_size); @@ -1292,26 +1359,37 @@ packet_read_poll2(u_int32_t *seqnr_p) } /* * check if the entire packet has been received and - * decrypt into incoming_packet + * decrypt into incoming_packet: + * 'aadlen' bytes are unencrypted, but authenticated. + * 'need' bytes are encrypted, followed by either + * 'authlen' bytes of authentication tag or + * 'maclen' bytes of message authentication code. */ - if (buffer_len(&active_state->input) < need + maclen) + if (buffer_len(&active_state->input) < aadlen + need + authlen + maclen) return SSH_MSG_NONE; #ifdef PACKET_DEBUG fprintf(stderr, "read_poll enc/full: "); buffer_dump(&active_state->input); #endif - cp = buffer_append_space(&active_state->incoming_packet, need); - cipher_crypt(&active_state->receive_context, cp, - buffer_ptr(&active_state->input), need); - buffer_consume(&active_state->input, need); + /* EtM: compute mac over encrypted input */ + if (mac && mac->enabled && mac->etm) + macbuf = mac_compute(mac, active_state->p_read.seqnr, + buffer_ptr(&active_state->input), aadlen + need); + cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); + if (cipher_crypt(&active_state->receive_context, + active_state->p_read.seqnr, cp, + buffer_ptr(&active_state->input), need, aadlen, authlen) != 0) + fatal("Decryption integrity check failed"); + buffer_consume(&active_state->input, aadlen + need + authlen); /* * compute MAC over seqnr and packet, * increment sequence number for incoming packet */ if (mac && mac->enabled) { - macbuf = mac_compute(mac, active_state->p_read.seqnr, - buffer_ptr(&active_state->incoming_packet), - buffer_len(&active_state->incoming_packet)); + if (!mac->etm) + macbuf = mac_compute(mac, active_state->p_read.seqnr, + buffer_ptr(&active_state->incoming_packet), + buffer_len(&active_state->incoming_packet)); if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), mac->mac_len) != 0) { logit("Corrupted MAC on input."); @@ -1403,16 +1481,20 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) packet_get_char(); msg = packet_get_string(NULL); debug("Remote: %.900s", msg); - xfree(msg); + free(msg); msg = packet_get_string(NULL); - xfree(msg); + free(msg); break; case SSH2_MSG_DISCONNECT: reason = packet_get_int(); msg = packet_get_string(NULL); - logit("Received disconnect from %s: %u: %.400s", + /* Ignore normal client exit notifications */ + do_log2(active_state->server_side && + reason == SSH2_DISCONNECT_BY_APPLICATION ? + SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, + "Received disconnect from %s: %u: %.400s", get_remote_ipaddr(), reason, msg); - xfree(msg); + free(msg); cleanup_exit(255); break; case SSH2_MSG_UNIMPLEMENTED: @@ -1426,22 +1508,23 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) } else { type = packet_read_poll1(); switch (type) { + case SSH_MSG_NONE: + return SSH_MSG_NONE; case SSH_MSG_IGNORE: break; case SSH_MSG_DEBUG: msg = packet_get_string(NULL); debug("Remote: %.900s", msg); - xfree(msg); + free(msg); break; case SSH_MSG_DISCONNECT: msg = packet_get_string(NULL); - logit("Received disconnect from %s: %.400s", + error("Received disconnect from %s: %.400s", get_remote_ipaddr(), msg); cleanup_exit(255); break; default: - if (type) - DBG(debug("received packet type %d", type)); + DBG(debug("received packet type %d", type)); return type; } } @@ -1498,6 +1581,7 @@ packet_get_int64(void) * must have been initialized before this call. */ +#ifdef WITH_OPENSSL void packet_get_bignum(BIGNUM * value) { @@ -1527,6 +1611,7 @@ packet_get_raw(u_int *length_ptr) *length_ptr = bytes; return buffer_ptr(&active_state->incoming_packet); } +#endif int packet_remaining(void) @@ -1547,7 +1632,7 @@ packet_get_string(u_int *length_ptr) return buffer_get_string(&active_state->incoming_packet, length_ptr); } -void * +const void * packet_get_string_ptr(u_int *length_ptr) { return buffer_get_string_ptr(&active_state->incoming_packet, length_ptr); @@ -1678,7 +1763,7 @@ void packet_write_wait(void) { fd_set *setp; - int ret, ms_remain; + int ret, ms_remain = 0; struct timeval start, timeout, *timeoutp = NULL; setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1, @@ -1719,7 +1804,7 @@ packet_write_wait(void) } packet_write_poll(); } - xfree(setp); + free(setp); } /* Returns true if there is buffered data to write to the connection. */ @@ -1879,13 +1964,33 @@ packet_need_rekeying(void) (active_state->max_blocks_out && (active_state->p_send.blocks > active_state->max_blocks_out)) || (active_state->max_blocks_in && - (active_state->p_read.blocks > active_state->max_blocks_in)); + (active_state->p_read.blocks > active_state->max_blocks_in)) || + (active_state->rekey_interval != 0 && active_state->rekey_time + + active_state->rekey_interval <= monotime()); } void -packet_set_rekey_limit(u_int32_t bytes) +packet_set_rekey_limits(u_int32_t bytes, time_t seconds) { + debug3("rekey after %lld bytes, %d seconds", (long long)bytes, + (int)seconds); active_state->rekey_limit = bytes; + active_state->rekey_interval = seconds; + /* + * We set the time here so that in post-auth privsep slave we count + * from the completion of the authentication. + */ + active_state->rekey_time = monotime(); +} + +time_t +packet_get_rekey_timeout(void) +{ + time_t seconds; + + seconds = active_state->rekey_time + active_state->rekey_interval - + monotime(); + return (seconds <= 0 ? 1 : seconds); } void @@ -1964,3 +2069,23 @@ packet_restore_state(void) add_recv_bytes(len); } } + +/* Reset after_authentication and reset compression in post-auth privsep */ +void +packet_set_postauth(void) +{ + Comp *comp; + int mode; + + debug("%s: called", __func__); + /* This was set in net child, but is not visible in user child */ + active_state->after_authentication = 1; + active_state->rekeying = 0; + for (mode = 0; mode < MODE_MAX; mode++) { + if (active_state->newkeys[mode] == NULL) + continue; + comp = &active_state->newkeys[mode]->comp; + if (comp && comp->enabled) + packet_init_compression(); + } +} diff --git a/crypto/openssh/packet.h b/crypto/openssh/packet.h index 09ba079512..e7b5fcba9f 100644 --- a/crypto/openssh/packet.h +++ b/crypto/openssh/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.57 2012/01/25 19:40:09 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.61 2014/05/03 17:20:34 markus Exp $ */ /* * Author: Tatu Ylonen @@ -70,8 +70,8 @@ void packet_get_ecpoint(const EC_GROUP *, EC_POINT *); void *packet_get_raw(u_int *length_ptr); void *packet_get_string(u_int *length_ptr); char *packet_get_cstring(u_int *length_ptr); -void *packet_get_string_ptr(u_int *length_ptr); -void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); +const void *packet_get_string_ptr(u_int *length_ptr); +void packet_disconnect(const char *fmt,...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2))); void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); void set_newkeys(int mode); @@ -115,10 +115,12 @@ do { \ } while (0) int packet_need_rekeying(void); -void packet_set_rekey_limit(u_int32_t); +void packet_set_rekey_limits(u_int32_t, time_t); +time_t packet_get_rekey_timeout(void); void packet_backup_state(void); void packet_restore_state(void); +void packet_set_postauth(void); void *packet_get_input(void); void *packet_get_output(void); diff --git a/crypto/openssh/pathnames.h b/crypto/openssh/pathnames.h index c3d9abff50..ec89fc6665 100644 --- a/crypto/openssh/pathnames.h +++ b/crypto/openssh/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.22 2011/05/23 03:30:07 djm Exp $ */ +/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */ /* * Author: Tatu Ylonen @@ -39,6 +39,7 @@ #define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" #define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" +#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" #define _PATH_DH_MODULI SSHDIR "/moduli" /* Backwards compatibility */ @@ -65,18 +66,19 @@ * readable by anyone except the user him/herself, though this does not * contain anything particularly secret. */ -#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts" +#define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts" /* backward compat for protocol 2 */ -#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" +#define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2" /* * Name of the default file containing client-side authentication key. This * file should only be readable by the user him/herself. */ -#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity" -#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa" -#define _PATH_SSH_CLIENT_ID_ECDSA ".ssh/id_ecdsa" -#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" +#define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity" +#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" +#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" +#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" +#define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519" /* * Configuration file in user's home directory. This file need not be @@ -84,7 +86,7 @@ * particularly secret. If the user's home directory resides on an NFS * volume where root is mapped to nobody, this may need to be world-readable. */ -#define _PATH_SSH_USER_CONFFILE ".ssh/config" +#define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config" /* * File containing a list of those rsa keys that permit logging in as this @@ -94,10 +96,10 @@ * may need to be world-readable. (This file is read by the daemon which is * running as root.) */ -#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" +#define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys" /* backward compat for protocol v2 */ -#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" +#define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2" /* * Per-user and system-wide ssh "rc" files. These files are executed with @@ -105,7 +107,7 @@ * passed "proto cookie" as arguments if X11 forwarding with spoofing is in * use. xauth will be run if neither of these exists. */ -#define _PATH_SSH_USER_RC ".ssh/rc" +#define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc" #define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" /* diff --git a/crypto/openssh/pkcs11.h b/crypto/openssh/pkcs11.h index 2cde5b3f4f..b01d58f948 100644 --- a/crypto/openssh/pkcs11.h +++ b/crypto/openssh/pkcs11.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: pkcs11.h,v 1.3 2013/11/26 19:15:09 deraadt Exp $ */ /* pkcs11.h Copyright 2006, 2007 g10 Code GmbH Copyright 2006 Andreas Jellinghaus @@ -319,7 +319,7 @@ typedef unsigned long ck_object_class_t; #define CKO_HW_FEATURE (5) #define CKO_DOMAIN_PARAMETERS (6) #define CKO_MECHANISM (7) -#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31)) +#define CKO_VENDOR_DEFINED (1U << 31) typedef unsigned long ck_hw_feature_type_t; @@ -327,7 +327,7 @@ typedef unsigned long ck_hw_feature_type_t; #define CKH_MONOTONIC_COUNTER (1) #define CKH_CLOCK (2) #define CKH_USER_INTERFACE (3) -#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31)) +#define CKH_VENDOR_DEFINED (1U << 31) typedef unsigned long ck_key_type_t; @@ -357,14 +357,14 @@ typedef unsigned long ck_key_type_t; #define CKK_AES (0x1f) #define CKK_BLOWFISH (0x20) #define CKK_TWOFISH (0x21) -#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31)) +#define CKK_VENDOR_DEFINED (1U << 31) typedef unsigned long ck_certificate_type_t; #define CKC_X_509 (0) #define CKC_X_509_ATTR_CERT (1) #define CKC_WTLS (2) -#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31)) +#define CKC_VENDOR_DEFINED (1U << 31) typedef unsigned long ck_attribute_type_t; @@ -453,7 +453,7 @@ typedef unsigned long ck_attribute_type_t; #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211) #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212) #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600) -#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31)) +#define CKA_VENDOR_DEFINED (1U << 31) struct ck_attribute @@ -672,7 +672,7 @@ typedef unsigned long ck_mechanism_type_t; #define CKM_DSA_PARAMETER_GEN (0x2000) #define CKM_DH_PKCS_PARAMETER_GEN (0x2001) #define CKM_X9_42_DH_PARAMETER_GEN (0x2002) -#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31)) +#define CKM_VENDOR_DEFINED (1U << 31) struct ck_mechanism @@ -703,7 +703,7 @@ struct ck_mechanism_info #define CKF_WRAP (1 << 17) #define CKF_UNWRAP (1 << 18) #define CKF_DERIVE (1 << 19) -#define CKF_EXTENSION ((unsigned long) (1 << 31)) +#define CKF_EXTENSION (1U << 31) /* Flags for C_WaitForSlotEvent. */ @@ -1179,7 +1179,7 @@ struct ck_c_initialize_args #define CKR_MUTEX_BAD (0x1a0) #define CKR_MUTEX_NOT_LOCKED (0x1a1) #define CKR_FUNCTION_REJECTED (0x200) -#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31)) +#define CKR_VENDOR_DEFINED (1U << 31) diff --git a/crypto/openssh/platform.c b/crypto/openssh/platform.c index a455472b3f..ee313da559 100644 --- a/crypto/openssh/platform.c +++ b/crypto/openssh/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.18 2011/01/11 06:02:25 djm Exp $ */ +/* $Id: platform.c,v 1.22 2014/07/18 04:11:26 djm Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -25,6 +25,7 @@ #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "key.h" #include "hostfile.h" @@ -55,6 +56,14 @@ platform_pre_fork(void) } void +platform_pre_restart(void) +{ +#ifdef LINUX_OOM_ADJUST + oom_adjust_restore(); +#endif +} + +void platform_post_fork_parent(pid_t child_pid) { #ifdef USE_SOLARIS_PROCESS_CONTRACTS @@ -156,12 +165,6 @@ platform_setusercontext_post_groups(struct passwd *pw) aix_usrinfo(pw); #endif /* _AIX */ -#if !defined(HAVE_LOGIN_CAP) && defined(USE_LIBIAF) - if (set_id(pw->pw_name) != 0) { - exit(1); - } -# endif /* USE_LIBIAF */ - #ifdef HAVE_SETPCRED /* * If we have a chroot directory, we set all creds except real @@ -194,3 +197,19 @@ platform_krb5_get_principal_name(const char *pw_name) return NULL; #endif } + +/* + * return 1 if the specified uid is a uid that may own a system directory + * otherwise 0. + */ +int +platform_sys_dir_uid(uid_t uid) +{ + if (uid == 0) + return 1; +#ifdef PLATFORM_SYS_DIR_UID + if (uid == PLATFORM_SYS_DIR_UID) + return 1; +#endif + return 0; +} diff --git a/crypto/openssh/platform.h b/crypto/openssh/platform.h index 944d2c340d..1c7a45d8fc 100644 --- a/crypto/openssh/platform.h +++ b/crypto/openssh/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.7 2010/11/05 03:47:01 dtucker Exp $ */ +/* $Id: platform.h,v 1.9 2013/09/22 09:02:40 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -22,6 +22,7 @@ void platform_pre_listen(void); void platform_pre_fork(void); +void platform_pre_restart(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); int platform_privileged_uidswap(void); @@ -29,5 +30,4 @@ void platform_setusercontext(struct passwd *); void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); - - +int platform_sys_dir_uid(uid_t); diff --git a/crypto/openssh/poly1305.c b/crypto/openssh/poly1305.c new file mode 100644 index 0000000000..6fd1fc8cd1 --- /dev/null +++ b/crypto/openssh/poly1305.c @@ -0,0 +1,160 @@ +/* + * Public Domain poly1305 from Andrew Moon + * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna + */ + +/* $OpenBSD: poly1305.c,v 1.3 2013/12/19 22:57:13 djm Exp $ */ + +#include "includes.h" + +#include +#ifdef HAVE_STDINT_H +# include +#endif + +#include "poly1305.h" + +#define mul32x32_64(a,b) ((uint64_t)(a) * (b)) + +#define U8TO32_LE(p) \ + (((uint32_t)((p)[0])) | \ + ((uint32_t)((p)[1]) << 8) | \ + ((uint32_t)((p)[2]) << 16) | \ + ((uint32_t)((p)[3]) << 24)) + +#define U32TO8_LE(p, v) \ + do { \ + (p)[0] = (uint8_t)((v)); \ + (p)[1] = (uint8_t)((v) >> 8); \ + (p)[2] = (uint8_t)((v) >> 16); \ + (p)[3] = (uint8_t)((v) >> 24); \ + } while (0) + +void +poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) { + uint32_t t0,t1,t2,t3; + uint32_t h0,h1,h2,h3,h4; + uint32_t r0,r1,r2,r3,r4; + uint32_t s1,s2,s3,s4; + uint32_t b, nb; + size_t j; + uint64_t t[5]; + uint64_t f0,f1,f2,f3; + uint32_t g0,g1,g2,g3,g4; + uint64_t c; + unsigned char mp[16]; + + /* clamp key */ + t0 = U8TO32_LE(key+0); + t1 = U8TO32_LE(key+4); + t2 = U8TO32_LE(key+8); + t3 = U8TO32_LE(key+12); + + /* precompute multipliers */ + r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6; + r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12; + r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18; + r3 = t2 & 0x3f03fff; t3 >>= 8; + r4 = t3 & 0x00fffff; + + s1 = r1 * 5; + s2 = r2 * 5; + s3 = r3 * 5; + s4 = r4 * 5; + + /* init state */ + h0 = 0; + h1 = 0; + h2 = 0; + h3 = 0; + h4 = 0; + + /* full blocks */ + if (inlen < 16) goto poly1305_donna_atmost15bytes; +poly1305_donna_16bytes: + m += 16; + inlen -= 16; + + t0 = U8TO32_LE(m-16); + t1 = U8TO32_LE(m-12); + t2 = U8TO32_LE(m-8); + t3 = U8TO32_LE(m-4); + + h0 += t0 & 0x3ffffff; + h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + h4 += (t3 >> 8) | (1 << 24); + + +poly1305_donna_mul: + t[0] = mul32x32_64(h0,r0) + mul32x32_64(h1,s4) + mul32x32_64(h2,s3) + mul32x32_64(h3,s2) + mul32x32_64(h4,s1); + t[1] = mul32x32_64(h0,r1) + mul32x32_64(h1,r0) + mul32x32_64(h2,s4) + mul32x32_64(h3,s3) + mul32x32_64(h4,s2); + t[2] = mul32x32_64(h0,r2) + mul32x32_64(h1,r1) + mul32x32_64(h2,r0) + mul32x32_64(h3,s4) + mul32x32_64(h4,s3); + t[3] = mul32x32_64(h0,r3) + mul32x32_64(h1,r2) + mul32x32_64(h2,r1) + mul32x32_64(h3,r0) + mul32x32_64(h4,s4); + t[4] = mul32x32_64(h0,r4) + mul32x32_64(h1,r3) + mul32x32_64(h2,r2) + mul32x32_64(h3,r1) + mul32x32_64(h4,r0); + + h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26); + t[1] += c; h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26); + t[2] += b; h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26); + t[3] += b; h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26); + t[4] += b; h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26); + h0 += b * 5; + + if (inlen >= 16) goto poly1305_donna_16bytes; + + /* final bytes */ +poly1305_donna_atmost15bytes: + if (!inlen) goto poly1305_donna_finish; + + for (j = 0; j < inlen; j++) mp[j] = m[j]; + mp[j++] = 1; + for (; j < 16; j++) mp[j] = 0; + inlen = 0; + + t0 = U8TO32_LE(mp+0); + t1 = U8TO32_LE(mp+4); + t2 = U8TO32_LE(mp+8); + t3 = U8TO32_LE(mp+12); + + h0 += t0 & 0x3ffffff; + h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + h4 += (t3 >> 8); + + goto poly1305_donna_mul; + +poly1305_donna_finish: + b = h0 >> 26; h0 = h0 & 0x3ffffff; + h1 += b; b = h1 >> 26; h1 = h1 & 0x3ffffff; + h2 += b; b = h2 >> 26; h2 = h2 & 0x3ffffff; + h3 += b; b = h3 >> 26; h3 = h3 & 0x3ffffff; + h4 += b; b = h4 >> 26; h4 = h4 & 0x3ffffff; + h0 += b * 5; b = h0 >> 26; h0 = h0 & 0x3ffffff; + h1 += b; + + g0 = h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff; + g1 = h1 + b; b = g1 >> 26; g1 &= 0x3ffffff; + g2 = h2 + b; b = g2 >> 26; g2 &= 0x3ffffff; + g3 = h3 + b; b = g3 >> 26; g3 &= 0x3ffffff; + g4 = h4 + b - (1 << 26); + + b = (g4 >> 31) - 1; + nb = ~b; + h0 = (h0 & nb) | (g0 & b); + h1 = (h1 & nb) | (g1 & b); + h2 = (h2 & nb) | (g2 & b); + h3 = (h3 & nb) | (g3 & b); + h4 = (h4 & nb) | (g4 & b); + + f0 = ((h0 ) | (h1 << 26)) + (uint64_t)U8TO32_LE(&key[16]); + f1 = ((h1 >> 6) | (h2 << 20)) + (uint64_t)U8TO32_LE(&key[20]); + f2 = ((h2 >> 12) | (h3 << 14)) + (uint64_t)U8TO32_LE(&key[24]); + f3 = ((h3 >> 18) | (h4 << 8)) + (uint64_t)U8TO32_LE(&key[28]); + + U32TO8_LE(&out[ 0], f0); f1 += (f0 >> 32); + U32TO8_LE(&out[ 4], f1); f2 += (f1 >> 32); + U32TO8_LE(&out[ 8], f2); f3 += (f2 >> 32); + U32TO8_LE(&out[12], f3); +} diff --git a/crypto/openssh/poly1305.h b/crypto/openssh/poly1305.h new file mode 100644 index 0000000000..f7db5f8d7c --- /dev/null +++ b/crypto/openssh/poly1305.h @@ -0,0 +1,22 @@ +/* $OpenBSD: poly1305.h,v 1.4 2014/05/02 03:27:54 djm Exp $ */ + +/* + * Public Domain poly1305 from Andrew Moon + * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna + */ + +#ifndef POLY1305_H +#define POLY1305_H + +#include + +#define POLY1305_KEYLEN 32 +#define POLY1305_TAGLEN 16 + +void poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen, + const u_char key[POLY1305_KEYLEN]) + __attribute__((__bounded__(__minbytes__, 1, POLY1305_TAGLEN))) + __attribute__((__bounded__(__buffer__, 2, 3))) + __attribute__((__bounded__(__minbytes__, 4, POLY1305_KEYLEN))); + +#endif /* POLY1305_H */ diff --git a/crypto/openssh/progressmeter.c b/crypto/openssh/progressmeter.c index 0f95222d24..bbbc7066bc 100644 --- a/crypto/openssh/progressmeter.c +++ b/crypto/openssh/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.40 2013/09/19 00:24:52 djm Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -66,6 +66,7 @@ static void update_progress_meter(int); static time_t start; /* start progress */ static time_t last_update; /* last progress update */ static char *file; /* name of the file being transferred */ +static off_t start_pos; /* initial position of transfer */ static off_t end_pos; /* ending position of transfer */ static off_t cur_pos; /* transfer position as of last refresh */ static volatile off_t *counter; /* progress counter */ @@ -129,9 +130,9 @@ refresh_progress_meter(void) int i, len; int file_len; - transferred = *counter - cur_pos; + transferred = *counter - (cur_pos ? cur_pos : start_pos); cur_pos = *counter; - now = time(NULL); + now = monotime(); bytes_left = end_pos - cur_pos; if (bytes_left > 0) @@ -139,7 +140,7 @@ refresh_progress_meter(void) else { elapsed = now - start; /* Calculate true total speed when done */ - transferred = end_pos; + transferred = end_pos - start_pos; bytes_per_second = 0; } @@ -249,8 +250,9 @@ update_progress_meter(int ignore) void start_progress_meter(char *f, off_t filesize, off_t *ctr) { - start = last_update = time(NULL); + start = last_update = monotime(); file = f; + start_pos = *ctr; end_pos = filesize; cur_pos = 0; counter = ctr; diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 097bb0515c..7948ce1cda 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: readconf.c,v 1.220 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -17,19 +17,30 @@ #include #include #include +#include +#include #include #include #include +#include #include #include +#include #include +#ifdef HAVE_PATHS_H +# include +#endif +#include #include #include #include #include #include +#ifdef HAVE_UTIL_H +#include +#endif #include "xmalloc.h" #include "ssh.h" @@ -38,12 +49,13 @@ #include "pathnames.h" #include "log.h" #include "key.h" +#include "misc.h" #include "readconf.h" #include "match.h" -#include "misc.h" #include "buffer.h" #include "kex.h" #include "mac.h" +#include "uidswap.h" /* Format of the configuration file: @@ -112,12 +124,13 @@ typedef enum { oBadOption, + oHost, oMatch, oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, oGatewayPorts, oExitOnForwardFailure, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, - oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, + oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, @@ -133,9 +146,12 @@ typedef enum { oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, - oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, - oKexAlgorithms, oIPQoS, oRequestTTY, - oDeprecated, oUnsupported + oVisualHostKey, oUseRoaming, + oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, + oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, + oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, + oStreamLocalBindMask, oStreamLocalBindUnlink, + oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -191,6 +207,7 @@ static struct { { "localforward", oLocalForward }, { "user", oUser }, { "host", oHost }, + { "match", oMatch }, { "escapechar", oEscapeChar }, { "globalknownhostsfile", oGlobalKnownHostsFile }, { "globalknownhostsfile2", oDeprecated }, @@ -237,15 +254,18 @@ static struct { { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, { "useroaming", oUseRoaming }, -#ifdef JPAKE - { "zeroknowledgepasswordauthentication", - oZeroKnowledgePasswordAuthentication }, -#else - { "zeroknowledgepasswordauthentication", oUnsupported }, -#endif { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, { "requesttty", oRequestTTY }, + { "proxyusefdpass", oProxyUseFdpass }, + { "canonicaldomains", oCanonicalDomains }, + { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal }, + { "canonicalizehostname", oCanonicalizeHostname }, + { "canonicalizemaxdots", oCanonicalizeMaxDots }, + { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, + { "streamlocalbindmask", oStreamLocalBindMask }, + { "streamlocalbindunlink", oStreamLocalBindUnlink }, + { "ignoreunknown", oIgnoreUnknown }, { NULL, oBadOption } }; @@ -256,12 +276,13 @@ static struct { */ void -add_local_forward(Options *options, const Forward *newfwd) +add_local_forward(Options *options, const struct Forward *newfwd) { - Forward *fwd; + struct Forward *fwd; #ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; - if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) + if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && + newfwd->listen_path == NULL) fatal("Privileged ports can only be forwarded by root."); #endif options->local_forwards = xrealloc(options->local_forwards, @@ -271,8 +292,10 @@ add_local_forward(Options *options, const Forward *newfwd) fwd->listen_host = newfwd->listen_host; fwd->listen_port = newfwd->listen_port; + fwd->listen_path = newfwd->listen_path; fwd->connect_host = newfwd->connect_host; fwd->connect_port = newfwd->connect_port; + fwd->connect_path = newfwd->connect_path; } /* @@ -281,9 +304,9 @@ add_local_forward(Options *options, const Forward *newfwd) */ void -add_remote_forward(Options *options, const Forward *newfwd) +add_remote_forward(Options *options, const struct Forward *newfwd) { - Forward *fwd; + struct Forward *fwd; options->remote_forwards = xrealloc(options->remote_forwards, options->num_remote_forwards + 1, @@ -292,8 +315,10 @@ add_remote_forward(Options *options, const Forward *newfwd) fwd->listen_host = newfwd->listen_host; fwd->listen_port = newfwd->listen_port; + fwd->listen_path = newfwd->listen_path; fwd->connect_host = newfwd->connect_host; fwd->connect_port = newfwd->connect_port; + fwd->connect_path = newfwd->connect_path; fwd->handle = newfwd->handle; fwd->allocated_port = 0; } @@ -304,65 +329,413 @@ clear_forwardings(Options *options) int i; for (i = 0; i < options->num_local_forwards; i++) { - if (options->local_forwards[i].listen_host != NULL) - xfree(options->local_forwards[i].listen_host); - xfree(options->local_forwards[i].connect_host); + free(options->local_forwards[i].listen_host); + free(options->local_forwards[i].listen_path); + free(options->local_forwards[i].connect_host); + free(options->local_forwards[i].connect_path); } if (options->num_local_forwards > 0) { - xfree(options->local_forwards); + free(options->local_forwards); options->local_forwards = NULL; } options->num_local_forwards = 0; for (i = 0; i < options->num_remote_forwards; i++) { - if (options->remote_forwards[i].listen_host != NULL) - xfree(options->remote_forwards[i].listen_host); - xfree(options->remote_forwards[i].connect_host); + free(options->remote_forwards[i].listen_host); + free(options->remote_forwards[i].listen_path); + free(options->remote_forwards[i].connect_host); + free(options->remote_forwards[i].connect_path); } if (options->num_remote_forwards > 0) { - xfree(options->remote_forwards); + free(options->remote_forwards); options->remote_forwards = NULL; } options->num_remote_forwards = 0; options->tun_open = SSH_TUNMODE_NO; } +void +add_identity_file(Options *options, const char *dir, const char *filename, + int userprovided) +{ + char *path; + int i; + + if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES) + fatal("Too many identity files specified (max %d)", + SSH_MAX_IDENTITY_FILES); + + if (dir == NULL) /* no dir, filename is absolute */ + path = xstrdup(filename); + else + (void)xasprintf(&path, "%.100s%.100s", dir, filename); + + /* Avoid registering duplicates */ + for (i = 0; i < options->num_identity_files; i++) { + if (options->identity_file_userprovided[i] == userprovided && + strcmp(options->identity_files[i], path) == 0) { + debug2("%s: ignoring duplicate key %s", __func__, path); + free(path); + return; + } + } + + options->identity_file_userprovided[options->num_identity_files] = + userprovided; + options->identity_files[options->num_identity_files++] = path; +} + +int +default_ssh_port(void) +{ + static int port; + struct servent *sp; + + if (port == 0) { + sp = getservbyname(SSH_SERVICE_NAME, "tcp"); + port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; + } + return port; +} + /* - * Returns the number of the token pointed to by cp or oBadOption. + * Execute a command in a shell. + * Return its exit status or -1 on abnormal exit. + */ +static int +execute_in_shell(const char *cmd) +{ + char *shell, *command_string; + pid_t pid; + int devnull, status; + extern uid_t original_real_uid; + + if ((shell = getenv("SHELL")) == NULL) + shell = _PATH_BSHELL; + + /* + * Use "exec" to avoid "sh -c" processes on some platforms + * (e.g. Solaris) + */ + xasprintf(&command_string, "exec %s", cmd); + + /* Need this to redirect subprocess stdin/out */ + if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) + fatal("open(/dev/null): %s", strerror(errno)); + + debug("Executing command: '%.500s'", cmd); + + /* Fork and execute the command. */ + if ((pid = fork()) == 0) { + char *argv[4]; + + /* Child. Permanently give up superuser privileges. */ + permanently_drop_suid(original_real_uid); + + /* Redirect child stdin and stdout. Leave stderr */ + if (dup2(devnull, STDIN_FILENO) == -1) + fatal("dup2: %s", strerror(errno)); + if (dup2(devnull, STDOUT_FILENO) == -1) + fatal("dup2: %s", strerror(errno)); + if (devnull > STDERR_FILENO) + close(devnull); + closefrom(STDERR_FILENO + 1); + + argv[0] = shell; + argv[1] = "-c"; + argv[2] = command_string; + argv[3] = NULL; + + execv(argv[0], argv); + error("Unable to execute '%.100s': %s", cmd, strerror(errno)); + /* Die with signal to make this error apparent to parent. */ + signal(SIGTERM, SIG_DFL); + kill(getpid(), SIGTERM); + _exit(1); + } + /* Parent. */ + if (pid < 0) + fatal("%s: fork: %.100s", __func__, strerror(errno)); + + close(devnull); + free(command_string); + + while (waitpid(pid, &status, 0) == -1) { + if (errno != EINTR && errno != EAGAIN) + fatal("%s: waitpid: %s", __func__, strerror(errno)); + } + if (!WIFEXITED(status)) { + error("command '%.100s' exited abnormally", cmd); + return -1; + } + debug3("command returned status %d", WEXITSTATUS(status)); + return WEXITSTATUS(status); +} + +/* + * Parse and execute a Match directive. */ +static int +match_cfg_line(Options *options, char **condition, struct passwd *pw, + const char *host_arg, const char *filename, int linenum) +{ + char *arg, *attrib, *cmd, *cp = *condition, *host; + const char *ruser; + int r, port, result = 1, attributes = 0; + size_t len; + char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; + + /* + * Configuration is likely to be incomplete at this point so we + * must be prepared to use default values. + */ + port = options->port <= 0 ? default_ssh_port() : options->port; + ruser = options->user == NULL ? pw->pw_name : options->user; + if (options->hostname != NULL) { + /* NB. Please keep in sync with ssh.c:main() */ + host = percent_expand(options->hostname, + "h", host_arg, (char *)NULL); + } else + host = xstrdup(host_arg); + + debug3("checking match for '%s' host %s", cp, host); + while ((attrib = strdelim(&cp)) && *attrib != '\0') { + attributes++; + if (strcasecmp(attrib, "all") == 0) { + if (attributes != 1 || + ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { + error("'all' cannot be combined with other " + "Match attributes"); + result = -1; + goto out; + } + *condition = cp; + result = 1; + goto out; + } + if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { + error("Missing Match criteria for %s", attrib); + result = -1; + goto out; + } + len = strlen(arg); + if (strcasecmp(attrib, "host") == 0) { + if (match_hostname(host, arg, len) != 1) + result = 0; + else + debug("%.200s line %d: matched 'Host %.100s' ", + filename, linenum, host); + } else if (strcasecmp(attrib, "originalhost") == 0) { + if (match_hostname(host_arg, arg, len) != 1) + result = 0; + else + debug("%.200s line %d: matched " + "'OriginalHost %.100s' ", + filename, linenum, host_arg); + } else if (strcasecmp(attrib, "user") == 0) { + if (match_pattern_list(ruser, arg, len, 0) != 1) + result = 0; + else + debug("%.200s line %d: matched 'User %.100s' ", + filename, linenum, ruser); + } else if (strcasecmp(attrib, "localuser") == 0) { + if (match_pattern_list(pw->pw_name, arg, len, 0) != 1) + result = 0; + else + debug("%.200s line %d: matched " + "'LocalUser %.100s' ", + filename, linenum, pw->pw_name); + } else if (strcasecmp(attrib, "exec") == 0) { + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("gethostname: %s", strerror(errno)); + strlcpy(shorthost, thishost, sizeof(shorthost)); + shorthost[strcspn(thishost, ".")] = '\0'; + snprintf(portstr, sizeof(portstr), "%d", port); + + cmd = percent_expand(arg, + "L", shorthost, + "d", pw->pw_dir, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", ruser, + "u", pw->pw_name, + (char *)NULL); + if (result != 1) { + /* skip execution if prior predicate failed */ + debug("%.200s line %d: skipped exec \"%.100s\"", + filename, linenum, cmd); + } else { + r = execute_in_shell(cmd); + if (r == -1) { + fatal("%.200s line %d: match exec " + "'%.100s' error", filename, + linenum, cmd); + } else if (r == 0) { + debug("%.200s line %d: matched " + "'exec \"%.100s\"'", filename, + linenum, cmd); + } else { + debug("%.200s line %d: no match " + "'exec \"%.100s\"'", filename, + linenum, cmd); + result = 0; + } + } + free(cmd); + } else { + error("Unsupported Match attribute %s", attrib); + result = -1; + goto out; + } + } + if (attributes == 0) { + error("One or more attributes required for Match"); + result = -1; + goto out; + } + debug3("match %sfound", result ? "" : "not "); + *condition = cp; + out: + free(host); + return result; +} + +/* Check and prepare a domain name: removes trailing '.' and lowercases */ +static void +valid_domain(char *name, const char *filename, int linenum) +{ + size_t i, l = strlen(name); + u_char c, last = '\0'; + + if (l == 0) + fatal("%s line %d: empty hostname suffix", filename, linenum); + if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0])) + fatal("%s line %d: hostname suffix \"%.100s\" " + "starts with invalid character", filename, linenum, name); + for (i = 0; i < l; i++) { + c = tolower((u_char)name[i]); + name[i] = (char)c; + if (last == '.' && c == '.') + fatal("%s line %d: hostname suffix \"%.100s\" contains " + "consecutive separators", filename, linenum, name); + if (c != '.' && c != '-' && !isalnum(c) && + c != '_') /* technically invalid, but common */ + fatal("%s line %d: hostname suffix \"%.100s\" contains " + "invalid characters", filename, linenum, name); + last = c; + } + if (name[l - 1] == '.') + name[l - 1] = '\0'; +} +/* + * Returns the number of the token pointed to by cp or oBadOption. + */ static OpCodes -parse_token(const char *cp, const char *filename, int linenum) +parse_token(const char *cp, const char *filename, int linenum, + const char *ignored_unknown) { - u_int i; + int i; for (i = 0; keywords[i].name; i++) - if (strcasecmp(cp, keywords[i].name) == 0) + if (strcmp(cp, keywords[i].name) == 0) return keywords[i].opcode; - + if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown, + strlen(ignored_unknown), 1) == 1) + return oIgnoredUnknownOption; error("%s: line %d: Bad configuration option: %s", filename, linenum, cp); return oBadOption; } +/* Multistate option parsing */ +struct multistate { + char *key; + int value; +}; +static const struct multistate multistate_flag[] = { + { "true", 1 }, + { "false", 0 }, + { "yes", 1 }, + { "no", 0 }, + { NULL, -1 } +}; +static const struct multistate multistate_yesnoask[] = { + { "true", 1 }, + { "false", 0 }, + { "yes", 1 }, + { "no", 0 }, + { "ask", 2 }, + { NULL, -1 } +}; +static const struct multistate multistate_addressfamily[] = { + { "inet", AF_INET }, + { "inet6", AF_INET6 }, + { "any", AF_UNSPEC }, + { NULL, -1 } +}; +static const struct multistate multistate_controlmaster[] = { + { "true", SSHCTL_MASTER_YES }, + { "yes", SSHCTL_MASTER_YES }, + { "false", SSHCTL_MASTER_NO }, + { "no", SSHCTL_MASTER_NO }, + { "auto", SSHCTL_MASTER_AUTO }, + { "ask", SSHCTL_MASTER_ASK }, + { "autoask", SSHCTL_MASTER_AUTO_ASK }, + { NULL, -1 } +}; +static const struct multistate multistate_tunnel[] = { + { "ethernet", SSH_TUNMODE_ETHERNET }, + { "point-to-point", SSH_TUNMODE_POINTOPOINT }, + { "true", SSH_TUNMODE_DEFAULT }, + { "yes", SSH_TUNMODE_DEFAULT }, + { "false", SSH_TUNMODE_NO }, + { "no", SSH_TUNMODE_NO }, + { NULL, -1 } +}; +static const struct multistate multistate_requesttty[] = { + { "true", REQUEST_TTY_YES }, + { "yes", REQUEST_TTY_YES }, + { "false", REQUEST_TTY_NO }, + { "no", REQUEST_TTY_NO }, + { "force", REQUEST_TTY_FORCE }, + { "auto", REQUEST_TTY_AUTO }, + { NULL, -1 } +}; +static const struct multistate multistate_canonicalizehostname[] = { + { "true", SSH_CANONICALISE_YES }, + { "false", SSH_CANONICALISE_NO }, + { "yes", SSH_CANONICALISE_YES }, + { "no", SSH_CANONICALISE_NO }, + { "always", SSH_CANONICALISE_ALWAYS }, + { NULL, -1 } +}; + /* * Processes a single option line as used in the configuration files. This * only sets those values that have not already been set. */ #define WHITESPACE " \t\r\n" - int -process_config_line(Options *options, const char *host, - char *line, const char *filename, int linenum, - int *activep) +process_config_line(Options *options, struct passwd *pw, const char *host, + char *line, const char *filename, int linenum, int *activep, int userconfig) { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; char **cpptr, fwdarg[256]; - u_int *uintptr, max_entries = 0; - int negated, opcode, *intptr, value, value2, scale; + u_int i, *uintptr, max_entries = 0; + int negated, opcode, *intptr, value, value2, cmdline = 0; LogLevel *log_level_ptr; - long long orig, val64; + long long val64; size_t len; - Forward fwd; + struct Forward fwd; + const struct multistate *multistate_ptr; + struct allowed_cname *cname; + + if (activep == NULL) { /* We are processing a command line directive */ + cmdline = 1; + activep = &cmdline; + } /* Strip trailing whitespace */ for (len = strlen(line) - 1; len > 0; len--) { @@ -380,14 +753,21 @@ process_config_line(Options *options, const char *host, keyword = strdelim(&s); if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') return 0; + /* Match lowercase keyword */ + lowercase(keyword); - opcode = parse_token(keyword, filename, linenum); + opcode = parse_token(keyword, filename, linenum, + options->ignored_unknown); switch (opcode) { case oBadOption: /* don't panic, but count bad options */ return -1; /* NOTREACHED */ + case oIgnoredUnknownOption: + debug("%s line %d: Ignored unknown option \"%s\"", + filename, linenum, keyword); + return 0; case oConnectTimeout: intptr = &options->connection_timeout; parse_time: @@ -404,17 +784,23 @@ parse_time: case oForwardAgent: intptr = &options->forward_agent; -parse_flag: + parse_flag: + multistate_ptr = multistate_flag; + parse_multistate: arg = strdelim(&s); if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing yes/no argument.", filename, linenum); - value = 0; /* To avoid compiler warning... */ - if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) - value = 1; - else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) - value = 0; - else - fatal("%.200s line %d: Bad yes/no argument.", filename, linenum); + fatal("%s line %d: missing argument.", + filename, linenum); + value = -1; + for (i = 0; multistate_ptr[i].key != NULL; i++) { + if (strcasecmp(arg, multistate_ptr[i].key) == 0) { + value = multistate_ptr[i].value; + break; + } + } + if (value == -1) + fatal("%s line %d: unsupported option \"%s\".", + filename, linenum, arg); if (*activep && *intptr == -1) *intptr = value; break; @@ -432,7 +818,7 @@ parse_flag: goto parse_time; case oGatewayPorts: - intptr = &options->gateway_ports; + intptr = &options->fwd_opts.gateway_ports; goto parse_flag; case oExitOnForwardFailure: @@ -447,10 +833,6 @@ parse_flag: intptr = &options->password_authentication; goto parse_flag; - case oZeroKnowledgePasswordAuthentication: - intptr = &options->zero_knowledge_password_authentication; - goto parse_flag; - case oKbdInteractiveAuthentication: intptr = &options->kbd_interactive_authentication; goto parse_flag; @@ -497,27 +879,13 @@ parse_flag: case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; - goto parse_yesnoask; + multistate_ptr = multistate_yesnoask; + goto parse_multistate; case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; -parse_yesnoask: - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing yes/no/ask argument.", - filename, linenum); - value = 0; /* To avoid compiler warning... */ - if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) - value = 1; - else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) - value = 0; - else if (strcmp(arg, "ask") == 0) - value = 2; - else - fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum); - if (*activep && *intptr == -1) - *intptr = value; - break; + multistate_ptr = multistate_yesnoask; + goto parse_multistate; case oCompression: intptr = &options->compression; @@ -542,39 +910,32 @@ parse_yesnoask: case oRekeyLimit: arg = strdelim(&s); if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", filename, linenum); - if (arg[0] < '0' || arg[0] > '9') - fatal("%.200s line %d: Bad number.", filename, linenum); - orig = val64 = strtoll(arg, &endofnumber, 10); - if (arg == endofnumber) - fatal("%.200s line %d: Bad number.", filename, linenum); - switch (toupper(*endofnumber)) { - case '\0': - scale = 1; - break; - case 'K': - scale = 1<<10; - break; - case 'M': - scale = 1<<20; - break; - case 'G': - scale = 1<<30; - break; - default: - fatal("%.200s line %d: Invalid RekeyLimit suffix", - filename, linenum); + fatal("%.200s line %d: Missing argument.", filename, + linenum); + if (strcmp(arg, "default") == 0) { + val64 = 0; + } else { + if (scan_scaled(arg, &val64) == -1) + fatal("%.200s line %d: Bad number '%s': %s", + filename, linenum, arg, strerror(errno)); + /* check for too-large or too-small limits */ + if (val64 > UINT_MAX) + fatal("%.200s line %d: RekeyLimit too large", + filename, linenum); + if (val64 != 0 && val64 < 16) + fatal("%.200s line %d: RekeyLimit too small", + filename, linenum); } - val64 *= scale; - /* detect integer wrap and too-large limits */ - if ((val64 / scale) != orig || val64 > UINT_MAX) - fatal("%.200s line %d: RekeyLimit too large", - filename, linenum); - if (val64 < 16) - fatal("%.200s line %d: RekeyLimit too small", - filename, linenum); if (*activep && options->rekey_limit == -1) options->rekey_limit = (u_int32_t)val64; + if (s != NULL) { /* optional rekey interval present */ + if (strcmp(s, "none") == 0) { + (void)strdelim(&s); /* discard */ + break; + } + intptr = &options->rekey_interval; + goto parse_time; + } break; case oIdentityFile: @@ -586,9 +947,7 @@ parse_yesnoask: if (*intptr >= SSH_MAX_IDENTITY_FILES) fatal("%.200s line %d: Too many identity files specified (max %d).", filename, linenum, SSH_MAX_IDENTITY_FILES); - charptr = &options->identity_files[*intptr]; - *charptr = xstrdup(arg); - *intptr = *intptr + 1; + add_identity_file(options, NULL, arg, userconfig); } break; @@ -803,6 +1162,9 @@ parse_int: goto parse_flag; case oHost: + if (cmdline) + fatal("Host directive not supported as a command-line " + "option"); *activep = 0; arg2 = NULL; while ((arg = strdelim(&s)) != NULL && *arg != '\0') { @@ -829,6 +1191,18 @@ parse_int: /* Avoid garbage check below, as strdelim is done. */ return 0; + case oMatch: + if (cmdline) + fatal("Host directive not supported as a command-line " + "option"); + value = match_cfg_line(options, &s, pw, host, + filename, linenum); + if (value < 0) + fatal("%.200s line %d: Bad Match condition", filename, + linenum); + *activep = value; + break; + case oEscapeChar: intptr = &options->escape_char; arg = strdelim(&s); @@ -852,22 +1226,9 @@ parse_int: break; case oAddressFamily: - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%s line %d: missing address family.", - filename, linenum); intptr = &options->address_family; - if (strcasecmp(arg, "inet") == 0) - value = AF_INET; - else if (strcasecmp(arg, "inet6") == 0) - value = AF_INET6; - else if (strcasecmp(arg, "any") == 0) - value = AF_UNSPEC; - else - fatal("Unsupported AddressFamily \"%s\"", arg); - if (*activep && *intptr == -1) - *intptr = value; - break; + multistate_ptr = multistate_addressfamily; + goto parse_multistate; case oEnableSSHKeysign: intptr = &options->enable_ssh_keysign; @@ -906,27 +1267,8 @@ parse_int: case oControlMaster: intptr = &options->control_master; - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing ControlMaster argument.", - filename, linenum); - value = 0; /* To avoid compiler warning... */ - if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) - value = SSHCTL_MASTER_YES; - else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) - value = SSHCTL_MASTER_NO; - else if (strcmp(arg, "auto") == 0) - value = SSHCTL_MASTER_AUTO; - else if (strcmp(arg, "ask") == 0) - value = SSHCTL_MASTER_ASK; - else if (strcmp(arg, "autoask") == 0) - value = SSHCTL_MASTER_AUTO_ASK; - else - fatal("%.200s line %d: Bad ControlMaster argument.", - filename, linenum); - if (*activep && *intptr == -1) - *intptr = value; - break; + multistate_ptr = multistate_controlmaster; + goto parse_multistate; case oControlPersist: /* no/false/yes/true, or a time spec */ @@ -958,25 +1300,8 @@ parse_int: case oTunnel: intptr = &options->tun_open; - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%s line %d: Missing yes/point-to-point/" - "ethernet/no argument.", filename, linenum); - value = 0; /* silence compiler */ - if (strcasecmp(arg, "ethernet") == 0) - value = SSH_TUNMODE_ETHERNET; - else if (strcasecmp(arg, "point-to-point") == 0) - value = SSH_TUNMODE_POINTOPOINT; - else if (strcasecmp(arg, "yes") == 0) - value = SSH_TUNMODE_DEFAULT; - else if (strcasecmp(arg, "no") == 0) - value = SSH_TUNMODE_NO; - else - fatal("%s line %d: Bad yes/point-to-point/ethernet/" - "no argument: %s", filename, linenum, arg); - if (*activep) - *intptr = value; - break; + multistate_ptr = multistate_tunnel; + goto parse_multistate; case oTunnelDevice: arg = strdelim(&s); @@ -1025,25 +1350,89 @@ parse_int: goto parse_flag; case oRequestTTY: + intptr = &options->request_tty; + multistate_ptr = multistate_requesttty; + goto parse_multistate; + + case oIgnoreUnknown: + charptr = &options->ignored_unknown; + goto parse_string; + + case oProxyUseFdpass: + intptr = &options->proxy_use_fdpass; + goto parse_flag; + + case oCanonicalDomains: + value = options->num_canonical_domains != 0; + while ((arg = strdelim(&s)) != NULL && *arg != '\0') { + valid_domain(arg, filename, linenum); + if (!*activep || value) + continue; + if (options->num_canonical_domains >= MAX_CANON_DOMAINS) + fatal("%s line %d: too many hostname suffixes.", + filename, linenum); + options->canonical_domains[ + options->num_canonical_domains++] = xstrdup(arg); + } + break; + + case oCanonicalizePermittedCNAMEs: + value = options->num_permitted_cnames != 0; + while ((arg = strdelim(&s)) != NULL && *arg != '\0') { + /* Either '*' for everything or 'list:list' */ + if (strcmp(arg, "*") == 0) + arg2 = arg; + else { + lowercase(arg); + if ((arg2 = strchr(arg, ':')) == NULL || + arg2[1] == '\0') { + fatal("%s line %d: " + "Invalid permitted CNAME \"%s\"", + filename, linenum, arg); + } + *arg2 = '\0'; + arg2++; + } + if (!*activep || value) + continue; + if (options->num_permitted_cnames >= MAX_CANON_DOMAINS) + fatal("%s line %d: too many permitted CNAMEs.", + filename, linenum); + cname = options->permitted_cnames + + options->num_permitted_cnames++; + cname->source_list = xstrdup(arg); + cname->target_list = xstrdup(arg2); + } + break; + + case oCanonicalizeHostname: + intptr = &options->canonicalize_hostname; + multistate_ptr = multistate_canonicalizehostname; + goto parse_multistate; + + case oCanonicalizeMaxDots: + intptr = &options->canonicalize_max_dots; + goto parse_int; + + case oCanonicalizeFallbackLocal: + intptr = &options->canonicalize_fallback_local; + goto parse_flag; + + case oStreamLocalBindMask: arg = strdelim(&s); if (!arg || *arg == '\0') - fatal("%s line %d: missing argument.", - filename, linenum); - intptr = &options->request_tty; - if (strcasecmp(arg, "yes") == 0) - value = REQUEST_TTY_YES; - else if (strcasecmp(arg, "no") == 0) - value = REQUEST_TTY_NO; - else if (strcasecmp(arg, "force") == 0) - value = REQUEST_TTY_FORCE; - else if (strcasecmp(arg, "auto") == 0) - value = REQUEST_TTY_AUTO; - else - fatal("Unsupported RequestTTY \"%s\"", arg); - if (*activep && *intptr == -1) - *intptr = value; + fatal("%.200s line %d: Missing StreamLocalBindMask argument.", filename, linenum); + /* Parse mode in octal format */ + value = strtol(arg, &endofnumber, 8); + if (arg == endofnumber || value < 0 || value > 0777) + fatal("%.200s line %d: Bad mask.", filename, linenum); + options->fwd_opts.streamlocal_bind_mask = (mode_t)value; break; + case oStreamLocalBindUnlink: + intptr = &options->fwd_opts.streamlocal_bind_unlink; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -1074,8 +1463,8 @@ parse_int: */ int -read_config_file(const char *filename, const char *host, Options *options, - int checkperm) +read_config_file(const char *filename, struct passwd *pw, const char *host, + Options *options, int flags) { FILE *f; char line[1024]; @@ -1085,7 +1474,7 @@ read_config_file(const char *filename, const char *host, Options *options, if ((f = fopen(filename, "r")) == NULL) return 0; - if (checkperm) { + if (flags & SSHCONF_CHECKPERM) { struct stat sb; if (fstat(fileno(f), &sb) == -1) @@ -1106,7 +1495,8 @@ read_config_file(const char *filename, const char *host, Options *options, while (fgets(line, sizeof(line), f)) { /* Update line number counter. */ linenum++; - if (process_config_line(options, host, line, filename, linenum, &active) != 0) + if (process_config_line(options, pw, host, line, filename, + linenum, &active, flags & SSHCONF_USERCONF) != 0) bad_options++; } fclose(f); @@ -1116,6 +1506,13 @@ read_config_file(const char *filename, const char *host, Options *options, return 1; } +/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ +int +option_clear_or_none(const char *o) +{ + return o == NULL || strcasecmp(o, "none") == 0; +} + /* * Initializes options to special values that indicate that they have not yet * been set. Read_config_file will only set options with this value. Options @@ -1133,7 +1530,9 @@ initialize_options(Options * options) options->forward_x11_timeout = -1; options->exit_on_forward_failure = -1; options->xauth_location = NULL; - options->gateway_ports = -1; + options->fwd_opts.gateway_ports = -1; + options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; + options->fwd_opts.streamlocal_bind_unlink = -1; options->use_privileged_port = -1; options->rsa_authentication = -1; options->pubkey_authentication = -1; @@ -1183,6 +1582,7 @@ initialize_options(Options * options) options->no_host_authentication_for_localhost = - 1; options->identities_only = - 1; options->rekey_limit = - 1; + options->rekey_interval = -1; options->verify_host_key_dns = -1; options->server_alive_interval = -1; options->server_alive_count_max = -1; @@ -1199,22 +1599,40 @@ initialize_options(Options * options) options->permit_local_command = -1; options->use_roaming = -1; options->visual_host_key = -1; - options->zero_knowledge_password_authentication = -1; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->request_tty = -1; + options->proxy_use_fdpass = -1; + options->ignored_unknown = NULL; + options->num_canonical_domains = 0; + options->num_permitted_cnames = 0; + options->canonicalize_max_dots = -1; + options->canonicalize_fallback_local = -1; + options->canonicalize_hostname = -1; +} + +/* + * A petite version of fill_default_options() that just fills the options + * needed for hostname canonicalization to proceed. + */ +void +fill_default_options_for_canonicalization(Options *options) +{ + if (options->canonicalize_max_dots == -1) + options->canonicalize_max_dots = 1; + if (options->canonicalize_fallback_local == -1) + options->canonicalize_fallback_local = 1; + if (options->canonicalize_hostname == -1) + options->canonicalize_hostname = SSH_CANONICALISE_NO; } /* * Called after processing other sources of option data, this fills those * options for which no value has been specified with their default values. */ - void fill_default_options(Options * options) { - int len; - if (options->forward_agent == -1) options->forward_agent = 0; if (options->forward_x11 == -1) @@ -1227,8 +1645,12 @@ fill_default_options(Options * options) options->exit_on_forward_failure = 0; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; - if (options->gateway_ports == -1) - options->gateway_ports = 0; + if (options->fwd_opts.gateway_ports == -1) + options->fwd_opts.gateway_ports = 0; + if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) + options->fwd_opts.streamlocal_bind_mask = 0177; + if (options->fwd_opts.streamlocal_bind_unlink == -1) + options->fwd_opts.streamlocal_bind_unlink = 0; if (options->use_privileged_port == -1) options->use_privileged_port = 0; if (options->rsa_authentication == -1) @@ -1280,31 +1702,20 @@ fill_default_options(Options * options) options->protocol = SSH_PROTO_2; if (options->num_identity_files == 0) { if (options->protocol & SSH_PROTO_1) { - len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; - options->identity_files[options->num_identity_files] = - xmalloc(len); - snprintf(options->identity_files[options->num_identity_files++], - len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY); + add_identity_file(options, "~/", + _PATH_SSH_CLIENT_IDENTITY, 0); } if (options->protocol & SSH_PROTO_2) { - len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1; - options->identity_files[options->num_identity_files] = - xmalloc(len); - snprintf(options->identity_files[options->num_identity_files++], - len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA); - - len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1; - options->identity_files[options->num_identity_files] = - xmalloc(len); - snprintf(options->identity_files[options->num_identity_files++], - len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); + add_identity_file(options, "~/", + _PATH_SSH_CLIENT_ID_RSA, 0); + add_identity_file(options, "~/", + _PATH_SSH_CLIENT_ID_DSA, 0); #ifdef OPENSSL_HAS_ECC - len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1; - options->identity_files[options->num_identity_files] = - xmalloc(len); - snprintf(options->identity_files[options->num_identity_files++], - len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA); + add_identity_file(options, "~/", + _PATH_SSH_CLIENT_ID_ECDSA, 0); #endif + add_identity_file(options, "~/", + _PATH_SSH_CLIENT_ID_ED25519, 0); } } if (options->escape_char == -1) @@ -1333,6 +1744,8 @@ fill_default_options(Options * options) options->enable_ssh_keysign = 0; if (options->rekey_limit == -1) options->rekey_limit = 0; + if (options->rekey_interval == -1) + options->rekey_interval = 0; if (options->verify_host_key_dns == -1) options->verify_host_key_dns = 0; if (options->server_alive_interval == -1) @@ -1359,116 +1772,240 @@ fill_default_options(Options * options) options->use_roaming = 1; if (options->visual_host_key == -1) options->visual_host_key = 0; - if (options->zero_knowledge_password_authentication == -1) - options->zero_knowledge_password_authentication = 0; if (options->ip_qos_interactive == -1) options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) options->ip_qos_bulk = IPTOS_THROUGHPUT; if (options->request_tty == -1) options->request_tty = REQUEST_TTY_AUTO; - /* options->local_command should not be set by default */ - /* options->proxy_command should not be set by default */ + if (options->proxy_use_fdpass == -1) + options->proxy_use_fdpass = 0; + if (options->canonicalize_max_dots == -1) + options->canonicalize_max_dots = 1; + if (options->canonicalize_fallback_local == -1) + options->canonicalize_fallback_local = 1; + if (options->canonicalize_hostname == -1) + options->canonicalize_hostname = SSH_CANONICALISE_NO; +#define CLEAR_ON_NONE(v) \ + do { \ + if (option_clear_or_none(v)) { \ + free(v); \ + v = NULL; \ + } \ + } while(0) + CLEAR_ON_NONE(options->local_command); + CLEAR_ON_NONE(options->proxy_command); + CLEAR_ON_NONE(options->control_path); /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ } +struct fwdarg { + char *arg; + int ispath; +}; + +/* + * parse_fwd_field + * parses the next field in a port forwarding specification. + * sets fwd to the parsed field and advances p past the colon + * or sets it to NULL at end of string. + * returns 0 on success, else non-zero. + */ +static int +parse_fwd_field(char **p, struct fwdarg *fwd) +{ + char *ep, *cp = *p; + int ispath = 0; + + if (*cp == '\0') { + *p = NULL; + return -1; /* end of string */ + } + + /* + * A field escaped with square brackets is used literally. + * XXX - allow ']' to be escaped via backslash? + */ + if (*cp == '[') { + /* find matching ']' */ + for (ep = cp + 1; *ep != ']' && *ep != '\0'; ep++) { + if (*ep == '/') + ispath = 1; + } + /* no matching ']' or not at end of field. */ + if (ep[0] != ']' || (ep[1] != ':' && ep[1] != '\0')) + return -1; + /* NUL terminate the field and advance p past the colon */ + *ep++ = '\0'; + if (*ep != '\0') + *ep++ = '\0'; + fwd->arg = cp + 1; + fwd->ispath = ispath; + *p = ep; + return 0; + } + + for (cp = *p; *cp != '\0'; cp++) { + switch (*cp) { + case '\\': + memmove(cp, cp + 1, strlen(cp + 1) + 1); + cp++; + break; + case '/': + ispath = 1; + break; + case ':': + *cp++ = '\0'; + goto done; + } + } +done: + fwd->arg = *p; + fwd->ispath = ispath; + *p = cp; + return 0; +} + /* * parse_forward * parses a string containing a port forwarding specification of the form: * dynamicfwd == 0 - * [listenhost:]listenport:connecthost:connectport + * [listenhost:]listenport|listenpath:connecthost:connectport|connectpath + * listenpath:connectpath * dynamicfwd == 1 * [listenhost:]listenport * returns number of arguments parsed or zero on error */ int -parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) +parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) { + struct fwdarg fwdargs[4]; + char *p, *cp; int i; - char *p, *cp, *fwdarg[4]; - memset(fwd, '\0', sizeof(*fwd)); + memset(fwd, 0, sizeof(*fwd)); + memset(fwdargs, 0, sizeof(fwdargs)); cp = p = xstrdup(fwdspec); /* skip leading spaces */ - while (isspace(*cp)) + while (isspace((u_char)*cp)) cp++; - for (i = 0; i < 4; ++i) - if ((fwdarg[i] = hpdelim(&cp)) == NULL) + for (i = 0; i < 4; ++i) { + if (parse_fwd_field(&cp, &fwdargs[i]) != 0) break; + } /* Check for trailing garbage */ - if (cp != NULL) + if (cp != NULL && *cp != '\0') { i = 0; /* failure */ + } switch (i) { case 1: - fwd->listen_host = NULL; - fwd->listen_port = a2port(fwdarg[0]); + if (fwdargs[0].ispath) { + fwd->listen_path = xstrdup(fwdargs[0].arg); + fwd->listen_port = PORT_STREAMLOCAL; + } else { + fwd->listen_host = NULL; + fwd->listen_port = a2port(fwdargs[0].arg); + } fwd->connect_host = xstrdup("socks"); break; case 2: - fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); - fwd->listen_port = a2port(fwdarg[1]); - fwd->connect_host = xstrdup("socks"); + if (fwdargs[0].ispath && fwdargs[1].ispath) { + fwd->listen_path = xstrdup(fwdargs[0].arg); + fwd->listen_port = PORT_STREAMLOCAL; + fwd->connect_path = xstrdup(fwdargs[1].arg); + fwd->connect_port = PORT_STREAMLOCAL; + } else if (fwdargs[1].ispath) { + fwd->listen_host = NULL; + fwd->listen_port = a2port(fwdargs[0].arg); + fwd->connect_path = xstrdup(fwdargs[1].arg); + fwd->connect_port = PORT_STREAMLOCAL; + } else { + fwd->listen_host = xstrdup(fwdargs[0].arg); + fwd->listen_port = a2port(fwdargs[1].arg); + fwd->connect_host = xstrdup("socks"); + } break; case 3: - fwd->listen_host = NULL; - fwd->listen_port = a2port(fwdarg[0]); - fwd->connect_host = xstrdup(cleanhostname(fwdarg[1])); - fwd->connect_port = a2port(fwdarg[2]); + if (fwdargs[0].ispath) { + fwd->listen_path = xstrdup(fwdargs[0].arg); + fwd->listen_port = PORT_STREAMLOCAL; + fwd->connect_host = xstrdup(fwdargs[1].arg); + fwd->connect_port = a2port(fwdargs[2].arg); + } else if (fwdargs[2].ispath) { + fwd->listen_host = xstrdup(fwdargs[0].arg); + fwd->listen_port = a2port(fwdargs[1].arg); + fwd->connect_path = xstrdup(fwdargs[2].arg); + fwd->connect_port = PORT_STREAMLOCAL; + } else { + fwd->listen_host = NULL; + fwd->listen_port = a2port(fwdargs[0].arg); + fwd->connect_host = xstrdup(fwdargs[1].arg); + fwd->connect_port = a2port(fwdargs[2].arg); + } break; case 4: - fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); - fwd->listen_port = a2port(fwdarg[1]); - fwd->connect_host = xstrdup(cleanhostname(fwdarg[2])); - fwd->connect_port = a2port(fwdarg[3]); + fwd->listen_host = xstrdup(fwdargs[0].arg); + fwd->listen_port = a2port(fwdargs[1].arg); + fwd->connect_host = xstrdup(fwdargs[2].arg); + fwd->connect_port = a2port(fwdargs[3].arg); break; default: i = 0; /* failure */ } - xfree(p); + free(p); if (dynamicfwd) { if (!(i == 1 || i == 2)) goto fail_free; } else { - if (!(i == 3 || i == 4)) - goto fail_free; - if (fwd->connect_port <= 0) + if (!(i == 3 || i == 4)) { + if (fwd->connect_path == NULL && + fwd->listen_path == NULL) + goto fail_free; + } + if (fwd->connect_port <= 0 && fwd->connect_path == NULL) goto fail_free; } - if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0)) + if ((fwd->listen_port < 0 && fwd->listen_path == NULL) || + (!remotefwd && fwd->listen_port == 0)) goto fail_free; - if (fwd->connect_host != NULL && strlen(fwd->connect_host) >= NI_MAXHOST) goto fail_free; + /* XXX - if connecting to a remote socket, max sun len may not match this host */ + if (fwd->connect_path != NULL && + strlen(fwd->connect_path) >= PATH_MAX_SUN) + goto fail_free; if (fwd->listen_host != NULL && strlen(fwd->listen_host) >= NI_MAXHOST) goto fail_free; - + if (fwd->listen_path != NULL && + strlen(fwd->listen_path) >= PATH_MAX_SUN) + goto fail_free; return (i); fail_free: - if (fwd->connect_host != NULL) { - xfree(fwd->connect_host); - fwd->connect_host = NULL; - } - if (fwd->listen_host != NULL) { - xfree(fwd->listen_host); - fwd->listen_host = NULL; - } + free(fwd->connect_host); + fwd->connect_host = NULL; + free(fwd->connect_path); + fwd->connect_path = NULL; + free(fwd->listen_host); + fwd->listen_host = NULL; + free(fwd->listen_path); + fwd->listen_path = NULL; return (0); } diff --git a/crypto/openssh/readconf.h b/crypto/openssh/readconf.h index be30ee0e11..0b9cb777a6 100644 --- a/crypto/openssh/readconf.h +++ b/crypto/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.102 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen @@ -16,20 +16,17 @@ #ifndef READCONF_H #define READCONF_H -/* Data structure for representing a forwarding request. */ - -typedef struct { - char *listen_host; /* Host (address) to listen on. */ - int listen_port; /* Port to forward. */ - char *connect_host; /* Host to connect. */ - int connect_port; /* Port to connect on connect_host. */ - int allocated_port; /* Dynamically allocated listen port */ - int handle; /* Handle for dynamic listen ports */ -} Forward; /* Data structure for representing option data. */ #define MAX_SEND_ENV 256 -#define SSH_MAX_HOSTS_FILES 256 +#define SSH_MAX_HOSTS_FILES 32 +#define MAX_CANON_DOMAINS 32 +#define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path) + +struct allowed_cname { + char *source_list; + char *target_list; +}; typedef struct { int forward_agent; /* Forward authentication agent. */ @@ -38,7 +35,7 @@ typedef struct { int forward_x11_trusted; /* Trust Forward X11 display. */ int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ char *xauth_location; /* Location for xauth program */ - int gateway_ports; /* Allow remote connects to forwarded ports. */ + struct ForwardOptions fwd_opts; /* forwarding options */ int use_privileged_port; /* Don't use privileged port if false. */ int rhosts_rsa_authentication; /* Try rhosts with RSA * authentication. */ @@ -53,7 +50,6 @@ typedef struct { * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ - int zero_knowledge_password_authentication; /* Try jpake */ int batch_mode; /* Batch mode: do not ask for passwords. */ int check_host_ip; /* Also keep track of keys for IP address */ int strict_host_key_checking; /* Strict host key checking. */ @@ -96,19 +92,21 @@ typedef struct { int num_identity_files; /* Number of files for RSA/DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; + int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; Key *identity_keys[SSH_MAX_IDENTITY_FILES]; /* Local TCP/IP forward requests. */ int num_local_forwards; - Forward *local_forwards; + struct Forward *local_forwards; /* Remote TCP/IP forward requests. */ int num_remote_forwards; - Forward *remote_forwards; + struct Forward *remote_forwards; int clear_forwardings; int enable_ssh_keysign; int64_t rekey_limit; + int rekey_interval; int no_host_authentication_for_localhost; int identities_only; int server_alive_interval; @@ -135,8 +133,24 @@ typedef struct { int use_roaming; int request_tty; + + int proxy_use_fdpass; + + int num_canonical_domains; + char *canonical_domains[MAX_CANON_DOMAINS]; + int canonicalize_hostname; + int canonicalize_max_dots; + int canonicalize_fallback_local; + int num_permitted_cnames; + struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS]; + + char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ } Options; +#define SSH_CANONICALISE_NO 0 +#define SSH_CANONICALISE_YES 1 +#define SSH_CANONICALISE_ALWAYS 2 + #define SSHCTL_MASTER_NO 0 #define SSHCTL_MASTER_YES 1 #define SSHCTL_MASTER_AUTO 2 @@ -148,15 +162,22 @@ typedef struct { #define REQUEST_TTY_YES 2 #define REQUEST_TTY_FORCE 3 +#define SSHCONF_CHECKPERM 1 /* check permissions on config file */ +#define SSHCONF_USERCONF 2 /* user provided config file not system */ + void initialize_options(Options *); void fill_default_options(Options *); -int read_config_file(const char *, const char *, Options *, int); -int parse_forward(Forward *, const char *, int, int); - -int -process_config_line(Options *, const char *, char *, const char *, int, int *); - -void add_local_forward(Options *, const Forward *); -void add_remote_forward(Options *, const Forward *); +void fill_default_options_for_canonicalization(Options *); +int process_config_line(Options *, struct passwd *, const char *, char *, + const char *, int, int *, int); +int read_config_file(const char *, struct passwd *, const char *, + Options *, int); +int parse_forward(struct Forward *, const char *, int, int); +int default_ssh_port(void); +int option_clear_or_none(const char *); + +void add_local_forward(Options *, const struct Forward *); +void add_remote_forward(Options *, const struct Forward *); +void add_identity_file(Options *, const char *, const char *, int); #endif /* READCONF_H */ diff --git a/crypto/openssh/readpass.c b/crypto/openssh/readpass.c index 599c8ef9a8..869d86425c 100644 --- a/crypto/openssh/readpass.c +++ b/crypto/openssh/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -99,13 +99,13 @@ ssh_askpass(char *askpass, const char *msg) break; signal(SIGCHLD, osigchld); if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return NULL; } buf[strcspn(buf, "\r\n")] = '\0'; pass = xstrdup(buf); - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return pass; } @@ -162,7 +162,7 @@ read_passphrase(const char *prompt, int flags) } ret = xstrdup(buf); - memset(buf, 'x', sizeof buf); + explicit_bzero(buf, sizeof(buf)); return ret; } @@ -186,7 +186,7 @@ ask_permission(const char *fmt, ...) if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) allowed = 1; - xfree(p); + free(p); } return (allowed); diff --git a/crypto/openssh/rijndael.c b/crypto/openssh/rijndael.c index 7432ea2e42..cde90789e5 100644 --- a/crypto/openssh/rijndael.c +++ b/crypto/openssh/rijndael.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rijndael.c,v 1.16 2004/06/23 00:39:38 mouring Exp $ */ +/* $OpenBSD: rijndael.c,v 1.18 2014/04/29 15:42:07 markus Exp $ */ /** * rijndael-alg-fst.c @@ -25,6 +25,7 @@ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" #include @@ -32,7 +33,7 @@ #include "rijndael.h" -#define FULL_UNROLL +#undef FULL_UNROLL /* Te0[x] = S [x].[02, 01, 01, 03]; @@ -247,7 +248,6 @@ static const u32 Te2[256] = { 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, }; static const u32 Te3[256] = { - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, @@ -532,7 +532,6 @@ static const u32 Td2[256] = { 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, @@ -724,8 +723,10 @@ static const u32 rcon[] = { * * @return the number of rounds for the given cipher key size. */ -static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int i = 0; +int +rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) +{ + int i = 0; u32 temp; rk[0] = GETU32(cipherKey ); @@ -786,9 +787,9 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 14; - } + if (++i == 7) { + return 14; + } temp = rk[11]; rk[12] = rk[ 4] ^ (Te4[(temp >> 24) ] & 0xff000000) ^ @@ -797,7 +798,7 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int (Te4[(temp ) & 0xff] & 0x000000ff); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[15] = rk[ 7] ^ rk[14]; rk += 8; } } @@ -809,18 +810,21 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int * * @return the number of rounds for the given cipher key size. */ -static int +int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits, - int have_encrypt) { + int have_encrypt) +{ int Nr, i, j; u32 temp; - if (have_encrypt) { + /* expand the cipher key: */ + if (have_encrypt > 0) { + /* Already done */ Nr = have_encrypt; } else { - /* expand the cipher key: */ Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); } + /* invert the order of the round keys: */ for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; @@ -855,7 +859,10 @@ rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits, return Nr; } -static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) { +void +rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], + u8 ct[16]) +{ u32 s0, s1, s2, s3, t0, t1, t2, t3; #ifndef FULL_UNROLL int r; @@ -871,50 +878,50 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16 s3 = GETU32(pt + 12) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; if (Nr > 10) { /* round 10: */ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; @@ -1036,7 +1043,10 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16 PUTU32(ct + 12, s3); } -static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) { +static void +rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], + u8 pt[16]) +{ u32 s0, s1, s2, s3, t0, t1, t2, t3; #ifndef FULL_UNROLL int r; @@ -1187,33 +1197,33 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16 * apply last round and * map cipher state to byte array block: */ - s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[0]; + s0 = + (Td4[(t0 >> 24) ] & 0xff000000) ^ + (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[0]; PUTU32(pt , s0); - s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[1]; + s1 = + (Td4[(t1 >> 24) ] & 0xff000000) ^ + (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[1]; PUTU32(pt + 4, s1); - s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[2]; + s2 = + (Td4[(t2 >> 24) ] & 0xff000000) ^ + (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[2]; PUTU32(pt + 8, s2); - s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[3]; + s3 = + (Td4[(t3 >> 24) ] & 0xff000000) ^ + (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[3]; PUTU32(pt + 12, s3); } diff --git a/crypto/openssh/rijndael.h b/crypto/openssh/rijndael.h index c614bb1887..53e74e0a81 100644 --- a/crypto/openssh/rijndael.h +++ b/crypto/openssh/rijndael.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rijndael.h,v 1.12 2001/12/19 07:18:56 deraadt Exp $ */ +/* $OpenBSD: rijndael.h,v 1.14 2014/04/29 15:42:07 markus Exp $ */ /** * rijndael-alg-fst.h @@ -25,27 +25,32 @@ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef __RIJNDAEL_H -#define __RIJNDAEL_H +#ifndef _PRIVATE_RIJNDAEL_H +#define _PRIVATE_RIJNDAEL_H -#define MAXKC (256/32) -#define MAXKB (256/8) -#define MAXNR 14 +#define AES_MAXKEYBITS (256) +#define AES_MAXKEYBYTES (AES_MAXKEYBITS/8) +/* for 256-bit keys, fewer for less */ +#define AES_MAXROUNDS 14 typedef unsigned char u8; typedef unsigned short u16; typedef unsigned int u32; +int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int); +void rijndaelEncrypt(const unsigned int [], int, const unsigned char [], + unsigned char []); + /* The structure for key information */ typedef struct { int decrypt; - int Nr; /* key-length-dependent number of rounds */ - u32 ek[4*(MAXNR + 1)]; /* encrypt key schedule */ - u32 dk[4*(MAXNR + 1)]; /* decrypt key schedule */ + int Nr; /* key-length-dependent number of rounds */ + u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ + u32 dk[4*(AES_MAXROUNDS + 1)]; /* decrypt key schedule */ } rijndael_ctx; void rijndael_set_key(rijndael_ctx *, u_char *, int, int); void rijndael_decrypt(rijndael_ctx *, u_char *, u_char *); void rijndael_encrypt(rijndael_ctx *, u_char *, u_char *); -#endif /* __RIJNDAEL_H */ +#endif /* _PRIVATE_RIJNDAEL_H */ diff --git a/crypto/openssh/roaming_client.c b/crypto/openssh/roaming_client.c index 48009d781d..5e5c28b2b2 100644 --- a/crypto/openssh/roaming_client.c +++ b/crypto/openssh/roaming_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming_client.c,v 1.4 2011/12/07 05:44:38 djm Exp $ */ +/* $OpenBSD: roaming_client.c,v 1.8 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -28,9 +28,6 @@ #include #include -#include -#include - #include "xmalloc.h" #include "buffer.h" #include "channels.h" @@ -48,6 +45,7 @@ #include "roaming.h" #include "ssh2.h" #include "sshconnect.h" +#include "digest.h" /* import */ extern Options options; @@ -90,10 +88,8 @@ request_roaming(void) static void roaming_auth_required(void) { - u_char digest[SHA_DIGEST_LENGTH]; - EVP_MD_CTX md; + u_char digest[SSH_DIGEST_MAX_LENGTH]; Buffer b; - const EVP_MD *evp_md = EVP_sha1(); u_int64_t chall, oldchall; chall = packet_get_int64(); @@ -107,14 +103,13 @@ roaming_auth_required(void) buffer_init(&b); buffer_put_int64(&b, cookie); buffer_put_int64(&b, chall); - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestFinal(&md, digest, NULL); + if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0) + fatal("%s: ssh_digest_buffer failed", __func__); buffer_free(&b); packet_start(SSH2_MSG_KEX_ROAMING_AUTH); packet_put_int64(key1 ^ get_recv_bytes()); - packet_put_raw(digest, sizeof(digest)); + packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1)); packet_send(); oldkey1 = key1; @@ -187,10 +182,10 @@ roaming_resume(void) debug("server doesn't allow resume"); goto fail; } - xfree(str); + free(str); for (i = 1; i < PROPOSAL_MAX; i++) { /* kex algorithm taken care of so start with i=1 and not 0 */ - xfree(packet_get_string(&len)); + free(packet_get_string(&len)); } i = packet_get_char(); /* first_kex_packet_follows */ if (i && (c = strchr(kexlist, ','))) @@ -226,8 +221,7 @@ roaming_resume(void) return 0; fail: - if (kexlist) - xfree(kexlist); + free(kexlist); if (packet_get_connection_in() == packet_get_connection_out()) close(packet_get_connection_in()); else { @@ -260,10 +254,10 @@ wait_for_roaming_reconnect(void) if (c != '\n' && c != '\r') continue; - if (ssh_connect(host, &hostaddr, options.port, + if (ssh_connect(host, NULL, &hostaddr, options.port, options.address_family, 1, &timeout_ms, - options.tcp_keep_alive, options.use_privileged_port, - options.proxy_command) == 0 && roaming_resume() == 0) { + options.tcp_keep_alive, options.use_privileged_port) == 0 && + roaming_resume() == 0) { packet_restore_state(); reenter_guard = 0; fprintf(stderr, "[connection resumed]\n"); diff --git a/crypto/openssh/roaming_common.c b/crypto/openssh/roaming_common.c index 8d0b6054a0..787bef04a6 100644 --- a/crypto/openssh/roaming_common.c +++ b/crypto/openssh/roaming_common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming_common.c,v 1.9 2011/12/07 05:44:38 djm Exp $ */ +/* $OpenBSD: roaming_common.c,v 1.12 2014/01/09 23:20:00 djm Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -36,6 +36,7 @@ #include "cipher.h" #include "buffer.h" #include "roaming.h" +#include "digest.h" static size_t out_buf_size = 0; static char *out_buf = NULL; @@ -49,7 +50,7 @@ int roaming_enabled = 0; int resume_in_progress = 0; int -get_snd_buf_size() +get_snd_buf_size(void) { int fd = packet_get_connection_out(); int optval; @@ -61,7 +62,7 @@ get_snd_buf_size() } int -get_recv_buf_size() +get_recv_buf_size(void) { int fd = packet_get_connection_in(); int optval; @@ -225,9 +226,7 @@ resend_bytes(int fd, u_int64_t *offset) void calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge) { - const EVP_MD *md = EVP_sha1(); - EVP_MD_CTX ctx; - char hash[EVP_MAX_MD_SIZE]; + u_char hash[SSH_DIGEST_MAX_LENGTH]; Buffer b; buffer_init(&b); @@ -235,12 +234,11 @@ calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge) buffer_put_int64(&b, cookie); buffer_put_int64(&b, challenge); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestFinal(&ctx, hash, NULL); + if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0) + fatal("%s: digest_buffer failed", __func__); buffer_clear(&b); - buffer_append(&b, hash, EVP_MD_size(md)); + buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); *key = buffer_get_int64(&b); buffer_free(&b); } diff --git a/crypto/openssh/rsa.c b/crypto/openssh/rsa.c index bec1d190bc..5ecacef903 100644 --- a/crypto/openssh/rsa.c +++ b/crypto/openssh/rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -67,85 +67,122 @@ #include #include -#include "xmalloc.h" #include "rsa.h" #include "log.h" +#include "ssherr.h" -void +int rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) { - u_char *inbuf, *outbuf; - int len, ilen, olen; + u_char *inbuf = NULL, *outbuf = NULL; + int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) - fatal("rsa_public_encrypt() exponent too small or not odd"); + return SSH_ERR_INVALID_ARGUMENT; olen = BN_num_bytes(key->n); - outbuf = xmalloc(olen); + if ((outbuf = malloc(olen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } ilen = BN_num_bytes(in); - inbuf = xmalloc(ilen); + if ((inbuf = malloc(ilen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } BN_bn2bin(in, inbuf); if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, - RSA_PKCS1_PADDING)) <= 0) - fatal("rsa_public_encrypt() failed"); + RSA_PKCS1_PADDING)) <= 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } - if (BN_bin2bn(outbuf, len, out) == NULL) - fatal("rsa_public_encrypt: BN_bin2bn failed"); + if (BN_bin2bn(outbuf, len, out) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; - memset(outbuf, 0, olen); - memset(inbuf, 0, ilen); - xfree(outbuf); - xfree(inbuf); + out: + if (outbuf != NULL) { + explicit_bzero(outbuf, olen); + free(outbuf); + } + if (inbuf != NULL) { + explicit_bzero(inbuf, ilen); + free(inbuf); + } + return r; } int rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) { - u_char *inbuf, *outbuf; - int len, ilen, olen; + u_char *inbuf = NULL, *outbuf = NULL; + int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; olen = BN_num_bytes(key->n); - outbuf = xmalloc(olen); + if ((outbuf = malloc(olen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } ilen = BN_num_bytes(in); - inbuf = xmalloc(ilen); + if ((inbuf = malloc(ilen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } BN_bn2bin(in, inbuf); if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, RSA_PKCS1_PADDING)) <= 0) { - error("rsa_private_decrypt() failed"); - } else { - if (BN_bin2bn(outbuf, len, out) == NULL) - fatal("rsa_private_decrypt: BN_bin2bn failed"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } else if (BN_bin2bn(outbuf, len, out) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + out: + if (outbuf != NULL) { + explicit_bzero(outbuf, olen); + free(outbuf); + } + if (inbuf != NULL) { + explicit_bzero(inbuf, ilen); + free(inbuf); } - memset(outbuf, 0, olen); - memset(inbuf, 0, ilen); - xfree(outbuf); - xfree(inbuf); - return len; + return r; } /* calculate p-1 and q-1 */ -void +int rsa_generate_additional_parameters(RSA *rsa) { - BIGNUM *aux; - BN_CTX *ctx; + BIGNUM *aux = NULL; + BN_CTX *ctx = NULL; + int r; - if ((aux = BN_new()) == NULL) - fatal("rsa_generate_additional_parameters: BN_new failed"); if ((ctx = BN_CTX_new()) == NULL) - fatal("rsa_generate_additional_parameters: BN_CTX_new failed"); + return SSH_ERR_ALLOC_FAIL; + if ((aux = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || (BN_sub(aux, rsa->p, BN_value_one()) == 0) || - (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) - fatal("rsa_generate_additional_parameters: BN_sub/mod failed"); - + (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + out: BN_clear_free(aux); BN_CTX_free(ctx); + return r; } diff --git a/crypto/openssh/rsa.h b/crypto/openssh/rsa.h index b841ea4e10..c476707d53 100644 --- a/crypto/openssh/rsa.h +++ b/crypto/openssh/rsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */ /* * Author: Tatu Ylonen @@ -19,8 +19,8 @@ #include #include -void rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); +int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); -void rsa_generate_additional_parameters(RSA *); +int rsa_generate_additional_parameters(RSA *); #endif /* RSA_H */ diff --git a/crypto/openssh/sandbox-rlimit.c b/crypto/openssh/sandbox-capsicum.c similarity index 60% copy from crypto/openssh/sandbox-rlimit.c copy to crypto/openssh/sandbox-capsicum.c index a00386337c..655f0d2178 100644 --- a/crypto/openssh/sandbox-rlimit.c +++ b/crypto/openssh/sandbox-capsicum.c @@ -1,6 +1,5 @@ -/* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */ /* - * Copyright (c) 2011 Damien Miller + * Copyright (c) 2011 Dag-Erling Smorgrav * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,12 +16,13 @@ #include "includes.h" -#ifdef SANDBOX_RLIMIT +#ifdef SANDBOX_CAPSICUM #include #include #include #include +#include #include #include @@ -32,17 +32,23 @@ #include #include "log.h" +#include "monitor.h" #include "ssh-sandbox.h" #include "xmalloc.h" -/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */ +/* + * Capsicum sandbox that sets zero nfiles, nprocs and filesize rlimits, + * limits rights on stdout, stdin, stderr, monitor and switches to + * capability mode. + */ struct ssh_sandbox { + struct monitor *monitor; pid_t child_pid; }; struct ssh_sandbox * -ssh_sandbox_init(void) +ssh_sandbox_init(struct monitor *monitor) { struct ssh_sandbox *box; @@ -50,8 +56,9 @@ ssh_sandbox_init(void) * Strictly, we don't need to maintain any state here but we need * to return non-NULL to satisfy the API. */ - debug3("%s: preparing rlimit sandbox", __func__); + debug3("%s: preparing capsicum sandbox", __func__); box = xcalloc(1, sizeof(*box)); + box->monitor = monitor; box->child_pid = 0; return box; @@ -61,22 +68,42 @@ void ssh_sandbox_child(struct ssh_sandbox *box) { struct rlimit rl_zero; + cap_rights_t rights; rl_zero.rlim_cur = rl_zero.rlim_max = 0; -#ifndef SANDBOX_SKIP_RLIMIT_FSIZE if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); -#endif +#ifndef SANDBOX_SKIP_RLIMIT_NOFILE if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", __func__, strerror(errno)); -#ifdef HAVE_RLIMIT_NPROC +#endif if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", __func__, strerror(errno)); -#endif + + cap_rights_init(&rights); + + if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) + fatal("can't limit stdin: %m"); + if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) + fatal("can't limit stdout: %m"); + if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) + fatal("can't limit stderr: %m"); + + cap_rights_init(&rights, CAP_READ, CAP_WRITE); + if (cap_rights_limit(box->monitor->m_recvfd, &rights) < 0 && + errno != ENOSYS) + fatal("%s: failed to limit the network socket", __func__); + cap_rights_init(&rights, CAP_WRITE); + if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) < 0 && + errno != ENOSYS) + fatal("%s: failed to limit the logging socket", __func__); + if (cap_enter() < 0 && errno != ENOSYS) + fatal("%s: failed to enter capability mode", __func__); + } void @@ -92,4 +119,4 @@ ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) box->child_pid = child_pid; } -#endif /* SANDBOX_RLIMIT */ +#endif /* SANDBOX_CAPSICUM */ diff --git a/crypto/openssh/sandbox-rlimit.c b/crypto/openssh/sandbox-rlimit.c index a00386337c..bba80778b1 100644 --- a/crypto/openssh/sandbox-rlimit.c +++ b/crypto/openssh/sandbox-rlimit.c @@ -42,7 +42,7 @@ struct ssh_sandbox { }; struct ssh_sandbox * -ssh_sandbox_init(void) +ssh_sandbox_init(struct monitor *monitor) { struct ssh_sandbox *box; @@ -69,9 +69,11 @@ ssh_sandbox_child(struct ssh_sandbox *box) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); #endif +#ifndef SANDBOX_SKIP_RLIMIT_NOFILE if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", __func__, strerror(errno)); +#endif #ifdef HAVE_RLIMIT_NPROC if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", diff --git a/crypto/openssh/sc25519.c b/crypto/openssh/sc25519.c new file mode 100644 index 0000000000..1568d9a58c --- /dev/null +++ b/crypto/openssh/sc25519.c @@ -0,0 +1,308 @@ +/* $OpenBSD: sc25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c + */ + +#include "includes.h" + +#include "sc25519.h" + +/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ + +static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; + +static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, + 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; + +static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ + x >>= 31; /* 0: no; 1: yes */ + return x; +} + +/* Reduce coefficients of r before calling reduce_add_sub */ +static void reduce_add_sub(sc25519 *r) +{ + crypto_uint32 pb = 0; + crypto_uint32 b; + crypto_uint32 mask; + int i; + unsigned char t[32]; + + for(i=0;i<32;i++) + { + pb += m[i]; + b = lt(r->v[i],pb); + t[i] = r->v[i]-pb+(b<<8); + pb = b; + } + mask = b - 1; + for(i=0;i<32;i++) + r->v[i] ^= mask & (r->v[i] ^ t[i]); +} + +/* Reduce coefficients of x before calling barrett_reduce */ +static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) +{ + /* See HAC, Alg. 14.42 */ + int i,j; + crypto_uint32 q2[66]; + crypto_uint32 *q3 = q2 + 33; + crypto_uint32 r1[33]; + crypto_uint32 r2[33]; + crypto_uint32 carry; + crypto_uint32 pb = 0; + crypto_uint32 b; + + for (i = 0;i < 66;++i) q2[i] = 0; + for (i = 0;i < 33;++i) r2[i] = 0; + + for(i=0;i<33;i++) + for(j=0;j<33;j++) + if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; + carry = q2[31] >> 8; + q2[32] += carry; + carry = q2[32] >> 8; + q2[33] += carry; + + for(i=0;i<33;i++)r1[i] = x[i]; + for(i=0;i<32;i++) + for(j=0;j<33;j++) + if(i+j < 33) r2[i+j] += m[i]*q3[j]; + + for(i=0;i<32;i++) + { + carry = r2[i] >> 8; + r2[i+1] += carry; + r2[i] &= 0xff; + } + + for(i=0;i<32;i++) + { + pb += r2[i]; + b = lt(r1[i],pb); + r->v[i] = r1[i]-pb+(b<<8); + pb = b; + } + + /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 + * If so: Handle it here! + */ + + reduce_add_sub(r); + reduce_add_sub(r); +} + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<32;i++) t[i] = x[i]; + for(i=32;i<64;++i) t[i] = 0; + barrett_reduce(r, t); +} + +void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]) +{ + int i; + for(i=0;i<16;i++) r->v[i] = x[i]; +} + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<64;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + +void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x) +{ + int i; + for(i=0;i<16;i++) + r->v[i] = x->v[i]; + for(i=0;i<16;i++) + r->v[16+i] = 0; +} + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) r[i] = x->v[i]; +} + +int sc25519_iszero_vartime(const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) + if(x->v[i] != 0) return 0; + return 1; +} + +int sc25519_isshort_vartime(const sc25519 *x) +{ + int i; + for(i=31;i>15;i--) + if(x->v[i] != 0) return 0; + return 1; +} + +int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y) +{ + int i; + for(i=31;i>=0;i--) + { + if(x->v[i] < y->v[i]) return 1; + if(x->v[i] > y->v[i]) return 0; + } + return 0; +} + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i, carry; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + for(i=0;i<31;i++) + { + carry = r->v[i] >> 8; + r->v[i+1] += carry; + r->v[i] &= 0xff; + } + reduce_add_sub(r); +} + +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + crypto_uint32 b = 0; + crypto_uint32 t; + int i; + for(i=0;i<32;i++) + { + t = x->v[i] - y->v[i] - b; + r->v[i] = t & 255; + b = (t >> 8) & 1; + } +} + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i,j,carry; + crypto_uint32 t[64]; + for(i=0;i<64;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + /* Reduce coefficients */ + for(i=0;i<63;i++) + { + carry = t[i] >> 8; + t[i+1] += carry; + t[i] &= 0xff; + } + + barrett_reduce(r, t); +} + +void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y) +{ + sc25519 t; + sc25519_from_shortsc(&t, y); + sc25519_mul(r, x, &t); +} + +void sc25519_window3(signed char r[85], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<10;i++) + { + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + r[8*i+5] = (s->v[3*i+1] >> 7) & 7; + r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; + r[8*i+6] = (s->v[3*i+2] >> 2) & 7; + r[8*i+7] = (s->v[3*i+2] >> 5) & 7; + } + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + + /* Making it signed */ + carry = 0; + for(i=0;i<84;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 3; + r[i] &= 7; + carry = r[i] >> 2; + r[i] -= carry<<3; + } + r[84] += carry; +} + +void sc25519_window5(signed char r[51], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<6;i++) + { + r[8*i+0] = s->v[5*i+0] & 31; + r[8*i+1] = (s->v[5*i+0] >> 5) & 31; + r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; + r[8*i+2] = (s->v[5*i+1] >> 2) & 31; + r[8*i+3] = (s->v[5*i+1] >> 7) & 31; + r[8*i+3] ^= (s->v[5*i+2] << 1) & 31; + r[8*i+4] = (s->v[5*i+2] >> 4) & 31; + r[8*i+4] ^= (s->v[5*i+3] << 4) & 31; + r[8*i+5] = (s->v[5*i+3] >> 1) & 31; + r[8*i+6] = (s->v[5*i+3] >> 6) & 31; + r[8*i+6] ^= (s->v[5*i+4] << 2) & 31; + r[8*i+7] = (s->v[5*i+4] >> 3) & 31; + } + r[8*i+0] = s->v[5*i+0] & 31; + r[8*i+1] = (s->v[5*i+0] >> 5) & 31; + r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; + r[8*i+2] = (s->v[5*i+1] >> 2) & 31; + + /* Making it signed */ + carry = 0; + for(i=0;i<50;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 5; + r[i] &= 31; + carry = r[i] >> 4; + r[i] -= carry<<5; + } + r[50] += carry; +} + +void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2) +{ + int i; + for(i=0;i<31;i++) + { + r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); + r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); + r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); + r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); + } + r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); + r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); + r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); +} diff --git a/crypto/openssh/sc25519.h b/crypto/openssh/sc25519.h new file mode 100644 index 0000000000..a2c15d5ff9 --- /dev/null +++ b/crypto/openssh/sc25519.h @@ -0,0 +1,80 @@ +/* $OpenBSD: sc25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.h + */ + +#ifndef SC25519_H +#define SC25519_H + +#include "crypto_api.h" + +#define sc25519 crypto_sign_ed25519_ref_sc25519 +#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 +#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes +#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes +#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes +#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc +#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes +#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime +#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime +#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime +#define sc25519_add crypto_sign_ed25519_ref_sc25519_add +#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored +#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul +#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc +#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 +#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5 +#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 + +typedef struct +{ + crypto_uint32 v[32]; +} +sc25519; + +typedef struct +{ + crypto_uint32 v[16]; +} +shortsc25519; + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); + +void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]); + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); + +void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x); + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); + +int sc25519_iszero_vartime(const sc25519 *x); + +int sc25519_isshort_vartime(const sc25519 *x); + +int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y); + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); + +/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3 + * with r[i] in {-4,...,3} + */ +void sc25519_window3(signed char r[85], const sc25519 *s); + +/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5 + * with r[i] in {-16,...,15} + */ +void sc25519_window5(signed char r[51], const sc25519 *s); + +void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); + +#endif diff --git a/crypto/openssh/schnorr.c b/crypto/openssh/schnorr.c deleted file mode 100644 index 4d54d68812..0000000000 --- a/crypto/openssh/schnorr.c +++ /dev/null @@ -1,675 +0,0 @@ -/* $OpenBSD: schnorr.c,v 1.5 2010/12/03 23:49:26 djm Exp $ */ -/* - * Copyright (c) 2008 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Implementation of Schnorr signatures / zero-knowledge proofs, based on - * description in: - * - * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", - * 16th Workshop on Security Protocols, Cambridge, April 2008 - * - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - */ - -#include "includes.h" - -#include - -#include -#include -#include - -#include -#include - -#include "xmalloc.h" -#include "buffer.h" -#include "log.h" - -#include "schnorr.h" - -#include "openbsd-compat/openssl-compat.h" - -/* #define SCHNORR_DEBUG */ /* Privacy-violating debugging */ -/* #define SCHNORR_MAIN */ /* Include main() selftest */ - -#ifndef SCHNORR_DEBUG -# define SCHNORR_DEBUG_BN(a) -# define SCHNORR_DEBUG_BUF(a) -#else -# define SCHNORR_DEBUG_BN(a) debug3_bn a -# define SCHNORR_DEBUG_BUF(a) debug3_buf a -#endif /* SCHNORR_DEBUG */ - -/* - * Calculate hash component of Schnorr signature H(g || g^v || g^x || id) - * using the hash function defined by "evp_md". Returns signature as - * bignum or NULL on error. - */ -static BIGNUM * -schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g, - const EVP_MD *evp_md, const BIGNUM *g_v, const BIGNUM *g_x, - const u_char *id, u_int idlen) -{ - u_char *digest; - u_int digest_len; - BIGNUM *h; - Buffer b; - int success = -1; - - if ((h = BN_new()) == NULL) { - error("%s: BN_new", __func__); - return NULL; - } - - buffer_init(&b); - - /* h = H(g || p || q || g^v || g^x || id) */ - buffer_put_bignum2(&b, g); - buffer_put_bignum2(&b, p); - buffer_put_bignum2(&b, q); - buffer_put_bignum2(&b, g_v); - buffer_put_bignum2(&b, g_x); - buffer_put_string(&b, id, idlen); - - SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b), - "%s: hashblob", __func__)); - if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_md, - &digest, &digest_len) != 0) { - error("%s: hash_buffer", __func__); - goto out; - } - if (BN_bin2bn(digest, (int)digest_len, h) == NULL) { - error("%s: BN_bin2bn", __func__); - goto out; - } - success = 0; - SCHNORR_DEBUG_BN((h, "%s: h = ", __func__)); - out: - buffer_free(&b); - bzero(digest, digest_len); - xfree(digest); - digest_len = 0; - if (success == 0) - return h; - BN_clear_free(h); - return NULL; -} - -/* - * Generate Schnorr signature to prove knowledge of private value 'x' used - * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g' - * using the hash function "evp_md". - * 'idlen' bytes from 'id' will be included in the signature hash as an anti- - * replay salt. - * - * On success, 0 is returned. The signature values are returned as *e_p - * (g^v mod p) and *r_p (v - xh mod q). The caller must free these values. - * On failure, -1 is returned. - */ -int -schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x, - const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p) -{ - int success = -1; - BIGNUM *h, *tmp, *v, *g_v, *r; - BN_CTX *bn_ctx; - - SCHNORR_DEBUG_BN((x, "%s: x = ", __func__)); - SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__)); - - /* Avoid degenerate cases: g^0 yields a spoofable signature */ - if (BN_cmp(g_x, BN_value_one()) <= 0) { - error("%s: g_x < 1", __func__); - return -1; - } - if (BN_cmp(g_x, grp_p) >= 0) { - error("%s: g_x > g", __func__); - return -1; - } - - h = g_v = r = tmp = v = NULL; - if ((bn_ctx = BN_CTX_new()) == NULL) { - error("%s: BN_CTX_new", __func__); - goto out; - } - if ((g_v = BN_new()) == NULL || - (r = BN_new()) == NULL || - (tmp = BN_new()) == NULL) { - error("%s: BN_new", __func__); - goto out; - } - - /* - * v must be a random element of Zq, so 1 <= v < q - * we also exclude v = 1, since g^1 looks dangerous - */ - if ((v = bn_rand_range_gt_one(grp_p)) == NULL) { - error("%s: bn_rand_range2", __func__); - goto out; - } - SCHNORR_DEBUG_BN((v, "%s: v = ", __func__)); - - /* g_v = g^v mod p */ - if (BN_mod_exp(g_v, grp_g, v, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_exp (g^v mod p)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__)); - - /* h = H(g || g^v || g^x || id) */ - if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, g_v, g_x, - id, idlen)) == NULL) { - error("%s: schnorr_hash failed", __func__); - goto out; - } - - /* r = v - xh mod q */ - if (BN_mod_mul(tmp, x, h, grp_q, bn_ctx) == -1) { - error("%s: BN_mod_mul (tmp = xv mod q)", __func__); - goto out; - } - if (BN_mod_sub(r, v, tmp, grp_q, bn_ctx) == -1) { - error("%s: BN_mod_mul (r = v - tmp)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((g_v, "%s: e = ", __func__)); - SCHNORR_DEBUG_BN((r, "%s: r = ", __func__)); - - *e_p = g_v; - *r_p = r; - - success = 0; - out: - BN_CTX_free(bn_ctx); - if (h != NULL) - BN_clear_free(h); - if (v != NULL) - BN_clear_free(v); - BN_clear_free(tmp); - - return success; -} - -/* - * Generate Schnorr signature to prove knowledge of private value 'x' used - * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g' - * using a SHA256 hash. - * 'idlen' bytes from 'id' will be included in the signature hash as an anti- - * replay salt. - * On success, 0 is returned and *siglen bytes of signature are returned in - * *sig (caller to free). Returns -1 on failure. - */ -int -schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen, - u_char **sig, u_int *siglen) -{ - Buffer b; - BIGNUM *r, *e; - - if (schnorr_sign(grp_p, grp_q, grp_g, EVP_sha256(), - x, g_x, id, idlen, &r, &e) != 0) - return -1; - - /* Signature is (e, r) */ - buffer_init(&b); - /* XXX sigtype-hash as string? */ - buffer_put_bignum2(&b, e); - buffer_put_bignum2(&b, r); - *siglen = buffer_len(&b); - *sig = xmalloc(*siglen); - memcpy(*sig, buffer_ptr(&b), *siglen); - SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b), - "%s: sigblob", __func__)); - buffer_free(&b); - - BN_clear_free(r); - BN_clear_free(e); - - return 0; -} - -/* - * Verify Schnorr signature { r (v - xh mod q), e (g^v mod p) } against - * public exponent g_x (g^x) under group defined by 'grp_p', 'grp_q' and - * 'grp_g' using hash "evp_md". - * Signature hash will be salted with 'idlen' bytes from 'id'. - * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature. - */ -int -schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen, - const BIGNUM *r, const BIGNUM *e) -{ - int success = -1; - BIGNUM *h = NULL, *g_xh = NULL, *g_r = NULL, *gx_q = NULL; - BIGNUM *expected = NULL; - BN_CTX *bn_ctx; - - SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__)); - - /* Avoid degenerate cases: g^0 yields a spoofable signature */ - if (BN_cmp(g_x, BN_value_one()) <= 0) { - error("%s: g_x <= 1", __func__); - return -1; - } - if (BN_cmp(g_x, grp_p) >= 0) { - error("%s: g_x >= p", __func__); - return -1; - } - - h = g_xh = g_r = expected = NULL; - if ((bn_ctx = BN_CTX_new()) == NULL) { - error("%s: BN_CTX_new", __func__); - goto out; - } - if ((g_xh = BN_new()) == NULL || - (g_r = BN_new()) == NULL || - (gx_q = BN_new()) == NULL || - (expected = BN_new()) == NULL) { - error("%s: BN_new", __func__); - goto out; - } - - SCHNORR_DEBUG_BN((e, "%s: e = ", __func__)); - SCHNORR_DEBUG_BN((r, "%s: r = ", __func__)); - - /* gx_q = (g^x)^q must === 1 mod p */ - if (BN_mod_exp(gx_q, g_x, grp_q, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_exp (g_x^q mod p)", __func__); - goto out; - } - if (BN_cmp(gx_q, BN_value_one()) != 0) { - error("%s: Invalid signature (g^x)^q != 1 mod p", __func__); - goto out; - } - - SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__)); - /* h = H(g || g^v || g^x || id) */ - if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, e, g_x, - id, idlen)) == NULL) { - error("%s: schnorr_hash failed", __func__); - goto out; - } - - /* g_xh = (g^x)^h */ - if (BN_mod_exp(g_xh, g_x, h, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_exp (g_x^h mod p)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__)); - - /* g_r = g^r */ - if (BN_mod_exp(g_r, grp_g, r, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_exp (g_x^h mod p)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((g_r, "%s: g_r = ", __func__)); - - /* expected = g^r * g_xh */ - if (BN_mod_mul(expected, g_r, g_xh, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_mul (expected = g_r mod p)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((expected, "%s: expected = ", __func__)); - - /* Check e == expected */ - success = BN_cmp(expected, e) == 0; - out: - BN_CTX_free(bn_ctx); - if (h != NULL) - BN_clear_free(h); - if (gx_q != NULL) - BN_clear_free(gx_q); - if (g_xh != NULL) - BN_clear_free(g_xh); - if (g_r != NULL) - BN_clear_free(g_r); - if (expected != NULL) - BN_clear_free(expected); - return success; -} - -/* - * Verify Schnorr signature 'sig' of length 'siglen' against public exponent - * g_x (g^x) under group defined by 'grp_p', 'grp_q' and 'grp_g' using a - * SHA256 hash. - * Signature hash will be salted with 'idlen' bytes from 'id'. - * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature. - */ -int -schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, - const BIGNUM *grp_g, - const BIGNUM *g_x, const u_char *id, u_int idlen, - const u_char *sig, u_int siglen) -{ - Buffer b; - int ret = -1; - u_int rlen; - BIGNUM *r, *e; - - e = r = NULL; - if ((e = BN_new()) == NULL || - (r = BN_new()) == NULL) { - error("%s: BN_new", __func__); - goto out; - } - - /* Extract g^v and r from signature blob */ - buffer_init(&b); - buffer_append(&b, sig, siglen); - SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b), - "%s: sigblob", __func__)); - buffer_get_bignum2(&b, e); - buffer_get_bignum2(&b, r); - rlen = buffer_len(&b); - buffer_free(&b); - if (rlen != 0) { - error("%s: remaining bytes in signature %d", __func__, rlen); - goto out; - } - - ret = schnorr_verify(grp_p, grp_q, grp_g, EVP_sha256(), - g_x, id, idlen, r, e); - out: - BN_clear_free(e); - BN_clear_free(r); - - return ret; -} - -/* Helper functions */ - -/* - * Generate uniformly distributed random number in range (1, high). - * Return number on success, NULL on failure. - */ -BIGNUM * -bn_rand_range_gt_one(const BIGNUM *high) -{ - BIGNUM *r, *tmp; - int success = -1; - - if ((tmp = BN_new()) == NULL) { - error("%s: BN_new", __func__); - return NULL; - } - if ((r = BN_new()) == NULL) { - error("%s: BN_new failed", __func__); - goto out; - } - if (BN_set_word(tmp, 2) != 1) { - error("%s: BN_set_word(tmp, 2)", __func__); - goto out; - } - if (BN_sub(tmp, high, tmp) == -1) { - error("%s: BN_sub failed (tmp = high - 2)", __func__); - goto out; - } - if (BN_rand_range(r, tmp) == -1) { - error("%s: BN_rand_range failed", __func__); - goto out; - } - if (BN_set_word(tmp, 2) != 1) { - error("%s: BN_set_word(tmp, 2)", __func__); - goto out; - } - if (BN_add(r, r, tmp) == -1) { - error("%s: BN_add failed (r = r + 2)", __func__); - goto out; - } - success = 0; - out: - BN_clear_free(tmp); - if (success == 0) - return r; - BN_clear_free(r); - return NULL; -} - -/* - * Hash contents of buffer 'b' with hash 'md'. Returns 0 on success, - * with digest via 'digestp' (caller to free) and length via 'lenp'. - * Returns -1 on failure. - */ -int -hash_buffer(const u_char *buf, u_int len, const EVP_MD *md, - u_char **digestp, u_int *lenp) -{ - u_char digest[EVP_MAX_MD_SIZE]; - u_int digest_len; - EVP_MD_CTX evp_md_ctx; - int success = -1; - - EVP_MD_CTX_init(&evp_md_ctx); - - if (EVP_DigestInit_ex(&evp_md_ctx, md, NULL) != 1) { - error("%s: EVP_DigestInit_ex", __func__); - goto out; - } - if (EVP_DigestUpdate(&evp_md_ctx, buf, len) != 1) { - error("%s: EVP_DigestUpdate", __func__); - goto out; - } - if (EVP_DigestFinal_ex(&evp_md_ctx, digest, &digest_len) != 1) { - error("%s: EVP_DigestFinal_ex", __func__); - goto out; - } - *digestp = xmalloc(digest_len); - *lenp = digest_len; - memcpy(*digestp, digest, *lenp); - success = 0; - out: - EVP_MD_CTX_cleanup(&evp_md_ctx); - bzero(digest, sizeof(digest)); - digest_len = 0; - return success; -} - -/* print formatted string followed by bignum */ -void -debug3_bn(const BIGNUM *n, const char *fmt, ...) -{ - char *out, *h; - va_list args; - - out = NULL; - va_start(args, fmt); - vasprintf(&out, fmt, args); - va_end(args); - if (out == NULL) - fatal("%s: vasprintf failed", __func__); - - if (n == NULL) - debug3("%s(null)", out); - else { - h = BN_bn2hex(n); - debug3("%s0x%s", out, h); - free(h); - } - free(out); -} - -/* print formatted string followed by buffer contents in hex */ -void -debug3_buf(const u_char *buf, u_int len, const char *fmt, ...) -{ - char *out, h[65]; - u_int i, j; - va_list args; - - out = NULL; - va_start(args, fmt); - vasprintf(&out, fmt, args); - va_end(args); - if (out == NULL) - fatal("%s: vasprintf failed", __func__); - - debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : ""); - free(out); - if (buf == NULL) - return; - - *h = '\0'; - for (i = j = 0; i < len; i++) { - snprintf(h + j, sizeof(h) - j, "%02x", buf[i]); - j += 2; - if (j >= sizeof(h) - 1 || i == len - 1) { - debug3(" %s", h); - *h = '\0'; - j = 0; - } - } -} - -/* - * Construct a MODP group from hex strings p (which must be a safe - * prime) and g, automatically calculating subgroup q as (p / 2) - */ -struct modp_group * -modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p) -{ - struct modp_group *ret; - - ret = xmalloc(sizeof(*ret)); - ret->p = ret->q = ret->g = NULL; - if (BN_hex2bn(&ret->p, grp_p) == 0 || - BN_hex2bn(&ret->g, grp_g) == 0) - fatal("%s: BN_hex2bn", __func__); - /* Subgroup order is p/2 (p is a safe prime) */ - if ((ret->q = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - if (BN_rshift1(ret->q, ret->p) != 1) - fatal("%s: BN_rshift1", __func__); - - return ret; -} - -void -modp_group_free(struct modp_group *grp) -{ - if (grp->g != NULL) - BN_clear_free(grp->g); - if (grp->p != NULL) - BN_clear_free(grp->p); - if (grp->q != NULL) - BN_clear_free(grp->q); - bzero(grp, sizeof(*grp)); - xfree(grp); -} - -/* main() function for self-test */ - -#ifdef SCHNORR_MAIN -static void -schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q, - const BIGNUM *grp_g, const BIGNUM *x) -{ - BIGNUM *g_x; - u_char *sig; - u_int siglen; - BN_CTX *bn_ctx; - - if ((bn_ctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new", __func__); - if ((g_x = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - if (BN_mod_exp(g_x, grp_g, x, grp_p, bn_ctx) == -1) - fatal("%s: g_x", __func__); - if (schnorr_sign_buf(grp_p, grp_q, grp_g, x, g_x, "junk", 4, - &sig, &siglen)) - fatal("%s: schnorr_sign", __func__); - if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, - sig, siglen) != 1) - fatal("%s: verify fail", __func__); - if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "JUNK", 4, - sig, siglen) != 0) - fatal("%s: verify should have failed (bad ID)", __func__); - sig[4] ^= 1; - if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, - sig, siglen) != 0) - fatal("%s: verify should have failed (bit error)", __func__); - xfree(sig); - BN_free(g_x); - BN_CTX_free(bn_ctx); -} - -static void -schnorr_selftest(void) -{ - BIGNUM *x; - struct modp_group *grp; - u_int i; - char *hh; - - grp = jpake_default_group(); - if ((x = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - SCHNORR_DEBUG_BN((grp->p, "%s: grp->p = ", __func__)); - SCHNORR_DEBUG_BN((grp->q, "%s: grp->q = ", __func__)); - SCHNORR_DEBUG_BN((grp->g, "%s: grp->g = ", __func__)); - - /* [1, 20) */ - for (i = 1; i < 20; i++) { - printf("x = %u\n", i); - fflush(stdout); - if (BN_set_word(x, i) != 1) - fatal("%s: set x word", __func__); - schnorr_selftest_one(grp->p, grp->q, grp->g, x); - } - - /* 100 x random [0, p) */ - for (i = 0; i < 100; i++) { - if (BN_rand_range(x, grp->p) != 1) - fatal("%s: BN_rand_range", __func__); - hh = BN_bn2hex(x); - printf("x = (random) 0x%s\n", hh); - free(hh); - fflush(stdout); - schnorr_selftest_one(grp->p, grp->q, grp->g, x); - } - - /* [q-20, q) */ - if (BN_set_word(x, 20) != 1) - fatal("%s: BN_set_word (x = 20)", __func__); - if (BN_sub(x, grp->q, x) != 1) - fatal("%s: BN_sub (q - x)", __func__); - for (i = 0; i < 19; i++) { - hh = BN_bn2hex(x); - printf("x = (q - %d) 0x%s\n", 20 - i, hh); - free(hh); - fflush(stdout); - schnorr_selftest_one(grp->p, grp->q, grp->g, x); - if (BN_add(x, x, BN_value_one()) != 1) - fatal("%s: BN_add (x + 1)", __func__); - } - BN_free(x); -} - -int -main(int argc, char **argv) -{ - log_init(argv[0], SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_USER, 1); - - schnorr_selftest(); - return 0; -} -#endif - diff --git a/crypto/openssh/schnorr.h b/crypto/openssh/schnorr.h deleted file mode 100644 index 9730b47cef..0000000000 --- a/crypto/openssh/schnorr.h +++ /dev/null @@ -1,60 +0,0 @@ -/* $OpenBSD: schnorr.h,v 1.1 2009/03/05 07:18:19 djm Exp $ */ -/* - * Copyright (c) 2009 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef SCHNORR_H -#define SCHNORR_H - -#include - -#include - -struct modp_group { - BIGNUM *p, *q, *g; -}; - -BIGNUM *bn_rand_range_gt_one(const BIGNUM *high); -int hash_buffer(const u_char *, u_int, const EVP_MD *, u_char **, u_int *); -void debug3_bn(const BIGNUM *, const char *, ...) - __attribute__((__nonnull__ (2))) - __attribute__((format(printf, 2, 3))); -void debug3_buf(const u_char *, u_int, const char *, ...) - __attribute__((__nonnull__ (3))) - __attribute__((format(printf, 3, 4))); -struct modp_group *modp_group_from_g_and_safe_p(const char *, const char *); -void modp_group_free(struct modp_group *); - -/* Signature and verification functions */ -int -schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x, - const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p); -int -schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen, - u_char **sig, u_int *siglen); -int -schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen, - const BIGNUM *r, const BIGNUM *e); -int -schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, - const BIGNUM *grp_g, - const BIGNUM *g_x, const u_char *id, u_int idlen, - const u_char *sig, u_int siglen); - -#endif /* JPAKE_H */ - diff --git a/crypto/openssh/scp.1 b/crypto/openssh/scp.1 index 734b97bb12..1791b61895 100644 --- a/crypto/openssh/scp.1 +++ b/crypto/openssh/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.58 2011/09/05 07:01:44 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.62 2014/03/19 14:42:44 tedu Exp $ .\" -.Dd $Mdocdate: September 5 2011 $ +.Dd $Mdocdate: March 19 2014 $ .Dt SCP 1 .Os .Sh NAME @@ -49,8 +49,6 @@ It uses for data transfer, and uses the same authentication and provides the same security as .Xr ssh 1 . -Unlike -.Xr rcp 1 , .Nm will ask for passwords or passphrases if they are needed for authentication. @@ -130,6 +128,11 @@ For full details of the options listed below, and their possible values, see .It AddressFamily .It BatchMode .It BindAddress +.It CanonicalDomains +.It CanonicalizeFallbackLocal +.It CanonicalizeHostname +.It CanonicalizeMaxDots +.It CanonicalizePermittedCNAMEs .It ChallengeResponseAuthentication .It CheckHostIP .It Cipher @@ -186,8 +189,7 @@ Note that this option is written with a capital .Sq P , because .Fl p -is already reserved for preserving the times and modes of the file in -.Xr rcp 1 . +is already reserved for preserving the times and modes of the file. .It Fl p Preserves modification times, access times, and modes from the original file. @@ -220,7 +222,6 @@ debugging connection, authentication, and configuration problems. .Sh EXIT STATUS .Ex -std scp .Sh SEE ALSO -.Xr rcp 1 , .Xr sftp 1 , .Xr ssh 1 , .Xr ssh-add 1 , @@ -230,10 +231,9 @@ debugging connection, authentication, and configuration problems. .Xr sshd 8 .Sh HISTORY .Nm -is based on the -.Xr rcp 1 -program in BSD source code from the Regents of the University of -California. +is based on the rcp program in +.Bx +source code from the Regents of the University of California. .Sh AUTHORS -.An Timo Rinne Aq tri@iki.fi -.An Tatu Ylonen Aq ylo@cs.hut.fi +.An Timo Rinne Aq Mt tri@iki.fi +.An Tatu Ylonen Aq Mt ylo@cs.hut.fi diff --git a/crypto/openssh/scp.c b/crypto/openssh/scp.c index 08587b5f2d..1ec3b70876 100644 --- a/crypto/openssh/scp.c +++ b/crypto/openssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.171 2011/09/09 22:37:01 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.180 2014/06/24 02:21:01 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -103,7 +103,7 @@ #include #include #include -#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) #include #endif @@ -550,6 +550,24 @@ scpio(void *_cnt, size_t s) return 0; } +static int +do_times(int fd, int verb, const struct stat *sb) +{ + /* strlen(2^64) == 20; strlen(10^6) == 7 */ + char buf[(20 + 7 + 2) * 2 + 2]; + + (void)snprintf(buf, sizeof(buf), "T%llu 0 %llu 0\n", + (unsigned long long) (sb->st_mtime < 0 ? 0 : sb->st_mtime), + (unsigned long long) (sb->st_atime < 0 ? 0 : sb->st_atime)); + if (verb) { + fprintf(stderr, "File mtime %lld atime %lld\n", + (long long)sb->st_mtime, (long long)sb->st_atime); + fprintf(stderr, "Sending file timestamps: %s", buf); + } + (void) atomicio(vwrite, fd, buf, strlen(buf)); + return (response()); +} + void toremote(char *targ, int argc, char **argv) { @@ -578,7 +596,7 @@ toremote(char *targ, int argc, char **argv) } if (tuser != NULL && !okname(tuser)) { - xfree(arg); + free(arg); return; } @@ -605,13 +623,13 @@ toremote(char *targ, int argc, char **argv) *src == '-' ? "-- " : "", src); if (do_cmd(host, suser, bp, &remin, &remout) < 0) exit(1); - (void) xfree(bp); + free(bp); host = cleanhostname(thost); xasprintf(&bp, "%s -t %s%s", cmd, *targ == '-' ? "-- " : "", targ); if (do_cmd2(host, tuser, bp, remin, remout) < 0) exit(1); - (void) xfree(bp); + free(bp); (void) close(remin); (void) close(remout); remin = remout = -1; @@ -662,12 +680,12 @@ toremote(char *targ, int argc, char **argv) exit(1); if (response() < 0) exit(1); - (void) xfree(bp); + free(bp); } source(1, argv + i); } } - xfree(arg); + free(arg); } void @@ -711,11 +729,11 @@ tolocal(int argc, char **argv) xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); if (do_cmd(host, suser, bp, &remin, &remout) < 0) { - (void) xfree(bp); + free(bp); ++errs; continue; } - xfree(bp); + free(bp); sink(1, argv + argc - 1); (void) close(remin); remin = remout = -1; @@ -729,7 +747,7 @@ source(int argc, char **argv) static BUF buffer; BUF *bp; off_t i, statbytes; - size_t amt; + size_t amt, nr; int fd = -1, haderr, indx; char *last, *name, buf[2048], encname[MAXPATHLEN]; int len; @@ -774,21 +792,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); ++last; curfile = last; if (pflag) { - /* - * Make it compatible with possible future - * versions expecting microseconds. - */ - (void) snprintf(buf, sizeof buf, "T%lu 0 %lu 0\n", - (u_long) (stb.st_mtime < 0 ? 0 : stb.st_mtime), - (u_long) (stb.st_atime < 0 ? 0 : stb.st_atime)); - if (verbose_mode) { - fprintf(stderr, "File mtime %ld atime %ld\n", - (long)stb.st_mtime, (long)stb.st_atime); - fprintf(stderr, "Sending file timestamps: %s", - buf); - } - (void) atomicio(vwrite, remout, buf, strlen(buf)); - if (response() < 0) + if (do_times(remout, verbose_mode, &stb) < 0) goto next; } #define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO) @@ -816,12 +820,16 @@ next: if (fd != -1) { if (i + (off_t)amt > stb.st_size) amt = stb.st_size - i; if (!haderr) { - if (atomicio(read, fd, bp->buf, amt) != amt) + if ((nr = atomicio(read, fd, + bp->buf, amt)) != amt) { haderr = errno; + memset(bp->buf + nr, 0, amt - nr); + } } /* Keep writing after error to retain sync */ if (haderr) { (void)atomicio(vwrite, remout, bp->buf, amt); + memset(bp->buf, 0, amt); continue; } if (atomicio6(vwrite, remout, bp->buf, amt, scpio, @@ -850,7 +858,7 @@ rsource(char *name, struct stat *statp) { DIR *dirp; struct dirent *dp; - char *last, *vect[1], path[1100]; + char *last, *vect[1], path[MAXPATHLEN]; if (!(dirp = opendir(name))) { run_err("%s: %s", name, strerror(errno)); @@ -862,11 +870,7 @@ rsource(char *name, struct stat *statp) else last++; if (pflag) { - (void) snprintf(path, sizeof(path), "T%lu 0 %lu 0\n", - (u_long) statp->st_mtime, - (u_long) statp->st_atime); - (void) atomicio(vwrite, remout, path, strlen(path)); - if (response() < 0) { + if (do_times(remout, verbose_mode, statp) < 0) { closedir(dirp); return; } @@ -912,6 +916,7 @@ sink(int argc, char **argv) int amt, exists, first, ofd; mode_t mode, omode, mask; off_t size, statbytes; + unsigned long long ull; int setimes, targisdir, wrerrno = 0; char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; struct timeval tv[2]; @@ -970,17 +975,31 @@ sink(int argc, char **argv) if (*cp == 'T') { setimes++; cp++; - mtime.tv_sec = strtol(cp, &cp, 10); + if (!isdigit((unsigned char)*cp)) + SCREWUP("mtime.sec not present"); + ull = strtoull(cp, &cp, 10); if (!cp || *cp++ != ' ') SCREWUP("mtime.sec not delimited"); + if ((time_t)ull < 0 || + (unsigned long long)(time_t)ull != ull) + setimes = 0; /* out of range */ + mtime.tv_sec = ull; mtime.tv_usec = strtol(cp, &cp, 10); - if (!cp || *cp++ != ' ') + if (!cp || *cp++ != ' ' || mtime.tv_usec < 0 || + mtime.tv_usec > 999999) SCREWUP("mtime.usec not delimited"); - atime.tv_sec = strtol(cp, &cp, 10); + if (!isdigit((unsigned char)*cp)) + SCREWUP("atime.sec not present"); + ull = strtoull(cp, &cp, 10); if (!cp || *cp++ != ' ') SCREWUP("atime.sec not delimited"); + if ((time_t)ull < 0 || + (unsigned long long)(time_t)ull != ull) + setimes = 0; /* out of range */ + atime.tv_sec = ull; atime.tv_usec = strtol(cp, &cp, 10); - if (!cp || *cp++ != '\0') + if (!cp || *cp++ != '\0' || atime.tv_usec < 0 || + atime.tv_usec > 999999) SCREWUP("atime.usec not delimited"); (void) atomicio(vwrite, remout, "", 1); continue; @@ -1008,7 +1027,7 @@ sink(int argc, char **argv) if (*cp++ != ' ') SCREWUP("mode not delimited"); - for (size = 0; isdigit(*cp);) + for (size = 0; isdigit((unsigned char)*cp);) size = size * 10 + (*cp++ - '0'); if (*cp++ != ' ') SCREWUP("size not delimited"); @@ -1023,8 +1042,7 @@ sink(int argc, char **argv) need = strlen(targ) + strlen(cp) + 250; if (need > cursize) { - if (namebuf) - xfree(namebuf); + free(namebuf); namebuf = xmalloc(need); cursize = need; } @@ -1063,12 +1081,11 @@ sink(int argc, char **argv) } if (mod_flag) (void) chmod(vect[0], mode); - if (vect[0]) - xfree(vect[0]); + free(vect[0]); continue; } omode = mode; - mode |= S_IWRITE; + mode |= S_IWUSR; if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { bad: run_err("%s: %s", np, strerror(errno)); continue; @@ -1274,7 +1291,7 @@ okname(char *cp0) c = (int)*cp; if (c & 0200) goto bad; - if (!isalpha(c) && !isdigit(c)) { + if (!isalpha(c) && !isdigit((unsigned char)c)) { switch (c) { case '\'': case '"': @@ -1325,7 +1342,7 @@ void lostconn(int signo) { if (!iamremote) - write(STDERR_FILENO, "lost connection\n", 16); + (void)write(STDERR_FILENO, "lost connection\n", 16); if (signo) _exit(1); else diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index ee2e531a0a..b7f3294477 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.229 2012/07/13 01:35:21 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.251 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -20,6 +20,7 @@ #include #include +#include #include #include #include @@ -29,16 +30,19 @@ #include #include #include +#ifdef HAVE_UTIL_H +#include +#endif #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "compat.h" #include "pathnames.h" -#include "misc.h" #include "cipher.h" #include "key.h" #include "kex.h" @@ -48,6 +52,8 @@ #include "groupaccess.h" #include "canohost.h" #include "packet.h" +#include "hostfile.h" +#include "auth.h" static void add_listen_addr(ServerOptions *, char *, int); static void add_one_listen_addr(ServerOptions *, char *, int); @@ -73,6 +79,7 @@ initialize_server_options(ServerOptions *options) options->address_family = -1; options->num_host_key_files = 0; options->num_host_cert_files = 0; + options->host_key_agent = NULL; options->pid_file = NULL; options->server_key_bits = -1; options->login_grace_time = -1; @@ -85,6 +92,8 @@ initialize_server_options(ServerOptions *options) options->x11_forwarding = -1; options->x11_display_offset = -1; options->x11_use_localhost = -1; + options->permit_tty = -1; + options->permit_user_rc = -1; options->xauth_location = NULL; options->strict_modes = -1; options->tcp_keep_alive = -1; @@ -108,7 +117,10 @@ initialize_server_options(ServerOptions *options) options->permit_user_env = -1; options->use_login = -1; options->compression = -1; + options->rekey_limit = -1; + options->rekey_interval = -1; options->allow_tcp_forwarding = -1; + options->allow_streamlocal_forwarding = -1; options->allow_agent_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; @@ -118,7 +130,9 @@ initialize_server_options(ServerOptions *options) options->macs = NULL; options->kex_algorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; - options->gateway_ports = -1; + options->fwd_opts.gateway_ports = -1; + options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; + options->fwd_opts.streamlocal_bind_unlink = -1; options->num_subsystems = 0; options->max_startups_begin = -1; options->max_startups_rate = -1; @@ -135,7 +149,8 @@ initialize_server_options(ServerOptions *options) options->num_permitted_opens = -1; options->adm_forced_command = NULL; options->chroot_directory = NULL; - options->zero_knowledge_password_authentication = -1; + options->authorized_keys_command = NULL; + options->authorized_keys_command_user = NULL; options->revoked_keys_file = NULL; options->trusted_user_ca_keys = NULL; options->authorized_principals_file = NULL; @@ -168,6 +183,8 @@ fill_default_server_options(ServerOptions *options) options->host_key_files[options->num_host_key_files++] = _PATH_HOST_ECDSA_KEY_FILE; #endif + options->host_key_files[options->num_host_key_files++] = + _PATH_HOST_ED25519_KEY_FILE; } } /* No certificates by default */ @@ -201,6 +218,10 @@ fill_default_server_options(ServerOptions *options) options->x11_use_localhost = 1; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; + if (options->permit_tty == -1) + options->permit_tty = 1; + if (options->permit_user_rc == -1) + options->permit_user_rc = 1; if (options->strict_modes == -1) options->strict_modes = 1; if (options->tcp_keep_alive == -1) @@ -245,18 +266,24 @@ fill_default_server_options(ServerOptions *options) options->use_login = 0; if (options->compression == -1) options->compression = COMP_DELAYED; + if (options->rekey_limit == -1) + options->rekey_limit = 0; + if (options->rekey_interval == -1) + options->rekey_interval = 0; if (options->allow_tcp_forwarding == -1) - options->allow_tcp_forwarding = 1; + options->allow_tcp_forwarding = FORWARD_ALLOW; + if (options->allow_streamlocal_forwarding == -1) + options->allow_streamlocal_forwarding = FORWARD_ALLOW; if (options->allow_agent_forwarding == -1) options->allow_agent_forwarding = 1; - if (options->gateway_ports == -1) - options->gateway_ports = 0; + if (options->fwd_opts.gateway_ports == -1) + options->fwd_opts.gateway_ports = 0; if (options->max_startups == -1) - options->max_startups = 10; + options->max_startups = 100; if (options->max_startups_rate == -1) - options->max_startups_rate = 100; /* 100% */ + options->max_startups_rate = 30; /* 30% */ if (options->max_startups_begin == -1) - options->max_startups_begin = options->max_startups; + options->max_startups_begin = 10; if (options->max_authtries == -1) options->max_authtries = DEFAULT_AUTH_FAIL_MAX; if (options->max_sessions == -1) @@ -275,14 +302,16 @@ fill_default_server_options(ServerOptions *options) } if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; - if (options->zero_knowledge_password_authentication == -1) - options->zero_knowledge_password_authentication = 0; if (options->ip_qos_interactive == -1) options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) options->ip_qos_bulk = IPTOS_THROUGHPUT; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); + if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) + options->fwd_opts.streamlocal_bind_mask = 0177; + if (options->fwd_opts.streamlocal_bind_unlink == -1) + options->fwd_opts.streamlocal_bind_unlink = 0; /* Turn privilege separation on by default */ if (use_privsep == -1) use_privsep = PRIVSEP_NOSANDBOX; @@ -314,9 +343,9 @@ typedef enum { sListenAddress, sAddressFamily, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, - sStrictModes, sEmptyPasswd, sTCPKeepAlive, + sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, - sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, @@ -326,9 +355,13 @@ typedef enum { sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, sHostCertificate, + sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, sKexAlgorithms, sIPQoS, sVersionAddendum, + sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, + sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, + sStreamLocalBindMask, sStreamLocalBindUnlink, + sAllowStreamLocalForwarding, sDeprecated, sUnsupported } ServerOpCodes; @@ -353,6 +386,7 @@ static struct { { "port", sPort, SSHCFG_GLOBAL }, { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ + { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, { "pidfile", sPidFile, SSHCFG_GLOBAL }, { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, @@ -395,11 +429,6 @@ static struct { { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ -#ifdef JPAKE - { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL }, -#else - { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL }, -#endif { "checkmail", sDeprecated, SSHCFG_GLOBAL }, { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, @@ -416,6 +445,7 @@ static struct { { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, { "uselogin", sUseLogin, SSHCFG_GLOBAL }, { "compression", sCompression, SSHCFG_GLOBAL }, + { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, @@ -443,6 +473,8 @@ static struct { { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, + { "permittty", sPermitTTY, SSHCFG_ALL }, + { "permituserrc", sPermitUserRC, SSHCFG_ALL }, { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, @@ -453,7 +485,13 @@ static struct { { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, { "ipqos", sIPQoS, SSHCFG_ALL }, + { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, + { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, + { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, + { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, + { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, + { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -500,7 +538,7 @@ derelativise_path(const char *path) if (getcwd(cwd, sizeof(cwd)) == NULL) fatal("%s: getcwd: %s", __func__, strerror(errno)); xasprintf(&ret, "%s/%s", cwd, expanded); - xfree(expanded); + free(expanded); return ret; } @@ -618,13 +656,14 @@ out: } /* - * All of the attributes on a single Match line are ANDed together, so we need to check every - * attribute and set the result to zero if any attribute does not match. + * All of the attributes on a single Match line are ANDed together, so we need + * to check every attribute and set the result to zero if any attribute does + * not match. */ static int match_cfg_line(char **condition, int line, struct connection_info *ci) { - int result = 1, port; + int result = 1, attributes = 0, port; char *arg, *attrib, *cp = *condition; size_t len; @@ -638,6 +677,17 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) ci->laddress ? ci->laddress : "(null)", ci->lport); while ((attrib = strdelim(&cp)) && *attrib != '\0') { + attributes++; + if (strcasecmp(attrib, "all") == 0) { + if (attributes != 1 || + ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { + error("'all' cannot be combined with other " + "Match attributes"); + return -1; + } + *condition = cp; + return 1; + } if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { error("Missing Match criteria for %s", attrib); return -1; @@ -731,6 +781,10 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) return -1; } } + if (attributes == 0) { + error("One or more attributes required for Match"); + return -1; + } if (ci != NULL) debug3("match %sfound", result ? "" : "not "); *condition = cp; @@ -776,6 +830,14 @@ static const struct multistate multistate_privsep[] = { { "no", PRIVSEP_OFF }, { NULL, -1 } }; +static const struct multistate multistate_tcpfwd[] = { + { "yes", FORWARD_ALLOW }, + { "all", FORWARD_ALLOW }, + { "no", FORWARD_DENY }, + { "remote", FORWARD_REMOTE }, + { "local", FORWARD_LOCAL }, + { NULL, -1 } +}; int process_server_config_line(ServerOptions *options, char *line, @@ -783,13 +845,13 @@ process_server_config_line(ServerOptions *options, char *line, struct connection_info *connectinfo) { char *cp, **charptr, *arg, *p; - int cmdline = 0, *intptr, value, value2, n; + int cmdline = 0, *intptr, value, value2, n, port; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ServerOpCodes opcode; - int port; u_int i, flags = 0; size_t len; + long long val64; const struct multistate *multistate_ptr; cp = line; @@ -949,6 +1011,17 @@ process_server_config_line(ServerOptions *options, char *line, } break; + case sHostKeyAgent: + charptr = &options->host_key_agent; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing socket name.", + filename, linenum); + if (*activep && *charptr == NULL) + *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? + xstrdup(arg) : derelativise_path(arg); + break; + case sHostCertificate: intptr = &options->num_host_cert_files; if (*intptr >= MAX_HOSTKEYS) @@ -1039,10 +1112,6 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->password_authentication; goto parse_flag; - case sZeroKnowledgePasswordAuthentication: - intptr = &options->zero_knowledge_password_authentication; - goto parse_flag; - case sKbdInteractiveAuthentication: intptr = &options->kbd_interactive_authentication; goto parse_flag; @@ -1075,6 +1144,14 @@ process_server_config_line(ServerOptions *options, char *line, charptr = &options->xauth_location; goto parse_filename; + case sPermitTTY: + intptr = &options->permit_tty; + goto parse_flag; + + case sPermitUserRC: + intptr = &options->permit_user_rc; + goto parse_flag; + case sStrictModes: intptr = &options->strict_modes; goto parse_flag; @@ -1100,8 +1177,39 @@ process_server_config_line(ServerOptions *options, char *line, multistate_ptr = multistate_compression; goto parse_multistate; + case sRekeyLimit: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", filename, + linenum); + if (strcmp(arg, "default") == 0) { + val64 = 0; + } else { + if (scan_scaled(arg, &val64) == -1) + fatal("%.200s line %d: Bad number '%s': %s", + filename, linenum, arg, strerror(errno)); + /* check for too-large or too-small limits */ + if (val64 > UINT_MAX) + fatal("%.200s line %d: RekeyLimit too large", + filename, linenum); + if (val64 != 0 && val64 < 16) + fatal("%.200s line %d: RekeyLimit too small", + filename, linenum); + } + if (*activep && options->rekey_limit == -1) + options->rekey_limit = (u_int32_t)val64; + if (cp != NULL) { /* optional rekey interval present */ + if (strcmp(cp, "none") == 0) { + (void)strdelim(&cp); /* discard */ + break; + } + intptr = &options->rekey_interval; + goto parse_time; + } + break; + case sGatewayPorts: - intptr = &options->gateway_ports; + intptr = &options->fwd_opts.gateway_ports; multistate_ptr = multistate_gatewayports; goto parse_multistate; @@ -1133,7 +1241,13 @@ process_server_config_line(ServerOptions *options, char *line, case sAllowTcpForwarding: intptr = &options->allow_tcp_forwarding; - goto parse_flag; + multistate_ptr = multistate_tcpfwd; + goto parse_multistate; + + case sAllowStreamLocalForwarding: + intptr = &options->allow_streamlocal_forwarding; + multistate_ptr = multistate_tcpfwd; + goto parse_multistate; case sAllowAgentForwarding: intptr = &options->allow_agent_forwarding; @@ -1413,7 +1527,6 @@ process_server_config_line(ServerOptions *options, char *line, } if (strcmp(arg, "none") == 0) { if (*activep && n == -1) { - channel_clear_adm_permitted_opens(); options->num_permitted_opens = 1; channel_disable_adm_local_opens(); } @@ -1497,6 +1610,59 @@ process_server_config_line(ServerOptions *options, char *line, } return 0; + case sAuthorizedKeysCommand: + len = strspn(cp, WHITESPACE); + if (*activep && options->authorized_keys_command == NULL) { + if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) + fatal("%.200s line %d: AuthorizedKeysCommand " + "must be an absolute path", + filename, linenum); + options->authorized_keys_command = xstrdup(cp + len); + } + return 0; + + case sAuthorizedKeysCommandUser: + charptr = &options->authorized_keys_command_user; + + arg = strdelim(&cp); + if (*activep && *charptr == NULL) + *charptr = xstrdup(arg); + break; + + case sAuthenticationMethods: + if (*activep && options->num_auth_methods == 0) { + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (options->num_auth_methods >= + MAX_AUTH_METHODS) + fatal("%s line %d: " + "too many authentication methods.", + filename, linenum); + if (auth2_methods_valid(arg, 0) != 0) + fatal("%s line %d: invalid " + "authentication method list.", + filename, linenum); + options->auth_methods[ + options->num_auth_methods++] = xstrdup(arg); + } + } + return 0; + + case sStreamLocalBindMask: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing StreamLocalBindMask argument.", + filename, linenum); + /* Parse mode in octal format */ + value = strtol(arg, &p, 8); + if (arg == p || value < 0 || value > 0777) + fatal("%s line %d: Bad mask.", filename, linenum); + options->fwd_opts.streamlocal_bind_mask = (mode_t)value; + break; + + case sStreamLocalBindUnlink: + intptr = &options->fwd_opts.streamlocal_bind_unlink; + goto parse_flag; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1609,25 +1775,6 @@ int server_match_spec_complete(struct connection_info *ci) return 0; /* partial */ } -/* Helper macros */ -#define M_CP_INTOPT(n) do {\ - if (src->n != -1) \ - dst->n = src->n; \ -} while (0) -#define M_CP_STROPT(n) do {\ - if (src->n != NULL) { \ - if (dst->n != NULL) \ - xfree(dst->n); \ - dst->n = src->n; \ - } \ -} while(0) -#define M_CP_STRARRAYOPT(n, num_n) do {\ - if (src->num_n != 0) { \ - for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ - dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ - } \ -} while(0) - /* * Copy any supported values that are set. * @@ -1638,6 +1785,11 @@ int server_match_spec_complete(struct connection_info *ci) void copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) { +#define M_CP_INTOPT(n) do {\ + if (src->n != -1) \ + dst->n = src->n; \ +} while (0) + M_CP_INTOPT(password_authentication); M_CP_INTOPT(gss_authentication); M_CP_INTOPT(rsa_authentication); @@ -1646,21 +1798,39 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(hostbased_authentication); M_CP_INTOPT(hostbased_uses_name_from_packet_only); M_CP_INTOPT(kbd_interactive_authentication); - M_CP_INTOPT(zero_knowledge_password_authentication); M_CP_INTOPT(permit_root_login); M_CP_INTOPT(permit_empty_passwd); M_CP_INTOPT(allow_tcp_forwarding); + M_CP_INTOPT(allow_streamlocal_forwarding); M_CP_INTOPT(allow_agent_forwarding); M_CP_INTOPT(permit_tun); - M_CP_INTOPT(gateway_ports); + M_CP_INTOPT(fwd_opts.gateway_ports); M_CP_INTOPT(x11_display_offset); M_CP_INTOPT(x11_forwarding); M_CP_INTOPT(x11_use_localhost); + M_CP_INTOPT(permit_tty); + M_CP_INTOPT(permit_user_rc); M_CP_INTOPT(max_sessions); M_CP_INTOPT(max_authtries); M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_bulk); + M_CP_INTOPT(rekey_limit); + M_CP_INTOPT(rekey_interval); + + /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ +#define M_CP_STROPT(n) do {\ + if (src->n != NULL && dst->n != src->n) { \ + free(dst->n); \ + dst->n = src->n; \ + } \ +} while(0) +#define M_CP_STRARRAYOPT(n, num_n) do {\ + if (src->num_n != 0) { \ + for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ + dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ + } \ +} while(0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); @@ -1697,7 +1867,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, linenum++, &active, connectinfo) != 0) bad_options++; } - xfree(obuf); + free(obuf); if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", filename, bad_options); @@ -1731,6 +1901,10 @@ fmt_intarg(ServerOpCodes code, int val) return fmt_multistate_int(val, multistate_compression); case sUsePrivilegeSeparation: return fmt_multistate_int(val, multistate_privsep); + case sAllowTcpForwarding: + return fmt_multistate_int(val, multistate_tcpfwd); + case sAllowStreamLocalForwarding: + return fmt_multistate_int(val, multistate_tcpfwd); case sProtocol: switch (val) { case SSH_PROTO_1: @@ -1870,10 +2044,6 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); #endif -#ifdef JPAKE - dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, - o->zero_knowledge_password_authentication); -#endif dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); dump_cfg_fmtint(sKbdInteractiveAuthentication, o->kbd_interactive_authentication); @@ -1883,22 +2053,26 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); + dump_cfg_fmtint(sPermitTTY, o->permit_tty); + dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); dump_cfg_fmtint(sStrictModes, o->strict_modes); dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); dump_cfg_fmtint(sUseLogin, o->use_login); dump_cfg_fmtint(sCompression, o->compression); - dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); + dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); dump_cfg_fmtint(sUseDNS, o->use_dns); dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); + dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); /* string arguments */ dump_cfg_string(sPidFile, o->pid_file); dump_cfg_string(sXAuthLocation, o->xauth_location); - dump_cfg_string(sCiphers, o->ciphers); - dump_cfg_string(sMacs, o->macs); + dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : + cipher_alg_list(',', 0)); + dump_cfg_string(sMacs, o->macs ? o->macs : mac_alg_list(',')); dump_cfg_string(sBanner, o->banner); dump_cfg_string(sForceCommand, o->adm_forced_command); dump_cfg_string(sChrootDirectory, o->chroot_directory); @@ -1907,6 +2081,11 @@ dump_config(ServerOptions *o) dump_cfg_string(sAuthorizedPrincipalsFile, o->authorized_principals_file); dump_cfg_string(sVersionAddendum, o->version_addendum); + dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); + dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); + dump_cfg_string(sHostKeyAgent, o->host_key_agent); + dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : + kex_alg_list(',')); /* string arguments requiring a lookup */ dump_cfg_string(sLogLevel, log_level_name(o->log_level)); @@ -1924,6 +2103,8 @@ dump_config(ServerOptions *o) dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); + dump_cfg_strarray_oneline(sAuthenticationMethods, + o->num_auth_methods, o->auth_methods); /* other arguments */ for (i = 0; i < o->num_subsystems; i++) @@ -1943,5 +2124,8 @@ dump_config(ServerOptions *o) printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); printf("%s\n", iptos2str(o->ip_qos_bulk)); + printf("rekeylimit %lld %d\n", (long long)o->rekey_limit, + o->rekey_interval); + channel_print_adm_permitted_opens(); } diff --git a/crypto/openssh/servconf.h b/crypto/openssh/servconf.h index 096d596d7c..766db3a3de 100644 --- a/crypto/openssh/servconf.h +++ b/crypto/openssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.103 2012/07/10 02:19:15 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.114 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen @@ -28,6 +28,7 @@ #define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ #define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ #define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */ +#define MAX_AUTH_METHODS 256 /* Max # of AuthenticationMethods. */ /* permit_root_login */ #define PERMIT_NOT_SET -1 @@ -41,6 +42,12 @@ #define PRIVSEP_ON 1 #define PRIVSEP_NOSANDBOX 2 +/* AllowTCPForwarding */ +#define FORWARD_DENY 0 +#define FORWARD_REMOTE (1) +#define FORWARD_LOCAL (1<<1) +#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) + #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ @@ -58,6 +65,7 @@ typedef struct { int num_host_key_files; /* Number of files for host keys. */ char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */ int num_host_cert_files; /* Number of files for host certs. */ + char *host_key_agent; /* ssh-agent socket for host keys. */ char *pid_file; /* Where to put our pid */ int server_key_bits;/* Size of the server key. */ int login_grace_time; /* Disconnect if no auth in this time @@ -74,6 +82,8 @@ typedef struct { * searching at */ int x11_use_localhost; /* If true, use localhost for fake X11 server. */ char *xauth_location; /* Location of xauth program */ + int permit_tty; /* If false, deny pty allocation */ + int permit_user_rc; /* If false, deny ~/.ssh/rc execution */ int strict_modes; /* If true, require string home dir modes. */ int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ @@ -82,7 +92,7 @@ typedef struct { char *macs; /* Supported SSH2 macs. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */ int protocol; /* Supported protocol versions. */ - int gateway_ports; /* If true, allow remote connects to forwarded ports. */ + struct ForwardOptions fwd_opts; /* forwarding options */ SyslogFacility log_facility; /* Facility for system logging. */ LogLevel log_level; /* Level for system logging. */ int rhosts_rsa_authentication; /* If true, permit rhosts RSA @@ -108,14 +118,13 @@ typedef struct { * authentication. */ int kbd_interactive_authentication; /* If true, permit */ int challenge_response_authentication; - int zero_knowledge_password_authentication; - /* If true, permit jpake auth */ int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int permit_user_env; /* If true, read ~/.ssh/environment */ int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ - int allow_tcp_forwarding; + int allow_tcp_forwarding; /* One of FORWARD_* */ + int allow_streamlocal_forwarding; /* One of FORWARD_* */ int allow_agent_forwarding; u_int num_allow_users; char *allow_users[MAX_ALLOW_USERS]; @@ -166,8 +175,16 @@ typedef struct { char *revoked_keys_file; char *trusted_user_ca_keys; char *authorized_principals_file; + char *authorized_keys_command; + char *authorized_keys_command_user; + + int64_t rekey_limit; + int rekey_interval; char *version_addendum; /* Appended to SSH banner */ + + u_int num_auth_methods; + char *auth_methods[MAX_AUTH_METHODS]; } ServerOptions; /* Information about the incoming connection as used by Match */ @@ -185,18 +202,24 @@ struct connection_info { * Match sub-config and the main config, and must be sent from the * privsep slave to the privsep master. We use a macro to ensure all * the options are copied and the copies are done in the correct order. + * + * NB. an option must appear in servconf.c:copy_set_server_options() or + * COPY_MATCH_STRING_OPTS here but never both. */ #define COPY_MATCH_STRING_OPTS() do { \ M_CP_STROPT(banner); \ M_CP_STROPT(trusted_user_ca_keys); \ M_CP_STROPT(revoked_keys_file); \ M_CP_STROPT(authorized_principals_file); \ + M_CP_STROPT(authorized_keys_command); \ + M_CP_STROPT(authorized_keys_command_user); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ M_CP_STRARRAYOPT(allow_users, num_allow_users); \ M_CP_STRARRAYOPT(deny_users, num_deny_users); \ M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \ M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ M_CP_STRARRAYOPT(accept_env, num_accept_env); \ + M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ } while (0) struct connection_info *get_connection_info(int, int); diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c index 741c5befbe..e92f9e27bd 100644 --- a/crypto/openssh/serverloop.c +++ b/crypto/openssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.162 2012/06/20 04:42:58 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.172 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -61,6 +61,7 @@ #include "packet.h" #include "buffer.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "canohost.h" #include "sshpty.h" @@ -77,7 +78,6 @@ #include "dispatch.h" #include "auth-options.h" #include "serverloop.h" -#include "misc.h" #include "roaming.h" extern ServerOptions options; @@ -148,7 +148,7 @@ static void notify_parent(void) { if (notify_pipe[1] != -1) - write(notify_pipe[1], "", 1); + (void)write(notify_pipe[1], "", 1); } static void notify_prepare(fd_set *readset) @@ -277,7 +277,7 @@ client_alive_check(void) */ static void wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, - u_int *nallocp, u_int max_time_milliseconds) + u_int *nallocp, u_int64_t max_time_milliseconds) { struct timeval tv, *tvp; int ret; @@ -304,7 +304,8 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, if (compat20 && max_time_milliseconds == 0 && options.client_alive_interval) { client_alive_scheduled = 1; - max_time_milliseconds = options.client_alive_interval * 1000; + max_time_milliseconds = + (u_int64_t)options.client_alive_interval * 1000; } if (compat20) { @@ -563,7 +564,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) int wait_status; /* Status returned by wait(). */ pid_t wait_pid; /* pid returned by wait(). */ int waiting_termination = 0; /* Have displayed waiting close message. */ - u_int max_time_milliseconds; + u_int64_t max_time_milliseconds; u_int previous_stdout_buffer_bytes; u_int stdout_buffer_bytes; int type; @@ -694,7 +695,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) /* Display list of open channels. */ cp = channel_open_message(); buffer_append(&stderr_buffer, cp, strlen(cp)); - xfree(cp); + free(cp); } } max_fd = MAX(connection_in, connection_out); @@ -708,7 +709,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) &nalloc, max_time_milliseconds); if (received_sigterm) { - logit("Exiting on signal %d", received_sigterm); + logit("Exiting on signal %d", (int)received_sigterm); /* Clean up sessions, utmp, etc. */ cleanup_exit(255); } @@ -722,10 +723,8 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) /* Process output to the client and to program stdin. */ process_output(writeset); } - if (readset) - xfree(readset); - if (writeset) - xfree(writeset); + free(readset); + free(writeset); /* Cleanup and termination code. */ @@ -825,7 +824,9 @@ void server_loop2(Authctxt *authctxt) { fd_set *readset = NULL, *writeset = NULL; - int rekeying = 0, max_fd, nalloc = 0; + int rekeying = 0, max_fd; + u_int nalloc = 0; + u_int64_t rekey_timeout_ms = 0; debug("Entering interactive session for SSH2."); @@ -854,11 +855,16 @@ server_loop2(Authctxt *authctxt) if (!rekeying && packet_not_very_much_data_to_write()) channel_output_poll(); + if (options.rekey_interval > 0 && compat20 && !rekeying) + rekey_timeout_ms = packet_get_rekey_timeout() * 1000; + else + rekey_timeout_ms = 0; + wait_until_can_do_something(&readset, &writeset, &max_fd, - &nalloc, 0); + &nalloc, rekey_timeout_ms); if (received_sigterm) { - logit("Exiting on signal %d", received_sigterm); + logit("Exiting on signal %d", (int)received_sigterm); /* Clean up sessions, utmp, etc. */ cleanup_exit(255); } @@ -879,10 +885,8 @@ server_loop2(Authctxt *authctxt) } collect_children(); - if (readset) - xfree(readset); - if (writeset) - xfree(writeset); + free(readset); + free(writeset); /* free all channels, no more reads and writes */ channel_free_all(); @@ -916,8 +920,8 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt) data = packet_get_string(&data_len); packet_check_eom(); buffer_append(&stdin_buffer, data, data_len); - memset(data, 0, data_len); - xfree(data); + explicit_bzero(data, data_len); + free(data); } static void @@ -950,7 +954,7 @@ server_input_window_size(int type, u_int32_t seq, void *ctxt) static Channel * server_request_direct_tcpip(void) { - Channel *c; + Channel *c = NULL; char *target, *originator; u_short target_port, originator_port; @@ -963,12 +967,51 @@ server_request_direct_tcpip(void) debug("server_request_direct_tcpip: originator %s port %d, target %s " "port %d", originator, originator_port, target, target_port); - /* XXX check permission */ - c = channel_connect_to(target, target_port, - "direct-tcpip", "direct-tcpip"); + /* XXX fine grained permissions */ + if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && + !no_port_forwarding_flag) { + c = channel_connect_to_port(target, target_port, + "direct-tcpip", "direct-tcpip"); + } else { + logit("refused local port forward: " + "originator %s port %d, target %s port %d", + originator, originator_port, target, target_port); + } - xfree(originator); - xfree(target); + free(originator); + free(target); + + return c; +} + +static Channel * +server_request_direct_streamlocal(void) +{ + Channel *c = NULL; + char *target, *originator; + u_short originator_port; + + target = packet_get_string(NULL); + originator = packet_get_string(NULL); + originator_port = packet_get_int(); + packet_check_eom(); + + debug("server_request_direct_streamlocal: originator %s port %d, target %s", + originator, originator_port, target); + + /* XXX fine grained permissions */ + if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && + !no_port_forwarding_flag) { + c = channel_connect_to_path(target, + "direct-streamlocal@openssh.com", "direct-streamlocal"); + } else { + logit("refused streamlocal port forward: " + "originator %s port %d, target %s", + originator, originator_port, target); + } + + free(originator); + free(target); return c; } @@ -1070,6 +1113,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { c = server_request_direct_tcpip(); + } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { + c = server_request_direct_streamlocal(); } else if (strcmp(ctype, "tun@openssh.com") == 0) { c = server_request_tun(); } @@ -1097,7 +1142,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) } packet_send(); } - xfree(ctype); + free(ctype); } static void @@ -1114,47 +1159,74 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* -R style forwarding */ if (strcmp(rtype, "tcpip-forward") == 0) { struct passwd *pw; - char *listen_address; - u_short listen_port; + struct Forward fwd; pw = the_authctxt->pw; if (pw == NULL || !the_authctxt->valid) fatal("server_input_global_request: no/invalid user"); - listen_address = packet_get_string(NULL); - listen_port = (u_short)packet_get_int(); + memset(&fwd, 0, sizeof(fwd)); + fwd.listen_host = packet_get_string(NULL); + fwd.listen_port = (u_short)packet_get_int(); debug("server_input_global_request: tcpip-forward listen %s port %d", - listen_address, listen_port); + fwd.listen_host, fwd.listen_port); /* check permissions */ - if (!options.allow_tcp_forwarding || + if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || - (!want_reply && listen_port == 0) + (!want_reply && fwd.listen_port == 0) #ifndef NO_IPPORT_RESERVED_CONCEPT - || (listen_port != 0 && listen_port < IPPORT_RESERVED && - pw->pw_uid != 0) + || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && + pw->pw_uid != 0) #endif ) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { /* Start listening on the port */ - success = channel_setup_remote_fwd_listener( - listen_address, listen_port, - &allocated_listen_port, options.gateway_ports); + success = channel_setup_remote_fwd_listener(&fwd, + &allocated_listen_port, &options.fwd_opts); } - xfree(listen_address); + free(fwd.listen_host); } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { - char *cancel_address; - u_short cancel_port; + struct Forward fwd; - cancel_address = packet_get_string(NULL); - cancel_port = (u_short)packet_get_int(); + memset(&fwd, 0, sizeof(fwd)); + fwd.listen_host = packet_get_string(NULL); + fwd.listen_port = (u_short)packet_get_int(); debug("%s: cancel-tcpip-forward addr %s port %d", __func__, - cancel_address, cancel_port); + fwd.listen_host, fwd.listen_port); + + success = channel_cancel_rport_listener(&fwd); + free(fwd.listen_host); + } else if (strcmp(rtype, "streamlocal-forward@openssh.com") == 0) { + struct Forward fwd; + + memset(&fwd, 0, sizeof(fwd)); + fwd.listen_path = packet_get_string(NULL); + debug("server_input_global_request: streamlocal-forward listen path %s", + fwd.listen_path); + + /* check permissions */ + if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 + || no_port_forwarding_flag) { + success = 0; + packet_send_debug("Server has disabled port forwarding."); + } else { + /* Start listening on the socket */ + success = channel_setup_remote_fwd_listener( + &fwd, NULL, &options.fwd_opts); + } + free(fwd.listen_path); + } else if (strcmp(rtype, "cancel-streamlocal-forward@openssh.com") == 0) { + struct Forward fwd; + + memset(&fwd, 0, sizeof(fwd)); + fwd.listen_path = packet_get_string(NULL); + debug("%s: cancel-streamlocal-forward path %s", __func__, + fwd.listen_path); - success = channel_cancel_rport_listener(cancel_address, - cancel_port); - xfree(cancel_address); + success = channel_cancel_rport_listener(&fwd); + free(fwd.listen_path); } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { no_more_sessions = 1; success = 1; @@ -1167,7 +1239,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) packet_send(); packet_write_wait(); } - xfree(rtype); + free(rtype); } static void @@ -1193,13 +1265,13 @@ server_input_channel_req(int type, u_int32_t seq, void *ctxt) } else if ((c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0) success = session_input_channel_req(c, rtype); - if (reply) { + if (reply && !(c->flags & CHAN_CLOSE_SENT)) { packet_start(success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); packet_put_int(c->remote_id); packet_send(); } - xfree(rtype); + free(rtype); } static void diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 65bf287761..3e96557b89 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */ +/* $OpenBSD: session.c,v 1.274 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -49,6 +49,7 @@ #include #include #include +#include #ifdef HAVE_PATHS_H #include #endif @@ -80,13 +81,14 @@ #include "hostfile.h" #include "auth.h" #include "auth-options.h" +#include "authfd.h" #include "pathnames.h" #include "log.h" +#include "misc.h" #include "servconf.h" #include "sshlogin.h" #include "serverloop.h" #include "canohost.h" -#include "misc.h" #include "session.h" #include "kex.h" #include "monitor_wrap.h" @@ -181,7 +183,6 @@ auth_input_request_forwarding(struct passwd * pw) { Channel *nc; int sock = -1; - struct sockaddr_un sunaddr; if (auth_sock_name != NULL) { error("authentication forwarding requested twice."); @@ -199,7 +200,7 @@ auth_input_request_forwarding(struct passwd * pw) packet_send_debug("Agent forwarding disabled: " "mkdtemp() failed: %.100s", strerror(errno)); restore_uid(); - xfree(auth_sock_dir); + free(auth_sock_dir); auth_sock_dir = NULL; goto authsock_err; } @@ -207,33 +208,15 @@ auth_input_request_forwarding(struct passwd * pw) xasprintf(&auth_sock_name, "%s/agent.%ld", auth_sock_dir, (long) getpid()); - /* Create the socket. */ - sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) { - error("socket: %.100s", strerror(errno)); - restore_uid(); - goto authsock_err; - } - - /* Bind it to the name. */ - memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); - - if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { - error("bind: %.100s", strerror(errno)); - restore_uid(); - goto authsock_err; - } + /* Start a Unix listener on auth_sock_name. */ + sock = unix_listener(auth_sock_name, SSH_LISTEN_BACKLOG, 0); /* Restore the privileged uid. */ restore_uid(); - /* Start listening on the socket. */ - if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { - error("listen: %.100s", strerror(errno)); + /* Check for socket/bind/listen failure. */ + if (sock < 0) goto authsock_err; - } /* Allocate a channel for the authentication agent socket. */ nc = channel_new("auth socket", @@ -244,11 +227,10 @@ auth_input_request_forwarding(struct passwd * pw) return 1; authsock_err: - if (auth_sock_name != NULL) - xfree(auth_sock_name); + free(auth_sock_name); if (auth_sock_dir != NULL) { rmdir(auth_sock_dir); - xfree(auth_sock_dir); + free(auth_sock_dir); } if (sock != -1) close(sock); @@ -273,7 +255,11 @@ do_authenticated(Authctxt *authctxt) setproctitle("%s", authctxt->pw->pw_name); /* setup the channel layer */ - if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + /* XXX - streamlocal? */ + if (no_port_forwarding_flag || + (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) + channel_disable_adm_local_opens(); + else channel_permit_all_opens(); auth_debug_send(); @@ -361,8 +347,8 @@ do_authenticated1(Authctxt *authctxt) packet_check_eom(); success = session_setup_x11fwd(s); if (!success) { - xfree(s->auth_proto); - xfree(s->auth_data); + free(s->auth_proto); + free(s->auth_data); s->auth_proto = NULL; s->auth_data = NULL; } @@ -383,13 +369,13 @@ do_authenticated1(Authctxt *authctxt) debug("Port forwarding not permitted for this authentication."); break; } - if (!options.allow_tcp_forwarding) { + if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) { debug("Port forwarding not permitted."); break; } debug("Received TCP/IP port forwarding request."); if (channel_input_port_forward_request(s->pw->pw_uid == 0, - options.gateway_ports) < 0) { + &options.fwd_opts) < 0) { debug("Port forwarding failed."); break; } @@ -409,7 +395,7 @@ do_authenticated1(Authctxt *authctxt) if (do_exec(s, command) != 0) packet_disconnect( "command execution failed"); - xfree(command); + free(command); } else { if (do_exec(s, NULL) != 0) packet_disconnect( @@ -438,7 +424,7 @@ do_authenticated1(Authctxt *authctxt) } } -#define USE_PIPES +#define USE_PIPES 1 /* * This is called to fork and execute a command when we have no tty. This * will call do_child from the child, and server_loop from the parent after @@ -791,27 +777,50 @@ int do_exec(Session *s, const char *command) { int ret; + const char *forced = NULL; + char session_type[1024], *tty = NULL; if (options.adm_forced_command) { original_command = command; command = options.adm_forced_command; - if (IS_INTERNAL_SFTP(command)) { - s->is_subsystem = s->is_subsystem ? - SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; - } else if (s->is_subsystem) - s->is_subsystem = SUBSYSTEM_EXT; - debug("Forced command (config) '%.900s'", command); + forced = "(config)"; } else if (forced_command) { original_command = command; command = forced_command; + forced = "(key-option)"; + } + if (forced != NULL) { if (IS_INTERNAL_SFTP(command)) { s->is_subsystem = s->is_subsystem ? SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; } else if (s->is_subsystem) s->is_subsystem = SUBSYSTEM_EXT; - debug("Forced command (key option) '%.900s'", command); + snprintf(session_type, sizeof(session_type), + "forced-command %s '%.900s'", forced, command); + } else if (s->is_subsystem) { + snprintf(session_type, sizeof(session_type), + "subsystem '%.900s'", s->subsys); + } else if (command == NULL) { + snprintf(session_type, sizeof(session_type), "shell"); + } else { + /* NB. we don't log unforced commands to preserve privacy */ + snprintf(session_type, sizeof(session_type), "command"); } + if (s->ttyfd != -1) { + tty = s->tty; + if (strncmp(tty, "/dev/", 5) == 0) + tty += 5; + } + + verbose("Starting session: %s%s%s for %s from %.200s port %d", + session_type, + tty == NULL ? "" : " on ", + tty == NULL ? "" : tty, + s->pw->pw_name, + get_remote_ipaddr(), + get_remote_port()); + #ifdef SSH_AUDIT_EVENTS if (command != NULL) PRIVSEP(audit_run_command(command)); @@ -952,6 +961,11 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, u_int envsize; u_int i, namelen; + if (strchr(name, '=') != NULL) { + error("Invalid environment variable \"%.100s\"", name); + return; + } + /* * If we're passed an uninitialized list, allocate a single null * entry before continuing. @@ -974,7 +988,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, break; if (env[i]) { /* Reuse the slot. */ - xfree(env[i]); + free(env[i]); } else { /* New variable. Expand if necessary. */ envsize = *envsizep; @@ -1090,8 +1104,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) umask((mode_t)mask); for (i = 0; tmpenv[i] != NULL; i++) - xfree(tmpenv[i]); - xfree(tmpenv); + free(tmpenv[i]); + free(tmpenv); } #endif /* HAVE_ETC_DEFAULT_LOGIN */ @@ -1107,7 +1121,7 @@ copy_environment(char **source, char ***env, u_int *envsize) for(i = 0; source[i] != NULL; i++) { var_name = xstrdup(source[i]); if ((var_val = strstr(var_name, "=")) == NULL) { - xfree(var_name); + free(var_name); continue; } *var_val++ = '\0'; @@ -1115,7 +1129,7 @@ copy_environment(char **source, char ***env, u_int *envsize) debug3("Copy environment: %s=%s", var_name, var_val); child_set_env(env, envsize, var_name, var_val); - xfree(var_name); + free(var_name); } } @@ -1216,8 +1230,8 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, str, str + i + 1); } custom_environment = ce->next; - xfree(ce->s); - xfree(ce); + free(ce->s); + free(ce); } } @@ -1229,7 +1243,7 @@ do_setup_env(Session *s, const char *shell) laddr = get_local_ipaddr(packet_get_connection_in()); snprintf(buf, sizeof buf, "%.50s %d %.50s %d", get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); - xfree(laddr); + free(laddr); child_set_env(&env, &envsize, "SSH_CONNECTION", buf); if (s->ttyfd != -1) @@ -1327,7 +1341,8 @@ do_rc_files(Session *s, const char *shell) /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ if (!s->is_subsystem && options.adm_forced_command == NULL && - !no_user_rc && stat(_PATH_SSH_USER_RC, &st) >= 0) { + !no_user_rc && options.permit_user_rc && + stat(_PATH_SSH_USER_RC, &st) >= 0) { snprintf(cmd, sizeof cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, _PATH_SSH_USER_RC); if (debug_flag) @@ -1400,7 +1415,7 @@ do_nologin(struct passwd *pw) #endif if (stat(nl, &sb) == -1) { if (nl != def_nl) - xfree(nl); + free(nl); return; } @@ -1474,6 +1489,9 @@ void do_setusercontext(struct passwd *pw) { char *chroot_path, *tmp; +#ifdef USE_LIBIAF + int doing_chroot = 0; +#endif platform_setusercontext(pw); @@ -1510,6 +1528,12 @@ do_setusercontext(struct passwd *pw) safely_chroot(chroot_path, pw->pw_uid); free(tmp); free(chroot_path); + /* Make sure we don't attempt to chroot again */ + free(options.chroot_directory); + options.chroot_directory = NULL; +#ifdef USE_LIBIAF + doing_chroot = 1; +#endif } #ifdef HAVE_LOGIN_CAP @@ -1517,10 +1541,30 @@ do_setusercontext(struct passwd *pw) perror("unable to set user context (setuser)"); exit(1); } + /* + * FreeBSD's setusercontext() will not apply the user's + * own umask setting unless running with the user's UID. + */ + (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); #else +# ifdef USE_LIBIAF +/* In a chroot environment, the set_id() will always fail; typically + * because of the lack of necessary authentication services and runtime + * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd + * We skip it in the internal sftp chroot case. + * We'll lose auditing and ACLs but permanently_set_uid will + * take care of the rest. + */ + if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { + fatal("set_id(%s) Failed", pw->pw_name); + } +# endif /* USE_LIBIAF */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif + } else if (options.chroot_directory != NULL && + strcasecmp(options.chroot_directory, "none") != 0) { + fatal("server lacks privileges to chroot to ChrootDirectory"); } if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) @@ -1576,6 +1620,13 @@ launch_login(struct passwd *pw, const char *hostname) static void child_close_fds(void) { + extern AuthenticationConnection *auth_conn; + + if (auth_conn) { + ssh_close_authentication_connection(auth_conn); + auth_conn = NULL; + } + if (packet_get_connection_in() == packet_get_connection_out()) close(packet_get_connection_in()); else { @@ -1840,7 +1891,7 @@ session_unused(int id) fatal("%s: insane session id %d (max %d nalloc %d)", __func__, id, options.max_sessions, sessions_nalloc); } - bzero(&sessions[id], sizeof(*sessions)); + memset(&sessions[id], 0, sizeof(*sessions)); sessions[id].self = id; sessions[id].used = 0; sessions[id].chanid = -1; @@ -2018,7 +2069,7 @@ session_pty_req(Session *s) u_int len; int n_bytes; - if (no_pty_flag) { + if (no_pty_flag || !options.permit_tty) { debug("Allocating a pty not permitted for this authentication."); return 0; } @@ -2040,7 +2091,7 @@ session_pty_req(Session *s) s->ypixel = packet_get_int(); if (strcmp(s->term, "") == 0) { - xfree(s->term); + free(s->term); s->term = NULL; } @@ -2048,8 +2099,7 @@ session_pty_req(Session *s) debug("Allocating pty."); if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)))) { - if (s->term) - xfree(s->term); + free(s->term); s->term = NULL; s->ptyfd = -1; s->ttyfd = -1; @@ -2080,15 +2130,16 @@ session_subsystem_req(Session *s) struct stat st; u_int len; int success = 0; - char *prog, *cmd, *subsys = packet_get_string(&len); + char *prog, *cmd; u_int i; + s->subsys = packet_get_string(&len); packet_check_eom(); - logit("subsystem request for %.100s by user %s", subsys, + debug2("subsystem request for %.100s by user %s", s->subsys, s->pw->pw_name); for (i = 0; i < options.num_subsystems; i++) { - if (strcmp(subsys, options.subsystem_name[i]) == 0) { + if (strcmp(s->subsys, options.subsystem_name[i]) == 0) { prog = options.subsystem_command[i]; cmd = options.subsystem_args[i]; if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { @@ -2107,10 +2158,9 @@ session_subsystem_req(Session *s) } if (!success) - logit("subsystem request for %.100s failed, subsystem not found", - subsys); + logit("subsystem request for %.100s by user %s failed, " + "subsystem not found", s->subsys, s->pw->pw_name); - xfree(subsys); return success; } @@ -2132,8 +2182,8 @@ session_x11_req(Session *s) success = session_setup_x11fwd(s); if (!success) { - xfree(s->auth_proto); - xfree(s->auth_data); + free(s->auth_proto); + free(s->auth_data); s->auth_proto = NULL; s->auth_data = NULL; } @@ -2155,7 +2205,7 @@ session_exec_req(Session *s) char *command = packet_get_string(&len); packet_check_eom(); success = do_exec(s, command) == 0; - xfree(command); + free(command); return success; } @@ -2177,8 +2227,8 @@ session_env_req(Session *s) char *name, *val; u_int name_len, val_len, i; - name = packet_get_string(&name_len); - val = packet_get_string(&val_len); + name = packet_get_cstring(&name_len); + val = packet_get_cstring(&val_len); packet_check_eom(); /* Don't set too many environment variables */ @@ -2201,8 +2251,8 @@ session_env_req(Session *s) debug2("Ignoring env request %s: disallowed name", name); fail: - xfree(name); - xfree(val); + free(name); + free(val); return (0); } @@ -2384,24 +2434,16 @@ session_close_single_x11(int id, void *arg) if (s->x11_chanids[i] != id) session_close_x11(s->x11_chanids[i]); } - xfree(s->x11_chanids); + free(s->x11_chanids); s->x11_chanids = NULL; - if (s->display) { - xfree(s->display); - s->display = NULL; - } - if (s->auth_proto) { - xfree(s->auth_proto); - s->auth_proto = NULL; - } - if (s->auth_data) { - xfree(s->auth_data); - s->auth_data = NULL; - } - if (s->auth_display) { - xfree(s->auth_display); - s->auth_display = NULL; - } + free(s->display); + s->display = NULL; + free(s->auth_proto); + s->auth_proto = NULL; + free(s->auth_data); + s->auth_data = NULL; + free(s->auth_display); + s->auth_display = NULL; } static void @@ -2463,24 +2505,19 @@ session_close(Session *s) debug("session_close: session %d pid %ld", s->self, (long)s->pid); if (s->ttyfd != -1) session_pty_cleanup(s); - if (s->term) - xfree(s->term); - if (s->display) - xfree(s->display); - if (s->x11_chanids) - xfree(s->x11_chanids); - if (s->auth_display) - xfree(s->auth_display); - if (s->auth_data) - xfree(s->auth_data); - if (s->auth_proto) - xfree(s->auth_proto); + free(s->term); + free(s->display); + free(s->x11_chanids); + free(s->auth_display); + free(s->auth_data); + free(s->auth_proto); + free(s->subsys); if (s->env != NULL) { for (i = 0; i < s->num_env; i++) { - xfree(s->env[i].name); - xfree(s->env[i].val); + free(s->env[i].name); + free(s->env[i].val); } - xfree(s->env); + free(s->env); } session_proctitle(s); session_unused(s->self); @@ -2600,7 +2637,7 @@ session_setup_x11fwd(Session *s) { struct stat st; char display[512], auth_display[512]; - char hostname[MAXHOSTNAMELEN]; + char hostname[NI_MAXHOST]; u_int i; if (no_x11_forwarding_flag) { diff --git a/crypto/openssh/session.h b/crypto/openssh/session.h index cbb8e3a32d..6a2f35e41f 100644 --- a/crypto/openssh/session.h +++ b/crypto/openssh/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */ +/* $OpenBSD: session.h,v 1.31 2013/10/14 21:20:52 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -55,6 +55,7 @@ struct Session { int chanid; int *x11_chanids; int is_subsystem; + char *subsys; u_int num_env; struct { char *name; diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index 85f2bd444b..990b58d14f 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.97 2012/07/02 12:13:26 dtucker Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.115 2014/04/21 14:36:16 logan Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -42,6 +42,7 @@ #include #include #include +#include #include #include @@ -76,6 +77,7 @@ struct sftp_conn { #define SFTP_EXT_STATVFS 0x00000002 #define SFTP_EXT_FSTATVFS 0x00000004 #define SFTP_EXT_HARDLINK 0x00000008 +#define SFTP_EXT_FSYNC 0x00000010 u_int exts; u_int64_t limit_kbps; struct bwlimit bwlimit_in, bwlimit_out; @@ -112,7 +114,7 @@ send_msg(struct sftp_conn *conn, Buffer *m) iov[1].iov_len = buffer_len(m); if (atomiciov6(writev, conn->fd_out, iov, 2, - conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != + conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != buffer_len(m) + sizeof(mlen)) fatal("Couldn't send packet: %s", strerror(errno)); @@ -308,7 +310,7 @@ get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st, SSH2_FXP_EXTENDED_REPLY, type); } - bzero(st, sizeof(*st)); + memset(st, 0, sizeof(*st)); st->f_bsize = buffer_get_int64(&msg); st->f_frsize = buffer_get_int64(&msg); st->f_blocks = buffer_get_int64(&msg); @@ -337,7 +339,8 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, Buffer msg; struct sftp_conn *ret; - ret = xmalloc(sizeof(*ret)); + ret = xcalloc(1, sizeof(*ret)); + ret->msg_id = 1; ret->fd_in = fd_in; ret->fd_out = fd_out; ret->transfer_buflen = transfer_buflen; @@ -387,6 +390,10 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, strcmp(value, "1") == 0) { ret->exts |= SFTP_EXT_HARDLINK; known = 1; + } else if (strcmp(name, "fsync@openssh.com") == 0 && + strcmp(value, "1") == 0) { + ret->exts |= SFTP_EXT_FSYNC; + known = 1; } if (known) { debug2("Server supports extension \"%s\" revision %s", @@ -394,8 +401,8 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, } else { debug2("Unrecognised server extension \"%s\"", name); } - xfree(name); - xfree(value); + free(name); + free(value); } buffer_free(&msg); @@ -447,12 +454,16 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len) static int -do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, +do_lsreaddir(struct sftp_conn *conn, char *path, int print_flag, SFTP_DIRENT ***dir) { Buffer msg; u_int count, type, id, handle_len, i, expected_id, ents = 0; char *handle; + int status = SSH2_FX_FAILURE; + + if (dir) + *dir = NULL; id = conn->msg_id++; @@ -471,7 +482,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, if (dir) { ents = 0; - *dir = xmalloc(sizeof(**dir)); + *dir = xcalloc(1, sizeof(**dir)); (*dir)[0] = NULL; } @@ -499,20 +510,12 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { - int status = buffer_get_int(&msg); - + status = buffer_get_int(&msg); debug3("Received SSH2_FXP_STATUS %d", status); - - if (status == SSH2_FX_EOF) { + if (status == SSH2_FX_EOF) break; - } else { - error("Couldn't read directory: %s", - fx2txt(status)); - do_close(conn, handle, handle_len); - xfree(handle); - buffer_free(&msg); - return(status); - } + error("Couldn't read directory: %s", fx2txt(status)); + goto out; } else if (type != SSH2_FXP_NAME) fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); @@ -529,7 +532,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, longname = buffer_get_string(&msg, NULL); a = decode_attrib(&msg); - if (printflag) + if (print_flag) printf("%s\n", longname); /* @@ -540,35 +543,37 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, if (strchr(filename, '/') != NULL) { error("Server sent suspect path \"%s\" " "during readdir of \"%s\"", filename, path); - goto next; - } - - if (dir) { + } else if (dir) { *dir = xrealloc(*dir, ents + 2, sizeof(**dir)); - (*dir)[ents] = xmalloc(sizeof(***dir)); + (*dir)[ents] = xcalloc(1, sizeof(***dir)); (*dir)[ents]->filename = xstrdup(filename); (*dir)[ents]->longname = xstrdup(longname); memcpy(&(*dir)[ents]->a, a, sizeof(*a)); (*dir)[++ents] = NULL; } - next: - xfree(filename); - xfree(longname); + free(filename); + free(longname); } } + status = 0; + out: buffer_free(&msg); do_close(conn, handle, handle_len); - xfree(handle); + free(handle); - /* Don't return partial matches on interrupt */ - if (interrupted && dir != NULL && *dir != NULL) { + if (status != 0 && dir != NULL) { + /* Don't return results on error */ + free_sftp_dirents(*dir); + *dir = NULL; + } else if (interrupted && dir != NULL && *dir != NULL) { + /* Don't return partial matches on interrupt */ free_sftp_dirents(*dir); - *dir = xmalloc(sizeof(**dir)); + *dir = xcalloc(1, sizeof(**dir)); **dir = NULL; } - return 0; + return status; } int @@ -581,12 +586,14 @@ void free_sftp_dirents(SFTP_DIRENT **s) { int i; + if (s == NULL) + return; for (i = 0; s[i]; i++) { - xfree(s[i]->filename); - xfree(s[i]->longname); - xfree(s[i]); + free(s[i]->filename); + free(s[i]->longname); + free(s[i]); } - xfree(s); + free(s); } int @@ -605,7 +612,7 @@ do_rm(struct sftp_conn *conn, char *path) } int -do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag) +do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int print_flag) { u_int status, id; @@ -614,7 +621,7 @@ do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag) strlen(path), a); status = get_status(conn, id); - if (status != SSH2_FX_OK && printflag) + if (status != SSH2_FX_OK && print_flag) error("Couldn't create directory: %s", fx2txt(status)); return(status); @@ -742,7 +749,7 @@ do_realpath(struct sftp_conn *conn, char *path) if (type == SSH2_FXP_STATUS) { u_int status = buffer_get_int(&msg); - error("Couldn't canonicalise: %s", fx2txt(status)); + error("Couldn't canonicalize: %s", fx2txt(status)); buffer_free(&msg); return NULL; } else if (type != SSH2_FXP_NAME) @@ -760,7 +767,7 @@ do_realpath(struct sftp_conn *conn, char *path) debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, (unsigned long)a->size); - xfree(longname); + free(longname); buffer_free(&msg); @@ -768,16 +775,18 @@ do_realpath(struct sftp_conn *conn, char *path) } int -do_rename(struct sftp_conn *conn, char *oldpath, char *newpath) +do_rename(struct sftp_conn *conn, char *oldpath, char *newpath, + int force_legacy) { Buffer msg; u_int status, id; + int use_ext = (conn->exts & SFTP_EXT_POSIX_RENAME) && !force_legacy; buffer_init(&msg); /* Send rename request */ id = conn->msg_id++; - if ((conn->exts & SFTP_EXT_POSIX_RENAME)) { + if (use_ext) { buffer_put_char(&msg, SSH2_FXP_EXTENDED); buffer_put_int(&msg, id); buffer_put_cstring(&msg, "posix-rename@openssh.com"); @@ -789,8 +798,8 @@ do_rename(struct sftp_conn *conn, char *oldpath, char *newpath) buffer_put_cstring(&msg, newpath); send_msg(conn, &msg); debug3("Sent message %s \"%s\" -> \"%s\"", - (conn->exts & SFTP_EXT_POSIX_RENAME) ? "posix-rename@openssh.com" : - "SSH2_FXP_RENAME", oldpath, newpath); + use_ext ? "posix-rename@openssh.com" : "SSH2_FXP_RENAME", + oldpath, newpath); buffer_free(&msg); status = get_status(conn, id); @@ -866,6 +875,36 @@ do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) return(status); } +int +do_fsync(struct sftp_conn *conn, char *handle, u_int handle_len) +{ + Buffer msg; + u_int status, id; + + /* Silently return if the extension is not supported */ + if ((conn->exts & SFTP_EXT_FSYNC) == 0) + return -1; + + buffer_init(&msg); + + /* Send fsync request */ + id = conn->msg_id++; + + buffer_put_char(&msg, SSH2_FXP_EXTENDED); + buffer_put_int(&msg, id); + buffer_put_cstring(&msg, "fsync@openssh.com"); + buffer_put_string(&msg, handle, handle_len); + send_msg(conn, &msg); + debug3("Sent message fsync@openssh.com I:%u", id); + buffer_free(&msg); + + status = get_status(conn, id); + if (status != SSH2_FX_OK) + error("Couldn't sync file: %s", fx2txt(status)); + + return status; +} + #ifdef notyet char * do_readlink(struct sftp_conn *conn, char *path) @@ -907,7 +946,7 @@ do_readlink(struct sftp_conn *conn, char *path) debug3("SSH_FXP_READLINK %s -> %s", path, filename); - xfree(longname); + free(longname); buffer_free(&msg); @@ -988,16 +1027,17 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, int do_download(struct sftp_conn *conn, char *remote_path, char *local_path, - Attrib *a, int pflag) + Attrib *a, int preserve_flag, int resume_flag, int fsync_flag) { Attrib junk; Buffer msg; char *handle; - int local_fd, status = 0, write_error; - int read_error, write_errno; - u_int64_t offset, size; + int local_fd = -1, status = 0, write_error; + int read_error, write_errno, reordered = 0; + u_int64_t offset = 0, size, highwater; u_int handle_len, mode, type, id, buflen, num_req, max_req; off_t progress_counter; + struct stat st; struct request { u_int id; u_int len; @@ -1050,21 +1090,42 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, return(-1); } - local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, - mode | S_IWRITE); + local_fd = open(local_path, + O_WRONLY | O_CREAT | (resume_flag ? 0 : O_TRUNC), mode | S_IWUSR); if (local_fd == -1) { error("Couldn't open local file \"%s\" for writing: %s", local_path, strerror(errno)); - do_close(conn, handle, handle_len); - buffer_free(&msg); - xfree(handle); - return(-1); + goto fail; + } + offset = highwater = 0; + if (resume_flag) { + if (fstat(local_fd, &st) == -1) { + error("Unable to stat local file \"%s\": %s", + local_path, strerror(errno)); + goto fail; + } + if (st.st_size < 0) { + error("\"%s\" has negative size", local_path); + goto fail; + } + if ((u_int64_t)st.st_size > size) { + error("Unable to resume download of \"%s\": " + "local file is larger than remote", local_path); + fail: + do_close(conn, handle, handle_len); + buffer_free(&msg); + free(handle); + if (local_fd != -1) + close(local_fd); + return -1; + } + offset = highwater = st.st_size; } /* Read from remote and write to local */ - write_error = read_error = write_errno = num_req = offset = 0; + write_error = read_error = write_errno = num_req = 0; max_req = 1; - progress_counter = 0; + progress_counter = offset; if (showprogress && size != 0) start_progress_meter(remote_path, size, &progress_counter); @@ -1089,7 +1150,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, (unsigned long long)offset, (unsigned long long)offset + buflen - 1, num_req, max_req); - req = xmalloc(sizeof(*req)); + req = xcalloc(1, sizeof(*req)); req->id = conn->msg_id++; req->len = buflen; req->offset = offset; @@ -1121,7 +1182,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, read_error = 1; max_req = 0; TAILQ_REMOVE(&requests, req, tq); - xfree(req); + free(req); num_req--; break; case SSH2_FXP_DATA: @@ -1139,12 +1200,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, write_error = 1; max_req = 0; } + else if (!reordered && req->offset <= highwater) + highwater = req->offset + len; + else if (!reordered && req->offset > highwater) + reordered = 1; progress_counter += len; - xfree(data); + free(data); if (len == req->len) { TAILQ_REMOVE(&requests, req, tq); - xfree(req); + free(req); num_req--; } else { /* Resend the request for the missing data */ @@ -1187,10 +1252,19 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, /* Sanity check */ if (TAILQ_FIRST(&requests) != NULL) fatal("Transfer complete, but requests still in queue"); - + /* Truncate at highest contiguous point to avoid holes on interrupt */ + if (read_error || write_error || interrupted) { + if (reordered && resume_flag) { + error("Unable to resume download of \"%s\": " + "server reordered requests", local_path); + } + debug("truncating at %llu", (unsigned long long)highwater); + ftruncate(local_fd, highwater); + } if (read_error) { error("Couldn't read from remote file \"%s\" : %s", remote_path, fx2txt(status)); + status = -1; do_close(conn, handle, handle_len); } else if (write_error) { error("Couldn't write to \"%s\": %s", local_path, @@ -1199,16 +1273,18 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, do_close(conn, handle, handle_len); } else { status = do_close(conn, handle, handle_len); - + if (interrupted || status != SSH2_FX_OK) + status = -1; /* Override umask and utimes if asked */ #ifdef HAVE_FCHMOD - if (pflag && fchmod(local_fd, mode) == -1) + if (preserve_flag && fchmod(local_fd, mode) == -1) #else - if (pflag && chmod(local_path, mode) == -1) + if (preserve_flag && chmod(local_path, mode) == -1) #endif /* HAVE_FCHMOD */ error("Couldn't set mode on \"%s\": %s", local_path, strerror(errno)); - if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) { + if (preserve_flag && + (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) { struct timeval tv[2]; tv[0].tv_sec = a->atime; tv[1].tv_sec = a->mtime; @@ -1217,17 +1293,24 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, error("Can't set times on \"%s\": %s", local_path, strerror(errno)); } + if (fsync_flag) { + debug("syncing \"%s\"", local_path); + if (fsync(local_fd) == -1) + error("Couldn't sync file \"%s\": %s", + local_path, strerror(errno)); + } } close(local_fd); buffer_free(&msg); - xfree(handle); + free(handle); return(status); } static int -download_dir_internal(struct sftp_conn *conn, char *src, char *dst, - Attrib *dirattrib, int pflag, int printflag, int depth) +download_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth, + Attrib *dirattrib, int preserve_flag, int print_flag, int resume_flag, + int fsync_flag) { int i, ret = 0; SFTP_DIRENT **dir_entries; @@ -1248,7 +1331,7 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, error("\"%s\" is not a directory", src); return -1; } - if (printflag) + if (print_flag) printf("Retrieving %s\n", src); if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) @@ -1279,12 +1362,13 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, strcmp(filename, "..") == 0) continue; if (download_dir_internal(conn, new_src, new_dst, - &(dir_entries[i]->a), pflag, printflag, - depth + 1) == -1) + depth + 1, &(dir_entries[i]->a), preserve_flag, + print_flag, resume_flag, fsync_flag) == -1) ret = -1; } else if (S_ISREG(dir_entries[i]->a.perm) ) { if (do_download(conn, new_src, new_dst, - &(dir_entries[i]->a), pflag) == -1) { + &(dir_entries[i]->a), preserve_flag, + resume_flag, fsync_flag) == -1) { error("Download of file %s to %s failed", new_src, new_dst); ret = -1; @@ -1292,11 +1376,11 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, } else logit("%s: not a regular file\n", new_src); - xfree(new_dst); - xfree(new_src); + free(new_dst); + free(new_src); } - if (pflag) { + if (preserve_flag) { if (dirattrib->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { struct timeval tv[2]; tv[0].tv_sec = dirattrib->atime; @@ -1317,34 +1401,35 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, int download_dir(struct sftp_conn *conn, char *src, char *dst, - Attrib *dirattrib, int pflag, int printflag) + Attrib *dirattrib, int preserve_flag, int print_flag, + int resume_flag, int fsync_flag) { char *src_canon; int ret; if ((src_canon = do_realpath(conn, src)) == NULL) { - error("Unable to canonicalise path \"%s\"", src); + error("Unable to canonicalize path \"%s\"", src); return -1; } - ret = download_dir_internal(conn, src_canon, dst, - dirattrib, pflag, printflag, 0); - xfree(src_canon); + ret = download_dir_internal(conn, src_canon, dst, 0, + dirattrib, preserve_flag, print_flag, resume_flag, fsync_flag); + free(src_canon); return ret; } int do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, - int pflag) + int preserve_flag, int resume, int fsync_flag) { int local_fd; int status = SSH2_FX_OK; u_int handle_len, id, type; - off_t offset; + off_t offset, progress_counter; char *handle, *data; Buffer msg; struct stat sb; - Attrib a; + Attrib a, *c = NULL; u_int32_t startid; u_int32_t ackid; struct outstanding_ack { @@ -1379,9 +1464,29 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, a.flags &= ~SSH2_FILEXFER_ATTR_SIZE; a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID; a.perm &= 0777; - if (!pflag) + if (!preserve_flag) a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; + if (resume) { + /* Get remote file size if it exists */ + if ((c = do_stat(conn, remote_path, 0)) == NULL) { + close(local_fd); + return -1; + } + + if ((off_t)c->size >= sb.st_size) { + error("destination file bigger or same size as " + "source file"); + close(local_fd); + return -1; + } + + if (lseek(local_fd, (off_t)c->size, SEEK_SET) == -1) { + close(local_fd); + return -1; + } + } + buffer_init(&msg); /* Send open request */ @@ -1389,7 +1494,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, buffer_put_char(&msg, SSH2_FXP_OPEN); buffer_put_int(&msg, id); buffer_put_cstring(&msg, remote_path); - buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC); + buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT| + (resume ? SSH2_FXF_APPEND : SSH2_FXF_TRUNC)); encode_attrib(&msg, &a); send_msg(conn, &msg); debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); @@ -1408,9 +1514,10 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, data = xmalloc(conn->transfer_buflen); /* Read from local and write to remote */ - offset = 0; + offset = progress_counter = (resume ? c->size : 0); if (showprogress) - start_progress_meter(local_path, sb.st_size, &offset); + start_progress_meter(local_path, sb.st_size, + &progress_counter); for (;;) { int len; @@ -1433,7 +1540,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, strerror(errno)); if (len != 0) { - ack = xmalloc(sizeof(*ack)); + ack = xcalloc(1, sizeof(*ack)); ack->id = ++id; ack->offset = offset; ack->len = len; @@ -1481,7 +1588,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, debug3("In write loop, ack for %u %u bytes at %lld", ack->id, ack->len, (long long)ack->offset); ++ackid; - xfree(ack); + progress_counter += ack->len; + free(ack); } offset += len; if (offset < 0) @@ -1491,7 +1599,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, if (showprogress) stop_progress_meter(); - xfree(data); + free(data); if (status != SSH2_FX_OK) { error("Couldn't write to remote file \"%s\": %s", @@ -1506,19 +1614,22 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, } /* Override umask and utimes if asked */ - if (pflag) + if (preserve_flag) do_fsetstat(conn, handle, handle_len, &a); + if (fsync_flag) + (void)do_fsync(conn, handle, handle_len); + if (do_close(conn, handle, handle_len) != SSH2_FX_OK) status = -1; - xfree(handle); + free(handle); return status; } static int -upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, - int pflag, int printflag, int depth) +upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth, + int preserve_flag, int print_flag, int resume, int fsync_flag) { int ret = 0, status; DIR *dirp; @@ -1541,7 +1652,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, error("\"%s\" is not a directory", src); return -1; } - if (printflag) + if (print_flag) printf("Entering %s\n", src); attrib_clear(&a); @@ -1549,9 +1660,9 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, a.flags &= ~SSH2_FILEXFER_ATTR_SIZE; a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID; a.perm &= 01777; - if (!pflag) + if (!preserve_flag) a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; - + status = do_mkdir(conn, dst, &a, 0); /* * we lack a portable status for errno EEXIST, @@ -1561,7 +1672,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, if (status != SSH2_FX_OK) { if (status != SSH2_FX_FAILURE) return -1; - if (do_stat(conn, dst, 0) == NULL) + if (do_stat(conn, dst, 0) == NULL) return -1; } @@ -1569,7 +1680,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, error("Failed to open dir \"%s\": %s", src, strerror(errno)); return -1; } - + while (((dp = readdir(dirp)) != NULL) && !interrupted) { if (dp->d_ino == 0) continue; @@ -1587,18 +1698,20 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, continue; if (upload_dir_internal(conn, new_src, new_dst, - pflag, printflag, depth + 1) == -1) + depth + 1, preserve_flag, print_flag, resume, + fsync_flag) == -1) ret = -1; } else if (S_ISREG(sb.st_mode)) { - if (do_upload(conn, new_src, new_dst, pflag) == -1) { + if (do_upload(conn, new_src, new_dst, + preserve_flag, resume, fsync_flag) == -1) { error("Uploading of file %s to %s failed!", new_src, new_dst); ret = -1; } } else logit("%s: not a regular file\n", filename); - xfree(new_dst); - xfree(new_src); + free(new_dst); + free(new_src); } do_setstat(conn, dst, &a); @@ -1608,19 +1721,21 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, } int -upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag, - int pflag) +upload_dir(struct sftp_conn *conn, char *src, char *dst, int preserve_flag, + int print_flag, int resume, int fsync_flag) { char *dst_canon; int ret; if ((dst_canon = do_realpath(conn, dst)) == NULL) { - error("Unable to canonicalise path \"%s\"", dst); + error("Unable to canonicalize path \"%s\"", dst); return -1; } - ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0); - xfree(dst_canon); + ret = upload_dir_internal(conn, src, dst_canon, 0, preserve_flag, + print_flag, resume, fsync_flag); + + free(dst_canon); return ret; } diff --git a/crypto/openssh/sftp-client.h b/crypto/openssh/sftp-client.h index aef54ef49d..967840b9cb 100644 --- a/crypto/openssh/sftp-client.h +++ b/crypto/openssh/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.20 2010/12/04 00:18:01 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.25 2014/04/21 14:36:16 logan Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -92,7 +92,7 @@ char *do_realpath(struct sftp_conn *, char *); int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int); /* Rename 'oldpath' to 'newpath' */ -int do_rename(struct sftp_conn *, char *, char *); +int do_rename(struct sftp_conn *, char *, char *m, int force_legacy); /* Link 'oldpath' to 'newpath' */ int do_hardlink(struct sftp_conn *, char *, char *); @@ -100,31 +100,33 @@ int do_hardlink(struct sftp_conn *, char *, char *); /* Rename 'oldpath' to 'newpath' */ int do_symlink(struct sftp_conn *, char *, char *); -/* XXX: add callbacks to do_download/do_upload so we can do progress meter */ +/* Call fsync() on open file 'handle' */ +int do_fsync(struct sftp_conn *conn, char *, u_int); /* * Download 'remote_path' to 'local_path'. Preserve permissions and times * if 'pflag' is set */ -int do_download(struct sftp_conn *, char *, char *, Attrib *, int); +int do_download(struct sftp_conn *, char *, char *, Attrib *, int, int, int); /* * Recursively download 'remote_directory' to 'local_directory'. Preserve * times if 'pflag' is set */ -int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int); +int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, + int, int, int); /* * Upload 'local_path' to 'remote_path'. Preserve permissions and times * if 'pflag' is set */ -int do_upload(struct sftp_conn *, char *, char *, int); +int do_upload(struct sftp_conn *, char *, char *, int, int, int); /* * Recursively upload 'local_directory' to 'remote_directory'. Preserve * times if 'pflag' is set */ -int upload_dir(struct sftp_conn *, char *, char *, int, int); +int upload_dir(struct sftp_conn *, char *, char *, int, int, int, int); /* Concatenate paths, taking care of slashes. Caller must free result. */ char *path_append(char *, char *); diff --git a/crypto/openssh/sftp-common.c b/crypto/openssh/sftp-common.c index a042875c69..70a929ccc0 100644 --- a/crypto/openssh/sftp-common.c +++ b/crypto/openssh/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.23 2010/01/15 09:24:23 markus Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.26 2014/01/09 03:26:00 guenther Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -128,8 +129,8 @@ decode_attrib(Buffer *b) type = buffer_get_string(b, NULL); data = buffer_get_string(b, NULL); debug3("Got file attribute \"%s\"", type); - xfree(type); - xfree(data); + free(type); + free(data); } } return &a; @@ -194,6 +195,7 @@ ls_file(const char *name, const struct stat *st, int remote, int si_units) char *user, *group; char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; char sbuf[FMT_SCALED_STRSIZE]; + time_t now; strmode(st->st_mode, mode); if (!remote) { @@ -209,7 +211,9 @@ ls_file(const char *name, const struct stat *st, int remote, int si_units) group = gbuf; } if (ltime != NULL) { - if (time(NULL) - st->st_mtime < (365*24*60*60)/2) + now = time(NULL); + if (now - (365*24*60*60)/2 < st->st_mtime && + now >= st->st_mtime) sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime); else sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime); diff --git a/crypto/openssh/sftp-glob.c b/crypto/openssh/sftp-glob.c index 06bf157ca6..d85aecc9ab 100644 --- a/crypto/openssh/sftp-glob.c +++ b/crypto/openssh/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.23 2011/10/04 14:17:32 djm Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.26 2013/11/08 11:15:19 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -23,6 +23,7 @@ #endif #include +#include #include #include "xmalloc.h" @@ -48,10 +49,10 @@ fudge_opendir(const char *path) { struct SFTP_OPENDIR *r; - r = xmalloc(sizeof(*r)); + r = xcalloc(1, sizeof(*r)); if (do_readdir(cur.conn, (char *)path, &r->dir)) { - xfree(r); + free(r); return(NULL); } @@ -103,7 +104,7 @@ static void fudge_closedir(struct SFTP_OPENDIR *od) { free_sftp_dirents(od->dir); - xfree(od); + free(od); } static int diff --git a/crypto/openssh/sftp-server.8 b/crypto/openssh/sftp-server.8 index bb19c15e1a..75d8d8d532 100644 --- a/crypto/openssh/sftp-server.8 +++ b/crypto/openssh/sftp-server.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp-server.8,v 1.19 2010/01/09 03:36:00 jmc Exp $ +.\" $OpenBSD: sftp-server.8,v 1.26 2014/07/28 15:40:08 schwarze Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 9 2010 $ +.Dd $Mdocdate: July 28 2014 $ .Dt SFTP-SERVER 8 .Os .Sh NAME @@ -30,10 +30,17 @@ .Nd SFTP server subsystem .Sh SYNOPSIS .Nm sftp-server +.Bk -words .Op Fl ehR +.Op Fl d Ar start_directory .Op Fl f Ar log_facility .Op Fl l Ar log_level +.Op Fl P Ar blacklisted_requests +.Op Fl p Ar whitelisted_requests .Op Fl u Ar umask +.Ek +.Nm +.Fl Q Ar protocol_feature .Sh DESCRIPTION .Nm is a program that speaks the server side of SFTP protocol @@ -56,6 +63,17 @@ for more information. .Pp Valid options are: .Bl -tag -width Ds +.It Fl d Ar start_directory +specifies an alternate starting directory for users. +The pathname may contain the following tokens that are expanded at runtime: +%% is replaced by a literal '%', +%h is replaced by the home directory of the user being authenticated, +and %u is replaced by the username of that user. +The default is to use the user's home directory. +This option is useful in conjunction with the +.Xr sshd_config 5 +.Cm ChrootDirectory +option. .It Fl e Causes .Nm @@ -81,6 +99,34 @@ performs on behalf of the client. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. The default is ERROR. +.It Fl P Ar blacklisted_requests +Specify a comma-separated list of SFTP protocol requests that are banned by +the server. +.Nm +will reply to any blacklisted request with a failure. +The +.Fl Q +flag can be used to determine the supported request types. +If both a blacklist and a whitelist are specified, then the blacklist is +applied before the whitelist. +.It Fl p Ar whitelisted_requests +Specify a comma-separated list of SFTP protocol requests that are permitted +by the server. +All request types that are not on the whitelist will be logged and replied +to with a failure message. +.Pp +Care must be taken when using this feature to ensure that requests made +implicitly by SFTP clients are permitted. +.It Fl Q Ar protocol_feature +Query protocol features supported by +.Nm . +At present the only feature that may be queried is +.Dq requests , +which may be used for black or whitelisting (flags +.Fl P +and +.Fl p +respectively). .It Fl R Places this instance of .Nm @@ -94,11 +140,11 @@ to be applied to newly-created files and directories, instead of the user's default mask. .El .Pp -For logging to work, +On some systems, .Nm must be able to access -.Pa /dev/log . -Use of +.Pa /dev/log +for logging to work, and use of .Nm in a chroot configuration therefore requires that .Xr syslogd 8 @@ -112,8 +158,8 @@ establish a logging socket inside the chroot directory. .%A T. Ylonen .%A S. Lehtinen .%T "SSH File Transfer Protocol" -.%N draft-ietf-secsh-filexfer-00.txt -.%D January 2001 +.%N draft-ietf-secsh-filexfer-02.txt +.%D October 2001 .%O work in progress material .Re .Sh HISTORY @@ -121,4 +167,4 @@ establish a logging socket inside the chroot directory. first appeared in .Ox 2.8 . .Sh AUTHORS -.An Markus Friedl Aq markus@openbsd.org +.An Markus Friedl Aq Mt markus@openbsd.org diff --git a/crypto/openssh/sftp-server.c b/crypto/openssh/sftp-server.c index 9d01c7d798..0177130cfb 100644 --- a/crypto/openssh/sftp-server.c +++ b/crypto/openssh/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.94 2011/06/17 21:46:16 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.103 2014/01/17 06:23:24 dtucker Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -29,6 +29,9 @@ #ifdef HAVE_SYS_STATVFS_H #include #endif +#ifdef HAVE_SYS_PRCTL_H +#include +#endif #include #include @@ -46,6 +49,7 @@ #include "buffer.h" #include "log.h" #include "misc.h" +#include "match.h" #include "uidswap.h" #include "sftp.h" @@ -57,24 +61,29 @@ #define get_string(lenp) buffer_get_string(&iqueue, lenp); /* Our verbosity */ -LogLevel log_level = SYSLOG_LEVEL_ERROR; +static LogLevel log_level = SYSLOG_LEVEL_ERROR; /* Our client */ -struct passwd *pw = NULL; -char *client_addr = NULL; +static struct passwd *pw = NULL; +static char *client_addr = NULL; /* input and output queue */ -Buffer iqueue; -Buffer oqueue; +static Buffer iqueue; +static Buffer oqueue; /* Version of client */ -u_int version; +static u_int version; + +/* SSH2_FXP_INIT received */ +static int init_done; /* Disable writes */ -int readonly; +static int readonly; -/* portable attributes, etc. */ +/* Requests that are allowed/denied */ +static char *request_whitelist, *request_blacklist; +/* portable attributes, etc. */ typedef struct Stat Stat; struct Stat { @@ -83,6 +92,102 @@ struct Stat { Attrib attrib; }; +/* Packet handlers */ +static void process_open(u_int32_t id); +static void process_close(u_int32_t id); +static void process_read(u_int32_t id); +static void process_write(u_int32_t id); +static void process_stat(u_int32_t id); +static void process_lstat(u_int32_t id); +static void process_fstat(u_int32_t id); +static void process_setstat(u_int32_t id); +static void process_fsetstat(u_int32_t id); +static void process_opendir(u_int32_t id); +static void process_readdir(u_int32_t id); +static void process_remove(u_int32_t id); +static void process_mkdir(u_int32_t id); +static void process_rmdir(u_int32_t id); +static void process_realpath(u_int32_t id); +static void process_rename(u_int32_t id); +static void process_readlink(u_int32_t id); +static void process_symlink(u_int32_t id); +static void process_extended_posix_rename(u_int32_t id); +static void process_extended_statvfs(u_int32_t id); +static void process_extended_fstatvfs(u_int32_t id); +static void process_extended_hardlink(u_int32_t id); +static void process_extended_fsync(u_int32_t id); +static void process_extended(u_int32_t id); + +struct sftp_handler { + const char *name; /* user-visible name for fine-grained perms */ + const char *ext_name; /* extended request name */ + u_int type; /* packet type, for non extended packets */ + void (*handler)(u_int32_t); + int does_write; /* if nonzero, banned for readonly mode */ +}; + +struct sftp_handler handlers[] = { + /* NB. SSH2_FXP_OPEN does the readonly check in the handler itself */ + { "open", NULL, SSH2_FXP_OPEN, process_open, 0 }, + { "close", NULL, SSH2_FXP_CLOSE, process_close, 0 }, + { "read", NULL, SSH2_FXP_READ, process_read, 0 }, + { "write", NULL, SSH2_FXP_WRITE, process_write, 1 }, + { "lstat", NULL, SSH2_FXP_LSTAT, process_lstat, 0 }, + { "fstat", NULL, SSH2_FXP_FSTAT, process_fstat, 0 }, + { "setstat", NULL, SSH2_FXP_SETSTAT, process_setstat, 1 }, + { "fsetstat", NULL, SSH2_FXP_FSETSTAT, process_fsetstat, 1 }, + { "opendir", NULL, SSH2_FXP_OPENDIR, process_opendir, 0 }, + { "readdir", NULL, SSH2_FXP_READDIR, process_readdir, 0 }, + { "remove", NULL, SSH2_FXP_REMOVE, process_remove, 1 }, + { "mkdir", NULL, SSH2_FXP_MKDIR, process_mkdir, 1 }, + { "rmdir", NULL, SSH2_FXP_RMDIR, process_rmdir, 1 }, + { "realpath", NULL, SSH2_FXP_REALPATH, process_realpath, 0 }, + { "stat", NULL, SSH2_FXP_STAT, process_stat, 0 }, + { "rename", NULL, SSH2_FXP_RENAME, process_rename, 1 }, + { "readlink", NULL, SSH2_FXP_READLINK, process_readlink, 0 }, + { "symlink", NULL, SSH2_FXP_SYMLINK, process_symlink, 1 }, + { NULL, NULL, 0, NULL, 0 } +}; + +/* SSH2_FXP_EXTENDED submessages */ +struct sftp_handler extended_handlers[] = { + { "posix-rename", "posix-rename@openssh.com", 0, + process_extended_posix_rename, 1 }, + { "statvfs", "statvfs@openssh.com", 0, process_extended_statvfs, 0 }, + { "fstatvfs", "fstatvfs@openssh.com", 0, process_extended_fstatvfs, 0 }, + { "hardlink", "hardlink@openssh.com", 0, process_extended_hardlink, 1 }, + { "fsync", "fsync@openssh.com", 0, process_extended_fsync, 1 }, + { NULL, NULL, 0, NULL, 0 } +}; + +static int +request_permitted(struct sftp_handler *h) +{ + char *result; + + if (readonly && h->does_write) { + verbose("Refusing %s request in read-only mode", h->name); + return 0; + } + if (request_blacklist != NULL && + ((result = match_list(h->name, request_blacklist, NULL))) != NULL) { + free(result); + verbose("Refusing blacklisted %s request", h->name); + return 0; + } + if (request_whitelist != NULL && + ((result = match_list(h->name, request_whitelist, NULL))) != NULL) { + free(result); + debug2("Permitting whitelisted %s request", h->name); + return 1; + } + if (request_whitelist != NULL) { + verbose("Refusing non-whitelisted %s request", h->name); + return 0; + } + return 1; +} + static int errno_to_portable(int unixerrno) { @@ -130,6 +235,8 @@ flags_from_portable(int pflags) } else if (pflags & SSH2_FXF_WRITE) { flags = O_WRONLY; } + if (pflags & SSH2_FXF_APPEND) + flags |= O_APPEND; if (pflags & SSH2_FXF_CREAT) flags |= O_CREAT; if (pflags & SSH2_FXF_TRUNC) @@ -156,6 +263,8 @@ string_from_portable(int pflags) PAPPEND("READ") if (pflags & SSH2_FXF_WRITE) PAPPEND("WRITE") + if (pflags & SSH2_FXF_APPEND) + PAPPEND("APPEND") if (pflags & SSH2_FXF_CREAT) PAPPEND("CREATE") if (pflags & SSH2_FXF_TRUNC) @@ -179,6 +288,7 @@ struct Handle { int use; DIR *dirp; int fd; + int flags; char *name; u_int64_t bytes_read, bytes_write; int next_unused; @@ -202,7 +312,7 @@ static void handle_unused(int i) } static int -handle_new(int use, const char *name, int fd, DIR *dirp) +handle_new(int use, const char *name, int fd, int flags, DIR *dirp) { int i; @@ -220,6 +330,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp) handles[i].use = use; handles[i].dirp = dirp; handles[i].fd = fd; + handles[i].flags = flags; handles[i].name = xstrdup(name); handles[i].bytes_read = handles[i].bytes_write = 0; @@ -282,6 +393,14 @@ handle_to_fd(int handle) return -1; } +static int +handle_to_flags(int handle) +{ + if (handle_is_ok(handle, HANDLE_FILE)) + return handles[handle].flags; + return 0; +} + static void handle_update_read(int handle, ssize_t bytes) { @@ -319,11 +438,11 @@ handle_close(int handle) if (handle_is_ok(handle, HANDLE_FILE)) { ret = close(handles[handle].fd); - xfree(handles[handle].name); + free(handles[handle].name); handle_unused(handle); } else if (handle_is_ok(handle, HANDLE_DIR)) { ret = closedir(handles[handle].dirp); - xfree(handles[handle].name); + free(handles[handle].name); handle_unused(handle); } else { errno = ENOENT; @@ -367,7 +486,7 @@ get_handle(void) handle = get_string(&hlen); if (hlen < 256) val = handle_from_string(handle, hlen); - xfree(handle); + free(handle); return val; } @@ -450,7 +569,7 @@ send_handle(u_int32_t id, int handle) handle_to_string(handle, &string, &hlen); debug("request %u: sent handle handle %d", id, handle); send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); - xfree(string); + free(string); } static void @@ -538,19 +657,21 @@ process_init(void) /* hardlink extension */ buffer_put_cstring(&msg, "hardlink@openssh.com"); buffer_put_cstring(&msg, "1"); /* version */ + /* fsync extension */ + buffer_put_cstring(&msg, "fsync@openssh.com"); + buffer_put_cstring(&msg, "1"); /* version */ send_msg(&msg); buffer_free(&msg); } static void -process_open(void) +process_open(u_int32_t id) { - u_int32_t id, pflags; + u_int32_t pflags; Attrib *a; char *name; int handle, fd, flags, mode, status = SSH2_FX_FAILURE; - id = get_int(); name = get_string(NULL); pflags = get_int(); /* portable flags */ debug3("request %u: open flags %d", id, pflags); @@ -560,14 +681,16 @@ process_open(void) logit("open \"%s\" flags %s mode 0%o", name, string_from_portable(pflags), mode); if (readonly && - ((flags & O_ACCMODE) == O_WRONLY || (flags & O_ACCMODE) == O_RDWR)) - status = SSH2_FX_PERMISSION_DENIED; - else { + ((flags & O_ACCMODE) == O_WRONLY || + (flags & O_ACCMODE) == O_RDWR)) { + verbose("Refusing open request in read-only mode"); + status = SSH2_FX_PERMISSION_DENIED; + } else { fd = open(name, flags, mode); if (fd < 0) { status = errno_to_portable(errno); } else { - handle = handle_new(HANDLE_FILE, name, fd, NULL); + handle = handle_new(HANDLE_FILE, name, fd, flags, NULL); if (handle < 0) { close(fd); } else { @@ -578,16 +701,14 @@ process_open(void) } if (status != SSH2_FX_OK) send_status(id, status); - xfree(name); + free(name); } static void -process_close(void) +process_close(u_int32_t id) { - u_int32_t id; int handle, ret, status = SSH2_FX_FAILURE; - id = get_int(); handle = get_handle(); debug3("request %u: close handle %u", id, handle); handle_log_close(handle, NULL); @@ -597,14 +718,13 @@ process_close(void) } static void -process_read(void) +process_read(u_int32_t id) { char buf[64*1024]; - u_int32_t id, len; + u_int32_t len; int handle, fd, ret, status = SSH2_FX_FAILURE; u_int64_t off; - id = get_int(); handle = get_handle(); off = get_int64(); len = get_int(); @@ -638,15 +758,13 @@ process_read(void) } static void -process_write(void) +process_write(u_int32_t id) { - u_int32_t id; u_int64_t off; u_int len; int handle, fd, ret, status; char *data; - id = get_int(); handle = get_handle(); off = get_int64(); data = get_string(&len); @@ -657,10 +775,9 @@ process_write(void) if (fd < 0) status = SSH2_FX_FAILURE; - else if (readonly) - status = SSH2_FX_PERMISSION_DENIED; else { - if (lseek(fd, off, SEEK_SET) < 0) { + if (!(handle_to_flags(handle) & O_APPEND) && + lseek(fd, off, SEEK_SET) < 0) { status = errno_to_portable(errno); error("process_write: seek failed"); } else { @@ -679,19 +796,17 @@ process_write(void) } } send_status(id, status); - xfree(data); + free(data); } static void -process_do_stat(int do_lstat) +process_do_stat(u_int32_t id, int do_lstat) { Attrib a; struct stat st; - u_int32_t id; char *name; int ret, status = SSH2_FX_FAILURE; - id = get_int(); name = get_string(NULL); debug3("request %u: %sstat", id, do_lstat ? "l" : ""); verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); @@ -705,30 +820,28 @@ process_do_stat(int do_lstat) } if (status != SSH2_FX_OK) send_status(id, status); - xfree(name); + free(name); } static void -process_stat(void) +process_stat(u_int32_t id) { - process_do_stat(0); + process_do_stat(id, 0); } static void -process_lstat(void) +process_lstat(u_int32_t id) { - process_do_stat(1); + process_do_stat(id, 1); } static void -process_fstat(void) +process_fstat(u_int32_t id) { Attrib a; struct stat st; - u_int32_t id; int fd, ret, handle, status = SSH2_FX_FAILURE; - id = get_int(); handle = get_handle(); debug("request %u: fstat \"%s\" (handle %u)", id, handle_to_name(handle), handle); @@ -760,21 +873,15 @@ attrib_to_tv(const Attrib *a) } static void -process_setstat(void) +process_setstat(u_int32_t id) { Attrib *a; - u_int32_t id; char *name; int status = SSH2_FX_OK, ret; - id = get_int(); name = get_string(NULL); a = get_attrib(); debug("request %u: setstat name \"%s\"", id, name); - if (readonly) { - status = SSH2_FX_PERMISSION_DENIED; - a->flags = 0; - } if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { logit("set \"%s\" size %llu", name, (unsigned long long)a->size); @@ -807,26 +914,22 @@ process_setstat(void) status = errno_to_portable(errno); } send_status(id, status); - xfree(name); + free(name); } static void -process_fsetstat(void) +process_fsetstat(u_int32_t id) { Attrib *a; - u_int32_t id; int handle, fd, ret; int status = SSH2_FX_OK; - id = get_int(); handle = get_handle(); a = get_attrib(); debug("request %u: fsetstat handle %d", id, handle); fd = handle_to_fd(handle); if (fd < 0) status = SSH2_FX_FAILURE; - else if (readonly) - status = SSH2_FX_PERMISSION_DENIED; else { char *name = handle_to_name(handle); @@ -878,14 +981,12 @@ process_fsetstat(void) } static void -process_opendir(void) +process_opendir(u_int32_t id) { DIR *dirp = NULL; char *path; int handle, status = SSH2_FX_FAILURE; - u_int32_t id; - id = get_int(); path = get_string(NULL); debug3("request %u: opendir", id); logit("opendir \"%s\"", path); @@ -893,7 +994,7 @@ process_opendir(void) if (dirp == NULL) { status = errno_to_portable(errno); } else { - handle = handle_new(HANDLE_DIR, path, 0, dirp); + handle = handle_new(HANDLE_DIR, path, 0, 0, dirp); if (handle < 0) { closedir(dirp); } else { @@ -904,19 +1005,17 @@ process_opendir(void) } if (status != SSH2_FX_OK) send_status(id, status); - xfree(path); + free(path); } static void -process_readdir(void) +process_readdir(u_int32_t id) { DIR *dirp; struct dirent *dp; char *path; int handle; - u_int32_t id; - id = get_int(); handle = get_handle(); debug("request %u: readdir \"%s\" (handle %d)", id, handle_to_name(handle), handle); @@ -953,95 +1052,75 @@ process_readdir(void) if (count > 0) { send_names(id, count, stats); for (i = 0; i < count; i++) { - xfree(stats[i].name); - xfree(stats[i].long_name); + free(stats[i].name); + free(stats[i].long_name); } } else { send_status(id, SSH2_FX_EOF); } - xfree(stats); + free(stats); } } static void -process_remove(void) +process_remove(u_int32_t id) { char *name; - u_int32_t id; int status = SSH2_FX_FAILURE; int ret; - id = get_int(); name = get_string(NULL); debug3("request %u: remove", id); logit("remove name \"%s\"", name); - if (readonly) - status = SSH2_FX_PERMISSION_DENIED; - else { - ret = unlink(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - } + ret = unlink(name); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); - xfree(name); + free(name); } static void -process_mkdir(void) +process_mkdir(u_int32_t id) { Attrib *a; - u_int32_t id; char *name; int ret, mode, status = SSH2_FX_FAILURE; - id = get_int(); name = get_string(NULL); a = get_attrib(); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm & 07777 : 0777; debug3("request %u: mkdir", id); logit("mkdir name \"%s\" mode 0%o", name, mode); - if (readonly) - status = SSH2_FX_PERMISSION_DENIED; - else { - ret = mkdir(name, mode); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - } + ret = mkdir(name, mode); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); - xfree(name); + free(name); } static void -process_rmdir(void) +process_rmdir(u_int32_t id) { - u_int32_t id; char *name; int ret, status; - id = get_int(); name = get_string(NULL); debug3("request %u: rmdir", id); logit("rmdir name \"%s\"", name); - if (readonly) - status = SSH2_FX_PERMISSION_DENIED; - else { - ret = rmdir(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - } + ret = rmdir(name); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); - xfree(name); + free(name); } static void -process_realpath(void) +process_realpath(u_int32_t id) { char resolvedname[MAXPATHLEN]; - u_int32_t id; char *path; - id = get_int(); path = get_string(NULL); if (path[0] == '\0') { - xfree(path); + free(path); path = xstrdup("."); } debug3("request %u: realpath", id); @@ -1054,26 +1133,22 @@ process_realpath(void) s.name = s.long_name = resolvedname; send_names(id, 1, &s); } - xfree(path); + free(path); } static void -process_rename(void) +process_rename(u_int32_t id) { - u_int32_t id; char *oldpath, *newpath; int status; struct stat sb; - id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); debug3("request %u: rename", id); logit("rename old \"%s\" new \"%s\"", oldpath, newpath); status = SSH2_FX_FAILURE; - if (readonly) - status = SSH2_FX_PERMISSION_DENIED; - else if (lstat(oldpath, &sb) == -1) + if (lstat(oldpath, &sb) == -1) status = errno_to_portable(errno); else if (S_ISREG(sb.st_mode)) { /* Race-free rename of regular files */ @@ -1115,19 +1190,17 @@ process_rename(void) status = SSH2_FX_OK; } send_status(id, status); - xfree(oldpath); - xfree(newpath); + free(oldpath); + free(newpath); } static void -process_readlink(void) +process_readlink(u_int32_t id) { - u_int32_t id; int len; char buf[MAXPATHLEN]; char *path; - id = get_int(); path = get_string(NULL); debug3("request %u: readlink", id); verbose("readlink \"%s\"", path); @@ -1141,31 +1214,25 @@ process_readlink(void) s.name = s.long_name = buf; send_names(id, 1, &s); } - xfree(path); + free(path); } static void -process_symlink(void) +process_symlink(u_int32_t id) { - u_int32_t id; char *oldpath, *newpath; int ret, status; - id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); debug3("request %u: symlink", id); logit("symlink old \"%s\" new \"%s\"", oldpath, newpath); /* this will fail if 'newpath' exists */ - if (readonly) - status = SSH2_FX_PERMISSION_DENIED; - else { - ret = symlink(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - } + ret = symlink(oldpath, newpath); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); - xfree(oldpath); - xfree(newpath); + free(oldpath); + free(newpath); } static void @@ -1178,15 +1245,11 @@ process_extended_posix_rename(u_int32_t id) newpath = get_string(NULL); debug3("request %u: posix-rename", id); logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath); - if (readonly) - status = SSH2_FX_PERMISSION_DENIED; - else { - ret = rename(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - } + ret = rename(oldpath, newpath); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); - xfree(oldpath); - xfree(newpath); + free(oldpath); + free(newpath); } static void @@ -1196,14 +1259,14 @@ process_extended_statvfs(u_int32_t id) struct statvfs st; path = get_string(NULL); - debug3("request %u: statfs", id); - logit("statfs \"%s\"", path); + debug3("request %u: statvfs", id); + logit("statvfs \"%s\"", path); if (statvfs(path, &st) != 0) send_status(id, errno_to_portable(errno)); else send_statvfs(id, &st); - xfree(path); + free(path); } static void @@ -1235,36 +1298,51 @@ process_extended_hardlink(u_int32_t id) newpath = get_string(NULL); debug3("request %u: hardlink", id); logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath); - if (readonly) - status = SSH2_FX_PERMISSION_DENIED; - else { - ret = link(oldpath, newpath); + ret = link(oldpath, newpath); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + send_status(id, status); + free(oldpath); + free(newpath); +} + +static void +process_extended_fsync(u_int32_t id) +{ + int handle, fd, ret, status = SSH2_FX_OP_UNSUPPORTED; + + handle = get_handle(); + debug3("request %u: fsync (handle %u)", id, handle); + verbose("fsync \"%s\"", handle_to_name(handle)); + if ((fd = handle_to_fd(handle)) < 0) + status = SSH2_FX_NO_SUCH_FILE; + else if (handle_is_ok(handle, HANDLE_FILE)) { + ret = fsync(fd); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; } send_status(id, status); - xfree(oldpath); - xfree(newpath); } static void -process_extended(void) +process_extended(u_int32_t id) { - u_int32_t id; char *request; + u_int i; - id = get_int(); request = get_string(NULL); - if (strcmp(request, "posix-rename@openssh.com") == 0) - process_extended_posix_rename(id); - else if (strcmp(request, "statvfs@openssh.com") == 0) - process_extended_statvfs(id); - else if (strcmp(request, "fstatvfs@openssh.com") == 0) - process_extended_fstatvfs(id); - else if (strcmp(request, "hardlink@openssh.com") == 0) - process_extended_hardlink(id); - else + for (i = 0; extended_handlers[i].handler != NULL; i++) { + if (strcmp(request, extended_handlers[i].ext_name) == 0) { + if (!request_permitted(&extended_handlers[i])) + send_status(id, SSH2_FX_PERMISSION_DENIED); + else + extended_handlers[i].handler(id); + break; + } + } + if (extended_handlers[i].handler == NULL) { + error("Unknown extended request \"%.100s\"", request); send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ - xfree(request); + } + free(request); } /* stolen from ssh-agent */ @@ -1272,11 +1350,9 @@ process_extended(void) static void process(void) { - u_int msg_len; - u_int buf_len; - u_int consumed; - u_int type; + u_int msg_len, buf_len, consumed, type, i; u_char *cp; + u_int32_t id; buf_len = buffer_len(&iqueue); if (buf_len < 5) @@ -1293,70 +1369,35 @@ process(void) buffer_consume(&iqueue, 4); buf_len -= 4; type = buffer_get_char(&iqueue); + switch (type) { case SSH2_FXP_INIT: process_init(); - break; - case SSH2_FXP_OPEN: - process_open(); - break; - case SSH2_FXP_CLOSE: - process_close(); - break; - case SSH2_FXP_READ: - process_read(); - break; - case SSH2_FXP_WRITE: - process_write(); - break; - case SSH2_FXP_LSTAT: - process_lstat(); - break; - case SSH2_FXP_FSTAT: - process_fstat(); - break; - case SSH2_FXP_SETSTAT: - process_setstat(); - break; - case SSH2_FXP_FSETSTAT: - process_fsetstat(); - break; - case SSH2_FXP_OPENDIR: - process_opendir(); - break; - case SSH2_FXP_READDIR: - process_readdir(); - break; - case SSH2_FXP_REMOVE: - process_remove(); - break; - case SSH2_FXP_MKDIR: - process_mkdir(); - break; - case SSH2_FXP_RMDIR: - process_rmdir(); - break; - case SSH2_FXP_REALPATH: - process_realpath(); - break; - case SSH2_FXP_STAT: - process_stat(); - break; - case SSH2_FXP_RENAME: - process_rename(); - break; - case SSH2_FXP_READLINK: - process_readlink(); - break; - case SSH2_FXP_SYMLINK: - process_symlink(); + init_done = 1; break; case SSH2_FXP_EXTENDED: - process_extended(); + if (!init_done) + fatal("Received extended request before init"); + id = get_int(); + process_extended(id); break; default: - error("Unknown message %d", type); - break; + if (!init_done) + fatal("Received %u request before init", type); + id = get_int(); + for (i = 0; handlers[i].handler != NULL; i++) { + if (type == handlers[i].type) { + if (!request_permitted(&handlers[i])) { + send_status(id, + SSH2_FX_PERMISSION_DENIED); + } else { + handlers[i].handler(id); + } + break; + } + } + if (handlers[i].handler == NULL) + error("Unknown message %u", type); } /* discard the remaining bytes from the current packet */ if (buf_len < buffer_len(&iqueue)) { @@ -1365,7 +1406,7 @@ process(void) } consumed = buf_len - buffer_len(&iqueue); if (msg_len < consumed) { - error("msg_len %d < consumed %d", msg_len, consumed); + error("msg_len %u < consumed %u", msg_len, consumed); sftp_server_cleanup_exit(255); } if (msg_len > consumed) @@ -1390,8 +1431,11 @@ sftp_server_usage(void) extern char *__progname; fprintf(stderr, - "usage: %s [-ehR] [-f log_facility] [-l log_level] [-u umask]\n", - __progname); + "usage: %s [-ehR] [-d start_directory] [-f log_facility] " + "[-l log_level]\n\t[-P blacklisted_requests] " + "[-p whitelisted_requests] [-u umask]\n" + " %s -Q protocol_feature\n", + __progname, __progname); exit(1); } @@ -1399,10 +1443,10 @@ int sftp_server_main(int argc, char **argv, struct passwd *user_pw) { fd_set *rset, *wset; - int in, out, max, ch, skipargs = 0, log_stderr = 0; + int i, in, out, max, ch, skipargs = 0, log_stderr = 0; ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; - char *cp, buf[4*4096]; + char *cp, *homedir = NULL, buf[4*4096]; long mask; extern char *optarg; @@ -1411,8 +1455,22 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) __progname = ssh_get_progname(argv[0]); log_init(__progname, log_level, log_facility, log_stderr); - while (!skipargs && (ch = getopt(argc, argv, "f:l:u:cehR")) != -1) { + pw = pwcopy(user_pw); + + while (!skipargs && (ch = getopt(argc, argv, + "d:f:l:P:p:Q:u:cehR")) != -1) { switch (ch) { + case 'Q': + if (strcasecmp(optarg, "requests") != 0) { + fprintf(stderr, "Invalid query type\n"); + exit(1); + } + for (i = 0; handlers[i].handler != NULL; i++) + printf("%s\n", handlers[i].name); + for (i = 0; extended_handlers[i].handler != NULL; i++) + printf("%s\n", extended_handlers[i].name); + exit(0); + break; case 'R': readonly = 1; break; @@ -1436,6 +1494,22 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (log_facility == SYSLOG_FACILITY_NOT_SET) error("Invalid log facility \"%s\"", optarg); break; + case 'd': + cp = tilde_expand_filename(optarg, user_pw->pw_uid); + homedir = percent_expand(cp, "d", user_pw->pw_dir, + "u", user_pw->pw_name, (char *)NULL); + free(cp); + break; + case 'p': + if (request_whitelist != NULL) + fatal("Permitted requests already set"); + request_whitelist = xstrdup(optarg); + break; + case 'P': + if (request_blacklist != NULL) + fatal("Refused requests already set"); + request_blacklist = xstrdup(optarg); + break; case 'u': errno = 0; mask = strtol(optarg, &cp, 8); @@ -1452,6 +1526,17 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) log_init(__progname, log_level, log_facility, log_stderr); +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* + * On Linux, we should try to avoid making /proc/self/{mem,maps} + * available to the user so that sftp access doesn't automatically + * imply arbitrary code execution access that will break + * restricted configurations. + */ + if (prctl(PR_SET_DUMPABLE, 0) != 0) + fatal("unable to make the process undumpable"); +#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ + if ((cp = getenv("SSH_CONNECTION")) != NULL) { client_addr = xstrdup(cp); if ((cp = strchr(client_addr, ' ')) == NULL) { @@ -1463,8 +1548,6 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) } else client_addr = xstrdup("UNKNOWN"); - pw = pwcopy(user_pw); - logit("session opened for local user %s from [%s]", pw->pw_name, client_addr); @@ -1489,6 +1572,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) rset = (fd_set *)xmalloc(set_size); wset = (fd_set *)xmalloc(set_size); + if (homedir != NULL) { + if (chdir(homedir) != 0) { + error("chdir to \"%s\" failed: %s", homedir, + strerror(errno)); + } + } + for (;;) { memset(rset, 0, set_size); memset(wset, 0, set_size); diff --git a/crypto/openssh/sftp.1 b/crypto/openssh/sftp.1 index bcb4721449..7eb9970abc 100644 --- a/crypto/openssh/sftp.1 +++ b/crypto/openssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.91 2011/09/05 05:56:13 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.99 2014/04/22 14:16:30 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 5 2011 $ +.Dd $Mdocdate: April 22 2014 $ .Dt SFTP 1 .Os .Sh NAME @@ -31,7 +31,7 @@ .Sh SYNOPSIS .Nm sftp .Bk -words -.Op Fl 1246Cpqrv +.Op Fl 1246aCfpqrv .Op Fl B Ar buffer_size .Op Fl b Ar batchfile .Op Fl c Ar cipher @@ -107,6 +107,11 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl a +Attempt to continue interrupted transfers rather than overwriting +existing partial or complete copies of files. +If the partial contents differ from those being transferred, +then the resultant file is likely to be corrupt. .It Fl B Ar buffer_size Specify the size of the buffer that .Nm @@ -129,7 +134,7 @@ may be used to indicate standard input. .Nm will abort if any of the following commands fail: -.Ic get , put , rename , ln , +.Ic get , put , reget , reput, rename , ln , .Ic rm , mkdir , chdir , ls , .Ic lchdir , chmod , chown , .Ic chgrp , lpwd , df , symlink , @@ -159,6 +164,10 @@ per-user configuration file for .Xr ssh 1 . This option is directly passed to .Xr ssh 1 . +.It Fl f +Requests that files be flushed to disk immediately after transfer. +When uploading files, this feature is only enabled if the server +implements the "fsync@openssh.com" extension. .It Fl i Ar identity_file Selects the file from which the identity (private key) for public key authentication is read. @@ -184,6 +193,11 @@ For full details of the options listed below, and their possible values, see .It AddressFamily .It BatchMode .It BindAddress +.It CanonicalDomains +.It CanonicalizeFallbackLocal +.It CanonicalizeHostname +.It CanonicalizeMaxDots +.It CanonicalizePermittedCNAMEs .It ChallengeResponseAuthentication .It CheckHostIP .It Cipher @@ -343,7 +357,7 @@ extension. Quit .Nm sftp . .It Xo Ic get -.Op Fl Ppr +.Op Fl afPpr .Ar remote-path .Op Ar local-path .Xc @@ -363,6 +377,21 @@ is specified, then .Ar local-path must specify a directory. .Pp +If the +.Fl a +flag is specified, then attempt to resume partial transfers of existing files. +Note that resumption assumes that any partial copy of the local file matches +the remote copy. +If the remote file contents differ from the partial local copy then the +resultant file is likely to be corrupt. +.Pp +If the +.Fl f +flag is specified, then +.Xr fsync 2 +will be called after the file transfer has completed to flush the file +to disk. +.Pp If either the .Fl P or @@ -466,7 +495,7 @@ Create remote directory specified by .It Ic progress Toggle display of progress meter. .It Xo Ic put -.Op Fl Ppr +.Op Fl afPpr .Ar local-path .Op Ar remote-path .Xc @@ -485,6 +514,23 @@ is specified, then .Ar remote-path must specify a directory. .Pp +If the +.Fl a +flag is specified, then attempt to resume partial +transfers of existing files. +Note that resumption assumes that any partial copy of the remote file +matches the local copy. +If the local file contents differ from the remote local copy then +the resultant file is likely to be corrupt. +.Pp +If the +.Fl f +flag is specified, then a request will be sent to the server to call +.Xr fsync 2 +after the file has been transferred. +Note that this is only supported by servers that implement +the "fsync@openssh.com" extension. +.Pp If either the .Fl P or @@ -503,6 +549,30 @@ Display remote working directory. .It Ic quit Quit .Nm sftp . +.It Xo Ic reget +.Op Fl Ppr +.Ar remote-path +.Op Ar local-path +.Xc +Resume download of +.Ar remote-path . +Equivalent to +.Ic get +with the +.Fl a +flag set. +.It Xo Ic reput +.Op Fl Ppr +.Op Ar local-path +.Ar remote-path +.Xc +Resume upload of +.Op Ar local-path . +Equivalent to +.Ic put +with the +.Fl a +flag set. .It Ic rename Ar oldpath Ar newpath Rename remote file from .Ar oldpath diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index 235c6ad04f..ff4d63d5ca 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.136 2012/06/22 14:36:33 dtucker Exp $ */ +/* $OpenBSD: sftp.c,v 1.164 2014/07/09 01:45:10 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -38,6 +38,9 @@ #ifdef HAVE_LIBGEN_H #include #endif +#ifdef HAVE_LOCALE_H +# include +#endif #ifdef USE_LIBEDIT #include #else @@ -54,10 +57,6 @@ typedef void EditLine; # include #endif -#ifdef HAVE_LIBUTIL_H -# include -#endif - #include "xmalloc.h" #include "log.h" #include "pathnames.h" @@ -80,15 +79,24 @@ int batchmode = 0; /* PID of ssh transport process */ static pid_t sshpid = -1; +/* Suppress diagnositic messages */ +int quiet = 0; + /* This is set to 0 if the progressmeter is not desired. */ int showprogress = 1; /* When this option is set, we always recursively download/upload directories */ int global_rflag = 0; +/* When this option is set, we resume download or upload if possible */ +int global_aflag = 0; + /* When this option is set, the file transfers will always preserve times */ int global_pflag = 0; +/* When this option is set, transfers will have fsync() called on each file */ +int global_fflag = 0; + /* SIGINT received during command processing */ volatile sig_atomic_t interrupted = 0; @@ -124,31 +132,35 @@ extern char *__progname; #define SORT_FLAGS (LS_NAME_SORT|LS_TIME_SORT|LS_SIZE_SORT) /* Commands for interactive mode */ -#define I_CHDIR 1 -#define I_CHGRP 2 -#define I_CHMOD 3 -#define I_CHOWN 4 -#define I_DF 24 -#define I_GET 5 -#define I_HELP 6 -#define I_LCHDIR 7 -#define I_LINK 25 -#define I_LLS 8 -#define I_LMKDIR 9 -#define I_LPWD 10 -#define I_LS 11 -#define I_LUMASK 12 -#define I_MKDIR 13 -#define I_PUT 14 -#define I_PWD 15 -#define I_QUIT 16 -#define I_RENAME 17 -#define I_RM 18 -#define I_RMDIR 19 -#define I_SHELL 20 -#define I_SYMLINK 21 -#define I_VERSION 22 -#define I_PROGRESS 23 +enum sftp_command { + I_CHDIR = 1, + I_CHGRP, + I_CHMOD, + I_CHOWN, + I_DF, + I_GET, + I_HELP, + I_LCHDIR, + I_LINK, + I_LLS, + I_LMKDIR, + I_LPWD, + I_LS, + I_LUMASK, + I_MKDIR, + I_PUT, + I_PWD, + I_QUIT, + I_REGET, + I_RENAME, + I_REPUT, + I_RM, + I_RMDIR, + I_SHELL, + I_SYMLINK, + I_VERSION, + I_PROGRESS, +}; struct CMD { const char *c; @@ -188,7 +200,9 @@ static const struct CMD cmds[] = { { "put", I_PUT, LOCAL }, { "pwd", I_PWD, REMOTE }, { "quit", I_QUIT, NOARGS }, + { "reget", I_REGET, REMOTE }, { "rename", I_RENAME, REMOTE }, + { "reput", I_REPUT, LOCAL }, { "rm", I_RM, REMOTE }, { "rmdir", I_RMDIR, REMOTE }, { "symlink", I_SYMLINK, REMOTE }, @@ -219,7 +233,7 @@ cmd_interrupt(int signo) const char msg[] = "\rInterrupt \n"; int olderrno = errno; - write(STDERR_FILENO, msg, sizeof(msg) - 1); + (void)write(STDERR_FILENO, msg, sizeof(msg) - 1); interrupted = 1; errno = olderrno; } @@ -237,6 +251,8 @@ help(void) " filesystem containing 'path'\n" "exit Quit sftp\n" "get [-Ppr] remote [local] Download file\n" + "reget remote [local] Resume download file\n" + "reput [local] remote Resume upload file\n" "help Display this help text\n" "lcd path Change local directory to 'path'\n" "lls [ls-options [path]] Display local directory listing\n" @@ -310,7 +326,7 @@ local_do_ls(const char *args) /* XXX: quoting - rip quoting code from ftp? */ snprintf(buf, len, _PATH_LS " %s", args); local_do_shell(buf); - xfree(buf); + free(buf); } } @@ -341,15 +357,15 @@ make_absolute(char *p, char *pwd) /* Derelativise */ if (p && p[0] != '/') { abs_str = path_append(pwd, p); - xfree(p); + free(p); return(abs_str); } else return(p); } static int -parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag, - int *rflag) +parse_getput_flags(const char *cmd, char **argv, int argc, + int *aflag, int *fflag, int *pflag, int *rflag) { extern int opterr, optind, optopt, optreset; int ch; @@ -357,9 +373,15 @@ parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag, optind = optreset = 1; opterr = 0; - *rflag = *pflag = 0; - while ((ch = getopt(argc, argv, "PpRr")) != -1) { + *aflag = *fflag = *rflag = *pflag = 0; + while ((ch = getopt(argc, argv, "afPpRr")) != -1) { switch (ch) { + case 'a': + *aflag = 1; + break; + case 'f': + *fflag = 1; + break; case 'p': case 'P': *pflag = 1; @@ -402,6 +424,30 @@ parse_link_flags(const char *cmd, char **argv, int argc, int *sflag) } static int +parse_rename_flags(const char *cmd, char **argv, int argc, int *lflag) +{ + extern int opterr, optind, optopt, optreset; + int ch; + + optind = optreset = 1; + opterr = 0; + + *lflag = 0; + while ((ch = getopt(argc, argv, "l")) != -1) { + switch (ch) { + case 'l': + *lflag = 1; + break; + default: + error("%s: Invalid flag -%c", cmd, optopt); + return -1; + } + } + + return optind; +} + +static int parse_ls_flags(char **argv, int argc, int *lflag) { extern int opterr, optind, optopt, optreset; @@ -482,6 +528,26 @@ parse_df_flags(const char *cmd, char **argv, int argc, int *hflag, int *iflag) } static int +parse_no_flags(const char *cmd, char **argv, int argc) +{ + extern int opterr, optind, optopt, optreset; + int ch; + + optind = optreset = 1; + opterr = 0; + + while ((ch = getopt(argc, argv, "")) != -1) { + switch (ch) { + default: + error("%s: Invalid flag -%c", cmd, optopt); + return -1; + } + } + + return optind; +} + +static int is_dir(char *path) { struct stat sb; @@ -517,21 +583,25 @@ pathname_is_dir(char *pathname) static int process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, - int pflag, int rflag) + int pflag, int rflag, int resume, int fflag) { char *abs_src = NULL; char *abs_dst = NULL; glob_t g; char *filename, *tmp=NULL; - int i, err = 0; + int i, r, err = 0; abs_src = xstrdup(src); abs_src = make_absolute(abs_src, pwd); memset(&g, 0, sizeof(g)); debug3("Looking up %s", abs_src); - if (remote_glob(conn, abs_src, GLOB_MARK, NULL, &g)) { - error("File \"%s\" not found.", abs_src); + if ((r = remote_glob(conn, abs_src, GLOB_MARK, NULL, &g)) != 0) { + if (r == GLOB_NOSPACE) { + error("Too many matches for \"%s\".", abs_src); + } else { + error("File \"%s\" not found.", abs_src); + } err = -1; goto out; } @@ -551,7 +621,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, tmp = xstrdup(g.gl_pathv[i]); if ((filename = basename(tmp)) == NULL) { error("basename %s: %s", tmp, strerror(errno)); - xfree(tmp); + free(tmp); err = -1; goto out; } @@ -567,31 +637,37 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, } else { abs_dst = xstrdup(filename); } - xfree(tmp); + free(tmp); - printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); + resume |= global_aflag; + if (!quiet && resume) + printf("Resuming %s to %s\n", g.gl_pathv[i], abs_dst); + else if (!quiet && !resume) + printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { - if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, - pflag || global_pflag, 1) == -1) + if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, + pflag || global_pflag, 1, resume, + fflag || global_fflag) == -1) err = -1; } else { if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, - pflag || global_pflag) == -1) + pflag || global_pflag, resume, + fflag || global_fflag) == -1) err = -1; } - xfree(abs_dst); + free(abs_dst); abs_dst = NULL; } out: - xfree(abs_src); + free(abs_src); globfree(&g); return(err); } static int process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, - int pflag, int rflag) + int pflag, int rflag, int resume, int fflag) { char *tmp_dst = NULL; char *abs_dst = NULL; @@ -632,11 +708,11 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, error("stat %s: %s", g.gl_pathv[i], strerror(errno)); continue; } - + tmp = xstrdup(g.gl_pathv[i]); if ((filename = basename(tmp)) == NULL) { error("basename %s: %s", tmp, strerror(errno)); - xfree(tmp); + free(tmp); err = -1; goto out; } @@ -652,25 +728,30 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, } else { abs_dst = make_absolute(xstrdup(filename), pwd); } - xfree(tmp); - - printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); + free(tmp); + + resume |= global_aflag; + if (!quiet && resume) + printf("Resuming upload of %s to %s\n", g.gl_pathv[i], + abs_dst); + else if (!quiet && !resume) + printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { if (upload_dir(conn, g.gl_pathv[i], abs_dst, - pflag || global_pflag, 1) == -1) + pflag || global_pflag, 1, resume, + fflag || global_fflag) == -1) err = -1; } else { if (do_upload(conn, g.gl_pathv[i], abs_dst, - pflag || global_pflag) == -1) + pflag || global_pflag, resume, + fflag || global_fflag) == -1) err = -1; } } out: - if (abs_dst) - xfree(abs_dst); - if (tmp_dst) - xfree(tmp_dst); + free(abs_dst); + free(tmp_dst); globfree(&g); return(err); } @@ -718,7 +799,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) /* Add any subpath that also needs to be counted */ tmp = path_strip(path, strip_path); m += strlen(tmp); - xfree(tmp); + free(tmp); if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) width = ws.ws_col; @@ -744,7 +825,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) tmp = path_append(path, d[n]->filename); fname = path_strip(tmp, strip_path); - xfree(tmp); + free(tmp); if (lflag & LS_LONG_VIEW) { if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) { @@ -756,7 +837,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) lname = ls_file(fname, &sb, 1, (lflag & LS_SI_UNITS)); printf("%s\n", lname); - xfree(lname); + free(lname); } else printf("%s\n", d[n]->longname); } else { @@ -768,7 +849,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) c++; } - xfree(fname); + free(fname); } if (!(lflag & LS_LONG_VIEW) && (c != 1)) @@ -785,19 +866,23 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, { char *fname, *lname; glob_t g; - int err; + int err, r; struct winsize ws; u_int i, c = 1, colspace = 0, columns = 1, m = 0, width = 80; memset(&g, 0, sizeof(g)); - if (remote_glob(conn, path, + if ((r = remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE|GLOB_KEEPSTAT|GLOB_NOSORT, - NULL, &g) || + NULL, &g)) != 0 || (g.gl_pathc && !g.gl_matchc)) { if (g.gl_pathc) globfree(&g); - error("Can't ls: \"%s\" not found", path); + if (r == GLOB_NOSPACE) { + error("Can't ls: Too many matches for \"%s\"", path); + } else { + error("Can't ls: \"%s\" not found", path); + } return -1; } @@ -838,7 +923,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, lname = ls_file(fname, g.gl_statv[i], 1, (lflag & LS_SI_UNITS)); printf("%s\n", lname); - xfree(lname); + free(lname); } else { printf("%-*s", colspace, fname); if (c >= columns) { @@ -847,7 +932,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, } else c++; } - xfree(fname); + free(fname); } if (!(lflag & LS_LONG_VIEW) && (c != 1)) @@ -961,7 +1046,7 @@ undo_glob_escape(char *s) * * If "lastquote" is not NULL, the quoting character used for the last * argument is placed in *lastquote ("\0", "'" or "\""). - * + * * If "terminated" is not NULL, *terminated will be set to 1 when the * last argument's quote has been properly terminated or 0 otherwise. * This parameter is only of use if "sloppy" is set. @@ -991,7 +1076,11 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, state = MA_START; i = j = 0; for (;;) { - if (isspace(arg[i])) { + if ((size_t)argc >= sizeof(argv) / sizeof(*argv)){ + error("Too many arguments."); + return NULL; + } + if (isspace((unsigned char)arg[i])) { if (state == MA_UNQUOTED) { /* Terminate current argument */ argvs[j++] = '\0'; @@ -1006,7 +1095,7 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, state = q; if (lastquote != NULL) *lastquote = arg[i]; - } else if (state == MA_UNQUOTED) + } else if (state == MA_UNQUOTED) state = q; else if (state == q) state = MA_UNQUOTED; @@ -1112,8 +1201,10 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, } static int -parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, - int *hflag, int *sflag, unsigned long *n_arg, char **path1, char **path2) +parse_args(const char **cpp, int *ignore_errors, int *aflag, + int *fflag, int *hflag, int *iflag, int *lflag, int *pflag, + int *rflag, int *sflag, + unsigned long *n_arg, char **path1, char **path2) { const char *cmd, *cp = *cpp; char *cp2, **argv; @@ -1125,9 +1216,9 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, cp = cp + strspn(cp, WHITESPACE); /* Check for leading '-' (disable error processing) */ - *iflag = 0; + *ignore_errors = 0; if (*cp == '-') { - *iflag = 1; + *ignore_errors = 1; cp++; cp = cp + strspn(cp, WHITESPACE); } @@ -1141,7 +1232,7 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, /* Figure out which command we have */ for (i = 0; cmds[i].c != NULL; i++) { - if (strcasecmp(cmds[i].c, argv[0]) == 0) + if (argv[0] != NULL && strcasecmp(cmds[i].c, argv[0]) == 0) break; } cmdnum = cmds[i].n; @@ -1157,14 +1248,17 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, } /* Get arguments and parse flags */ - *lflag = *pflag = *rflag = *hflag = *n_arg = 0; + *aflag = *fflag = *hflag = *iflag = *lflag = *pflag = 0; + *rflag = *sflag = 0; *path1 = *path2 = NULL; optidx = 1; switch (cmdnum) { case I_GET: + case I_REGET: + case I_REPUT: case I_PUT: if ((optidx = parse_getput_flags(cmd, argv, argc, - pflag, rflag)) == -1) + aflag, fflag, pflag, rflag)) == -1) return -1; /* Get first pathname (mandatory) */ if (argc - optidx < 1) { @@ -1183,8 +1277,15 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, case I_LINK: if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1) return -1; - case I_SYMLINK: + goto parse_two_paths; case I_RENAME: + if ((optidx = parse_rename_flags(cmd, argv, argc, lflag)) == -1) + return -1; + goto parse_two_paths; + case I_SYMLINK: + if ((optidx = parse_no_flags(cmd, argv, argc)) == -1) + return -1; + parse_two_paths: if (argc - optidx < 2) { error("You must specify two paths after a %s " "command.", cmd); @@ -1202,6 +1303,8 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, case I_CHDIR: case I_LCHDIR: case I_LMKDIR: + if ((optidx = parse_no_flags(cmd, argv, argc)) == -1) + return -1; /* Get pathname (mandatory) */ if (argc - optidx < 1) { error("You must specify a path after a %s command.", @@ -1243,6 +1346,8 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, base = 8; case I_CHOWN: case I_CHGRP: + if ((optidx = parse_no_flags(cmd, argv, argc)) == -1) + return -1; /* Get numeric arg (mandatory) */ if (argc - optidx < 1) goto need_num_arg; @@ -1273,6 +1378,8 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, case I_HELP: case I_VERSION: case I_PROGRESS: + if ((optidx = parse_no_flags(cmd, argv, argc)) == -1) + return -1; break; default: fatal("Command not implemented"); @@ -1287,7 +1394,9 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, int err_abort) { char *path1, *path2, *tmp; - int pflag = 0, rflag = 0, lflag = 0, iflag = 0, hflag = 0, sflag = 0; + int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0, + iflag = 0; + int lflag = 0, pflag = 0, rflag = 0, sflag = 0; int cmdnum, i; unsigned long n_arg = 0; Attrib a, *aa; @@ -1296,10 +1405,9 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, glob_t g; path1 = path2 = NULL; - cmdnum = parse_args(&cmd, &pflag, &rflag, &lflag, &iflag, &hflag, - &sflag, &n_arg, &path1, &path2); - - if (iflag != 0) + cmdnum = parse_args(&cmd, &ignore_errors, &aflag, &fflag, &hflag, + &iflag, &lflag, &pflag, &rflag, &sflag, &n_arg, &path1, &path2); + if (ignore_errors != 0) err_abort = 0; memset(&g, 0, sizeof(g)); @@ -1313,21 +1421,30 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, /* Unrecognized command */ err = -1; break; + case I_REGET: + aflag = 1; + /* FALLTHROUGH */ case I_GET: - err = process_get(conn, path1, path2, *pwd, pflag, rflag); + err = process_get(conn, path1, path2, *pwd, pflag, + rflag, aflag, fflag); break; + case I_REPUT: + aflag = 1; + /* FALLTHROUGH */ case I_PUT: - err = process_put(conn, path1, path2, *pwd, pflag, rflag); + err = process_put(conn, path1, path2, *pwd, pflag, + rflag, aflag, fflag); break; case I_RENAME: path1 = make_absolute(path1, *pwd); path2 = make_absolute(path2, *pwd); - err = do_rename(conn, path1, path2); + err = do_rename(conn, path1, path2, lflag); break; case I_SYMLINK: sflag = 1; case I_LINK: - path1 = make_absolute(path1, *pwd); + if (!sflag) + path1 = make_absolute(path1, *pwd); path2 = make_absolute(path2, *pwd); err = (sflag ? do_symlink : do_hardlink)(conn, path1, path2); break; @@ -1335,7 +1452,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, path1 = make_absolute(path1, *pwd); remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); for (i = 0; g.gl_pathv[i] && !interrupted; i++) { - printf("Removing %s\n", g.gl_pathv[i]); + if (!quiet) + printf("Removing %s\n", g.gl_pathv[i]); err = do_rm(conn, g.gl_pathv[i]); if (err != 0 && err_abort) break; @@ -1359,24 +1477,24 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, break; } if ((aa = do_stat(conn, tmp, 0)) == NULL) { - xfree(tmp); + free(tmp); err = 1; break; } if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) { error("Can't change directory: Can't check target"); - xfree(tmp); + free(tmp); err = 1; break; } if (!S_ISDIR(aa->perm)) { error("Can't change directory: \"%s\" is not " "a directory", tmp); - xfree(tmp); + free(tmp); err = 1; break; } - xfree(*pwd); + free(*pwd); *pwd = tmp; break; case I_LS: @@ -1431,7 +1549,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, a.perm = n_arg; remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); for (i = 0; g.gl_pathv[i] && !interrupted; i++) { - printf("Changing mode on %s\n", g.gl_pathv[i]); + if (!quiet) + printf("Changing mode on %s\n", g.gl_pathv[i]); err = do_setstat(conn, g.gl_pathv[i], &a); if (err != 0 && err_abort) break; @@ -1460,10 +1579,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, } aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; if (cmdnum == I_CHOWN) { - printf("Changing owner on %s\n", g.gl_pathv[i]); + if (!quiet) + printf("Changing owner on %s\n", + g.gl_pathv[i]); aa->uid = n_arg; } else { - printf("Changing group on %s\n", g.gl_pathv[i]); + if (!quiet) + printf("Changing group on %s\n", + g.gl_pathv[i]); aa->gid = n_arg; } err = do_setstat(conn, g.gl_pathv[i], aa); @@ -1504,10 +1627,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, if (g.gl_pathc) globfree(&g); - if (path1) - xfree(path1); - if (path2) - xfree(path2); + free(path1); + free(path2); /* If an unignored error occurs in batch mode we should abort. */ if (err_abort && err != 0) @@ -1534,7 +1655,7 @@ complete_display(char **list, u_int len) char *tmp; /* Count entries for sort and find longest */ - for (y = 0; list[y]; y++) + for (y = 0; list[y]; y++) m = MAX(m, strlen(list[y])); if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) @@ -1579,8 +1700,8 @@ complete_ambiguous(const char *word, char **list, size_t count) for (y = 1; list[y]; y++) { u_int x; - for (x = 0; x < matchlen; x++) - if (list[0][x] != list[y][x]) + for (x = 0; x < matchlen; x++) + if (list[0][x] != list[y][x]) break; matchlen = x; @@ -1592,7 +1713,7 @@ complete_ambiguous(const char *word, char **list, size_t count) tmp[matchlen] = '\0'; return tmp; } - } + } return xstrdup(word); } @@ -1612,26 +1733,26 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, if (cmd == NULL) { for (y = 0; cmds[y].c; y++) list[count++] = xstrdup(cmds[y].c); - + list[count] = NULL; complete_display(list, 0); - for (y = 0; list[y] != NULL; y++) - xfree(list[y]); - xfree(list); + for (y = 0; list[y] != NULL; y++) + free(list[y]); + free(list); return count; } /* Prepare subset of commands that start with "cmd" */ cmdlen = strlen(cmd); for (y = 0; cmds[y].c; y++) { - if (!strncasecmp(cmd, cmds[y].c, cmdlen)) + if (!strncasecmp(cmd, cmds[y].c, cmdlen)) list[count++] = xstrdup(cmds[y].c); } list[count] = NULL; if (count == 0) { - xfree(list); + free(list); return 0; } @@ -1640,9 +1761,9 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, if (count > 1) complete_display(list, 0); - for (y = 0; list[y]; y++) - xfree(list[y]); - xfree(list); + for (y = 0; list[y]; y++) + free(list[y]); + free(list); if (tmp != NULL) { tmplen = strlen(tmp); @@ -1663,7 +1784,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, if (y > 0 && el_insertstr(el, argterm) == -1) fatal("el_insertstr failed."); } - xfree(tmp); + free(tmp); } return count; @@ -1681,7 +1802,7 @@ complete_is_remote(char *cmd) { return -1; for (i = 0; cmds[i].c; i++) { - if (!strncasecmp(cmd, cmds[i].c, strlen(cmds[i].c))) + if (!strncasecmp(cmd, cmds[i].c, strlen(cmds[i].c))) return cmds[i].t; } @@ -1694,23 +1815,27 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, char *file, int remote, int lastarg, char quote, int terminated) { glob_t g; - char *tmp, *tmp2, ins[3]; - u_int i, hadglob, pwdlen, len, tmplen, filelen; + char *tmp, *tmp2, ins[8]; + u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs; + int clen; const LineInfo *lf; - + /* Glob from "file" location */ if (file == NULL) tmp = xstrdup("*"); else xasprintf(&tmp, "%s*", file); + /* Check if the path is absolute. */ + isabs = tmp[0] == '/'; + memset(&g, 0, sizeof(g)); if (remote != LOCAL) { tmp = make_absolute(tmp, remote_path); remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g); - } else + } else glob(tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g); - + /* Determine length of pwd so we can trim completion display */ for (hadglob = tmplen = pwdlen = 0; tmp[tmplen] != 0; tmplen++) { /* Terminate counting on first unescaped glob metacharacter */ @@ -1724,22 +1849,22 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, if (tmp[tmplen] == '/') pwdlen = tmplen + 1; /* track last seen '/' */ } - xfree(tmp); + free(tmp); + tmp = NULL; - if (g.gl_matchc == 0) + if (g.gl_matchc == 0) goto out; if (g.gl_matchc > 1) complete_display(g.gl_pathv, pwdlen); - tmp = NULL; /* Don't try to extend globs */ if (file == NULL || hadglob) goto out; tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc); - tmp = path_strip(tmp2, remote_path); - xfree(tmp2); + tmp = path_strip(tmp2, isabs ? NULL : remote_path); + free(tmp2); if (tmp == NULL) goto out; @@ -1747,14 +1872,27 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, tmplen = strlen(tmp); filelen = strlen(file); - if (tmplen > filelen) { - tmp2 = tmp + filelen; - len = strlen(tmp2); + /* Count the number of escaped characters in the input string. */ + cesc = isesc = 0; + for (i = 0; i < filelen; i++) { + if (!isesc && file[i] == '\\' && i + 1 < filelen){ + isesc = 1; + cesc++; + } else + isesc = 0; + } + + if (tmplen > (filelen - cesc)) { + tmp2 = tmp + filelen - cesc; + len = strlen(tmp2); /* quote argument on way out */ - for (i = 0; i < len; i++) { + for (i = 0; i < len; i += clen) { + if ((clen = mblen(tmp2 + i, len - i)) < 0 || + (size_t)clen > sizeof(ins) - 2) + fatal("invalid multibyte character"); ins[0] = '\\'; - ins[1] = tmp2[i]; - ins[2] = '\0'; + memcpy(ins + 1, tmp2 + i, clen); + ins[clen + 1] = '\0'; switch (tmp2[i]) { case '\'': case '"': @@ -1762,6 +1900,8 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, case '\t': case '[': case ' ': + case '#': + case '*': if (quote == '\0' || tmp2[i] == quote) { if (el_insertstr(el, ins) == -1) fatal("el_insertstr " @@ -1780,7 +1920,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, lf = el_line(el); if (g.gl_matchc == 1) { i = 0; - if (!terminated) + if (!terminated && quote != '\0') ins[i++] = quote; if (*(lf->cursor - 1) != '/' && (lastarg || *(lf->cursor) != ' ')) @@ -1789,7 +1929,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, if (i > 0 && el_insertstr(el, ins) == -1) fatal("el_insertstr failed."); } - xfree(tmp); + free(tmp); out: globfree(&g); @@ -1800,8 +1940,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, static unsigned char complete(EditLine *el, int ch) { - char **argv, *line, quote; - u_int argc, carg, cursor, len, terminated, ret = CC_ERROR; + char **argv, *line, quote; + int argc, carg; + u_int cursor, len, terminated, ret = CC_ERROR; const LineInfo *lf; struct complete_ctx *complete_ctx; @@ -1815,7 +1956,7 @@ complete(EditLine *el, int ch) memcpy(line, lf->buffer, cursor); line[cursor] = '\0'; argv = makeargv(line, &carg, 1, "e, &terminated); - xfree(line); + free(line); /* Get all the arguments on the line */ len = lf->lastchar - lf->buffer; @@ -1827,7 +1968,7 @@ complete(EditLine *el, int ch) /* Ensure cursor is at EOL or a argument boundary */ if (line[cursor] != ' ' && line[cursor] != '\0' && line[cursor] != '\n') { - xfree(line); + free(line); return ret; } @@ -1838,7 +1979,7 @@ complete(EditLine *el, int ch) } else if (carg == 1 && cursor > 0 && line[cursor - 1] != ' ') { /* Handle the command parsing */ if (complete_cmd_parse(el, argv[0], argc == carg, - quote, terminated) != 0) + quote, terminated) != 0) ret = CC_REDISPLAY; } else if (carg >= 1) { /* Handle file parsing */ @@ -1851,11 +1992,11 @@ complete(EditLine *el, int ch) if (remote != 0 && complete_match(el, complete_ctx->conn, *complete_ctx->remote_pathp, filematch, - remote, carg == argc, quote, terminated) != 0) + remote, carg == argc, quote, terminated) != 0) ret = CC_REDISPLAY; } - xfree(line); + free(line); return ret; } #endif /* USE_LIBEDIT */ @@ -1889,12 +2030,19 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) el_source(el, NULL); /* Tab Completion */ - el_set(el, EL_ADDFN, "ftp-complete", + el_set(el, EL_ADDFN, "ftp-complete", "Context sensitive argument completion", complete); complete_ctx.conn = conn; complete_ctx.remote_pathp = &remote_path; el_set(el, EL_CLIENTDATA, (void*)&complete_ctx); el_set(el, EL_BIND, "^I", "ftp-complete", NULL); + /* enable ctrl-left-arrow and ctrl-right-arrow */ + el_set(el, EL_BIND, "\\e[1;5C", "em-next-word", NULL); + el_set(el, EL_BIND, "\\e[5C", "em-next-word", NULL); + el_set(el, EL_BIND, "\\e[1;5D", "ed-prev-word", NULL); + el_set(el, EL_BIND, "\\e\\e[D", "ed-prev-word", NULL); + /* make ^w match ksh behaviour */ + el_set(el, EL_BIND, "^w", "ed-delete-prev-word", NULL); } #endif /* USE_LIBEDIT */ @@ -1907,30 +2055,30 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) dir = make_absolute(dir, remote_path); if (remote_is_dir(conn, dir) && file2 == NULL) { - printf("Changing to: %s\n", dir); + if (!quiet) + printf("Changing to: %s\n", dir); snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); if (parse_dispatch_command(conn, cmd, &remote_path, 1) != 0) { - xfree(dir); - xfree(remote_path); - xfree(conn); + free(dir); + free(remote_path); + free(conn); return (-1); } } else { - if (file2 == NULL) - snprintf(cmd, sizeof cmd, "get %s", dir); - else - snprintf(cmd, sizeof cmd, "get %s %s", dir, - file2); - + /* XXX this is wrong wrt quoting */ + snprintf(cmd, sizeof cmd, "get%s %s%s%s", + global_aflag ? " -a" : "", dir, + file2 == NULL ? "" : " ", + file2 == NULL ? "" : file2); err = parse_dispatch_command(conn, cmd, &remote_path, 1); - xfree(dir); - xfree(remote_path); - xfree(conn); + free(dir); + free(remote_path); + free(conn); return (err); } - xfree(dir); + free(dir); } setlinebuf(stdout); @@ -1988,8 +2136,8 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) if (err != 0) break; } - xfree(remote_path); - xfree(conn); + free(remote_path); + free(conn); #ifdef USE_LIBEDIT if (el != NULL) @@ -2063,7 +2211,7 @@ usage(void) extern char *__progname; fprintf(stderr, - "usage: %s [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" + "usage: %s [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" " [-D sftp_server_path] [-F ssh_config] " "[-i identity_file] [-l limit]\n" " [-o ssh_option] [-P port] [-R num_requests] " @@ -2096,6 +2244,7 @@ main(int argc, char **argv) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); + setlocale(LC_CTYPE, ""); __progname = ssh_get_progname(argv[0]); memset(&args, '\0', sizeof(args)); @@ -2110,7 +2259,7 @@ main(int argc, char **argv) infile = stdin; while ((ch = getopt(argc, argv, - "1246hpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) { + "1246afhpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) { switch (ch) { /* Passed through to ssh(1) */ case '4': @@ -2127,6 +2276,8 @@ main(int argc, char **argv) addargs(&args, "%s", optarg); break; case 'q': + ll = SYSLOG_LEVEL_ERROR; + quiet = 1; showprogress = 0; addargs(&args, "-%c", ch); break; @@ -2148,6 +2299,9 @@ main(int argc, char **argv) case '2': sshver = 2; break; + case 'a': + global_aflag = 1; + break; case 'B': copy_buffer_len = strtol(optarg, &cp, 10); if (copy_buffer_len == 0 || *cp != '\0') @@ -2162,9 +2316,12 @@ main(int argc, char **argv) (infile = fopen(optarg, "r")) == NULL) fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; - batchmode = 1; + quiet = batchmode = 1; addargs(&args, "-obatchmode yes"); break; + case 'f': + global_fflag = 1; + break; case 'p': global_pflag = 1; break; @@ -2259,7 +2416,7 @@ main(int argc, char **argv) if (conn == NULL) fatal("Couldn't initialise connection to server"); - if (!batchmode) { + if (!quiet) { if (sftp_direct == NULL) fprintf(stderr, "Connected to %s.\n", host); else diff --git a/crypto/openssh/smult_curve25519_ref.c b/crypto/openssh/smult_curve25519_ref.c new file mode 100644 index 0000000000..2e69934d4d --- /dev/null +++ b/crypto/openssh/smult_curve25519_ref.c @@ -0,0 +1,265 @@ +/* $OpenBSD: smult_curve25519_ref.c,v 1.2 2013/11/02 22:02:14 markus Exp $ */ +/* +version 20081011 +Matthew Dempsky +Public domain. +Derived from public domain code by D. J. Bernstein. +*/ + +int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *); + +static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; } + u += a[31] + b[31]; out[31] = u; +} + +static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int j; + unsigned int u; + u = 218; + for (j = 0;j < 31;++j) { + u += a[j] + 65280 - b[j]; + out[j] = u & 255; + u >>= 8; + } + u += a[31] - b[31]; + out[31] = u; +} + +static void squeeze(unsigned int a[32]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } + u += a[31]; a[31] = u & 127; + u = 19 * (u >> 7); + for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } + u += a[31]; a[31] = u; +} + +static const unsigned int minusp[32] = { + 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128 +} ; + +static void freeze(unsigned int a[32]) +{ + unsigned int aorig[32]; + unsigned int j; + unsigned int negative; + + for (j = 0;j < 32;++j) aorig[j] = a[j]; + add(a,a,minusp); + negative = -((a[31] >> 7) & 1); + for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]); +} + +static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 32;++i) { + u = 0; + for (j = 0;j <= i;++j) u += a[j] * b[i - j]; + for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j]; + out[i] = u; + } + squeeze(out); +} + +static void mult121665(unsigned int out[32],const unsigned int a[32]) +{ + unsigned int j; + unsigned int u; + + u = 0; + for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; } + u += 121665 * a[31]; out[31] = u & 127; + u = 19 * (u >> 7); + for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; } + u += out[j]; out[j] = u; +} + +static void square(unsigned int out[32],const unsigned int a[32]) +{ + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 32;++i) { + u = 0; + for (j = 0;j < i - j;++j) u += a[j] * a[i - j]; + for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j]; + u *= 2; + if ((i & 1) == 0) { + u += a[i / 2] * a[i / 2]; + u += 38 * a[i / 2 + 16] * a[i / 2 + 16]; + } + out[i] = u; + } + squeeze(out); +} + +static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b) +{ + unsigned int j; + unsigned int t; + unsigned int bminus1; + + bminus1 = b - 1; + for (j = 0;j < 64;++j) { + t = bminus1 & (r[j] ^ s[j]); + p[j] = s[j] ^ t; + q[j] = r[j] ^ t; + } +} + +static void mainloop(unsigned int work[64],const unsigned char e[32]) +{ + unsigned int xzm1[64]; + unsigned int xzm[64]; + unsigned int xzmb[64]; + unsigned int xzm1b[64]; + unsigned int xznb[64]; + unsigned int xzn1b[64]; + unsigned int a0[64]; + unsigned int a1[64]; + unsigned int b0[64]; + unsigned int b1[64]; + unsigned int c1[64]; + unsigned int r[32]; + unsigned int s[32]; + unsigned int t[32]; + unsigned int u[32]; + unsigned int j; + unsigned int b; + int pos; + + for (j = 0;j < 32;++j) xzm1[j] = work[j]; + xzm1[32] = 1; + for (j = 33;j < 64;++j) xzm1[j] = 0; + + xzm[0] = 1; + for (j = 1;j < 64;++j) xzm[j] = 0; + + for (pos = 254;pos >= 0;--pos) { + b = e[pos / 8] >> (pos & 7); + b &= 1; + select(xzmb,xzm1b,xzm,xzm1,b); + add(a0,xzmb,xzmb + 32); + sub(a0 + 32,xzmb,xzmb + 32); + add(a1,xzm1b,xzm1b + 32); + sub(a1 + 32,xzm1b,xzm1b + 32); + square(b0,a0); + square(b0 + 32,a0 + 32); + mult(b1,a1,a0 + 32); + mult(b1 + 32,a1 + 32,a0); + add(c1,b1,b1 + 32); + sub(c1 + 32,b1,b1 + 32); + square(r,c1 + 32); + sub(s,b0,b0 + 32); + mult121665(t,s); + add(u,t,b0); + mult(xznb,b0,b0 + 32); + mult(xznb + 32,s,u); + square(xzn1b,c1); + mult(xzn1b + 32,r,work); + select(xzm,xzm1,xznb,xzn1b,b); + } + + for (j = 0;j < 64;++j) work[j] = xzm[j]; +} + +static void recip(unsigned int out[32],const unsigned int z[32]) +{ + unsigned int z2[32]; + unsigned int z9[32]; + unsigned int z11[32]; + unsigned int z2_5_0[32]; + unsigned int z2_10_0[32]; + unsigned int z2_20_0[32]; + unsigned int z2_50_0[32]; + unsigned int z2_100_0[32]; + unsigned int t0[32]; + unsigned int t1[32]; + int i; + + /* 2 */ square(z2,z); + /* 4 */ square(t1,z2); + /* 8 */ square(t0,t1); + /* 9 */ mult(z9,t0,z); + /* 11 */ mult(z11,z9,z2); + /* 22 */ square(t0,z11); + /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9); + + /* 2^6 - 2^1 */ square(t0,z2_5_0); + /* 2^7 - 2^2 */ square(t1,t0); + /* 2^8 - 2^3 */ square(t0,t1); + /* 2^9 - 2^4 */ square(t1,t0); + /* 2^10 - 2^5 */ square(t0,t1); + /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0); + + /* 2^11 - 2^1 */ square(t0,z2_10_0); + /* 2^12 - 2^2 */ square(t1,t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0); + + /* 2^21 - 2^1 */ square(t0,z2_20_0); + /* 2^22 - 2^2 */ square(t1,t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0); + + /* 2^41 - 2^1 */ square(t1,t0); + /* 2^42 - 2^2 */ square(t0,t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); } + /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0); + + /* 2^51 - 2^1 */ square(t0,z2_50_0); + /* 2^52 - 2^2 */ square(t1,t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0); + + /* 2^101 - 2^1 */ square(t1,z2_100_0); + /* 2^102 - 2^2 */ square(t0,t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); } + /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0); + + /* 2^201 - 2^1 */ square(t0,t1); + /* 2^202 - 2^2 */ square(t1,t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0); + + /* 2^251 - 2^1 */ square(t1,t0); + /* 2^252 - 2^2 */ square(t0,t1); + /* 2^253 - 2^3 */ square(t1,t0); + /* 2^254 - 2^4 */ square(t0,t1); + /* 2^255 - 2^5 */ square(t1,t0); + /* 2^255 - 21 */ mult(out,t1,z11); +} + +int crypto_scalarmult_curve25519(unsigned char *q, + const unsigned char *n, + const unsigned char *p) +{ + unsigned int work[96]; + unsigned char e[32]; + unsigned int i; + for (i = 0;i < 32;++i) e[i] = n[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + for (i = 0;i < 32;++i) work[i] = p[i]; + mainloop(work,e); + recip(work + 32,work + 32); + mult(work + 64,work,work + 32); + freeze(work + 64); + for (i = 0;i < 32;++i) q[i] = work[64 + i]; + return 0; +} diff --git a/crypto/openssh/ssh-add.1 b/crypto/openssh/ssh-add.1 index aec620deaf..4812448fa9 100644 --- a/crypto/openssh/ssh-add.1 +++ b/crypto/openssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $ +.\" $OpenBSD: ssh-add.1,v 1.59 2013/12/07 11:58:46 naddy Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 18 2011 $ +.Dd $Mdocdate: December 7 2013 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -57,7 +57,8 @@ adds private key identities to the authentication agent, When run without arguments, it adds the files .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_dsa , -.Pa ~/.ssh/id_ecdsa +.Pa ~/.ssh/id_ecdsa , +.Pa ~/.ssh/id_ed25519 and .Pa ~/.ssh/identity . After loading a private key, @@ -98,10 +99,10 @@ Deletes all identities from the agent. Instead of adding identities, removes identities from the agent. If .Nm -has been run without arguments, the keys for the default identities will -be removed. +has been run without arguments, the keys for the default identities and +their corresponding certificates will be removed. Otherwise, the argument list will be interpreted as a list of paths to -public key files and matching keys will be removed from the agent. +public key files to specify keys and certificates to be removed from the agent. If no public key is found at a given path, .Nm will append @@ -111,8 +112,8 @@ and retry. Remove keys provided by the PKCS#11 shared library .Ar pkcs11 . .It Fl k -When loading keys into the agent, load plain private keys only and skip -certificates. +When loading keys into or deleting keys from the agent, process plain private +keys only and skip certificates. .It Fl L Lists public key parameters of all identities currently represented by the agent. @@ -169,6 +170,8 @@ Contains the protocol version 1 RSA authentication identity of the user. Contains the protocol version 2 DSA authentication identity of the user. .It Pa ~/.ssh/id_ecdsa Contains the protocol version 2 ECDSA authentication identity of the user. +.It Pa ~/.ssh/id_ed25519 +Contains the protocol version 2 ED25519 authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. .El diff --git a/crypto/openssh/ssh-add.c b/crypto/openssh/ssh-add.c index 738644d275..78a3359ade 100644 --- a/crypto/openssh/ssh-add.c +++ b/crypto/openssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.113 2014/07/09 14:15:56 benno Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -62,6 +62,7 @@ #include "authfile.h" #include "pathnames.h" #include "misc.h" +#include "ssherr.h" /* argv0 */ extern char *__progname; @@ -73,6 +74,7 @@ static char *default_files[] = { #ifdef OPENSSL_HAS_ECC _PATH_SSH_CLIENT_ID_ECDSA, #endif + _PATH_SSH_CLIENT_ID_ED25519, _PATH_SSH_CLIENT_IDENTITY, NULL }; @@ -89,17 +91,17 @@ static void clear_pass(void) { if (pass) { - memset(pass, 0, strlen(pass)); - xfree(pass); + explicit_bzero(pass, strlen(pass)); + free(pass); pass = NULL; } } static int -delete_file(AuthenticationConnection *ac, const char *filename) +delete_file(AuthenticationConnection *ac, const char *filename, int key_only) { - Key *public; - char *comment = NULL; + Key *public = NULL, *cert = NULL; + char *certpath = NULL, *comment = NULL; int ret = -1; public = key_load_public(filename, &comment); @@ -113,8 +115,33 @@ delete_file(AuthenticationConnection *ac, const char *filename) } else fprintf(stderr, "Could not remove identity: %s\n", filename); - key_free(public); - xfree(comment); + if (key_only) + goto out; + + /* Now try to delete the corresponding certificate too */ + free(comment); + comment = NULL; + xasprintf(&certpath, "%s-cert.pub", filename); + if ((cert = key_load_public(certpath, &comment)) == NULL) + goto out; + if (!key_equal_public(cert, public)) + fatal("Certificate %s does not match private key %s", + certpath, filename); + + if (ssh_remove_identity(ac, cert)) { + fprintf(stderr, "Identity removed: %s (%s)\n", certpath, + comment); + ret = 0; + } else + fprintf(stderr, "Could not remove identity: %s\n", certpath); + + out: + if (cert != NULL) + key_free(cert); + if (public != NULL) + key_free(public); + free(certpath); + free(comment); return ret; } @@ -144,7 +171,7 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) Key *private, *cert; char *comment = NULL; char msg[1024], *certpath = NULL; - int fd, perms_ok, ret = -1; + int r, fd, perms_ok, ret = -1; Buffer keyblob; if (strcmp(filename, "-") == 0) { @@ -175,12 +202,18 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) close(fd); /* At first, try empty passphrase */ - private = key_parse_private(&keyblob, filename, "", &comment); + if ((r = sshkey_parse_private_fileblob(&keyblob, "", filename, + &private, &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) + fatal("Cannot parse %s: %s", filename, ssh_err(r)); + /* try last */ + if (private == NULL && pass != NULL) { + if ((r = sshkey_parse_private_fileblob(&keyblob, pass, filename, + &private, &comment)) != 0 && + r != SSH_ERR_KEY_WRONG_PASSPHRASE) + fatal("Cannot parse %s: %s", filename, ssh_err(r)); + } if (comment == NULL) comment = xstrdup(filename); - /* try last */ - if (private == NULL && pass != NULL) - private = key_parse_private(&keyblob, filename, pass, NULL); if (private == NULL) { /* clear passphrase since it did not work */ clear_pass(); @@ -190,12 +223,15 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) pass = read_passphrase(msg, RP_ALLOW_STDIN); if (strcmp(pass, "") == 0) { clear_pass(); - xfree(comment); + free(comment); buffer_free(&keyblob); return -1; } - private = key_parse_private(&keyblob, filename, pass, - &comment); + if ((r = sshkey_parse_private_fileblob(&keyblob, + pass, filename, &private, NULL)) != 0 && + r != SSH_ERR_KEY_WRONG_PASSPHRASE) + fatal("Cannot parse %s: %s", + filename, ssh_err(r)); if (private != NULL) break; clear_pass(); @@ -257,8 +293,8 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) fprintf(stderr, "The user must confirm each use of the key\n"); out: if (certpath != NULL) - xfree(certpath); - xfree(comment); + free(certpath); + free(comment); key_free(private); return ret; @@ -267,14 +303,17 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) static int update_card(AuthenticationConnection *ac, int add, const char *id) { - char *pin; + char *pin = NULL; int ret = -1; - pin = read_passphrase("Enter passphrase for PKCS#11: ", RP_ALLOW_STDIN); - if (pin == NULL) - return -1; + if (add) { + if ((pin = read_passphrase("Enter passphrase for PKCS#11: ", + RP_ALLOW_STDIN)) == NULL) + return -1; + } - if (ssh_update_card(ac, add, id, pin, lifetime, confirm)) { + if (ssh_update_card(ac, add, id, pin == NULL ? "" : pin, + lifetime, confirm)) { fprintf(stderr, "Card %s: %s\n", add ? "added" : "removed", id); ret = 0; @@ -283,7 +322,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id) add ? "add" : "remove", id); ret = -1; } - xfree(pin); + free(pin); return ret; } @@ -305,14 +344,14 @@ list_identities(AuthenticationConnection *ac, int do_fp) SSH_FP_HEX); printf("%d %s %s (%s)\n", key_size(key), fp, comment, key_type(key)); - xfree(fp); + free(fp); } else { if (!key_write(key, stdout)) fprintf(stderr, "key_write failed"); fprintf(stdout, " %s\n", comment); } key_free(key); - xfree(comment); + free(comment); } } if (!had_identities) { @@ -337,16 +376,16 @@ lock_agent(AuthenticationConnection *ac, int lock) fprintf(stderr, "Passwords do not match.\n"); passok = 0; } - memset(p2, 0, strlen(p2)); - xfree(p2); + explicit_bzero(p2, strlen(p2)); + free(p2); } if (passok && ssh_lock_agent(ac, lock, p1)) { fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un"); ret = 0; } else fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); - memset(p1, 0, strlen(p1)); - xfree(p1); + explicit_bzero(p1, strlen(p1)); + free(p1); return (ret); } @@ -354,7 +393,7 @@ static int do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) { if (deleting) { - if (delete_file(ac, file) == -1) + if (delete_file(ac, file, key_only) == -1) return -1; } else { if (add_file(ac, file, key_only) == -1) @@ -398,6 +437,8 @@ main(int argc, char **argv) OpenSSL_add_all_algorithms(); + setlinebuf(stdout); + /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); if (ac == NULL) { diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1 index bb801c902a..a1e634fe03 100644 --- a/crypto/openssh/ssh-agent.1 +++ b/crypto/openssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.53 2010/11/21 01:01:13 djm Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.55 2014/04/16 23:28:12 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 21 2010 $ +.Dd $Mdocdate: April 16 2014 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -53,10 +53,9 @@ .Sh DESCRIPTION .Nm is a program to hold private keys used for public key authentication -(RSA, DSA, ECDSA). -The idea is that +(RSA, DSA, ECDSA, ED25519). .Nm -is started in the beginning of an X-session or a login session, and +is usually started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program. Through use of environment variables the agent can be located @@ -64,6 +63,19 @@ and automatically used for authentication when logging in to other machines using .Xr ssh 1 . .Pp +The agent initially does not have any private keys. +Keys are added using +.Xr ssh-add 1 . +Multiple identities may be stored in +.Nm +concurrently and +.Xr ssh 1 +will automatically use them if present. +.Xr ssh-add 1 +is also used to remove keys from +.Nm +and to query the keys that are held in one. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl a Ar bind_address @@ -107,28 +119,6 @@ Without this option the default maximum lifetime is forever. If a commandline is given, this is executed as a subprocess of the agent. When the command dies, so does the agent. .Pp -The agent initially does not have any private keys. -Keys are added using -.Xr ssh-add 1 . -When executed without arguments, -.Xr ssh-add 1 -adds the files -.Pa ~/.ssh/id_rsa , -.Pa ~/.ssh/id_dsa , -.Pa ~/.ssh/id_ecdsa -and -.Pa ~/.ssh/identity . -If the identity has a passphrase, -.Xr ssh-add 1 -asks for the passphrase on the terminal if it has one or from a small X11 -program if running under X11. -If neither of these is the case then the authentication will fail. -It then sends the identity to the agent. -Several identities can be stored in the -agent; the agent can automatically use any of these identities. -.Ic ssh-add -l -displays the identities currently held by the agent. -.Pp The idea is that the agent is run in the user's local PC, laptop, or terminal. Authentication data need not be stored on any other @@ -184,14 +174,6 @@ The agent exits automatically when the command given on the command line terminates. .Sh FILES .Bl -tag -width Ds -.It Pa ~/.ssh/identity -Contains the protocol version 1 RSA authentication identity of the user. -.It Pa ~/.ssh/id_dsa -Contains the protocol version 2 DSA authentication identity of the user. -.It Pa ~/.ssh/id_ecdsa -Contains the protocol version 2 ECDSA authentication identity of the user. -.It Pa ~/.ssh/id_rsa -Contains the protocol version 2 RSA authentication identity of the user. .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt .Ux Ns -domain sockets used to contain the connection to the authentication agent. diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index b9498e6efb..25f10c5495 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.190 2014/07/25 21:22:03 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,9 +49,10 @@ #endif #include "openbsd-compat/sys-queue.h" +#ifdef WITH_OPENSSL #include -#include #include "openbsd-compat/openssl-compat.h" +#endif #include #include @@ -75,6 +76,7 @@ #include "compat.h" #include "log.h" #include "misc.h" +#include "digest.h" #ifdef ENABLE_PKCS11 #include "ssh-pkcs11.h" @@ -106,7 +108,7 @@ typedef struct identity { Key *key; char *comment; char *provider; - u_int death; + time_t death; u_int confirm; } Identity; @@ -122,7 +124,10 @@ int max_fd = 0; /* pid of shell == parent of agent */ pid_t parent_pid = -1; -u_int parent_alive_interval = 0; +time_t parent_alive_interval = 0; + +/* pid of process for which cleanup_socket is applicable */ +pid_t cleanup_pid = 0; /* pathname and directory for AUTH_SOCKET */ char socket_name[MAXPATHLEN]; @@ -134,8 +139,8 @@ char *lock_passwd = NULL; extern char *__progname; -/* Default lifetime (0 == forever) */ -static int lifetime = 0; +/* Default lifetime in seconds (0 == forever) */ +static long lifetime = 0; static void close_socket(SocketEntry *e) @@ -172,10 +177,9 @@ static void free_identity(Identity *id) { key_free(id->key); - if (id->provider != NULL) - xfree(id->provider); - xfree(id->comment); - xfree(id); + free(id->provider); + free(id->comment); + free(id); } /* return matching private key for given public key */ @@ -203,7 +207,7 @@ confirm_key(Identity *id) if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", id->comment, p)) ret = 0; - xfree(p); + free(p); return (ret); } @@ -222,15 +226,17 @@ process_request_identities(SocketEntry *e, int version) buffer_put_int(&msg, tab->nentries); TAILQ_FOREACH(id, &tab->idlist, next) { if (id->key->type == KEY_RSA1) { +#ifdef WITH_SSH1 buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); buffer_put_bignum(&msg, id->key->rsa->e); buffer_put_bignum(&msg, id->key->rsa->n); +#endif } else { u_char *blob; u_int blen; key_to_blob(id->key, &blob, &blen); buffer_put_string(&msg, blob, blen); - xfree(blob); + free(blob); } buffer_put_cstring(&msg, id->comment); } @@ -239,6 +245,7 @@ process_request_identities(SocketEntry *e, int version) buffer_free(&msg); } +#ifdef WITH_SSH1 /* ssh1 only */ static void process_authentication_challenge1(SocketEntry *e) @@ -249,7 +256,7 @@ process_authentication_challenge1(SocketEntry *e) Identity *id; int i, len; Buffer msg; - MD5_CTX md; + struct ssh_digest_ctx *md; Key *key; buffer_init(&msg); @@ -274,7 +281,7 @@ process_authentication_challenge1(SocketEntry *e) if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { Key *private = id->key; /* Decrypt the challenge using the private key. */ - if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) + if (rsa_private_decrypt(challenge, challenge, private->rsa) != 0) goto failure; /* The response is MD5 of decrypted challenge plus session id. */ @@ -285,10 +292,12 @@ process_authentication_challenge1(SocketEntry *e) } memset(buf, 0, 32); BN_bn2bin(challenge, buf + 32 - len); - MD5_Init(&md); - MD5_Update(&md, buf, 32); - MD5_Update(&md, session_id, 16); - MD5_Final(mdbuf, &md); + if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || + ssh_digest_update(md, buf, 32) < 0 || + ssh_digest_update(md, session_id, 16) < 0 || + ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) + fatal("%s: md5 failed", __func__); + ssh_digest_free(md); /* Send the response. */ buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE); @@ -307,6 +316,7 @@ send: BN_clear_free(challenge); buffer_free(&msg); } +#endif /* ssh2 only */ static void @@ -348,10 +358,9 @@ process_sign_request2(SocketEntry *e) buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg)); buffer_free(&msg); - xfree(data); - xfree(blob); - if (signature != NULL) - xfree(signature); + free(data); + free(blob); + free(signature); datafellows = odatafellows; } @@ -359,12 +368,16 @@ process_sign_request2(SocketEntry *e) static void process_remove_identity(SocketEntry *e, int version) { - u_int blen, bits; + u_int blen; int success = 0; Key *key = NULL; u_char *blob; +#ifdef WITH_SSH1 + u_int bits; +#endif /* WITH_SSH1 */ switch (version) { +#ifdef WITH_SSH1 case 1: key = key_new(KEY_RSA1); bits = buffer_get_int(&e->request); @@ -375,10 +388,11 @@ process_remove_identity(SocketEntry *e, int version) logit("Warning: identity keysize mismatch: actual %u, announced %u", key_size(key), bits); break; +#endif /* WITH_SSH1 */ case 2: blob = buffer_get_string(&e->request, &blen); key = key_from_blob(blob, blen); - xfree(blob); + free(blob); break; } if (key != NULL) { @@ -430,10 +444,10 @@ process_remove_all_identities(SocketEntry *e, int version) } /* removes expired keys and returns number of seconds until the next expiry */ -static u_int +static time_t reaper(void) { - u_int deadline = 0, now = time(NULL); + time_t deadline = 0, now = monotime(); Identity *id, *nxt; int version; Idtab *tab; @@ -465,18 +479,13 @@ process_add_identity(SocketEntry *e, int version) { Idtab *tab = idtab_lookup(version); Identity *id; - int type, success = 0, death = 0, confirm = 0; - char *type_name, *comment; + int type, success = 0, confirm = 0; + char *comment; + time_t death = 0; Key *k = NULL; -#ifdef OPENSSL_HAS_ECC - BIGNUM *exponent; - EC_POINT *q; - char *curve; -#endif - u_char *cert; - u_int len; switch (version) { +#ifdef WITH_SSH1 case 1: k = key_new_private(KEY_RSA1); (void) buffer_get_int(&e->request); /* ignored */ @@ -490,136 +499,34 @@ process_add_identity(SocketEntry *e, int version) buffer_get_bignum(&e->request, k->rsa->p); /* q */ /* Generate additional parameters */ - rsa_generate_additional_parameters(k->rsa); - break; - case 2: - type_name = buffer_get_string(&e->request, NULL); - type = key_type_from_name(type_name); - switch (type) { - case KEY_DSA: - k = key_new_private(type); - buffer_get_bignum2(&e->request, k->dsa->p); - buffer_get_bignum2(&e->request, k->dsa->q); - buffer_get_bignum2(&e->request, k->dsa->g); - buffer_get_bignum2(&e->request, k->dsa->pub_key); - buffer_get_bignum2(&e->request, k->dsa->priv_key); - break; - case KEY_DSA_CERT_V00: - case KEY_DSA_CERT: - cert = buffer_get_string(&e->request, &len); - if ((k = key_from_blob(cert, len)) == NULL) - fatal("Certificate parse failed"); - xfree(cert); - key_add_private(k); - buffer_get_bignum2(&e->request, k->dsa->priv_key); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - k = key_new_private(type); - k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); - curve = buffer_get_string(&e->request, NULL); - if (k->ecdsa_nid != key_curve_name_to_nid(curve)) - fatal("%s: curve names mismatch", __func__); - xfree(curve); - k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); - if (k->ecdsa == NULL) - fatal("%s: EC_KEY_new_by_curve_name failed", - __func__); - q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); - if (q == NULL) - fatal("%s: BN_new failed", __func__); - if ((exponent = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - buffer_get_ecpoint(&e->request, - EC_KEY_get0_group(k->ecdsa), q); - buffer_get_bignum2(&e->request, exponent); - if (EC_KEY_set_public_key(k->ecdsa, q) != 1) - fatal("%s: EC_KEY_set_public_key failed", - __func__); - if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) - fatal("%s: EC_KEY_set_private_key failed", - __func__); - if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa)) != 0) - fatal("%s: bad ECDSA public key", __func__); - if (key_ec_validate_private(k->ecdsa) != 0) - fatal("%s: bad ECDSA private key", __func__); - BN_clear_free(exponent); - EC_POINT_free(q); - break; - case KEY_ECDSA_CERT: - cert = buffer_get_string(&e->request, &len); - if ((k = key_from_blob(cert, len)) == NULL) - fatal("Certificate parse failed"); - xfree(cert); - key_add_private(k); - if ((exponent = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - buffer_get_bignum2(&e->request, exponent); - if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) - fatal("%s: EC_KEY_set_private_key failed", - __func__); - if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa)) != 0 || - key_ec_validate_private(k->ecdsa) != 0) - fatal("%s: bad ECDSA key", __func__); - BN_clear_free(exponent); - break; -#endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - k = key_new_private(type); - buffer_get_bignum2(&e->request, k->rsa->n); - buffer_get_bignum2(&e->request, k->rsa->e); - buffer_get_bignum2(&e->request, k->rsa->d); - buffer_get_bignum2(&e->request, k->rsa->iqmp); - buffer_get_bignum2(&e->request, k->rsa->p); - buffer_get_bignum2(&e->request, k->rsa->q); - - /* Generate additional parameters */ - rsa_generate_additional_parameters(k->rsa); - break; - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - cert = buffer_get_string(&e->request, &len); - if ((k = key_from_blob(cert, len)) == NULL) - fatal("Certificate parse failed"); - xfree(cert); - key_add_private(k); - buffer_get_bignum2(&e->request, k->rsa->d); - buffer_get_bignum2(&e->request, k->rsa->iqmp); - buffer_get_bignum2(&e->request, k->rsa->p); - buffer_get_bignum2(&e->request, k->rsa->q); - break; - default: - xfree(type_name); - buffer_clear(&e->request); - goto send; - } - xfree(type_name); - break; - } - /* enable blinding */ - switch (k->type) { - case KEY_RSA: - case KEY_RSA_CERT_V00: - case KEY_RSA_CERT: - case KEY_RSA1: + if (rsa_generate_additional_parameters(k->rsa) != 0) + fatal("%s: rsa_generate_additional_parameters " + "error", __func__); + + /* enable blinding */ if (RSA_blinding_on(k->rsa, NULL) != 1) { error("process_add_identity: RSA_blinding_on failed"); key_free(k); goto send; } break; +#endif /* WITH_SSH1 */ + case 2: + k = key_private_deserialize(&e->request); + if (k == NULL) { + buffer_clear(&e->request); + goto send; + } + break; } - comment = buffer_get_string(&e->request, NULL); - if (k == NULL) { - xfree(comment); + if (k == NULL) goto send; - } + comment = buffer_get_string(&e->request, NULL); + while (buffer_len(&e->request)) { switch ((type = buffer_get_char(&e->request))) { case SSH_AGENT_CONSTRAIN_LIFETIME: - death = time(NULL) + buffer_get_int(&e->request); + death = monotime() + buffer_get_int(&e->request); break; case SSH_AGENT_CONSTRAIN_CONFIRM: confirm = 1; @@ -627,14 +534,14 @@ process_add_identity(SocketEntry *e, int version) default: error("process_add_identity: " "Unknown constraint type %d", type); - xfree(comment); + free(comment); key_free(k); goto send; } } success = 1; if (lifetime && !death) - death = time(NULL) + lifetime; + death = monotime() + lifetime; if ((id = lookup_identity(k, version)) == NULL) { id = xcalloc(1, sizeof(Identity)); id->key = k; @@ -643,7 +550,7 @@ process_add_identity(SocketEntry *e, int version) tab->nentries++; } else { key_free(k); - xfree(id->comment); + free(id->comment); } id->comment = comment; id->death = death; @@ -664,8 +571,8 @@ process_lock_agent(SocketEntry *e, int lock) passwd = buffer_get_string(&e->request, NULL); if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { locked = 0; - memset(lock_passwd, 0, strlen(lock_passwd)); - xfree(lock_passwd); + explicit_bzero(lock_passwd, strlen(lock_passwd)); + free(lock_passwd); lock_passwd = NULL; success = 1; } else if (!locked && lock) { @@ -673,8 +580,8 @@ process_lock_agent(SocketEntry *e, int lock) lock_passwd = xstrdup(passwd); success = 1; } - memset(passwd, 0, strlen(passwd)); - xfree(passwd); + explicit_bzero(passwd, strlen(passwd)); + free(passwd); buffer_put_int(&e->output, 1); buffer_put_char(&e->output, @@ -701,7 +608,8 @@ static void process_add_smartcard_key(SocketEntry *e) { char *provider = NULL, *pin; - int i, type, version, count = 0, success = 0, death = 0, confirm = 0; + int i, type, version, count = 0, success = 0, confirm = 0; + time_t death = 0; Key **keys = NULL, *k; Identity *id; Idtab *tab; @@ -712,7 +620,7 @@ process_add_smartcard_key(SocketEntry *e) while (buffer_len(&e->request)) { switch ((type = buffer_get_char(&e->request))) { case SSH_AGENT_CONSTRAIN_LIFETIME: - death = time(NULL) + buffer_get_int(&e->request); + death = monotime() + buffer_get_int(&e->request); break; case SSH_AGENT_CONSTRAIN_CONFIRM: confirm = 1; @@ -724,7 +632,7 @@ process_add_smartcard_key(SocketEntry *e) } } if (lifetime && !death) - death = time(NULL) + lifetime; + death = monotime() + lifetime; count = pkcs11_add_provider(provider, pin, &keys); for (i = 0; i < count; i++) { @@ -747,12 +655,9 @@ process_add_smartcard_key(SocketEntry *e) keys[i] = NULL; } send: - if (pin) - xfree(pin); - if (provider) - xfree(provider); - if (keys) - xfree(keys); + free(pin); + free(provider); + free(keys); buffer_put_int(&e->output, 1); buffer_put_char(&e->output, success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); @@ -768,12 +673,15 @@ process_remove_smartcard_key(SocketEntry *e) provider = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); - xfree(pin); + free(pin); for (version = 1; version < 3; version++) { tab = idtab_lookup(version); for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { nxt = TAILQ_NEXT(id, next); + /* Skip file--based keys */ + if (id->provider == NULL) + continue; if (!strcmp(provider, id->provider)) { TAILQ_REMOVE(&tab->idlist, id, next); free_identity(id); @@ -786,7 +694,7 @@ process_remove_smartcard_key(SocketEntry *e) else error("process_remove_smartcard_key:" " pkcs11_del_provider failed"); - xfree(provider); + free(provider); buffer_put_int(&e->output, 1); buffer_put_char(&e->output, success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); @@ -842,6 +750,7 @@ process_message(SocketEntry *e) case SSH_AGENTC_UNLOCK: process_lock_agent(e, type == SSH_AGENTC_LOCK); break; +#ifdef WITH_SSH1 /* ssh1 */ case SSH_AGENTC_RSA_CHALLENGE: process_authentication_challenge1(e); @@ -859,6 +768,7 @@ process_message(SocketEntry *e) case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: process_remove_all_identities(e, 1); break; +#endif /* ssh2 */ case SSH2_AGENTC_SIGN_REQUEST: process_sign_request2(e); @@ -931,9 +841,10 @@ static int prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, struct timeval **tvpp) { - u_int i, sz, deadline; + u_int i, sz; int n = 0; static struct timeval tv; + time_t deadline; for (i = 0; i < sockets_alloc; i++) { switch (sockets[i].type) { @@ -951,10 +862,8 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); if (*fdrp == NULL || sz > *nallocp) { - if (*fdrp) - xfree(*fdrp); - if (*fdwp) - xfree(*fdwp); + free(*fdrp); + free(*fdwp); *fdrp = xmalloc(sz); *fdwp = xmalloc(sz); *nallocp = sz; @@ -1059,6 +968,7 @@ after_select(fd_set *readset, fd_set *writeset) break; } buffer_append(&sockets[i].input, buf, len); + explicit_bzero(buf, sizeof(buf)); process_message(&sockets[i]); } break; @@ -1070,6 +980,9 @@ after_select(fd_set *readset, fd_set *writeset) static void cleanup_socket(void) { + if (cleanup_pid != 0 && getpid() != cleanup_pid) + return; + debug("%s: cleanup", __func__); if (socket_name[0]) unlink(socket_name); if (socket_dir[0]) @@ -1111,15 +1024,10 @@ check_parent_exists(void) static void usage(void) { - fprintf(stderr, "usage: %s [options] [command [arg ...]]\n", - __progname); - fprintf(stderr, "Options:\n"); - fprintf(stderr, " -c Generate C-shell commands on stdout.\n"); - fprintf(stderr, " -s Generate Bourne shell commands on stdout.\n"); - fprintf(stderr, " -k Kill the current agent.\n"); - fprintf(stderr, " -d Debug mode.\n"); - fprintf(stderr, " -a socket Bind agent socket to given name.\n"); - fprintf(stderr, " -t life Default identity lifetime (seconds).\n"); + fprintf(stderr, + "usage: ssh-agent [-c | -s] [-d] [-a bind_address] [-t life]\n" + " [command [arg ...]]\n" + " ssh-agent [-c | -s] -k\n"); exit(1); } @@ -1131,17 +1039,16 @@ main(int ac, char **av) u_int nalloc; char *shell, *format, *pidstr, *agentsocket = NULL; fd_set *readsetp = NULL, *writesetp = NULL; - struct sockaddr_un sunaddr; #ifdef HAVE_SETRLIMIT struct rlimit rlim; #endif - int prev_mask; extern int optind; extern char *optarg; pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; struct timeval *tvp = NULL; size_t len; + mode_t prev_mask; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -1155,7 +1062,9 @@ main(int ac, char **av) prctl(PR_SET_DUMPABLE, 0); #endif +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif __progname = ssh_get_progname(av[0]); seed_rng(); @@ -1252,27 +1161,14 @@ main(int ac, char **av) * Create socket early so it will exist before command gets run from * the parent. */ - sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) { - perror("socket"); - *socket_name = '\0'; /* Don't unlink any existing file */ - cleanup_exit(1); - } - memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); prev_mask = umask(0177); - if (bind(sock, (struct sockaddr *) &sunaddr, sizeof(sunaddr)) < 0) { - perror("bind"); + sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0); + if (sock < 0) { + /* XXX - unix_listener() calls error() not perror() */ *socket_name = '\0'; /* Don't unlink any existing file */ - umask(prev_mask); cleanup_exit(1); } umask(prev_mask); - if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { - perror("listen"); - cleanup_exit(1); - } /* * Fork, and have the parent execute the command, if any, or present @@ -1341,6 +1237,8 @@ main(int ac, char **av) skip: + cleanup_pid = getpid(); + #ifdef ENABLE_PKCS11 pkcs11_init(0); #endif @@ -1348,9 +1246,8 @@ skip: if (ac > 0) parent_alive_interval = 10; idtab_init(); - if (!d_flag) - signal(SIGINT, SIG_IGN); signal(SIGPIPE, SIG_IGN); + signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN); signal(SIGHUP, cleanup_handler); signal(SIGTERM, cleanup_handler); nalloc = 0; diff --git a/crypto/openssh/ssh-dss.c b/crypto/openssh/ssh-dss.c index ede5e21e55..9643d90d87 100644 --- a/crypto/openssh/ssh-dss.c +++ b/crypto/openssh/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.27 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,160 +28,192 @@ #include #include +#include #include #include #include -#include "xmalloc.h" -#include "buffer.h" +#include "sshbuf.h" #include "compat.h" -#include "log.h" -#include "key.h" +#include "ssherr.h" +#include "digest.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" #define INTBLOB_LEN 20 #define SIGBLOB_LEN (2*INTBLOB_LEN) int -ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen) +ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) { - DSA_SIG *sig; - const EVP_MD *evp_md = EVP_sha1(); - EVP_MD_CTX md; - u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; - u_int rlen, slen, len, dlen; - Buffer b; - - if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && - key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { - error("ssh_dss_sign: no DSA key"); - return -1; - } - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, &dlen); - - sig = DSA_do_sign(digest, dlen, key->dsa); - memset(digest, 'd', sizeof(digest)); - - if (sig == NULL) { - error("ssh_dss_sign: sign failed"); - return -1; + DSA_SIG *sig = NULL; + u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; + size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + struct sshbuf *b = NULL; + int ret = SSH_ERR_INVALID_ARGUMENT; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen == 0) + return SSH_ERR_INTERNAL_ERROR; + + if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; } rlen = BN_num_bytes(sig->r); slen = BN_num_bytes(sig->s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { - error("bad sig size %u %u", rlen, slen); - DSA_SIG_free(sig); - return -1; + ret = SSH_ERR_INTERNAL_ERROR; + goto out; } - memset(sigblob, 0, SIGBLOB_LEN); - BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); - BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); - DSA_SIG_free(sig); + explicit_bzero(sigblob, SIGBLOB_LEN); + BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); - if (datafellows & SSH_BUG_SIGBLOB) { - if (lenp != NULL) - *lenp = SIGBLOB_LEN; + if (compat & SSH_BUG_SIGBLOB) { if (sigp != NULL) { - *sigp = xmalloc(SIGBLOB_LEN); + if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } memcpy(*sigp, sigblob, SIGBLOB_LEN); } + if (lenp != NULL) + *lenp = SIGBLOB_LEN; + ret = 0; } else { /* ietf-drafts */ - buffer_init(&b); - buffer_put_cstring(&b, "ssh-dss"); - buffer_put_string(&b, sigblob, SIGBLOB_LEN); - len = buffer_len(&b); - if (lenp != NULL) - *lenp = len; + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || + (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) + goto out; + len = sshbuf_len(b); if (sigp != NULL) { - *sigp = xmalloc(len); - memcpy(*sigp, buffer_ptr(&b), len); + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); } - buffer_free(&b); + if (lenp != NULL) + *lenp = len; + ret = 0; } - return 0; + out: + explicit_bzero(digest, sizeof(digest)); + if (sig != NULL) + DSA_SIG_free(sig); + if (b != NULL) + sshbuf_free(b); + return ret; } + int -ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, - const u_char *data, u_int datalen) +ssh_dss_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) { - DSA_SIG *sig; - const EVP_MD *evp_md = EVP_sha1(); - EVP_MD_CTX md; - u_char digest[EVP_MAX_MD_SIZE], *sigblob; - u_int len, dlen; - int rlen, ret; - Buffer b; - - if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && - key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { - error("ssh_dss_verify: no DSA key"); - return -1; - } + DSA_SIG *sig = NULL; + u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL; + size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + char *ktype = NULL; + + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen == 0) + return SSH_ERR_INTERNAL_ERROR; /* fetch signature */ - if (datafellows & SSH_BUG_SIGBLOB) { - sigblob = xmalloc(signaturelen); + if (compat & SSH_BUG_SIGBLOB) { + if ((sigblob = malloc(signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; memcpy(sigblob, signature, signaturelen); len = signaturelen; } else { /* ietf-drafts */ - char *ktype; - buffer_init(&b); - buffer_append(&b, signature, signaturelen); - ktype = buffer_get_cstring(&b, NULL); + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_get_string(b, &sigblob, &len) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } if (strcmp("ssh-dss", ktype) != 0) { - error("ssh_dss_verify: cannot handle type %s", ktype); - buffer_free(&b); - xfree(ktype); - return -1; + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; } - xfree(ktype); - sigblob = buffer_get_string(&b, &len); - rlen = buffer_len(&b); - buffer_free(&b); - if (rlen != 0) { - error("ssh_dss_verify: " - "remaining bytes in signature %d", rlen); - xfree(sigblob); - return -1; + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; } } if (len != SIGBLOB_LEN) { - fatal("bad sigbloblen %u != SIGBLOB_LEN", len); + ret = SSH_ERR_INVALID_FORMAT; + goto out; } /* parse signature */ - if ((sig = DSA_SIG_new()) == NULL) - fatal("ssh_dss_verify: DSA_SIG_new failed"); - if ((sig->r = BN_new()) == NULL) - fatal("ssh_dss_verify: BN_new failed"); - if ((sig->s = BN_new()) == NULL) - fatal("ssh_dss_verify: BN_new failed"); + if ((sig = DSA_SIG_new()) == NULL || + (sig->r = BN_new()) == NULL || + (sig->s = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || - (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) - fatal("ssh_dss_verify: BN_bin2bn failed"); - - /* clean up */ - memset(sigblob, 0, len); - xfree(sigblob); + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } /* sha1 the data */ - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, &dlen); - - ret = DSA_do_verify(digest, dlen, sig, key->dsa); - memset(digest, 'd', sizeof(digest)); - - DSA_SIG_free(sig); + if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + switch (DSA_do_verify(digest, dlen, sig, key->dsa)) { + case 1: + ret = 0; + break; + case 0: + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + default: + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } - debug("ssh_dss_verify: signature %s", - ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); + out: + explicit_bzero(digest, sizeof(digest)); + if (sig != NULL) + DSA_SIG_free(sig); + if (b != NULL) + sshbuf_free(b); + if (ktype != NULL) + free(ktype); + if (sigblob != NULL) { + explicit_bzero(sigblob, len); + free(sigblob); + } return ret; } diff --git a/crypto/openssh/ssh-ecdsa.c b/crypto/openssh/ssh-ecdsa.c dissimilarity index 61% index 085468ee79..1119db0452 100644 --- a/crypto/openssh/ssh-ecdsa.c +++ b/crypto/openssh/ssh-ecdsa.c @@ -1,169 +1,192 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.5 2012/01/08 13:17:11 miod Exp $ */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * Copyright (c) 2010 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef OPENSSL_HAS_ECC - -#include - -#include -#include -#include -#include - -#include - -#include "xmalloc.h" -#include "buffer.h" -#include "compat.h" -#include "log.h" -#include "key.h" - -int -ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen) -{ - ECDSA_SIG *sig; - const EVP_MD *evp_md; - EVP_MD_CTX md; - u_char digest[EVP_MAX_MD_SIZE]; - u_int len, dlen; - Buffer b, bb; - - if (key == NULL || key->ecdsa == NULL || - (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) { - error("%s: no ECDSA key", __func__); - return -1; - } - evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, &dlen); - - sig = ECDSA_do_sign(digest, dlen, key->ecdsa); - memset(digest, 'd', sizeof(digest)); - - if (sig == NULL) { - error("%s: sign failed", __func__); - return -1; - } - - buffer_init(&bb); - buffer_put_bignum2(&bb, sig->r); - buffer_put_bignum2(&bb, sig->s); - ECDSA_SIG_free(sig); - - buffer_init(&b); - buffer_put_cstring(&b, key_ssh_name_plain(key)); - buffer_put_string(&b, buffer_ptr(&bb), buffer_len(&bb)); - buffer_free(&bb); - len = buffer_len(&b); - if (lenp != NULL) - *lenp = len; - if (sigp != NULL) { - *sigp = xmalloc(len); - memcpy(*sigp, buffer_ptr(&b), len); - } - buffer_free(&b); - - return 0; -} -int -ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, - const u_char *data, u_int datalen) -{ - ECDSA_SIG *sig; - const EVP_MD *evp_md; - EVP_MD_CTX md; - u_char digest[EVP_MAX_MD_SIZE], *sigblob; - u_int len, dlen; - int rlen, ret; - Buffer b, bb; - char *ktype; - - if (key == NULL || key->ecdsa == NULL || - (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) { - error("%s: no ECDSA key", __func__); - return -1; - } - evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); - - /* fetch signature */ - buffer_init(&b); - buffer_append(&b, signature, signaturelen); - ktype = buffer_get_string(&b, NULL); - if (strcmp(key_ssh_name_plain(key), ktype) != 0) { - error("%s: cannot handle type %s", __func__, ktype); - buffer_free(&b); - xfree(ktype); - return -1; - } - xfree(ktype); - sigblob = buffer_get_string(&b, &len); - rlen = buffer_len(&b); - buffer_free(&b); - if (rlen != 0) { - error("%s: remaining bytes in signature %d", __func__, rlen); - xfree(sigblob); - return -1; - } - - /* parse signature */ - if ((sig = ECDSA_SIG_new()) == NULL) - fatal("%s: ECDSA_SIG_new failed", __func__); - if ((sig->r = BN_new()) == NULL || - (sig->s = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - - buffer_init(&bb); - buffer_append(&bb, sigblob, len); - buffer_get_bignum2(&bb, sig->r); - buffer_get_bignum2(&bb, sig->s); - if (buffer_len(&bb) != 0) - fatal("%s: remaining bytes in inner sigblob", __func__); - buffer_free(&bb); - - /* clean up */ - memset(sigblob, 0, len); - xfree(sigblob); - - /* hash the data */ - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, &dlen); - - ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); - memset(digest, 'd', sizeof(digest)); - - ECDSA_SIG_free(sig); - - debug("%s: signature %s", __func__, - ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); - return ret; -} - -#endif /* OPENSSL_HAS_ECC */ +/* $OpenBSD: ssh-ecdsa.c,v 1.11 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef OPENSSL_HAS_ECC + +#include + +#include +#include +#include +#include + +#include + +#include "sshbuf.h" +#include "ssherr.h" +#include "digest.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" + +/* ARGSUSED */ +int +ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + ECDSA_SIG *sig = NULL; + int hash_alg; + u_char digest[SSH_DIGEST_MAX_LENGTH]; + size_t len, dlen; + struct sshbuf *b = NULL, *bb = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || key->ecdsa == NULL || + sshkey_type_plain(key->type) != KEY_ECDSA) + return SSH_ERR_INVALID_ARGUMENT; + + if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || + (dlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + if ((sig = ECDSA_do_sign(digest, dlen, key->ecdsa)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + if ((bb = sshbuf_new()) == NULL || (b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || + (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) + goto out; + if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || + (ret = sshbuf_put_stringb(b, bb)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + ret = 0; + out: + explicit_bzero(digest, sizeof(digest)); + if (b != NULL) + sshbuf_free(b); + if (bb != NULL) + sshbuf_free(bb); + if (sig != NULL) + ECDSA_SIG_free(sig); + return ret; +} + +/* ARGSUSED */ +int +ssh_ecdsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + ECDSA_SIG *sig = NULL; + int hash_alg; + u_char digest[SSH_DIGEST_MAX_LENGTH]; + size_t dlen; + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL, *sigbuf = NULL; + char *ktype = NULL; + + if (key == NULL || key->ecdsa == NULL || + sshkey_type_plain(key->type) != KEY_ECDSA) + return SSH_ERR_INVALID_ARGUMENT; + + if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || + (dlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + + /* fetch signature */ + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_froms(b, &sigbuf) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + + /* parse signature */ + if ((sig = ECDSA_SIG_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || + sshbuf_get_bignum2(sigbuf, sig->s) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (sshbuf_len(sigbuf) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + switch (ECDSA_do_verify(digest, dlen, sig, key->ecdsa)) { + case 1: + ret = 0; + break; + case 0: + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + default: + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + out: + explicit_bzero(digest, sizeof(digest)); + if (sigbuf != NULL) + sshbuf_free(sigbuf); + if (b != NULL) + sshbuf_free(b); + if (sig != NULL) + ECDSA_SIG_free(sig); + free(ktype); + return ret; +} + +#endif /* OPENSSL_HAS_ECC */ diff --git a/crypto/openssh/ssh-ed25519.c b/crypto/openssh/ssh-ed25519.c new file mode 100644 index 0000000000..cb87d47909 --- /dev/null +++ b/crypto/openssh/ssh-ed25519.c @@ -0,0 +1,166 @@ +/* $OpenBSD: ssh-ed25519.c,v 1.4 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2013 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#include "crypto_api.h" + +#include +#include + +#include "xmalloc.h" +#include "log.h" +#include "buffer.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" +#include "ssherr.h" +#include "ssh.h" + +int +ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + u_char *sig = NULL; + size_t slen = 0, len; + unsigned long long smlen; + int r, ret; + struct sshbuf *b = NULL; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || + sshkey_type_plain(key->type) != KEY_ED25519 || + key->ed25519_sk == NULL || + datalen >= INT_MAX - crypto_sign_ed25519_BYTES) + return SSH_ERR_INVALID_ARGUMENT; + smlen = slen = datalen + crypto_sign_ed25519_BYTES; + if ((sig = malloc(slen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + + if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen, + key->ed25519_sk)) != 0 || smlen <= datalen) { + r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */ + goto out; + } + /* encode signature */ + if ((b = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 || + (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + /* success */ + r = 0; + out: + sshbuf_free(b); + if (sig != NULL) { + explicit_bzero(sig, slen); + free(sig); + } + + return r; +} + +int +ssh_ed25519_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + struct sshbuf *b = NULL; + char *ktype = NULL; + const u_char *sigblob; + u_char *sm = NULL, *m = NULL; + size_t len; + unsigned long long smlen = 0, mlen = 0; + int r, ret; + + if (key == NULL || + sshkey_type_plain(key->type) != KEY_ED25519 || + key->ed25519_pk == NULL || + datalen >= INT_MAX - crypto_sign_ed25519_BYTES) + return SSH_ERR_INVALID_ARGUMENT; + + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 || + (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0) + goto out; + if (strcmp("ssh-ed25519", ktype) != 0) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + r = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + if (len > crypto_sign_ed25519_BYTES) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (datalen >= SIZE_MAX - len) + return SSH_ERR_INVALID_ARGUMENT; + smlen = len + datalen; + mlen = smlen; + if ((sm = malloc(smlen)) == NULL || (m = xmalloc(mlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(sm, sigblob, len); + memcpy(sm+len, data, datalen); + if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, + key->ed25519_pk)) != 0) { + debug2("%s: crypto_sign_ed25519_open failed: %d", + __func__, ret); + } + if (ret != 0 || mlen != datalen) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + /* XXX compare 'm' and 'data' ? */ + /* success */ + r = 0; + out: + if (sm != NULL) { + explicit_bzero(sm, smlen); + free(sm); + } + if (m != NULL) { + explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ + free(m); + } + sshbuf_free(b); + free(ktype); + return r; +} + diff --git a/crypto/openssh/ssh-gss.h b/crypto/openssh/ssh-gss.h index c29a1b7e7e..a99d7f08b3 100644 --- a/crypto/openssh/ssh-gss.h +++ b/crypto/openssh/ssh-gss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */ +/* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * @@ -42,12 +42,13 @@ # include # endif -/* MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */ +/* Old MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */ -#ifndef GSS_C_NT_HOSTBASED_SERVICE -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#endif /* GSS_C_NT_... */ -#endif /* !HEIMDAL */ +# if !HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE +# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name +# endif /* !HAVE_DECL_GSS_C_NT_... */ + +# endif /* !HEIMDAL */ #endif /* KRB5 */ /* draft-ietf-secsh-gsskeyex-06 */ @@ -103,6 +104,8 @@ void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); void ssh_gssapi_set_oid(Gssctxt *, gss_OID); void ssh_gssapi_supported_oids(gss_OID_set *); ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *); +void ssh_gssapi_prepare_supported_oids(void); +OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1 index 03f927edfc..723a0162e9 100644 --- a/crypto/openssh/ssh-keygen.1 +++ b/crypto/openssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.122 2014/03/31 13:39:34 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 6 2012 $ +.Dd $Mdocdate: March 31 2014 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -46,7 +46,7 @@ .Nm ssh-keygen .Op Fl q .Op Fl b Ar bits -.Fl t Ar type +.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1 .Op Fl N Ar new_passphrase .Op Fl C Ar comment .Op Fl f Ar output_keyfile @@ -103,7 +103,7 @@ .Fl T Ar output_file .Fl f Ar input_file .Op Fl v -.Op Fl a Ar num_trials +.Op Fl a Ar rounds .Op Fl J Ar num_lines .Op Fl j Ar start_line .Op Fl K Ar checkpt @@ -122,14 +122,25 @@ .Op Fl f Ar input_keyfile .Nm ssh-keygen .Fl A +.Nm ssh-keygen +.Fl k +.Fl f Ar krl_file +.Op Fl u +.Op Fl s Ar ca_public +.Op Fl z Ar version_number +.Ar +.Nm ssh-keygen +.Fl Q +.Fl f Ar krl_file +.Ar .Ek .Sh DESCRIPTION .Nm generates, manages and converts authentication keys for .Xr ssh 1 . .Nm -can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA -keys for use by SSH protocol version 2. +can create RSA keys for use by SSH protocol version 1 and +DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2. The type of key to be generated is specified with the .Fl t option. @@ -144,12 +155,21 @@ See the .Sx MODULI GENERATION section for details. .Pp +Finally, +.Nm +can be used to generate and update Key Revocation Lists, and to test whether +given keys have been revoked by one. +See the +.Sx KEY REVOCATION LISTS +section for details. +.Pp Normally each user wishing to use SSH with public key authentication runs this once to create the authentication key in .Pa ~/.ssh/identity , +.Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , -.Pa ~/.ssh/id_dsa +.Pa ~/.ssh/id_ed25519 or .Pa ~/.ssh/id_rsa . Additionally, the system administrator may use this to generate host keys, @@ -197,17 +217,27 @@ should be placed to be activated. The options are as follows: .Bl -tag -width Ds .It Fl A -For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys +For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) +for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is used by .Pa /etc/rc to generate new host keys. -.It Fl a Ar trials -Specifies the number of primality tests to perform when screening DH-GEX -candidates using the +.It Fl a Ar rounds +When saving a new-format private key (i.e. an ed25519 key or any SSH protocol +2 key when the +.Fl o +flag is set), this option specifies the number of KDF (key derivation function) +rounds used. +Higher numbers result in slower passphrase verification and increased +resistance to brute-force password cracking (should the keys be stolen). +.Pp +When screening DH-GEX candidates ( +using the .Fl T -command. +command). +This option specifies the number of primality tests to perform. .It Fl B Show the bubblebabble digest of specified private or public key file. .It Fl b Ar bits @@ -221,6 +251,9 @@ flag determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other than these three values for ECDSA keys will fail. +ED25519 keys have a fixed length and the +.Fl b +flag will be ignored. .It Fl C Ar comment Provides a new comment. .It Fl c @@ -299,6 +332,10 @@ in the format specified by the .Fl m option and print an OpenSSH compatible private (or public) key to stdout. +This option allows importing keys from other software, including several +commercial SSH implementations. +The default import format is +.Dq RFC4716 . .It Fl J Ar num_lines Exit after screening the specified number of lines while performing DH candidate screening using the @@ -317,10 +354,17 @@ while performing DH candidate screening using the option. This will be used to skip lines in the input file that have already been processed if the job is restarted. -This option allows importing keys from other software, including several -commercial SSH implementations. -The default import format is -.Dq RFC4716 . +.It Fl k +Generate a KRL file. +In this mode, +.Nm +will generate a KRL file at the location specified via the +.Fl f +flag that revokes every key or certificate presented on the command line. +Keys/certificates to be revoked may be specified by public key file or +using the format described in the +.Sx KEY REVOCATION LISTS +section. .It Fl L Prints the contents of a certificate. .It Fl l @@ -417,6 +461,14 @@ format. .El .Pp At present, no options are valid for host keys. +.It Fl o +Causes +.Nm +to save SSH protocol 2 private keys using the new OpenSSH format rather than +the more compatible PEM format. +The new format has increased resistance to brute-force password cracking +but is not supported by versions of OpenSSH prior to 6.5. +Ed25519 keys always use the new private key format. .It Fl P Ar passphrase Provides the (old) passphrase. .It Fl p @@ -425,6 +477,8 @@ creating a new private key. The program will prompt for the file containing the private key, for the old passphrase, and twice for the new passphrase. +.It Fl Q +Test whether keys have been revoked in a KRL. .It Fl q Silence .Nm ssh-keygen . @@ -448,20 +502,35 @@ Certify (sign) a public key using the specified CA key. Please see the .Sx CERTIFICATES section for details. +.Pp +When generating a KRL, +.Fl s +specifies a path to a CA public key file used to revoke certificates directly +by key ID or serial number. +See the +.Sx KEY REVOCATION LISTS +section for details. .It Fl T Ar output_file Test DH group exchange candidate primes (generated using the .Fl G option) for safety. -.It Fl t Ar type +.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1 Specifies the type of key to create. The possible values are .Dq rsa1 for protocol version 1 and .Dq dsa , -.Dq ecdsa +.Dq ecdsa , +.Dq ed25519 , or .Dq rsa for protocol version 2. +.It Fl u +Update a KRL. +When specified with +.Fl k , +keys listed via the command line are added to the existing KRL rather than +a new KRL being created. .It Fl V Ar validity_interval Specify a validity interval when signing a certificate. A validity interval may consist of a single time, indicating that the @@ -470,8 +539,7 @@ of two times separated by a colon to indicate an explicit time interval. The start time may be specified as a date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting of a minus sign followed by a relative time in the format described in the -.Sx TIME FORMATS -section of +TIME FORMATS section of .Xr sshd_config 5 . The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting with a plus character. @@ -504,6 +572,10 @@ OpenSSH format file and print an OpenSSH public key to stdout. Specifies a serial number to be embedded in the certificate to distinguish this certificate from others from the same CA. The default serial number is zero. +.Pp +When generating a KRL, the +.Fl z +flag is used to specify a KRL version number. .El .Sh MODULI GENERATION .Nm @@ -628,7 +700,9 @@ The option allows specification of certificate start and end times. A certificate that is presented at a time outside this range will not be considered valid. -By default, certificates have a maximum validity interval. +By default, certificates are valid from +.Ux +Epoch to the distant future. .Pp For certificates to be used for user or host authentication, the CA public key must be trusted by @@ -636,6 +710,73 @@ public key must be trusted by or .Xr ssh 1 . Please refer to those manual pages for details. +.Sh KEY REVOCATION LISTS +.Nm +is able to manage OpenSSH format Key Revocation Lists (KRLs). +These binary files specify keys or certificates to be revoked using a +compact format, taking as little as one bit per certificate if they are being +revoked by serial number. +.Pp +KRLs may be generated using the +.Fl k +flag. +This option reads one or more files from the command line and generates a new +KRL. +The files may either contain a KRL specification (see below) or public keys, +listed one per line. +Plain public keys are revoked by listing their hash or contents in the KRL and +certificates revoked by serial number or key ID (if the serial is zero or +not available). +.Pp +Revoking keys using a KRL specification offers explicit control over the +types of record used to revoke keys and may be used to directly revoke +certificates by serial number or key ID without having the complete original +certificate on hand. +A KRL specification consists of lines containing one of the following directives +followed by a colon and some directive-specific information. +.Bl -tag -width Ds +.It Cm serial : Ar serial_number Ns Op - Ns Ar serial_number +Revokes a certificate with the specified serial number. +Serial numbers are 64-bit values, not including zero and may be expressed +in decimal, hex or octal. +If two serial numbers are specified separated by a hyphen, then the range +of serial numbers including and between each is revoked. +The CA key must have been specified on the +.Nm +command line using the +.Fl s +option. +.It Cm id : Ar key_id +Revokes a certificate with the specified key ID string. +The CA key must have been specified on the +.Nm +command line using the +.Fl s +option. +.It Cm key : Ar public_key +Revokes the specified key. +If a certificate is listed, then it is revoked as a plain public key. +.It Cm sha1 : Ar public_key +Revokes the specified key by its SHA1 hash. +.El +.Pp +KRLs may be updated using the +.Fl u +flag in addition to +.Fl k . +When this option is specified, keys listed via the command line are merged into +the KRL, adding to those already there. +.Pp +It is also possible, given a KRL, to test whether it revokes a particular key +(or keys). +The +.Fl Q +flag will query an existing KRL, testing each key specified on the commandline. +If any key listed on the command line has been revoked (or an error encountered) +then +.Nm +will exit with a non-zero exit status. +A zero exit status will only be returned if no key was revoked. .Sh FILES .Bl -tag -width Ds -compact .It Pa ~/.ssh/identity @@ -660,8 +801,10 @@ There is no need to keep the contents of this file secret. .Pp .It Pa ~/.ssh/id_dsa .It Pa ~/.ssh/id_ecdsa +.It Pa ~/.ssh/id_ed25519 .It Pa ~/.ssh/id_rsa -Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. +Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA +authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -674,8 +817,10 @@ will read this file when a login attempt is made. .Pp .It Pa ~/.ssh/id_dsa.pub .It Pa ~/.ssh/id_ecdsa.pub +.It Pa ~/.ssh/id_ed25519.pub .It Pa ~/.ssh/id_rsa.pub -Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. +Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA +public key for authentication. The contents of this file should be added to .Pa ~/.ssh/authorized_keys on all machines diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index a223ddc811..23058ee996 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.216 2012/07/06 06:38:03 jmc Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.249 2014/07/03 03:47:27 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -48,8 +48,11 @@ #include "match.h" #include "hostfile.h" #include "dns.h" +#include "ssh.h" #include "ssh2.h" #include "ssh-pkcs11.h" +#include "atomicio.h" +#include "krl.h" /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ #define DEFAULT_BITS 2048 @@ -104,7 +107,7 @@ char *identity_comment = NULL; char *ca_key_path = NULL; /* Certificate serial number */ -long long cert_serial = 0; +unsigned long long cert_serial = 0; /* Key type when certifying */ u_int cert_key_type = SSH2_CERT_TYPE_USER; @@ -147,10 +150,22 @@ char *key_type_name = NULL; /* Load key from this PKCS#11 provider */ char *pkcs11provider = NULL; +/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ +int use_new_format = 0; + +/* Cipher for new-format private keys */ +char *new_format_cipher = NULL; + +/* + * Number of KDF rounds to derive new format keys / + * number of primality trials when screening moduli. + */ +int rounds = 0; + /* argv0 */ extern char *__progname; -char hostname[MAXHOSTNAMELEN]; +char hostname[NI_MAXHOST]; /* moduli.c */ int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); @@ -180,13 +195,15 @@ type_bits_valid(int type, u_int32_t *bitsp) fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); exit(1); } +#ifdef WITH_OPENSSL if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); - else if (type != KEY_ECDSA && *bitsp < 768) + else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) fatal("Key must at least be 768 bits"); else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) fatal("Invalid ECDSA key length - valid lengths are " "256, 384 or 521 bits"); +#endif } static void @@ -218,6 +235,10 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_RSA: name = _PATH_SSH_CLIENT_ID_RSA; break; + case KEY_ED25519: + case KEY_ED25519_CERT: + name = _PATH_SSH_CLIENT_ID_ED25519; + break; default: fprintf(stderr, "bad key type\n"); exit(1); @@ -248,8 +269,8 @@ load_identity(char *filename) pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); prv = key_load_private(filename, pass, NULL); - memset(pass, 0, strlen(pass)); - xfree(pass); + explicit_bzero(pass, strlen(pass)); + free(pass); } return prv; } @@ -259,6 +280,7 @@ load_identity(char *filename) #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb +#ifdef WITH_OPENSSL static void do_convert_to_ssh2(struct passwd *pw, Key *k) { @@ -285,7 +307,7 @@ do_convert_to_ssh2(struct passwd *pw, Key *k) dump_base64(stdout, blob, len); fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); key_free(k); - xfree(blob); + free(blob); exit(0); } @@ -389,7 +411,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) Buffer b; Key *key = NULL; char *type, *cipher; - u_char *sig, data[] = "abcde12345"; + u_char *sig = NULL, data[] = "abcde12345"; int magic, rlen, ktype, i1, i2, i3, i4; u_int slen; u_long e; @@ -412,12 +434,12 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) debug("ignore (%d %d %d %d)", i1, i2, i3, i4); if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); - xfree(cipher); + free(cipher); buffer_free(&b); - xfree(type); + free(type); return NULL; } - xfree(cipher); + free(cipher); if (strstr(type, "dsa")) { ktype = KEY_DSA; @@ -425,11 +447,11 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) ktype = KEY_RSA; } else { buffer_free(&b); - xfree(type); + free(type); return NULL; } key = key_new_private(ktype); - xfree(type); + free(type); switch (key->type) { case KEY_DSA: @@ -460,7 +482,9 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) buffer_get_bignum_bits(&b, key->rsa->iqmp); buffer_get_bignum_bits(&b, key->rsa->q); buffer_get_bignum_bits(&b, key->rsa->p); - rsa_generate_additional_parameters(key->rsa); + if (rsa_generate_additional_parameters(key->rsa) != 0) + fatal("%s: rsa_generate_additional_parameters " + "error", __func__); break; } rlen = buffer_len(&b); @@ -472,7 +496,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) /* try the key */ key_sign(key, &sig, &slen, data, sizeof(data)); key_verify(key, sig, slen, data, sizeof(data)); - xfree(sig); + free(sig); return key; } @@ -521,7 +545,7 @@ do_convert_from_ssh2(struct passwd *pw, Key **k, int *private) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); encoded[0] = '\0'; while ((blen = get_line(fp, line, sizeof(line))) != -1) { - if (line[blen - 1] == '\\') + if (blen > 0 && line[blen - 1] == '\\') escaped++; if (strncmp(line, "----", 4) == 0 || strstr(line, ": ") != NULL) { @@ -692,6 +716,7 @@ do_convert_from(struct passwd *pw) key_free(k); exit(0); } +#endif static void do_print_public(struct passwd *pw) @@ -723,17 +748,35 @@ do_download(struct passwd *pw) #ifdef ENABLE_PKCS11 Key **keys = NULL; int i, nkeys; + enum fp_rep rep; + enum fp_type fptype; + char *fp, *ra; + + fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; + rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; pkcs11_init(0); nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); if (nkeys <= 0) fatal("cannot read public key from pkcs11"); for (i = 0; i < nkeys; i++) { - key_write(keys[i], stdout); + if (print_fingerprint) { + fp = key_fingerprint(keys[i], fptype, rep); + ra = key_fingerprint(keys[i], SSH_FP_MD5, + SSH_FP_RANDOMART); + printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]), + fp, key_type(keys[i])); + if (log_level >= SYSLOG_LEVEL_VERBOSE) + printf("%s\n", ra); + free(ra); + free(fp); + } else { + key_write(keys[i], stdout); + fprintf(stdout, "\n"); + } key_free(keys[i]); - fprintf(stdout, "\n"); } - xfree(keys); + free(keys); pkcs11_terminate(); exit(0); #else @@ -770,13 +813,13 @@ do_fingerprint(struct passwd *pw) if (log_level >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); key_free(public); - xfree(comment); - xfree(ra); - xfree(fp); + free(comment); + free(ra); + free(fp); exit(0); } if (comment) { - xfree(comment); + free(comment); comment = NULL; } @@ -835,8 +878,8 @@ do_fingerprint(struct passwd *pw) comment ? comment : "no comment", key_type(public)); if (log_level >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); - xfree(ra); - xfree(fp); + free(ra); + free(fp); key_free(public); invalid = 0; } @@ -863,6 +906,7 @@ do_gen_all_hostkeys(struct passwd *pw) #ifdef OPENSSL_HAS_ECC { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, #endif + { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, { NULL, NULL, NULL } }; @@ -889,7 +933,6 @@ do_gen_all_hostkeys(struct passwd *pw) } printf("%s ", key_types[i].key_type_display); fflush(stdout); - arc4random_stir(); type = key_type_from_name(key_types[i].key_type); strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); bits = 0; @@ -903,7 +946,8 @@ do_gen_all_hostkeys(struct passwd *pw) public = key_from_private(private); snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); - if (!key_save_private(private, identity_file, "", comment)) { + if (!key_save_private(private, identity_file, "", comment, + use_new_format, new_format_cipher, rounds)) { printf("Saving the key failed: %s.\n", identity_file); key_free(private); key_free(public); @@ -911,7 +955,6 @@ do_gen_all_hostkeys(struct passwd *pw) continue; } key_free(private); - arc4random_stir(); strlcat(identity_file, ".pub", sizeof(identity_file)); fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fd == -1) { @@ -944,7 +987,7 @@ do_gen_all_hostkeys(struct passwd *pw) } static void -printhost(FILE *f, const char *name, Key *public, int ca, int hash) +printhost(FILE *f, const char *name, Key *public, int ca, int revoked, int hash) { if (print_fingerprint) { enum fp_rep rep; @@ -959,12 +1002,13 @@ printhost(FILE *f, const char *name, Key *public, int ca, int hash) key_type(public)); if (log_level >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); - xfree(ra); - xfree(fp); + free(ra); + free(fp); } else { if (hash && (name = host_hash(name, NULL, 0)) == NULL) fatal("hash_host failed"); - fprintf(f, "%s%s%s ", ca ? CA_MARKER : "", ca ? " " : "", name); + fprintf(f, "%s%s%s ", ca ? CA_MARKER " " : "", + revoked ? REVOKE_MARKER " " : "" , name); if (!key_write(public, f)) fatal("key_write failed"); fprintf(f, "\n"); @@ -979,19 +1023,21 @@ do_known_hosts(struct passwd *pw, const char *name) char *cp, *cp2, *kp, *kp2; char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN]; int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; - int ca; + int ca, revoked; + int found_key = 0; if (!have_identity) { cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); if (strlcpy(identity_file, cp, sizeof(identity_file)) >= sizeof(identity_file)) fatal("Specified known hosts path too long"); - xfree(cp); + free(cp); have_identity = 1; } if ((in = fopen(identity_file, "r")) == NULL) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); + /* XXX this code is a mess; refactor -djm */ /* * Find hosts goes to stdout, hash and deletions happen in-place * A corner case is ssh-keygen -HF foo, which should go to stdout @@ -1035,7 +1081,7 @@ do_known_hosts(struct passwd *pw, const char *name) fprintf(out, "%s\n", cp); continue; } - /* Check whether this is a CA key */ + /* Check whether this is a CA key or revocation marker */ if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 && (cp[sizeof(CA_MARKER) - 1] == ' ' || cp[sizeof(CA_MARKER) - 1] == '\t')) { @@ -1043,6 +1089,14 @@ do_known_hosts(struct passwd *pw, const char *name) cp += sizeof(CA_MARKER); } else ca = 0; + if (strncasecmp(cp, REVOKE_MARKER, + sizeof(REVOKE_MARKER) - 1) == 0 && + (cp[sizeof(REVOKE_MARKER) - 1] == ' ' || + cp[sizeof(REVOKE_MARKER) - 1] == '\t')) { + revoked = 1; + cp += sizeof(REVOKE_MARKER); + } else + revoked = 0; /* Find the end of the host name portion. */ for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) @@ -1082,50 +1136,74 @@ do_known_hosts(struct passwd *pw, const char *name) } c = (strcmp(cp2, cp) == 0); if (find_host && c) { - printf("# Host %s found: " - "line %d type %s%s\n", name, - num, key_type(pub), - ca ? " (CA key)" : ""); - printhost(out, cp, pub, ca, 0); + if (!quiet) + printf("# Host %s found: " + "line %d type %s%s\n", name, + num, key_type(pub), + ca ? " (CA key)" : + revoked? " (revoked)" : ""); + printhost(out, cp, pub, ca, revoked, 0); + found_key = 1; + } + if (delete_host) { + if (!c || ca || revoked) { + printhost(out, cp, pub, + ca, revoked, 0); + } else { + printf("# Host %s found: " + "line %d type %s\n", name, + num, key_type(pub)); + } } - if (delete_host && !c && !ca) - printhost(out, cp, pub, ca, 0); } else if (hash_hosts) - printhost(out, cp, pub, ca, 0); + printhost(out, cp, pub, ca, revoked, 0); } else { if (find_host || delete_host) { c = (match_hostname(name, cp, strlen(cp)) == 1); if (find_host && c) { - printf("# Host %s found: " - "line %d type %s%s\n", name, - num, key_type(pub), - ca ? " (CA key)" : ""); - printhost(out, name, pub, - ca, hash_hosts && !ca); + if (!quiet) + printf("# Host %s found: " + "line %d type %s%s\n", name, + num, key_type(pub), + ca ? " (CA key)" : ""); + printhost(out, name, pub, ca, revoked, + hash_hosts && !(ca || revoked)); + found_key = 1; } - if (delete_host && !c && !ca) - printhost(out, cp, pub, ca, 0); + if (delete_host) { + if (!c || ca || revoked) { + printhost(out, cp, pub, + ca, revoked, 0); + } else { + printf("# Host %s found: " + "line %d type %s\n", name, + num, key_type(pub)); + } + } + } else if (hash_hosts && (ca || revoked)) { + /* Don't hash CA and revoked keys' hostnames */ + printhost(out, cp, pub, ca, revoked, 0); + has_unhashed = 1; } else if (hash_hosts) { + /* Hash each hostname separately */ for (cp2 = strsep(&cp, ","); cp2 != NULL && *cp2 != '\0'; cp2 = strsep(&cp, ",")) { - if (ca) { - fprintf(stderr, "Warning: " - "ignoring CA key for host: " - "%.64s\n", cp2); - printhost(out, cp2, pub, ca, 0); - } else if (strcspn(cp2, "*?!") != + if (strcspn(cp2, "*?!") != strlen(cp2)) { fprintf(stderr, "Warning: " "ignoring host name with " "metacharacters: %.64s\n", cp2); - printhost(out, cp2, pub, ca, 0); - } else - printhost(out, cp2, pub, ca, 1); + printhost(out, cp2, pub, ca, + revoked, 0); + has_unhashed = 1; + } else { + printhost(out, cp2, pub, ca, + revoked, 1); + } } - has_unhashed = 1; } } key_free(pub); @@ -1172,7 +1250,7 @@ do_known_hosts(struct passwd *pw, const char *name) } } - exit(0); + exit (find_host && !found_key); } /* @@ -1204,8 +1282,8 @@ do_change_passphrase(struct passwd *pw) RP_ALLOW_STDIN); private = key_load_private(identity_file, old_passphrase, &comment); - memset(old_passphrase, 0, strlen(old_passphrase)); - xfree(old_passphrase); + explicit_bzero(old_passphrase, strlen(old_passphrase)); + free(old_passphrase); if (private == NULL) { printf("Bad passphrase.\n"); exit(1); @@ -1226,32 +1304,33 @@ do_change_passphrase(struct passwd *pw) /* Verify that they are the same. */ if (strcmp(passphrase1, passphrase2) != 0) { - memset(passphrase1, 0, strlen(passphrase1)); - memset(passphrase2, 0, strlen(passphrase2)); - xfree(passphrase1); - xfree(passphrase2); + explicit_bzero(passphrase1, strlen(passphrase1)); + explicit_bzero(passphrase2, strlen(passphrase2)); + free(passphrase1); + free(passphrase2); printf("Pass phrases do not match. Try again.\n"); exit(1); } /* Destroy the other copy. */ - memset(passphrase2, 0, strlen(passphrase2)); - xfree(passphrase2); + explicit_bzero(passphrase2, strlen(passphrase2)); + free(passphrase2); } /* Save the file using the new passphrase. */ - if (!key_save_private(private, identity_file, passphrase1, comment)) { + if (!key_save_private(private, identity_file, passphrase1, comment, + use_new_format, new_format_cipher, rounds)) { printf("Saving the key failed: %s.\n", identity_file); - memset(passphrase1, 0, strlen(passphrase1)); - xfree(passphrase1); + explicit_bzero(passphrase1, strlen(passphrase1)); + free(passphrase1); key_free(private); - xfree(comment); + free(comment); exit(1); } /* Destroy the passphrase and the copy of the key in memory. */ - memset(passphrase1, 0, strlen(passphrase1)); - xfree(passphrase1); + explicit_bzero(passphrase1, strlen(passphrase1)); + free(passphrase1); key_free(private); /* Destroys contents */ - xfree(comment); + free(comment); printf("Your identification has been saved with the new passphrase.\n"); exit(0); @@ -1268,7 +1347,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname) struct stat st; if (fname == NULL) - ask_filename(pw, "Enter file in which the key is"); + fatal("%s: no filename", __func__); if (stat(fname, &st) < 0) { if (errno == ENOENT) return 0; @@ -1279,11 +1358,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname) if (public != NULL) { export_dns_rr(hname, public, stdout, print_generic); key_free(public); - xfree(comment); + free(comment); return 1; } if (comment) - xfree(comment); + free(comment); printf("failed to read v2 public key from %s.\n", fname); exit(1); @@ -1320,8 +1399,8 @@ do_change_comment(struct passwd *pw) /* Try to load using the passphrase. */ private = key_load_private(identity_file, passphrase, &comment); if (private == NULL) { - memset(passphrase, 0, strlen(passphrase)); - xfree(passphrase); + explicit_bzero(passphrase, strlen(passphrase)); + free(passphrase); printf("Bad passphrase.\n"); exit(1); } @@ -1341,7 +1420,7 @@ do_change_comment(struct passwd *pw) printf("Enter new comment: "); fflush(stdout); if (!fgets(new_comment, sizeof(new_comment), stdin)) { - memset(passphrase, 0, strlen(passphrase)); + explicit_bzero(passphrase, strlen(passphrase)); key_free(private); exit(1); } @@ -1349,16 +1428,17 @@ do_change_comment(struct passwd *pw) } /* Save the file using the new passphrase. */ - if (!key_save_private(private, identity_file, passphrase, new_comment)) { + if (!key_save_private(private, identity_file, passphrase, new_comment, + use_new_format, new_format_cipher, rounds)) { printf("Saving the key failed: %s.\n", identity_file); - memset(passphrase, 0, strlen(passphrase)); - xfree(passphrase); + explicit_bzero(passphrase, strlen(passphrase)); + free(passphrase); key_free(private); - xfree(comment); + free(comment); exit(1); } - memset(passphrase, 0, strlen(passphrase)); - xfree(passphrase); + explicit_bzero(passphrase, strlen(passphrase)); + free(passphrase); public = key_from_private(private); key_free(private); @@ -1379,7 +1459,7 @@ do_change_comment(struct passwd *pw) fprintf(f, " %s\n", new_comment); fclose(f); - xfree(comment); + free(comment); printf("The comment in your key file has been changed.\n"); exit(0); @@ -1496,7 +1576,7 @@ load_pkcs11_key(char *path) } key_free(keys[i]); } - xfree(keys); + free(keys); key_free(public); return private; #else @@ -1533,14 +1613,16 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) } } +#ifdef ENABLE_PKCS11 pkcs11_init(1); +#endif tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); if (pkcs11provider != NULL) { if ((ca = load_pkcs11_key(tmp)) == NULL) fatal("No PKCS#11 key matching %s found", ca_key_path); } else if ((ca = load_identity(tmp)) == NULL) fatal("Couldn't load CA key \"%s\"", tmp); - xfree(tmp); + free(tmp); for (i = 0; i < argc; i++) { /* Split list of principals */ @@ -1553,14 +1635,14 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) if (*(plist[n] = xstrdup(cp)) == '\0') fatal("Empty principal name"); } - xfree(otmp); + free(otmp); } tmp = tilde_expand_filename(argv[i], pw->pw_uid); if ((public = key_load_public(tmp, &comment)) == NULL) fatal("%s: unable to open \"%s\"", __func__, tmp); if (public->type != KEY_RSA && public->type != KEY_DSA && - public->type != KEY_ECDSA) + public->type != KEY_ECDSA && public->type != KEY_ED25519) fatal("%s: key \"%s\" type %s cannot be certified", __func__, tmp, key_type(public)); @@ -1575,12 +1657,12 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) public->cert->valid_after = cert_valid_from; public->cert->valid_before = cert_valid_to; if (v00) { - prepare_options_buf(&public->cert->critical, + prepare_options_buf(public->cert->critical, OPTIONS_CRITICAL|OPTIONS_EXTENSIONS); } else { - prepare_options_buf(&public->cert->critical, + prepare_options_buf(public->cert->critical, OPTIONS_CRITICAL); - prepare_options_buf(&public->cert->extensions, + prepare_options_buf(public->cert->extensions, OPTIONS_EXTENSIONS); } public->cert->signature_key = key_from_private(ca); @@ -1591,7 +1673,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) *cp = '\0'; xasprintf(&out, "%s-cert.pub", tmp); - xfree(tmp); + free(tmp); if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) fatal("Could not open \"%s\" for writing: %s", out, @@ -1614,9 +1696,11 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) } key_free(public); - xfree(out); + free(out); } +#ifdef ENABLE_PKCS11 pkcs11_terminate(); +#endif exit(0); } @@ -1660,7 +1744,7 @@ parse_absolute_time(const char *s) fatal("Invalid certificate time format %s", s); } - bzero(&tm, sizeof(tm)); + memset(&tm, 0, sizeof(tm)); if (strptime(buf, fmt, &tm) == NULL) fatal("Invalid certificate time %s", s); if ((tt = mktime(&tm)) < 0) @@ -1705,13 +1789,13 @@ parse_cert_times(char *timespec) cert_valid_from = parse_absolute_time(from); if (*to == '-' || *to == '+') - cert_valid_to = parse_relative_time(to, cert_valid_from); + cert_valid_to = parse_relative_time(to, now); else cert_valid_to = parse_absolute_time(to); if (cert_valid_to <= cert_valid_from) fatal("Empty certificate validity interval"); - xfree(from); + free(from); } static void @@ -1764,7 +1848,8 @@ add_cert_option(char *opt) static void show_options(const Buffer *optbuf, int v00, int in_critical) { - u_char *name, *data; + char *name, *arg; + const u_char *data; u_int dlen; Buffer options, option; @@ -1787,15 +1872,15 @@ show_options(const Buffer *optbuf, int v00, int in_critical) else if ((v00 || in_critical) && (strcmp(name, "force-command") == 0 || strcmp(name, "source-address") == 0)) { - data = buffer_get_string(&option, NULL); - printf(" %s\n", data); - xfree(data); + arg = buffer_get_cstring(&option, NULL); + printf(" %s\n", arg); + free(arg); } else { printf(" UNKNOWN OPTION (len %u)\n", buffer_len(&option)); buffer_clear(&option); } - xfree(name); + free(name); if (buffer_len(&option) != 0) fatal("Option corrupt: extra data at end"); } @@ -1848,72 +1933,281 @@ do_show_cert(struct passwd *pw) printf("\n"); } printf(" Critical Options: "); - if (buffer_len(&key->cert->critical) == 0) + if (buffer_len(key->cert->critical) == 0) printf("(none)\n"); else { printf("\n"); - show_options(&key->cert->critical, v00, 1); + show_options(key->cert->critical, v00, 1); } if (!v00) { printf(" Extensions: "); - if (buffer_len(&key->cert->extensions) == 0) + if (buffer_len(key->cert->extensions) == 0) printf("(none)\n"); else { printf("\n"); - show_options(&key->cert->extensions, v00, 0); + show_options(key->cert->extensions, v00, 0); } } exit(0); } +#ifdef WITH_OPENSSL +static void +load_krl(const char *path, struct ssh_krl **krlp) +{ + Buffer krlbuf; + int fd; + + buffer_init(&krlbuf); + if ((fd = open(path, O_RDONLY)) == -1) + fatal("open %s: %s", path, strerror(errno)); + if (!key_load_file(fd, path, &krlbuf)) + fatal("Unable to load KRL"); + close(fd); + /* XXX check sigs */ + if (ssh_krl_from_blob(&krlbuf, krlp, NULL, 0) != 0 || + *krlp == NULL) + fatal("Invalid KRL file"); + buffer_free(&krlbuf); +} + +static void +update_krl_from_file(struct passwd *pw, const char *file, const Key *ca, + struct ssh_krl *krl) +{ + Key *key = NULL; + u_long lnum = 0; + char *path, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; + unsigned long long serial, serial2; + int i, was_explicit_key, was_sha1, r; + FILE *krl_spec; + + path = tilde_expand_filename(file, pw->pw_uid); + if (strcmp(path, "-") == 0) { + krl_spec = stdin; + free(path); + path = xstrdup("(standard input)"); + } else if ((krl_spec = fopen(path, "r")) == NULL) + fatal("fopen %s: %s", path, strerror(errno)); + + if (!quiet) + printf("Revoking from %s\n", path); + while (read_keyfile_line(krl_spec, path, line, sizeof(line), + &lnum) == 0) { + was_explicit_key = was_sha1 = 0; + cp = line + strspn(line, " \t"); + /* Trim trailing space, comments and strip \n */ + for (i = 0, r = -1; cp[i] != '\0'; i++) { + if (cp[i] == '#' || cp[i] == '\n') { + cp[i] = '\0'; + break; + } + if (cp[i] == ' ' || cp[i] == '\t') { + /* Remember the start of a span of whitespace */ + if (r == -1) + r = i; + } else + r = -1; + } + if (r != -1) + cp[r] = '\0'; + if (*cp == '\0') + continue; + if (strncasecmp(cp, "serial:", 7) == 0) { + if (ca == NULL) { + fatal("revoking certificates by serial number " + "requires specification of a CA key"); + } + cp += 7; + cp = cp + strspn(cp, " \t"); + errno = 0; + serial = strtoull(cp, &ep, 0); + if (*cp == '\0' || (*ep != '\0' && *ep != '-')) + fatal("%s:%lu: invalid serial \"%s\"", + path, lnum, cp); + if (errno == ERANGE && serial == ULLONG_MAX) + fatal("%s:%lu: serial out of range", + path, lnum); + serial2 = serial; + if (*ep == '-') { + cp = ep + 1; + errno = 0; + serial2 = strtoull(cp, &ep, 0); + if (*cp == '\0' || *ep != '\0') + fatal("%s:%lu: invalid serial \"%s\"", + path, lnum, cp); + if (errno == ERANGE && serial2 == ULLONG_MAX) + fatal("%s:%lu: serial out of range", + path, lnum); + if (serial2 <= serial) + fatal("%s:%lu: invalid serial range " + "%llu:%llu", path, lnum, + (unsigned long long)serial, + (unsigned long long)serial2); + } + if (ssh_krl_revoke_cert_by_serial_range(krl, + ca, serial, serial2) != 0) { + fatal("%s: revoke serial failed", + __func__); + } + } else if (strncasecmp(cp, "id:", 3) == 0) { + if (ca == NULL) { + fatal("revoking certificates by key ID " + "requires specification of a CA key"); + } + cp += 3; + cp = cp + strspn(cp, " \t"); + if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0) + fatal("%s: revoke key ID failed", __func__); + } else { + if (strncasecmp(cp, "key:", 4) == 0) { + cp += 4; + cp = cp + strspn(cp, " \t"); + was_explicit_key = 1; + } else if (strncasecmp(cp, "sha1:", 5) == 0) { + cp += 5; + cp = cp + strspn(cp, " \t"); + was_sha1 = 1; + } else { + /* + * Just try to process the line as a key. + * Parsing will fail if it isn't. + */ + } + if ((key = key_new(KEY_UNSPEC)) == NULL) + fatal("key_new"); + if (key_read(key, &cp) != 1) + fatal("%s:%lu: invalid key", path, lnum); + if (was_explicit_key) + r = ssh_krl_revoke_key_explicit(krl, key); + else if (was_sha1) + r = ssh_krl_revoke_key_sha1(krl, key); + else + r = ssh_krl_revoke_key(krl, key); + if (r != 0) + fatal("%s: revoke key failed", __func__); + key_free(key); + } + } + if (strcmp(path, "-") != 0) + fclose(krl_spec); + free(path); +} + +static void +do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) +{ + struct ssh_krl *krl; + struct stat sb; + Key *ca = NULL; + int fd, i; + char *tmp; + Buffer kbuf; + + if (*identity_file == '\0') + fatal("KRL generation requires an output file"); + if (stat(identity_file, &sb) == -1) { + if (errno != ENOENT) + fatal("Cannot access KRL \"%s\": %s", + identity_file, strerror(errno)); + if (updating) + fatal("KRL \"%s\" does not exist", identity_file); + } + if (ca_key_path != NULL) { + tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); + if ((ca = key_load_public(tmp, NULL)) == NULL) + fatal("Cannot load CA public key %s", tmp); + free(tmp); + } + + if (updating) + load_krl(identity_file, &krl); + else if ((krl = ssh_krl_init()) == NULL) + fatal("couldn't create KRL"); + + if (cert_serial != 0) + ssh_krl_set_version(krl, cert_serial); + if (identity_comment != NULL) + ssh_krl_set_comment(krl, identity_comment); + + for (i = 0; i < argc; i++) + update_krl_from_file(pw, argv[i], ca, krl); + + buffer_init(&kbuf); + if (ssh_krl_to_blob(krl, &kbuf, NULL, 0) != 0) + fatal("Couldn't generate KRL"); + if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) + fatal("open %s: %s", identity_file, strerror(errno)); + if (atomicio(vwrite, fd, buffer_ptr(&kbuf), buffer_len(&kbuf)) != + buffer_len(&kbuf)) + fatal("write %s: %s", identity_file, strerror(errno)); + close(fd); + buffer_free(&kbuf); + ssh_krl_free(krl); + if (ca != NULL) + key_free(ca); +} + +static void +do_check_krl(struct passwd *pw, int argc, char **argv) +{ + int i, r, ret = 0; + char *comment; + struct ssh_krl *krl; + Key *k; + + if (*identity_file == '\0') + fatal("KRL checking requires an input file"); + load_krl(identity_file, &krl); + for (i = 0; i < argc; i++) { + if ((k = key_load_public(argv[i], &comment)) == NULL) + fatal("Cannot load public key %s", argv[i]); + r = ssh_krl_check_key(krl, k); + printf("%s%s%s%s: %s\n", argv[i], + *comment ? " (" : "", comment, *comment ? ")" : "", + r == 0 ? "ok" : "REVOKED"); + if (r != 0) + ret = 1; + key_free(k); + free(comment); + } + ssh_krl_free(krl); + exit(ret); +} +#endif + static void usage(void) { - fprintf(stderr, "usage: %s [options]\n", __progname); - fprintf(stderr, "Options:\n"); - fprintf(stderr, " -A Generate non-existent host keys for all key types.\n"); - fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n"); - fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); - fprintf(stderr, " -b bits Number of bits in the key to create.\n"); - fprintf(stderr, " -C comment Provide new comment.\n"); - fprintf(stderr, " -c Change comment in private and public key files.\n"); + fprintf(stderr, + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" + " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" + " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" + " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" + " ssh-keygen -e [-m key_format] [-f input_keyfile]\n" + " ssh-keygen -y [-f input_keyfile]\n" + " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" + " ssh-keygen -l [-f input_keyfile]\n" + " ssh-keygen -B [-f input_keyfile]\n"); #ifdef ENABLE_PKCS11 - fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n"); + fprintf(stderr, + " ssh-keygen -D pkcs11\n"); #endif - fprintf(stderr, " -e Export OpenSSH to foreign format key file.\n"); - fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); - fprintf(stderr, " -f filename Filename of the key file.\n"); - fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); - fprintf(stderr, " -g Use generic DNS resource record format.\n"); - fprintf(stderr, " -H Hash names in known_hosts file.\n"); - fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); - fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); - fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); - fprintf(stderr, " -J number Screen this number of moduli lines.\n"); - fprintf(stderr, " -j number Start screening moduli at specified line.\n"); - fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); - fprintf(stderr, " -L Print the contents of a certificate.\n"); - fprintf(stderr, " -l Show fingerprint of key file.\n"); - fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); - fprintf(stderr, " -m key_fmt Conversion format for -e/-i (PEM|PKCS8|RFC4716).\n"); - fprintf(stderr, " -N phrase Provide new passphrase.\n"); - fprintf(stderr, " -n name,... User/host principal names to include in certificate\n"); - fprintf(stderr, " -O option Specify a certificate option.\n"); - fprintf(stderr, " -P phrase Provide old passphrase.\n"); - fprintf(stderr, " -p Change passphrase of private key file.\n"); - fprintf(stderr, " -q Quiet.\n"); - fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); - fprintf(stderr, " -r hostname Print DNS resource record.\n"); - fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); - fprintf(stderr, " -s ca_key Certify keys with CA key.\n"); - fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); - fprintf(stderr, " -t type Specify type of key to create.\n"); - fprintf(stderr, " -V from:to Specify certificate validity interval.\n"); - fprintf(stderr, " -v Verbose.\n"); - fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); - fprintf(stderr, " -y Read private key file and print public key.\n"); - fprintf(stderr, " -z serial Specify a serial number.\n"); - + fprintf(stderr, + " ssh-keygen -F hostname [-f known_hosts_file] [-l]\n" + " ssh-keygen -H [-f known_hosts_file]\n" + " ssh-keygen -R hostname [-f known_hosts_file]\n" + " ssh-keygen -r hostname [-f input_keyfile] [-g]\n" + " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" + " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" + " [-j start_line] [-K checkpt] [-W generator]\n" + " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" + " [-O option] [-V validity_interval] [-z serial_number] file ...\n" + " ssh-keygen -L [-f input_keyfile]\n" + " ssh-keygen -A\n" + " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" + " file ...\n" + " ssh-keygen -Q -f krl_file file ...\n"); exit(1); } @@ -1925,14 +2219,14 @@ main(int argc, char **argv) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; char *checkpoint = NULL; - char out_file[MAXPATHLEN], *rr_hostname = NULL; + char out_file[MAXPATHLEN], *ep, *rr_hostname = NULL; Key *private, *public; struct passwd *pw; struct stat st; int opt, type, fd; - u_int32_t memory = 0, generator_wanted = 0, trials = 100; + u_int32_t memory = 0, generator_wanted = 0; int do_gen_candidates = 0, do_screen_candidates = 0; - int gen_all_hostkeys = 0; + int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; unsigned long start_lineno = 0, lines_to_process = 0; BIGNUM *start = NULL; FILE *f; @@ -1954,7 +2248,7 @@ main(int argc, char **argv) /* we need this for the home * directory. */ pw = getpwuid(getuid()); if (!pw) { - printf("You don't exist, go away!\n"); + printf("No user exists for uid %lu\n", (u_long)getuid()); exit(1); } if (gethostname(hostname, sizeof(hostname)) < 0) { @@ -1962,8 +2256,9 @@ main(int argc, char **argv) exit(1); } - while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:" - "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) { + /* Remaining characters: EUYdw */ + while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" + "C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:a:b:f:g:j:m:n:r:s:t:z:")) != -1) { switch (opt) { case 'A': gen_all_hostkeys = 1; @@ -2021,6 +2316,9 @@ main(int argc, char **argv) case 'n': cert_principals = optarg; break; + case 'o': + use_new_format = 1; + break; case 'p': change_passphrase = 1; break; @@ -2042,9 +2340,15 @@ main(int argc, char **argv) case 'N': identity_new_passphrase = optarg; break; + case 'Q': + check_krl = 1; + break; case 'O': add_cert_option(optarg); break; + case 'Z': + new_format_cipher = optarg; + break; case 'C': identity_comment = optarg; break; @@ -2060,6 +2364,9 @@ main(int argc, char **argv) cert_key_type = SSH2_CERT_TYPE_HOST; certflags_flags = 0; break; + case 'k': + gen_krl = 1; + break; case 'i': case 'X': /* import key */ @@ -2077,6 +2384,9 @@ main(int argc, char **argv) case 'D': pkcs11provider = optarg; break; + case 'u': + update_krl = 1; + break; case 'v': if (log_level == SYSLOG_LEVEL_INFO) log_level = SYSLOG_LEVEL_DEBUG1; @@ -2097,9 +2407,9 @@ main(int argc, char **argv) optarg, errstr); break; case 'a': - trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); + rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); if (errstr) - fatal("Invalid number of trials: %s (%s)", + fatal("Invalid number: %s (%s)", optarg, errstr); break; case 'M': @@ -2133,9 +2443,11 @@ main(int argc, char **argv) parse_cert_times(optarg); break; case 'z': - cert_serial = strtonum(optarg, 0, LLONG_MAX, &errstr); - if (errstr) - fatal("Invalid serial number: %s", errstr); + errno = 0; + cert_serial = strtoull(optarg, &ep, 10); + if (*optarg < '0' || *optarg > '9' || *ep != '\0' || + (errno == ERANGE && cert_serial == ULLONG_MAX)) + fatal("Invalid serial number \"%s\"", optarg); break; case '?': default: @@ -2150,11 +2462,11 @@ main(int argc, char **argv) argc -= optind; if (ca_key_path != NULL) { - if (argc < 1) { + if (argc < 1 && !gen_krl) { printf("Too few arguments.\n"); usage(); } - } else if (argc > 0) { + } else if (argc > 0 && !gen_krl && !check_krl) { printf("Too many arguments.\n"); usage(); } @@ -2163,9 +2475,19 @@ main(int argc, char **argv) usage(); } if (print_fingerprint && (delete_host || hash_hosts)) { - printf("Cannot use -l with -D or -R.\n"); + printf("Cannot use -l with -H or -R.\n"); usage(); } +#ifdef WITH_OPENSSL + if (gen_krl) { + do_gen_krl(pw, update_krl, argc, argv); + return (0); + } + if (check_krl) { + do_check_krl(pw, argc, argv); + return (0); + } +#endif if (ca_key_path != NULL) { if (cert_key_id == NULL) fatal("Must specify key id (-I) when certifying"); @@ -2175,16 +2497,20 @@ main(int argc, char **argv) do_show_cert(pw); if (delete_host || hash_hosts || find_host) do_known_hosts(pw, rr_hostname); + if (pkcs11provider != NULL) + do_download(pw); if (print_fingerprint || print_bubblebabble) do_fingerprint(pw); if (change_passphrase) do_change_passphrase(pw); if (change_comment) do_change_comment(pw); +#ifdef WITH_OPENSSL if (convert_to) do_convert_to(pw); if (convert_from) do_convert_from(pw); +#endif if (print_public) do_print_public(pw); if (rr_hostname != NULL) { @@ -2206,14 +2532,13 @@ main(int argc, char **argv) _PATH_HOST_DSA_KEY_FILE, rr_hostname); n += do_print_resource_record(pw, _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); - + n += do_print_resource_record(pw, + _PATH_HOST_ED25519_KEY_FILE, rr_hostname); if (n == 0) fatal("no keys found."); exit(0); } } - if (pkcs11provider != NULL) - do_download(pw); if (do_gen_candidates) { FILE *out = fopen(out_file, "w"); @@ -2233,7 +2558,7 @@ main(int argc, char **argv) if (do_screen_candidates) { FILE *in; - FILE *out = fopen(out_file, "w"); + FILE *out = fopen(out_file, "a"); if (have_identity && strcmp(identity_file, "-") != 0) { if ((in = fopen(identity_file, "r")) == NULL) { @@ -2248,7 +2573,8 @@ main(int argc, char **argv) fatal("Couldn't open moduli file \"%s\": %s", out_file, strerror(errno)); } - if (prime_test(in, out, trials, generator_wanted, checkpoint, + if (prime_test(in, out, rounds == 0 ? 100 : rounds, + generator_wanted, checkpoint, start_lineno, lines_to_process) != 0) fatal("modulus screening failed"); return (0); @@ -2259,8 +2585,6 @@ main(int argc, char **argv) return (0); } - arc4random_stir(); - if (key_type_name == NULL) key_type_name = "rsa"; @@ -2322,16 +2646,16 @@ passphrase_again: * The passphrases do not match. Clear them and * retry. */ - memset(passphrase1, 0, strlen(passphrase1)); - memset(passphrase2, 0, strlen(passphrase2)); - xfree(passphrase1); - xfree(passphrase2); + explicit_bzero(passphrase1, strlen(passphrase1)); + explicit_bzero(passphrase2, strlen(passphrase2)); + free(passphrase1); + free(passphrase2); printf("Passphrases do not match. Try again.\n"); goto passphrase_again; } /* Clear the other copy of the passphrase. */ - memset(passphrase2, 0, strlen(passphrase2)); - xfree(passphrase2); + explicit_bzero(passphrase2, strlen(passphrase2)); + free(passphrase2); } if (identity_comment) { @@ -2342,19 +2666,19 @@ passphrase_again: } /* Save the key with the given passphrase and comment. */ - if (!key_save_private(private, identity_file, passphrase1, comment)) { + if (!key_save_private(private, identity_file, passphrase1, comment, + use_new_format, new_format_cipher, rounds)) { printf("Saving the key failed: %s.\n", identity_file); - memset(passphrase1, 0, strlen(passphrase1)); - xfree(passphrase1); + explicit_bzero(passphrase1, strlen(passphrase1)); + free(passphrase1); exit(1); } /* Clear the passphrase. */ - memset(passphrase1, 0, strlen(passphrase1)); - xfree(passphrase1); + explicit_bzero(passphrase1, strlen(passphrase1)); + free(passphrase1); /* Clear the private key and the random number generator. */ key_free(private); - arc4random_stir(); if (!quiet) printf("Your identification has been saved in %s.\n", identity_file); @@ -2385,8 +2709,8 @@ passphrase_again: printf("%s %s\n", fp, comment); printf("The key's randomart image is:\n"); printf("%s\n", ra); - xfree(ra); - xfree(fp); + free(ra); + free(fp); } key_free(public); diff --git a/crypto/openssh/ssh-keyscan.1 b/crypto/openssh/ssh-keyscan.1 index f2b0fc8faf..5c32ea9c70 100644 --- a/crypto/openssh/ssh-keyscan.1 +++ b/crypto/openssh/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.30 2012/04/11 13:34:17 djm Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.35 2014/03/12 13:06:59 naddy Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: April 11 2012 $ +.Dd $Mdocdate: March 12 2014 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -56,14 +56,16 @@ Forces to use IPv6 addresses only. .It Fl f Ar file Read hosts or -.Pa addrlist namelist -pairs from this file, one per line. +.Dq addrlist namelist +pairs from +.Ar file , +one per line. If .Pa - is supplied instead of a filename, .Nm will read hosts or -.Pa addrlist namelist +.Dq addrlist namelist pairs from the standard input. .It Fl H Hash all hostnames and addresses in the output. @@ -78,7 +80,7 @@ Port to connect to on the remote host. .It Fl T Ar timeout Set the timeout for connection attempts. If -.Pa timeout +.Ar timeout seconds have elapsed since a connection was initiated to a host or since the last time anything was read from that host, then the connection is closed and the host in question considered unavailable. @@ -89,15 +91,17 @@ The possible values are .Dq rsa1 for protocol version 1 and .Dq dsa , -.Dq ecdsa +.Dq ecdsa , +.Dq ed25519 , or .Dq rsa for protocol version 2. Multiple values may be specified by separating them with commas. The default is to fetch -.Dq rsa +.Dq rsa , +.Dq ecdsa , and -.Dq ecdsa +.Dq ed25519 keys. .It Fl v Verbose mode. @@ -116,37 +120,36 @@ On the other hand, if the security model allows such a risk, can help in the detection of tampered keyfiles or man in the middle attacks which have begun after the ssh_known_hosts file was created. .Sh FILES -.Pa Input format: +Input format: .Bd -literal 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 .Ed .Pp -.Pa Output format for rsa1 keys: +Output format for RSA1 keys: .Bd -literal host-or-namelist bits exponent modulus .Ed .Pp -.Pa Output format for rsa, dsa and ecdsa keys: +Output format for RSA, DSA, ECDSA, and ED25519 keys: .Bd -literal host-or-namelist keytype base64-encoded-key .Ed .Pp Where -.Pa keytype +.Ar keytype is either .Dq ecdsa-sha2-nistp256 , .Dq ecdsa-sha2-nistp384 , .Dq ecdsa-sha2-nistp521 , +.Dq ssh-ed25519 , .Dq ssh-dss or .Dq ssh-rsa . .Pp .Pa /etc/ssh/ssh_known_hosts .Sh EXAMPLES -Print the -.Pa rsa -host key for machine -.Pa hostname : +Print the rsa host key for machine +.Ar hostname : .Bd -literal $ ssh-keyscan hostname .Ed @@ -156,7 +159,7 @@ Find all hosts from the file which have new or different keys from those in the sorted file .Pa ssh_known_hosts : .Bd -literal -$ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e +$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e sort -u - ssh_known_hosts | diff ssh_known_hosts - .Ed .Sh SEE ALSO @@ -164,9 +167,9 @@ $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e .Xr sshd 8 .Sh AUTHORS .An -nosplit -.An David Mazieres Aq dm@lcs.mit.edu +.An David Mazieres Aq Mt dm@lcs.mit.edu wrote the initial version, and -.An Wayne Davison Aq wayned@users.sourceforge.net +.An Wayne Davison Aq Mt wayned@users.sourceforge.net added support for protocol version 2. .Sh BUGS It generates "Connection closed by remote host" messages on the consoles diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c index c9de130f46..3fabfba140 100644 --- a/crypto/openssh/ssh-keyscan.c +++ b/crypto/openssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.86 2012/04/11 13:34:17 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.92 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -56,8 +56,9 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_DSA 2 #define KT_RSA 4 #define KT_ECDSA 8 +#define KT_ED25519 16 -int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */ +int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; int hash_hosts = 0; /* Hash hostname on output */ @@ -181,6 +182,7 @@ strnnsep(char **stringp, char *delim) return (tok); } +#ifdef WITH_SSH1 static Key * keygrab_ssh1(con *c) { @@ -214,6 +216,7 @@ keygrab_ssh1(con *c) return (rsa); } +#endif static int hostjump(Key *hostkey) @@ -241,19 +244,25 @@ ssh2_capable(int remote_major, int remote_minor) static Key * keygrab_ssh2(con *c) { + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; int j; packet_set_connection(c->c_fd, c->c_fd); enable_compat20(); - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? - "ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" : - "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"); + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = + c->c_keytype == KT_DSA ? "ssh-dss" : + (c->c_keytype == KT_RSA ? "ssh-rsa" : + (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : + "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); c->c_kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +#endif + c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client; c->c_kex->verify_host_key = hostjump; if (!(j = setjmp(kexjmp))) { @@ -263,7 +272,7 @@ keygrab_ssh2(con *c) exit(1); } nonfatal_fatal = 0; - xfree(c->c_kex); + free(c->c_kex); c->c_kex = NULL; packet_close(); @@ -329,7 +338,7 @@ conalloc(char *iname, char *oname, int keytype) do { name = xstrsep(&namelist, ","); if (!name) { - xfree(namebase); + free(namebase); return (-1); } } while ((s = tcpconnect(name)) < 0); @@ -363,10 +372,10 @@ confree(int s) if (s >= maxfd || fdcon[s].c_status == CS_UNUSED) fatal("confree: attempt to free bad fdno %d", s); close(s); - xfree(fdcon[s].c_namebase); - xfree(fdcon[s].c_output_name); + free(fdcon[s].c_namebase); + free(fdcon[s].c_output_name); if (fdcon[s].c_status == CS_KEYS) - xfree(fdcon[s].c_data); + free(fdcon[s].c_data); fdcon[s].c_status = CS_UNUSED; fdcon[s].c_keytype = 0; TAILQ_REMOVE(&tq, &fdcon[s], c_link); @@ -502,10 +511,12 @@ conread(int s) c->c_data = xmalloc(c->c_len); c->c_status = CS_KEYS; break; +#ifdef WITH_SSH1 case CS_KEYS: keyprint(c, keygrab_ssh1(c)); confree(s); return; +#endif default: fatal("conread: invalid status %d", c->c_status); break; @@ -553,8 +564,8 @@ conloop(void) } else if (FD_ISSET(i, r)) conread(i); } - xfree(r); - xfree(e); + free(r); + free(e); c = TAILQ_FIRST(&tq); while (c && (c->c_tv.tv_sec < now.tv_sec || @@ -574,7 +585,7 @@ do_host(char *host) if (name == NULL) return; - for (j = KT_RSA1; j <= KT_ECDSA; j *= 2) { + for (j = KT_RSA1; j <= KT_ED25519; j *= 2) { if (get_keytypes & j) { while (ncon >= MAXCON) conloop(); @@ -681,6 +692,9 @@ main(int argc, char **argv) case KEY_RSA: get_keytypes |= KT_RSA; break; + case KEY_ED25519: + get_keytypes |= KT_ED25519; + break; case KEY_UNSPEC: fatal("unknown key type %s", tname); } diff --git a/crypto/openssh/ssh-keysign.8 b/crypto/openssh/ssh-keysign.8 index 5e09e0271e..69d082954d 100644 --- a/crypto/openssh/ssh-keysign.8 +++ b/crypto/openssh/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.12 2010/08/31 11:54:45 djm Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 31 2010 $ +.Dd $Mdocdate: December 7 2013 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -63,6 +63,7 @@ is enabled. .Pp .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key +.It Pa /etc/ssh/ssh_host_ed25519_key .It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys used to generate the digital signature. @@ -74,6 +75,7 @@ must be set-uid root if host-based authentication is used. .Pp .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub .It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub +.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub If these files exist they are assumed to contain public certificate information corresponding with the private keys above. @@ -88,4 +90,4 @@ information corresponding with the private keys above. first appeared in .Ox 3.2 . .Sh AUTHORS -.An Markus Friedl Aq markus@openbsd.org +.An Markus Friedl Aq Mt markus@openbsd.org diff --git a/crypto/openssh/ssh-keysign.c b/crypto/openssh/ssh-keysign.c index 1deb7e1415..d95bb7d9d8 100644 --- a/crypto/openssh/ssh-keysign.c +++ b/crypto/openssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.42 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -78,7 +78,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, p = buffer_get_string(&b, &len); if (len != 20 && len != 32) fail++; - xfree(p); + free(p); if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; @@ -90,13 +90,13 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, p = buffer_get_string(&b, NULL); if (strcmp("ssh-connection", p) != 0) fail++; - xfree(p); + free(p); /* method */ p = buffer_get_string(&b, NULL); if (strcmp("hostbased", p) != 0) fail++; - xfree(p); + free(p); /* pubkey */ pkalg = buffer_get_string(&b, NULL); @@ -109,8 +109,8 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, fail++; else if (key->type != pktype) fail++; - xfree(pkalg); - xfree(pkblob); + free(pkalg); + free(pkblob); /* client host name, handle trailing dot */ p = buffer_get_string(&b, &len); @@ -121,14 +121,14 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, fail++; else if (strncasecmp(host, p, len - 1) != 0) fail++; - xfree(p); + free(p); /* local user */ p = buffer_get_string(&b, NULL); if (strcmp(pw->pw_name, p) != 0) fail++; - xfree(p); + free(p); /* end of message */ if (buffer_len(&b) != 0) @@ -150,12 +150,12 @@ main(int argc, char **argv) { Buffer b; Options options; -#define NUM_KEYTYPES 3 +#define NUM_KEYTYPES 4 Key *keys[NUM_KEYTYPES], *key = NULL; struct passwd *pw; int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; u_char *signature, *data; - char *host; + char *host, *fp; u_int slen, dlen; u_int32_t rnd[256]; @@ -169,6 +169,7 @@ main(int argc, char **argv) i = 0; key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); original_real_uid = getuid(); /* XXX readconf.c needs this */ @@ -179,7 +180,6 @@ main(int argc, char **argv) permanently_set_uid(pw); seed_rng(); - arc4random_stir(); #ifdef DEBUG_SSH_KEYSIGN log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); @@ -187,7 +187,7 @@ main(int argc, char **argv) /* verify that ssh-keysign is enabled by the admin */ initialize_options(&options); - (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); + (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", &options, 0); fill_default_options(&options); if (options.enable_ssh_keysign != 1) fatal("ssh-keysign not enabled in %s", @@ -201,8 +201,7 @@ main(int argc, char **argv) fatal("could not open any host key"); OpenSSL_add_all_algorithms(); - for (i = 0; i < 256; i++) - rnd[i] = arc4random(); + arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); found = 0; @@ -210,8 +209,11 @@ main(int argc, char **argv) keys[i] = NULL; if (key_fd[i] == -1) continue; +#ifdef WITH_OPENSSL +/* XXX wrong api */ keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, NULL, NULL); +#endif close(key_fd[i]); if (keys[i] != NULL) found = 1; @@ -233,7 +235,7 @@ main(int argc, char **argv) data = buffer_get_string(&b, &dlen); if (valid_request(pw, host, &key, data, dlen) < 0) fatal("not a valid request"); - xfree(host); + free(host); found = 0; for (i = 0; i < NUM_KEYTYPES; i++) { @@ -243,12 +245,15 @@ main(int argc, char **argv) break; } } - if (!found) - fatal("no matching hostkey found"); + if (!found) { + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + fatal("no matching hostkey found for key %s %s", + key_type(key), fp); + } if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) fatal("key_sign failed"); - xfree(data); + free(data); /* send reply */ buffer_clear(&b); diff --git a/crypto/openssh/ssh-pkcs11-client.c b/crypto/openssh/ssh-pkcs11-client.c index 82b11daf51..8c74864aa3 100644 --- a/crypto/openssh/ssh-pkcs11-client.c +++ b/crypto/openssh/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.3 2012/01/16 20:34:09 miod Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.5 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -30,6 +30,8 @@ #include #include +#include + #include "pathnames.h" #include "xmalloc.h" #include "buffer.h" @@ -121,7 +123,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, buffer_put_string(&msg, blob, blen); buffer_put_string(&msg, from, flen); buffer_put_int(&msg, 0); - xfree(blob); + free(blob); send_msg(&msg); buffer_clear(&msg); @@ -131,7 +133,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, memcpy(to, signature, slen); ret = slen; } - xfree(signature); + free(signature); } buffer_free(&msg); return (ret); @@ -205,11 +207,11 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp) *keysp = xcalloc(nkeys, sizeof(Key *)); for (i = 0; i < nkeys; i++) { blob = buffer_get_string(&msg, &blen); - xfree(buffer_get_string(&msg, NULL)); + free(buffer_get_string(&msg, NULL)); k = key_from_blob(blob, blen); wrap_key(k->rsa); (*keysp)[i] = k; - xfree(blob); + free(blob); } } else { nkeys = -1; diff --git a/crypto/openssh/ssh-pkcs11-helper.8 b/crypto/openssh/ssh-pkcs11-helper.8 index 9bdaadc015..3728c4e4e7 100644 --- a/crypto/openssh/ssh-pkcs11-helper.8 +++ b/crypto/openssh/ssh-pkcs11-helper.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.3 2010/02/10 23:20:38 markus Exp $ +.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ .\" .\" Copyright (c) 2010 Markus Friedl. All rights reserved. .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: February 10 2010 $ +.Dd $Mdocdate: July 16 2013 $ .Dt SSH-PKCS11-HELPER 8 .Os .Sh NAME @@ -40,4 +40,4 @@ is not intended to be invoked by the user, but from first appeared in .Ox 4.7 . .Sh AUTHORS -.An Markus Friedl Aq markus@openbsd.org +.An Markus Friedl Aq Mt markus@openbsd.org diff --git a/crypto/openssh/ssh-pkcs11-helper.c b/crypto/openssh/ssh-pkcs11-helper.c index fcb5defc08..0b1d8e4cc4 100644 --- a/crypto/openssh/ssh-pkcs11-helper.c +++ b/crypto/openssh/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.4 2012/07/02 12:13:26 dtucker Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.8 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -79,7 +79,7 @@ del_keys_by_name(char *name) nxt = TAILQ_NEXT(ki, next); if (!strcmp(ki->providername, name)) { TAILQ_REMOVE(&pkcs11_keylist, ki, next); - xfree(ki->providername); + free(ki->providername); key_free(ki->key); free(ki); } @@ -127,18 +127,19 @@ process_add(void) buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER); buffer_put_int(&msg, nkeys); for (i = 0; i < nkeys; i++) { - key_to_blob(keys[i], &blob, &blen); + if (key_to_blob(keys[i], &blob, &blen) == 0) + continue; buffer_put_string(&msg, blob, blen); buffer_put_cstring(&msg, name); - xfree(blob); + free(blob); add_key(keys[i], name); } - xfree(keys); + free(keys); } else { buffer_put_char(&msg, SSH_AGENT_FAILURE); } - xfree(pin); - xfree(name); + free(pin); + free(name); send_msg(&msg); buffer_free(&msg); } @@ -157,8 +158,8 @@ process_del(void) buffer_put_char(&msg, SSH_AGENT_SUCCESS); else buffer_put_char(&msg, SSH_AGENT_FAILURE); - xfree(pin); - xfree(name); + free(pin); + free(name); send_msg(&msg); buffer_free(&msg); } @@ -168,7 +169,7 @@ process_sign(void) { u_char *blob, *data, *signature = NULL; u_int blen, dlen, slen = 0; - int ok = -1, ret; + int ok = -1; Key *key, *found; Buffer msg; @@ -178,6 +179,9 @@ process_sign(void) if ((key = key_from_blob(blob, blen)) != NULL) { if ((found = lookup_key(key)) != NULL) { +#ifdef WITH_OPENSSL + int ret; + slen = RSA_size(key->rsa); signature = xmalloc(slen); if ((ret = RSA_private_encrypt(dlen, data, signature, @@ -185,6 +189,7 @@ process_sign(void) slen = ret; ok = 0; } +#endif /* WITH_OPENSSL */ } key_free(key); } @@ -195,10 +200,9 @@ process_sign(void) } else { buffer_put_char(&msg, SSH_AGENT_FAILURE); } - xfree(data); - xfree(blob); - if (signature != NULL) - xfree(signature); + free(data); + free(blob); + free(signature); send_msg(&msg); buffer_free(&msg); } @@ -274,7 +278,6 @@ main(int argc, char **argv) LogLevel log_level = SYSLOG_LEVEL_ERROR; char buf[4*4096]; - extern char *optarg; extern char *__progname; TAILQ_INIT(&pkcs11_keylist); diff --git a/crypto/openssh/ssh-pkcs11.c b/crypto/openssh/ssh-pkcs11.c index 1f4c1c8e4f..c96be3bd2c 100644 --- a/crypto/openssh/ssh-pkcs11.c +++ b/crypto/openssh/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.6 2010/06/08 21:32:19 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -31,6 +31,8 @@ #include "openbsd-compat/sys-queue.h" +#include + #define CRYPTOKI_COMPAT #include "pkcs11.h" @@ -120,9 +122,9 @@ pkcs11_provider_unref(struct pkcs11_provider *p) if (--p->refcount <= 0) { if (p->valid) error("pkcs11_provider_unref: %p still valid", p); - xfree(p->slotlist); - xfree(p->slotinfo); - xfree(p); + free(p->slotlist); + free(p->slotinfo); + free(p); } } @@ -180,9 +182,8 @@ pkcs11_rsa_finish(RSA *rsa) rv = k11->orig_finish(rsa); if (k11->provider) pkcs11_provider_unref(k11->provider); - if (k11->keyid) - xfree(k11->keyid); - xfree(k11); + free(k11->keyid); + free(k11); } return (rv); } @@ -226,7 +227,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, CK_OBJECT_HANDLE obj; CK_ULONG tlen = 0; CK_RV rv; - CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; + CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; CK_BBOOL true_val = CK_TRUE; CK_MECHANISM mech = { CKM_RSA_PKCS, NULL_PTR, 0 @@ -239,8 +240,6 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, char *pin, prompt[1024]; int rval = -1; - /* some compilers complain about non-constant initializer so we - use NULL in CK_ATTRIBUTE above and set the values here */ key_filter[0].pValue = &private_key_class; key_filter[2].pValue = &true_val; @@ -264,13 +263,13 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, pin = read_passphrase(prompt, RP_ALLOW_EOF); if (pin == NULL) return (-1); /* bail out */ - if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin))) - != CKR_OK) { - xfree(pin); + if ((rv = f->C_Login(si->session, CKU_USER, + (u_char *)pin, strlen(pin))) != CKR_OK) { + free(pin); error("C_Login failed: %lu", rv); return (-1); } - xfree(pin); + free(pin); si->logged_in = 1; } key_filter[1].pValue = k11->keyid; @@ -329,7 +328,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, /* remove trailing spaces */ static void -rmspace(char *buf, size_t len) +rmspace(u_char *buf, size_t len) { size_t i; @@ -367,8 +366,8 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) return (-1); } if (login_required && pin) { - if ((rv = f->C_Login(session, CKU_USER, pin, strlen(pin))) - != CKR_OK) { + if ((rv = f->C_Login(session, CKU_USER, + (u_char *)pin, strlen(pin))) != CKR_OK) { error("C_Login failed: %lu", rv); if ((rv = f->C_CloseSession(session)) != CKR_OK) error("C_CloseSession failed: %lu", rv); @@ -385,36 +384,75 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) * add 'wrapped' public keys to the 'keysp' array and increment nkeys. * keysp points to an (possibly empty) array with *nkeys keys. */ +static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG, + CK_ATTRIBUTE [], CK_ATTRIBUTE [3], Key ***, int *) + __attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE)))); + static int -pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp, - int *nkeys) +pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, + Key ***keysp, int *nkeys) { - Key *key; - RSA *rsa; - int i; - CK_RV rv; - CK_OBJECT_HANDLE obj; - CK_ULONG nfound; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *f; - CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; + CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; + CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; CK_ATTRIBUTE pubkey_filter[] = { { CKA_CLASS, NULL, sizeof(pubkey_class) } }; - CK_ATTRIBUTE attribs[] = { + CK_ATTRIBUTE cert_filter[] = { + { CKA_CLASS, NULL, sizeof(cert_class) } + }; + CK_ATTRIBUTE pubkey_attribs[] = { { CKA_ID, NULL, 0 }, { CKA_MODULUS, NULL, 0 }, { CKA_PUBLIC_EXPONENT, NULL, 0 } }; - - /* some compilers complain about non-constant initializer so we - use NULL in CK_ATTRIBUTE above and set the value here */ + CK_ATTRIBUTE cert_attribs[] = { + { CKA_ID, NULL, 0 }, + { CKA_SUBJECT, NULL, 0 }, + { CKA_VALUE, NULL, 0 } + }; pubkey_filter[0].pValue = &pubkey_class; + cert_filter[0].pValue = &cert_class; + + if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, pubkey_attribs, + keysp, nkeys) < 0 || + pkcs11_fetch_keys_filter(p, slotidx, cert_filter, cert_attribs, + keysp, nkeys) < 0) + return (-1); + return (0); +} + +static int +pkcs11_key_included(Key ***keysp, int *nkeys, Key *key) +{ + int i; + + for (i = 0; i < *nkeys; i++) + if (key_equal(key, (*keysp)[i])) + return (1); + return (0); +} + +static int +pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, + CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3], + Key ***keysp, int *nkeys) +{ + Key *key; + RSA *rsa; + X509 *x509; + EVP_PKEY *evp; + int i; + const u_char *cp; + CK_RV rv; + CK_OBJECT_HANDLE obj; + CK_ULONG nfound; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *f; f = p->function_list; session = p->slotinfo[slotidx].session; /* setup a filter the looks for public keys */ - if ((rv = f->C_FindObjectsInit(session, pubkey_filter, 1)) != CKR_OK) { + if ((rv = f->C_FindObjectsInit(session, filter, 1)) != CKR_OK) { error("C_FindObjectsInit failed: %lu", rv); return (-1); } @@ -442,35 +480,62 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp, /* allocate buffers for attributes */ for (i = 0; i < 3; i++) attribs[i].pValue = xmalloc(attribs[i].ulValueLen); - /* retrieve ID, modulus and public exponent of RSA key */ + /* + * retrieve ID, modulus and public exponent of RSA key, + * or ID, subject and value for certificates. + */ + rsa = NULL; if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) != CKR_OK) { error("C_GetAttributeValue failed: %lu", rv); - } else if ((rsa = RSA_new()) == NULL) { - error("RSA_new failed"); + } else if (attribs[1].type == CKA_MODULUS ) { + if ((rsa = RSA_new()) == NULL) { + error("RSA_new failed"); + } else { + rsa->n = BN_bin2bn(attribs[1].pValue, + attribs[1].ulValueLen, NULL); + rsa->e = BN_bin2bn(attribs[2].pValue, + attribs[2].ulValueLen, NULL); + } } else { - rsa->n = BN_bin2bn(attribs[1].pValue, - attribs[1].ulValueLen, NULL); - rsa->e = BN_bin2bn(attribs[2].pValue, - attribs[2].ulValueLen, NULL); - if (rsa->n && rsa->e && - pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { - key = key_new(KEY_UNSPEC); - key->rsa = rsa; - key->type = KEY_RSA; - key->flags |= KEY_FLAG_EXT; + cp = attribs[2].pValue; + if ((x509 = X509_new()) == NULL) { + error("X509_new failed"); + } else if (d2i_X509(&x509, &cp, attribs[2].ulValueLen) + == NULL) { + error("d2i_X509 failed"); + } else if ((evp = X509_get_pubkey(x509)) == NULL || + evp->type != EVP_PKEY_RSA || + evp->pkey.rsa == NULL) { + debug("X509_get_pubkey failed or no rsa"); + } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa)) + == NULL) { + error("RSAPublicKey_dup"); + } + if (x509) + X509_free(x509); + } + if (rsa && rsa->n && rsa->e && + pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { + key = key_new(KEY_UNSPEC); + key->rsa = rsa; + key->type = KEY_RSA; + key->flags |= SSHKEY_FLAG_EXT; + if (pkcs11_key_included(keysp, nkeys, key)) { + key_free(key); + } else { /* expand key array and add key */ *keysp = xrealloc(*keysp, *nkeys + 1, sizeof(Key *)); (*keysp)[*nkeys] = key; *nkeys = *nkeys + 1; debug("have %d keys", *nkeys); - } else { - RSA_free(rsa); } + } else if (rsa) { + RSA_free(rsa); } for (i = 0; i < 3; i++) - xfree(attribs[i].pValue); + free(attribs[i].pValue); } if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) error("C_FindObjectsFinal failed: %lu", rv); @@ -579,11 +644,9 @@ fail: if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) error("C_Finalize failed: %lu", rv); if (p) { - if (p->slotlist) - xfree(p->slotlist); - if (p->slotinfo) - xfree(p->slotinfo); - xfree(p); + free(p->slotlist); + free(p->slotinfo); + free(p); } if (handle) dlclose(handle); diff --git a/crypto/openssh/ssh-pkcs11.h b/crypto/openssh/ssh-pkcs11.h index 59f456adf0..4d2efda13f 100644 --- a/crypto/openssh/ssh-pkcs11.h +++ b/crypto/openssh/ssh-pkcs11.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.h,v 1.3 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -18,3 +18,7 @@ int pkcs11_init(int); void pkcs11_terminate(void); int pkcs11_add_provider(char *, char *, Key ***); int pkcs11_del_provider(char *); + +#if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11) +#undef ENABLE_PKCS11 +#endif diff --git a/crypto/openssh/ssh-rsa.c b/crypto/openssh/ssh-rsa.c dissimilarity index 63% index c6355fa094..fec1953b49 100644 --- a/crypto/openssh/ssh-rsa.c +++ b/crypto/openssh/ssh-rsa.c @@ -1,268 +1,265 @@ -/* $OpenBSD: ssh-rsa.c,v 1.45 2010/08/31 09:58:37 djm Exp $ */ -/* - * Copyright (c) 2000, 2003 Markus Friedl - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include -#include - -#include -#include - -#include "xmalloc.h" -#include "log.h" -#include "buffer.h" -#include "key.h" -#include "compat.h" -#include "misc.h" -#include "ssh.h" - -static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); - -/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ -int -ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen) -{ - const EVP_MD *evp_md; - EVP_MD_CTX md; - u_char digest[EVP_MAX_MD_SIZE], *sig; - u_int slen, dlen, len; - int ok, nid; - Buffer b; - - if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && - key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { - error("ssh_rsa_sign: no RSA key"); - return -1; - } - nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; - if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { - error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); - return -1; - } - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, &dlen); - - slen = RSA_size(key->rsa); - sig = xmalloc(slen); - - ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); - memset(digest, 'd', sizeof(digest)); - - if (ok != 1) { - int ecode = ERR_get_error(); - - error("ssh_rsa_sign: RSA_sign failed: %s", - ERR_error_string(ecode, NULL)); - xfree(sig); - return -1; - } - if (len < slen) { - u_int diff = slen - len; - debug("slen %u > len %u", slen, len); - memmove(sig + diff, sig, len); - memset(sig, 0, diff); - } else if (len > slen) { - error("ssh_rsa_sign: slen %u slen2 %u", slen, len); - xfree(sig); - return -1; - } - /* encode signature */ - buffer_init(&b); - buffer_put_cstring(&b, "ssh-rsa"); - buffer_put_string(&b, sig, slen); - len = buffer_len(&b); - if (lenp != NULL) - *lenp = len; - if (sigp != NULL) { - *sigp = xmalloc(len); - memcpy(*sigp, buffer_ptr(&b), len); - } - buffer_free(&b); - memset(sig, 's', slen); - xfree(sig); - - return 0; -} - -int -ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, - const u_char *data, u_int datalen) -{ - Buffer b; - const EVP_MD *evp_md; - EVP_MD_CTX md; - char *ktype; - u_char digest[EVP_MAX_MD_SIZE], *sigblob; - u_int len, dlen, modlen; - int rlen, ret, nid; - - if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && - key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { - error("ssh_rsa_verify: no RSA key"); - return -1; - } - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - error("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", - BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); - return -1; - } - buffer_init(&b); - buffer_append(&b, signature, signaturelen); - ktype = buffer_get_cstring(&b, NULL); - if (strcmp("ssh-rsa", ktype) != 0) { - error("ssh_rsa_verify: cannot handle type %s", ktype); - buffer_free(&b); - xfree(ktype); - return -1; - } - xfree(ktype); - sigblob = buffer_get_string(&b, &len); - rlen = buffer_len(&b); - buffer_free(&b); - if (rlen != 0) { - error("ssh_rsa_verify: remaining bytes in signature %d", rlen); - xfree(sigblob); - return -1; - } - /* RSA_verify expects a signature of RSA_size */ - modlen = RSA_size(key->rsa); - if (len > modlen) { - error("ssh_rsa_verify: len %u > modlen %u", len, modlen); - xfree(sigblob); - return -1; - } else if (len < modlen) { - u_int diff = modlen - len; - debug("ssh_rsa_verify: add padding: modlen %u > len %u", - modlen, len); - sigblob = xrealloc(sigblob, 1, modlen); - memmove(sigblob + diff, sigblob, len); - memset(sigblob, 0, diff); - len = modlen; - } - nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; - if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { - error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); - xfree(sigblob); - return -1; - } - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, &dlen); - - ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); - memset(digest, 'd', sizeof(digest)); - memset(sigblob, 's', len); - xfree(sigblob); - debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); - return ret; -} - -/* - * See: - * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ - * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn - */ -/* - * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) - * oiw(14) secsig(3) algorithms(2) 26 } - */ -static const u_char id_sha1[] = { - 0x30, 0x21, /* type Sequence, length 0x21 (33) */ - 0x30, 0x09, /* type Sequence, length 0x09 */ - 0x06, 0x05, /* type OID, length 0x05 */ - 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */ - 0x05, 0x00, /* NULL */ - 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ -}; -/* - * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) - * rsadsi(113549) digestAlgorithm(2) 5 } - */ -static const u_char id_md5[] = { - 0x30, 0x20, /* type Sequence, length 0x20 (32) */ - 0x30, 0x0c, /* type Sequence, length 0x09 */ - 0x06, 0x08, /* type OID, length 0x05 */ - 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */ - 0x05, 0x00, /* NULL */ - 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */ -}; - -static int -openssh_RSA_verify(int type, u_char *hash, u_int hashlen, - u_char *sigbuf, u_int siglen, RSA *rsa) -{ - u_int ret, rsasize, oidlen = 0, hlen = 0; - int len, oidmatch, hashmatch; - const u_char *oid = NULL; - u_char *decrypted = NULL; - - ret = 0; - switch (type) { - case NID_sha1: - oid = id_sha1; - oidlen = sizeof(id_sha1); - hlen = 20; - break; - case NID_md5: - oid = id_md5; - oidlen = sizeof(id_md5); - hlen = 16; - break; - default: - goto done; - } - if (hashlen != hlen) { - error("bad hashlen"); - goto done; - } - rsasize = RSA_size(rsa); - if (siglen == 0 || siglen > rsasize) { - error("bad siglen"); - goto done; - } - decrypted = xmalloc(rsasize); - if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, - RSA_PKCS1_PADDING)) < 0) { - error("RSA_public_decrypt failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto done; - } - if (len < 0 || (u_int)len != hlen + oidlen) { - error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); - goto done; - } - oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; - hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; - if (!oidmatch) { - error("oid mismatch"); - goto done; - } - if (!hashmatch) { - error("hash mismatch"); - goto done; - } - ret = 1; -done: - if (decrypted) - xfree(decrypted); - return ret; -} +/* $OpenBSD: ssh-rsa.c,v 1.52 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2000, 2003 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include + +#include +#include + +#include +#include + +#include "sshbuf.h" +#include "compat.h" +#include "ssherr.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" +#include "digest.h" + +static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); + +/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ +int +ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + int hash_alg; + u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; + size_t slen; + u_int dlen, len; + int nid, ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || key->rsa == NULL || + sshkey_type_plain(key->type) != KEY_RSA) + return SSH_ERR_INVALID_ARGUMENT; + slen = RSA_size(key->rsa); + if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) + return SSH_ERR_INVALID_ARGUMENT; + + /* hash the data */ + hash_alg = SSH_DIGEST_SHA1; + nid = NID_sha1; + if ((dlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + if ((sig = malloc(slen)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (len < slen) { + size_t diff = slen - len; + memmove(sig + diff, sig, len); + explicit_bzero(sig, diff); + } else if (len > slen) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + /* encode signature */ + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_cstring(b, "ssh-rsa")) != 0 || + (ret = sshbuf_put_string(b, sig, slen)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + ret = 0; + out: + explicit_bzero(digest, sizeof(digest)); + if (sig != NULL) { + explicit_bzero(sig, slen); + free(sig); + } + if (b != NULL) + sshbuf_free(b); + return 0; +} + +int +ssh_rsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + char *ktype = NULL; + int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; + size_t len, diff, modlen, dlen; + struct sshbuf *b = NULL; + u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; + + if (key == NULL || key->rsa == NULL || + sshkey_type_plain(key->type) != KEY_RSA || + BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_INVALID_ARGUMENT; + + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp("ssh-rsa", ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_get_string(b, &sigblob, &len) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + /* RSA_verify expects a signature of RSA_size */ + modlen = RSA_size(key->rsa); + if (len > modlen) { + ret = SSH_ERR_KEY_BITS_MISMATCH; + goto out; + } else if (len < modlen) { + diff = modlen - len; + osigblob = sigblob; + if ((sigblob = realloc(sigblob, modlen)) == NULL) { + sigblob = osigblob; /* put it back for clear/free */ + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memmove(sigblob + diff, sigblob, len); + explicit_bzero(sigblob, diff); + len = modlen; + } + hash_alg = SSH_DIGEST_SHA1; + if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, + key->rsa); + out: + if (sigblob != NULL) { + explicit_bzero(sigblob, len); + free(sigblob); + } + if (ktype != NULL) + free(ktype); + if (b != NULL) + sshbuf_free(b); + explicit_bzero(digest, sizeof(digest)); + return ret; +} + +/* + * See: + * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ + * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn + */ +/* + * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + * oiw(14) secsig(3) algorithms(2) 26 } + */ +static const u_char id_sha1[] = { + 0x30, 0x21, /* type Sequence, length 0x21 (33) */ + 0x30, 0x09, /* type Sequence, length 0x09 */ + 0x06, 0x05, /* type OID, length 0x05 */ + 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */ + 0x05, 0x00, /* NULL */ + 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ +}; + +static int +openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, + u_char *sigbuf, size_t siglen, RSA *rsa) +{ + size_t ret, rsasize = 0, oidlen = 0, hlen = 0; + int len, oidmatch, hashmatch; + const u_char *oid = NULL; + u_char *decrypted = NULL; + + ret = SSH_ERR_INTERNAL_ERROR; + switch (hash_alg) { + case SSH_DIGEST_SHA1: + oid = id_sha1; + oidlen = sizeof(id_sha1); + hlen = 20; + break; + default: + goto done; + } + if (hashlen != hlen) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto done; + } + rsasize = RSA_size(rsa); + if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM || + siglen == 0 || siglen > rsasize) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto done; + } + if ((decrypted = malloc(rsasize)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto done; + } + if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, + RSA_PKCS1_PADDING)) < 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto done; + } + if (len < 0 || (size_t)len != hlen + oidlen) { + ret = SSH_ERR_INVALID_FORMAT; + goto done; + } + oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; + hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; + if (!oidmatch || !hashmatch) { + ret = SSH_ERR_SIGNATURE_INVALID; + goto done; + } + ret = 0; +done: + if (decrypted) { + explicit_bzero(decrypted, rsasize); + free(decrypted); + } + return ret; +} diff --git a/crypto/openssh/ssh-sandbox.h b/crypto/openssh/ssh-sandbox.h index dfecd5aa00..bd5fd83722 100644 --- a/crypto/openssh/ssh-sandbox.h +++ b/crypto/openssh/ssh-sandbox.h @@ -15,9 +15,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +struct monitor; struct ssh_sandbox; -struct ssh_sandbox *ssh_sandbox_init(void); +struct ssh_sandbox *ssh_sandbox_init(struct monitor *); void ssh_sandbox_child(struct ssh_sandbox *); void ssh_sandbox_parent_finish(struct ssh_sandbox *); void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index eaf5d83db1..fa5cfb2c2d 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.326 2012/06/18 12:17:18 dtucker Exp $ -.Dd $Mdocdate: June 18 2012 $ +.\" $OpenBSD: ssh.1,v 1.348 2014/07/24 22:57:10 millert Exp $ +.Dd $Mdocdate: July 24 2014 $ .Dt SSH 1 .Os .Sh NAME @@ -47,6 +47,7 @@ .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec .Op Fl D Oo Ar bind_address : Oc Ns Ar port +.Op Fl E Ar log_file .Op Fl e Ar escape_char .Op Fl F Ar configfile .Op Fl I Ar pkcs11 @@ -57,6 +58,7 @@ .Op Fl O Ar ctl_cmd .Op Fl o Ar option .Op Fl p Ar port +.Op Fl Q Cm cipher | cipher-auth | mac | kex | key .Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport .Op Fl S Ar ctl_path .Op Fl W Ar host : Ns Ar port @@ -71,8 +73,9 @@ executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. -X11 connections and arbitrary TCP ports -can also be forwarded over the secure channel. +X11 connections, arbitrary TCP ports and +.Ux Ns -domain +sockets can also be forwarded over the secure channel. .Pp .Nm connects and logs into the specified @@ -129,7 +132,9 @@ of the connection. Only useful on systems with more than one address. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and -data for forwarded X11 and TCP connections). +data for forwarded X11, TCP and +.Ux Ns -domain +connections). The compression algorithm is the same used by .Xr gzip 1 , and the @@ -152,23 +157,6 @@ The supported values are .Dq blowfish , and .Dq des . -.Ar 3des -(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. -It is believed to be secure. -.Ar blowfish -is a fast block cipher; it appears very secure and is much faster than -.Ar 3des . -.Ar des -is only supported in the -.Nm -client for interoperability with legacy protocol 1 implementations -that do not support the -.Ar 3des -cipher. -Its use is strongly discouraged due to cryptographic weaknesses. -The default is -.Dq 3des . -.Pp For protocol version 2, .Ar cipher_spec is a comma-separated list of ciphers @@ -217,6 +205,10 @@ indicates that the listening port be bound for local use only, while an empty address or .Sq * indicates that the port should be available from all interfaces. +.It Fl E Ar log_file +Append debug logs to +.Ar log_file +instead of standard error. .It Fl e Ar escape_char Sets the escape character for sessions with a pty (default: .Ql ~ ) . @@ -261,6 +253,8 @@ will wait for all remote port forwards to be successfully established before placing itself in the background. .It Fl g Allows remote hosts to connect to local forwarded ports. +If used on a multiplexed connection, then this option must be specified +on the master process. .It Fl I Ar pkcs11 Specify the PKCS#11 shared library .Nm @@ -273,7 +267,8 @@ The default is .Pa ~/.ssh/identity for protocol version 1, and .Pa ~/.ssh/id_dsa , -.Pa ~/.ssh/id_ecdsa +.Pa ~/.ssh/id_ecdsa , +.Pa ~/.ssh/id_ed25519 and .Pa ~/.ssh/id_rsa for protocol version 2. @@ -410,6 +405,11 @@ For full details of the options listed below, and their possible values, see .It AddressFamily .It BatchMode .It BindAddress +.It CanonicalDomains +.It CanonicalizeFallbackLocal +.It CanonicalizeHostname +.It CanonicalizeMaxDots +.It CanonicalizePermittedCNAMEs .It ChallengeResponseAuthentication .It CheckHostIP .It Cipher @@ -449,6 +449,7 @@ For full details of the options listed below, and their possible values, see .It LocalForward .It LogLevel .It MACs +.It Match .It NoHostAuthenticationForLocalhost .It NumberOfPasswordPrompts .It PasswordAuthentication @@ -458,6 +459,7 @@ For full details of the options listed below, and their possible values, see .It PreferredAuthentications .It Protocol .It ProxyCommand +.It ProxyUseFdpass .It PubkeyAuthentication .It RekeyLimit .It RemoteForward @@ -467,6 +469,8 @@ For full details of the options listed below, and their possible values, see .It SendEnv .It ServerAliveInterval .It ServerAliveCountMax +.It StreamLocalBindMask +.It StreamLocalBindUnlink .It StrictHostKeyChecking .It TCPKeepAlive .It Tunnel @@ -482,6 +486,21 @@ For full details of the options listed below, and their possible values, see Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file. +.It Fl Q Cm cipher | cipher-auth | mac | kex | key +Queries +.Nm +for the algorithms supported for the specified version 2. +The available features are: +.Ar cipher +(supported symmetric ciphers), +.Ar cipher-auth +(supported symmetric ciphers that support authenticated encryption), +.Ar mac +(supported message integrity codes), +.Ar kex +(key exchange algorithms), +.Ar key +(key types). .It Fl q Quiet mode. Causes most warning and diagnostic messages to be suppressed. @@ -674,7 +693,7 @@ it provides additional mechanisms for confidentiality (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, -umac-64, hmac-ripemd160). +umac-64, umac-128, hmac-ripemd160). Protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. .Pp @@ -729,12 +748,10 @@ key pair for authentication purposes. The server knows the public key, and only the user knows the private key. .Nm implements public key authentication protocol automatically, -using one of the DSA, ECDSA or RSA algorithms. +using one of the DSA, ECDSA, ED25519 or RSA algorithms. Protocol 1 is restricted to using only RSA keys, but protocol 2 may use any. -The -.Sx HISTORY -section of +The HISTORY section of .Xr ssl 8 contains a brief discussion of the DSA and RSA algorithms. .Pp @@ -758,6 +775,8 @@ This stores the private key in (protocol 2 DSA), .Pa ~/.ssh/id_ecdsa (protocol 2 ECDSA), +.Pa ~/.ssh/id_ed25519 +(protocol 2 ED25519), or .Pa ~/.ssh/id_rsa (protocol 2 RSA) @@ -768,6 +787,8 @@ and stores the public key in (protocol 2 DSA), .Pa ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), +.Pa ~/.ssh/id_ed25519.pub +(protocol 2 ED25519), or .Pa ~/.ssh/id_rsa.pub (protocol 2 RSA) @@ -790,9 +811,7 @@ instead of a set of public/private keys, signed certificates are used. This has the advantage that a single trusted certification authority can be used in place of many public/private keys. -See the -.Sx CERTIFICATES -section of +See the CERTIFICATES section of .Xr ssh-keygen 1 for more information. .Pp @@ -809,9 +828,12 @@ text, and prompts for a response. Protocol 2 allows multiple challenges and responses; protocol 1 is restricted to just one challenge/response. Examples of challenge-response authentication include -BSD Authentication (see +.Bx +Authentication (see .Xr login.conf 5 ) -and PAM (some non-OpenBSD systems). +and PAM (some +.Pf non- Ox +systems). .Pp Finally, if other authentication methods fail, .Nm @@ -926,6 +948,14 @@ option. .It Cm ~R Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it). +.It Cm ~V +Decrease the verbosity +.Pq Ic LogLevel +when errors are being written to stderr. +.It Cm ~v +Increase the verbosity +.Pq Ic LogLevel +when errors are being written to stderr. .El .Sh TCP FORWARDING Forwarding of arbitrary TCP connections over the secure channel can @@ -1298,8 +1328,8 @@ secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp .It Pa ~/.ssh/authorized_keys -Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as -this user. +Lists the public keys (DSA, ECDSA, ED25519, RSA) +that can be used for logging in as this user. The format of this file is described in the .Xr sshd 8 manual page. @@ -1311,7 +1341,7 @@ This is the per-user configuration file. The file format and configuration options are described in .Xr ssh_config 5 . Because of the potential for abuse, this file must have strict permissions: -read/write for the user, and not accessible by others. +read/write for the user, and not writable by others. .Pp .It Pa ~/.ssh/environment Contains additional definitions for environment variables; see @@ -1321,6 +1351,7 @@ above. .It Pa ~/.ssh/identity .It Pa ~/.ssh/id_dsa .It Pa ~/.ssh/id_ecdsa +.It Pa ~/.ssh/id_ed25519 .It Pa ~/.ssh/id_rsa Contains the private key for authentication. These files @@ -1335,6 +1366,7 @@ sensitive part of this file using 3DES. .It Pa ~/.ssh/identity.pub .It Pa ~/.ssh/id_dsa.pub .It Pa ~/.ssh/id_ecdsa.pub +.It Pa ~/.ssh/id_ed25519.pub .It Pa ~/.ssh/id_rsa.pub Contains the public key for authentication. These files are not @@ -1374,6 +1406,7 @@ The file format and configuration options are described in .It Pa /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key +.It Pa /etc/ssh/ssh_host_ed25519_key .It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys and are used for host-based authentication. @@ -1422,81 +1455,121 @@ if an error occurred. .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr tun 4 , -.Xr hosts.equiv 5 , .Xr ssh_config 5 , .Xr ssh-keysign 8 , .Xr sshd 8 +.Sh STANDARDS .Rs +.%A S. Lehtinen +.%A C. Lonvick +.%D January 2006 .%R RFC 4250 -.%T "The Secure Shell (SSH) Protocol Assigned Numbers" -.%D 2006 +.%T The Secure Shell (SSH) Protocol Assigned Numbers .Re +.Pp .Rs +.%A T. Ylonen +.%A C. Lonvick +.%D January 2006 .%R RFC 4251 -.%T "The Secure Shell (SSH) Protocol Architecture" -.%D 2006 +.%T The Secure Shell (SSH) Protocol Architecture .Re +.Pp .Rs +.%A T. Ylonen +.%A C. Lonvick +.%D January 2006 .%R RFC 4252 -.%T "The Secure Shell (SSH) Authentication Protocol" -.%D 2006 +.%T The Secure Shell (SSH) Authentication Protocol .Re +.Pp .Rs +.%A T. Ylonen +.%A C. Lonvick +.%D January 2006 .%R RFC 4253 -.%T "The Secure Shell (SSH) Transport Layer Protocol" -.%D 2006 +.%T The Secure Shell (SSH) Transport Layer Protocol .Re +.Pp .Rs +.%A T. Ylonen +.%A C. Lonvick +.%D January 2006 .%R RFC 4254 -.%T "The Secure Shell (SSH) Connection Protocol" -.%D 2006 +.%T The Secure Shell (SSH) Connection Protocol .Re +.Pp .Rs +.%A J. Schlyter +.%A W. Griffin +.%D January 2006 .%R RFC 4255 -.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints" -.%D 2006 +.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints .Re +.Pp .Rs +.%A F. Cusack +.%A M. Forssen +.%D January 2006 .%R RFC 4256 -.%T "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)" -.%D 2006 +.%T Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) .Re +.Pp .Rs +.%A J. Galbraith +.%A P. Remaker +.%D January 2006 .%R RFC 4335 -.%T "The Secure Shell (SSH) Session Channel Break Extension" -.%D 2006 +.%T The Secure Shell (SSH) Session Channel Break Extension .Re +.Pp .Rs +.%A M. Bellare +.%A T. Kohno +.%A C. Namprempre +.%D January 2006 .%R RFC 4344 -.%T "The Secure Shell (SSH) Transport Layer Encryption Modes" -.%D 2006 +.%T The Secure Shell (SSH) Transport Layer Encryption Modes .Re +.Pp .Rs +.%A B. Harris +.%D January 2006 .%R RFC 4345 -.%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol" -.%D 2006 +.%T Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol .Re +.Pp .Rs +.%A M. Friedl +.%A N. Provos +.%A W. Simpson +.%D March 2006 .%R RFC 4419 -.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" -.%D 2006 +.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol .Re +.Pp .Rs +.%A J. Galbraith +.%A R. Thayer +.%D November 2006 .%R RFC 4716 -.%T "The Secure Shell (SSH) Public Key File Format" -.%D 2006 +.%T The Secure Shell (SSH) Public Key File Format .Re +.Pp .Rs +.%A D. Stebila +.%A J. Green +.%D December 2009 .%R RFC 5656 -.%T "Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer" -.%D 2009 +.%T Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer .Re +.Pp .Rs -.%T "Hash Visualization: a New Technique to improve Real-World Security" .%A A. Perrig .%A D. Song .%D 1999 -.%O "International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)" +.%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) +.%T Hash Visualization: a New Technique to improve Real-World Security .Re .Sh AUTHORS OpenSSH is a derivative of the original and free diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 3f61eb0282..26e9681b70 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.407 2014/07/17 07:22:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -71,8 +71,10 @@ #include #include +#ifdef WITH_OPENSSL #include #include +#endif #include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/sys-queue.h" @@ -83,6 +85,7 @@ #include "canohost.h" #include "compat.h" #include "cipher.h" +#include "digest.h" #include "packet.h" #include "buffer.h" #include "channels.h" @@ -93,9 +96,9 @@ #include "dispatch.h" #include "clientloop.h" #include "log.h" +#include "misc.h" #include "readconf.h" #include "sshconnect.h" -#include "misc.h" #include "kex.h" #include "mac.h" #include "sshpty.h" @@ -197,13 +200,13 @@ usage(void) { fprintf(stderr, "usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" -" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" -" [-I pkcs11] [-i identity_file]\n" -" [-L [bind_address:]port:host:hostport]\n" -" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" -" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -" [-W host:port] [-w local_tun[:remote_tun]]\n" -" [user@]hostname [command]\n" +" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" +" [-F configfile] [-I pkcs11] [-i identity_file]\n" +" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n" +" [-O ctl_cmd] [-o option] [-p port]\n" +" [-Q cipher | cipher-auth | mac | kex | key]\n" +" [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]\n" +" [-w local_tun[:remote_tun]] [user@]hostname [command]\n" ); exit(255); } @@ -226,28 +229,205 @@ tilde_expand_paths(char **paths, u_int num_paths) for (i = 0; i < num_paths; i++) { cp = tilde_expand_filename(paths[i], original_real_uid); - xfree(paths[i]); + free(paths[i]); paths[i] = cp; } } /* + * Attempt to resolve a host name / port to a set of addresses and + * optionally return any CNAMEs encountered along the way. + * Returns NULL on failure. + * NB. this function must operate with a options having undefined members. + */ +static struct addrinfo * +resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) +{ + char strport[NI_MAXSERV]; + struct addrinfo hints, *res; + int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1; + + if (port <= 0) + port = default_ssh_port(); + + snprintf(strport, sizeof strport, "%u", port); + memset(&hints, 0, sizeof(hints)); + hints.ai_family = options.address_family == -1 ? + AF_UNSPEC : options.address_family; + hints.ai_socktype = SOCK_STREAM; + if (cname != NULL) + hints.ai_flags = AI_CANONNAME; + if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) { + if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA)) + loglevel = SYSLOG_LEVEL_ERROR; + do_log2(loglevel, "%s: Could not resolve hostname %.100s: %s", + __progname, name, ssh_gai_strerror(gaierr)); + return NULL; + } + if (cname != NULL && res->ai_canonname != NULL) { + if (strlcpy(cname, res->ai_canonname, clen) >= clen) { + error("%s: host \"%s\" cname \"%s\" too long (max %lu)", + __func__, name, res->ai_canonname, (u_long)clen); + if (clen > 0) + *cname = '\0'; + } + } + return res; +} + +/* + * Check whether the cname is a permitted replacement for the hostname + * and perform the replacement if it is. + * NB. this function must operate with a options having undefined members. + */ +static int +check_follow_cname(char **namep, const char *cname) +{ + int i; + struct allowed_cname *rule; + + if (*cname == '\0' || options.num_permitted_cnames == 0 || + strcmp(*namep, cname) == 0) + return 0; + if (options.canonicalize_hostname == SSH_CANONICALISE_NO) + return 0; + /* + * Don't attempt to canonicalize names that will be interpreted by + * a proxy unless the user specifically requests so. + */ + if (!option_clear_or_none(options.proxy_command) && + options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) + return 0; + debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname); + for (i = 0; i < options.num_permitted_cnames; i++) { + rule = options.permitted_cnames + i; + if (match_pattern_list(*namep, rule->source_list, + strlen(rule->source_list), 1) != 1 || + match_pattern_list(cname, rule->target_list, + strlen(rule->target_list), 1) != 1) + continue; + verbose("Canonicalized DNS aliased hostname " + "\"%s\" => \"%s\"", *namep, cname); + free(*namep); + *namep = xstrdup(cname); + return 1; + } + return 0; +} + +/* + * Attempt to resolve the supplied hostname after applying the user's + * canonicalization rules. Returns the address list for the host or NULL + * if no name was found after canonicalization. + * NB. this function must operate with a options having undefined members. + */ +static struct addrinfo * +resolve_canonicalize(char **hostp, int port) +{ + int i, ndots; + char *cp, *fullhost, cname_target[NI_MAXHOST]; + struct addrinfo *addrs; + + if (options.canonicalize_hostname == SSH_CANONICALISE_NO) + return NULL; + + /* + * Don't attempt to canonicalize names that will be interpreted by + * a proxy unless the user specifically requests so. + */ + if (!option_clear_or_none(options.proxy_command) && + options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) + return NULL; + + /* Don't apply canonicalization to sufficiently-qualified hostnames */ + ndots = 0; + for (cp = *hostp; *cp != '\0'; cp++) { + if (*cp == '.') + ndots++; + } + if (ndots > options.canonicalize_max_dots) { + debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)", + __func__, *hostp, options.canonicalize_max_dots); + return NULL; + } + /* Attempt each supplied suffix */ + for (i = 0; i < options.num_canonical_domains; i++) { + *cname_target = '\0'; + xasprintf(&fullhost, "%s.%s.", *hostp, + options.canonical_domains[i]); + debug3("%s: attempting \"%s\" => \"%s\"", __func__, + *hostp, fullhost); + if ((addrs = resolve_host(fullhost, port, 0, + cname_target, sizeof(cname_target))) == NULL) { + free(fullhost); + continue; + } + /* Remove trailing '.' */ + fullhost[strlen(fullhost) - 1] = '\0'; + /* Follow CNAME if requested */ + if (!check_follow_cname(&fullhost, cname_target)) { + debug("Canonicalized hostname \"%s\" => \"%s\"", + *hostp, fullhost); + } + free(*hostp); + *hostp = fullhost; + return addrs; + } + if (!options.canonicalize_fallback_local) + fatal("%s: Could not resolve host \"%s\"", __progname, *hostp); + debug2("%s: host %s not found in any suffix", __func__, *hostp); + return NULL; +} + +/* + * Read per-user configuration file. Ignore the system wide config + * file if the user specifies a config file on the command line. + */ +static void +process_config_files(struct passwd *pw) +{ + char buf[MAXPATHLEN]; + int r; + + if (config != NULL) { + if (strcasecmp(config, "none") != 0 && + !read_config_file(config, pw, host, &options, + SSHCONF_USERCONF)) + fatal("Can't open user config file %.100s: " + "%.100s", config, strerror(errno)); + } else { + r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, + _PATH_SSH_USER_CONFFILE); + if (r > 0 && (size_t)r < sizeof(buf)) + (void)read_config_file(buf, pw, host, &options, + SSHCONF_CHECKPERM|SSHCONF_USERCONF); + + /* Read systemwide configuration file after user config. */ + (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, host, + &options, 0); + } +} + +/* * Main program for the ssh client. */ int main(int ac, char **av) { int i, r, opt, exit_status, use_syslog; - char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg; + char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg, *logfile; char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; + char cname[NI_MAXHOST]; struct stat st; struct passwd *pw; - int dummy, timeout_ms; + int timeout_ms; extern int optind, optreset; extern char *optarg; - - struct servent *sp; - Forward fwd; + struct Forward fwd; + struct addrinfo *addrs = NULL; + struct ssh_digest_ctx *md; + u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; + char *conn_hash_hex; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -299,7 +479,7 @@ main(int ac, char **av) /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { - logit("You don't exist, go away!"); + logit("No user exists for uid %lu", (u_long)original_real_uid); exit(255); } /* Take a copy of the returned structure. */ @@ -322,11 +502,12 @@ main(int ac, char **av) /* Parse command-line arguments. */ host = NULL; use_syslog = 0; + logfile = NULL; argv0 = av[0]; again: while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" - "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) { + "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -356,12 +537,15 @@ main(int ac, char **av) case 'y': use_syslog = 1; break; + case 'E': + logfile = xstrdup(optarg); + break; case 'Y': options.forward_x11 = 1; options.forward_x11_trusted = 1; break; case 'g': - options.gateway_ports = 1; + options.fwd_opts.gateway_ports = 1; break; case 'O': if (stdio_forward_host != NULL) @@ -385,6 +569,28 @@ main(int ac, char **av) case 'P': /* deprecated */ options.use_privileged_port = 0; break; + case 'Q': + cp = NULL; + if (strcmp(optarg, "cipher") == 0) + cp = cipher_alg_list('\n', 0); + else if (strcmp(optarg, "cipher-auth") == 0) + cp = cipher_alg_list('\n', 1); + else if (strcmp(optarg, "mac") == 0) + cp = mac_alg_list('\n'); + else if (strcmp(optarg, "kex") == 0) + cp = kex_alg_list('\n'); + else if (strcmp(optarg, "key") == 0) + cp = key_alg_list(0, 0); + else if (strcmp(optarg, "key-cert") == 0) + cp = key_alg_list(1, 0); + else if (strcmp(optarg, "key-plain") == 0) + cp = key_alg_list(0, 1); + if (cp == NULL) + fatal("Unsupported query \"%s\"", optarg); + printf("%s\n", cp); + free(cp); + exit(0); + break; case 'a': options.forward_agent = 0; break; @@ -405,12 +611,7 @@ main(int ac, char **av) strerror(errno)); break; } - if (options.num_identity_files >= - SSH_MAX_IDENTITY_FILES) - fatal("Too many identity files specified " - "(max %d)", SSH_MAX_IDENTITY_FILES); - options.identity_files[options.num_identity_files++] = - xstrdup(optarg); + add_identity_file(&options, NULL, optarg, 1); break; case 'I': #ifdef ENABLE_PKCS11 @@ -432,12 +633,17 @@ main(int ac, char **av) } else { if (options.log_level < SYSLOG_LEVEL_DEBUG3) options.log_level++; - break; } - /* FALLTHROUGH */ + break; case 'V': fprintf(stderr, "%s, %s\n", - SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); if (opt == 'V') exit(0); break; @@ -459,7 +665,7 @@ main(int ac, char **av) if (parse_forward(&fwd, optarg, 1, 0)) { stdio_forward_host = fwd.listen_host; stdio_forward_port = fwd.listen_port; - xfree(fwd.connect_host); + free(fwd.connect_host); } else { fprintf(stderr, "Bad stdio forwarding specification '%s'\n", @@ -581,12 +787,12 @@ main(int ac, char **av) options.request_tty = REQUEST_TTY_NO; break; case 'o': - dummy = 1; line = xstrdup(optarg); - if (process_config_line(&options, host ? host : "", - line, "command-line", 0, &dummy) != 0) + if (process_config_line(&options, pw, host ? host : "", + line, "command-line", 0, NULL, SSHCONF_USERCONF) + != 0) exit(255); - xfree(line); + free(line); break; case 's': subsystem_flag = 1; @@ -618,9 +824,9 @@ main(int ac, char **av) usage(); options.user = p; *cp = '\0'; - host = ++cp; + host = xstrdup(++cp); } else - host = *av; + host = xstrdup(*av); if (ac > 1) { optind = optreset = 1; goto again; @@ -632,8 +838,12 @@ main(int ac, char **av) if (!host) usage(); + host_arg = xstrdup(host); + +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); +#endif /* Initialize the command to execute on remote host. */ buffer_init(&command); @@ -667,36 +877,101 @@ main(int ac, char **av) /* * Initialize "log" output. Since we are the client all output - * actually goes to stderr. + * goes to stderr unless otherwise specified by -y or -E. */ + if (use_syslog && logfile != NULL) + fatal("Can't specify both -y and -E"); + if (logfile != NULL) { + log_redirect_stderr_to(logfile); + free(logfile); + } log_init(argv0, options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, SYSLOG_FACILITY_USER, !use_syslog); + if (debug_flag) + logit("%s, %s", SSH_RELEASE, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); + + /* Parse the configuration files */ + process_config_files(pw); + + /* Hostname canonicalisation needs a few options filled. */ + fill_default_options_for_canonicalization(&options); + + /* If the user has replaced the hostname then take it into use now */ + if (options.hostname != NULL) { + /* NB. Please keep in sync with readconf.c:match_cfg_line() */ + cp = percent_expand(options.hostname, + "h", host, (char *)NULL); + free(host); + host = cp; + } + + /* If canonicalization requested then try to apply it */ + lowercase(host); + if (options.canonicalize_hostname != SSH_CANONICALISE_NO) + addrs = resolve_canonicalize(&host, options.port); + /* - * Read per-user configuration file. Ignore the system wide config - * file if the user specifies a config file on the command line. + * If CanonicalizePermittedCNAMEs have been specified but + * other canonicalization did not happen (by not being requested + * or by failing with fallback) then the hostname may still be changed + * as a result of CNAME following. + * + * Try to resolve the bare hostname name using the system resolver's + * usual search rules and then apply the CNAME follow rules. + * + * Skip the lookup if a ProxyCommand is being used unless the user + * has specifically requested canonicalisation for this case via + * CanonicalizeHostname=always */ - if (config != NULL) { - if (!read_config_file(config, host, &options, 0)) - fatal("Can't open user config file %.100s: " - "%.100s", config, strerror(errno)); - } else { - r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, - _PATH_SSH_USER_CONFFILE); - if (r > 0 && (size_t)r < sizeof(buf)) - (void)read_config_file(buf, host, &options, 1); + if (addrs == NULL && options.num_permitted_cnames != 0 && + (option_clear_or_none(options.proxy_command) || + options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { + if ((addrs = resolve_host(host, options.port, + option_clear_or_none(options.proxy_command), + cname, sizeof(cname))) == NULL) { + /* Don't fatal proxied host names not in the DNS */ + if (option_clear_or_none(options.proxy_command)) + cleanup_exit(255); /* logged in resolve_host */ + } else + check_follow_cname(&host, cname); + } - /* Read systemwide configuration file after user config. */ - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, - &options, 0); + /* + * If the target hostname has changed as a result of canonicalisation + * then re-parse the configuration files as new stanzas may match. + */ + if (strcasecmp(host_arg, host) != 0) { + debug("Hostname has changed; re-reading configuration"); + process_config_files(pw); } /* Fill configuration defaults. */ fill_default_options(&options); + if (options.port == 0) + options.port = default_ssh_port(); channel_set_af(options.address_family); + /* Tidy and check options */ + if (options.host_key_alias != NULL) + lowercase(options.host_key_alias); + if (options.proxy_command != NULL && + strcmp(options.proxy_command, "-") == 0 && + options.proxy_use_fdpass) + fatal("ProxyCommand=- and ProxyUseFDPass are incompatible"); +#ifndef HAVE_CYGWIN + if (original_effective_uid != 0) + options.use_privileged_port = 0; +#endif + /* reinit */ log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); @@ -725,82 +1000,87 @@ main(int ac, char **av) if (options.user == NULL) options.user = xstrdup(pw->pw_name); - /* Get default port if port has not been set. */ - if (options.port == 0) { - sp = getservbyname(SSH_SERVICE_NAME, "tcp"); - options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; - } - - /* preserve host name given on command line for %n expansion */ - host_arg = host; - if (options.hostname != NULL) { - host = percent_expand(options.hostname, - "h", host, (char *)NULL); - } - if (gethostname(thishost, sizeof(thishost)) == -1) fatal("gethostname: %s", strerror(errno)); strlcpy(shorthost, thishost, sizeof(shorthost)); shorthost[strcspn(thishost, ".")] = '\0'; snprintf(portstr, sizeof(portstr), "%d", options.port); + if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || + ssh_digest_update(md, thishost, strlen(thishost)) < 0 || + ssh_digest_update(md, host, strlen(host)) < 0 || + ssh_digest_update(md, portstr, strlen(portstr)) < 0 || + ssh_digest_update(md, options.user, strlen(options.user)) < 0 || + ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) + fatal("%s: mux digest failed", __func__); + ssh_digest_free(md); + conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); + if (options.local_command != NULL) { debug3("expanding LocalCommand: %s", options.local_command); cp = options.local_command; - options.local_command = percent_expand(cp, "d", pw->pw_dir, - "h", host, "l", thishost, "n", host_arg, "r", options.user, - "p", portstr, "u", pw->pw_name, "L", shorthost, + options.local_command = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "d", pw->pw_dir, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, (char *)NULL); debug3("expanded LocalCommand: %s", options.local_command); - xfree(cp); - } - - /* force lowercase for hostkey matching */ - if (options.host_key_alias != NULL) { - for (p = options.host_key_alias; *p; p++) - if (isupper(*p)) - *p = (char)tolower(*p); - } - - if (options.proxy_command != NULL && - strcmp(options.proxy_command, "none") == 0) { - xfree(options.proxy_command); - options.proxy_command = NULL; - } - if (options.control_path != NULL && - strcmp(options.control_path, "none") == 0) { - xfree(options.control_path); - options.control_path = NULL; + free(cp); } if (options.control_path != NULL) { cp = tilde_expand_filename(options.control_path, original_real_uid); - xfree(options.control_path); - options.control_path = percent_expand(cp, "h", host, - "l", thishost, "n", host_arg, "r", options.user, - "p", portstr, "u", pw->pw_name, "L", shorthost, + free(options.control_path); + options.control_path = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, (char *)NULL); - xfree(cp); + free(cp); } + free(conn_hash_hex); + if (muxclient_command != 0 && options.control_path == NULL) fatal("No ControlPath specified for \"-O\" command"); if (options.control_path != NULL) muxclient(options.control_path); + /* + * If hostname canonicalisation was not enabled, then we may not + * have yet resolved the hostname. Do so now. + */ + if (addrs == NULL && options.proxy_command == NULL) { + if ((addrs = resolve_host(host, options.port, 1, + cname, sizeof(cname))) == NULL) + cleanup_exit(255); /* resolve_host logs the error */ + } + timeout_ms = options.connection_timeout * 1000; /* Open a connection to the remote host. */ - if (ssh_connect(host, &hostaddr, options.port, - options.address_family, options.connection_attempts, &timeout_ms, - options.tcp_keep_alive, -#ifdef HAVE_CYGWIN - options.use_privileged_port, -#else - original_effective_uid == 0 && options.use_privileged_port, -#endif - options.proxy_command) != 0) - exit(255); + if (ssh_connect(host, addrs, &hostaddr, options.port, + options.address_family, options.connection_attempts, + &timeout_ms, options.tcp_keep_alive, + options.use_privileged_port) != 0) + exit(255); + + if (addrs != NULL) + freeaddrinfo(addrs); + + packet_set_timeout(options.server_alive_interval, + options.server_alive_count_max); if (timeout_ms > 0) debug3("timeout: %d ms remain after connect", timeout_ms); @@ -818,7 +1098,7 @@ main(int ac, char **av) sensitive_data.external_keysign = 0; if (options.rhosts_rsa_authentication || options.hostbased_authentication) { - sensitive_data.nkeys = 7; + sensitive_data.nkeys = 9; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); for (i = 0; i < sensitive_data.nkeys; i++) @@ -835,21 +1115,26 @@ main(int ac, char **av) #endif sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL); - sensitive_data.keys[4] = key_load_private_type(KEY_DSA, + sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519, + _PATH_HOST_ED25519_KEY_FILE, "", NULL); + sensitive_data.keys[5] = key_load_private_type(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); #ifdef OPENSSL_HAS_ECC - sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, + sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); #endif - sensitive_data.keys[6] = key_load_private_type(KEY_RSA, + sensitive_data.keys[7] = key_load_private_type(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); + sensitive_data.keys[8] = key_load_private_type(KEY_ED25519, + _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); PRIV_END; if (options.hostbased_authentication == 1 && sensitive_data.keys[0] == NULL && - sensitive_data.keys[4] == NULL && sensitive_data.keys[5] == NULL && - sensitive_data.keys[6] == NULL) { + sensitive_data.keys[6] == NULL && + sensitive_data.keys[7] == NULL && + sensitive_data.keys[8] == NULL) { sensitive_data.keys[1] = key_load_cert( _PATH_HOST_DSA_KEY_FILE); #ifdef OPENSSL_HAS_ECC @@ -858,14 +1143,18 @@ main(int ac, char **av) #endif sensitive_data.keys[3] = key_load_cert( _PATH_HOST_RSA_KEY_FILE); - sensitive_data.keys[4] = key_load_public( + sensitive_data.keys[4] = key_load_cert( + _PATH_HOST_ED25519_KEY_FILE); + sensitive_data.keys[5] = key_load_public( _PATH_HOST_DSA_KEY_FILE, NULL); #ifdef OPENSSL_HAS_ECC - sensitive_data.keys[5] = key_load_public( + sensitive_data.keys[6] = key_load_public( _PATH_HOST_ECDSA_KEY_FILE, NULL); #endif - sensitive_data.keys[6] = key_load_public( + sensitive_data.keys[7] = key_load_public( _PATH_HOST_RSA_KEY_FILE, NULL); + sensitive_data.keys[8] = key_load_public( + _PATH_HOST_ED25519_KEY_FILE, NULL); sensitive_data.external_keysign = 1; } } @@ -932,13 +1221,11 @@ main(int ac, char **av) sensitive_data.keys[i] = NULL; } } - xfree(sensitive_data.keys); + free(sensitive_data.keys); } for (i = 0; i < options.num_identity_files; i++) { - if (options.identity_files[i]) { - xfree(options.identity_files[i]); - options.identity_files[i] = NULL; - } + free(options.identity_files[i]); + options.identity_files[i] = NULL; if (options.identity_keys[i]) { key_free(options.identity_keys[i]); options.identity_keys[i] = NULL; @@ -998,6 +1285,7 @@ control_persist_detach(void) if (devnull > STDERR_FILENO) close(devnull); } + daemon(1, 1); setproctitle("%s [mux]", options.control_path); } @@ -1017,13 +1305,17 @@ fork_postauth(void) static void ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) { - Forward *rfwd = (Forward *)ctxt; + struct Forward *rfwd = (struct Forward *)ctxt; /* XXX verbose() on failure? */ - debug("remote forward %s for: listen %d, connect %s:%d", + debug("remote forward %s for: listen %s%s%d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", - rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); - if (rfwd->listen_port == 0) { + rfwd->listen_path ? rfwd->listen_path : + rfwd->listen_host ? rfwd->listen_host : "", + (rfwd->listen_path || rfwd->listen_host) ? ":" : "", + rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path : + rfwd->connect_host, rfwd->connect_port); + if (rfwd->listen_path == NULL && rfwd->listen_port == 0) { if (type == SSH2_MSG_REQUEST_SUCCESS) { rfwd->allocated_port = packet_get_int(); logit("Allocated port %u for remote forward to %s:%d", @@ -1037,12 +1329,21 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) } if (type == SSH2_MSG_REQUEST_FAILURE) { - if (options.exit_on_forward_failure) - fatal("Error: remote port forwarding failed for " - "listen port %d", rfwd->listen_port); - else - logit("Warning: remote port forwarding failed for " - "listen port %d", rfwd->listen_port); + if (options.exit_on_forward_failure) { + if (rfwd->listen_path != NULL) + fatal("Error: remote port forwarding failed " + "for listen path %s", rfwd->listen_path); + else + fatal("Error: remote port forwarding failed " + "for listen port %d", rfwd->listen_port); + } else { + if (rfwd->listen_path != NULL) + logit("Warning: remote port forwarding failed " + "for listen path %s", rfwd->listen_path); + else + logit("Warning: remote port forwarding failed " + "for listen port %d", rfwd->listen_port); + } } if (++remote_forward_confirms_received == options.num_remote_forwards) { debug("All remote forwarding requests processed"); @@ -1059,6 +1360,13 @@ client_cleanup_stdio_fwd(int id, void *arg) } static void +ssh_stdio_confirm(int id, int success, void *arg) +{ + if (!success) + fatal("stdio forwarding failed"); +} + +static void ssh_init_stdio_forwarding(void) { Channel *c; @@ -1066,7 +1374,7 @@ ssh_init_stdio_forwarding(void) if (stdio_forward_host == NULL) return; - if (!compat20) + if (!compat20) fatal("stdio forwarding require Protocol 2"); debug3("%s: %s:%d", __func__, stdio_forward_host, stdio_forward_port); @@ -1078,6 +1386,7 @@ ssh_init_stdio_forwarding(void) stdio_forward_port, in, out)) == NULL) fatal("%s: channel_connect_stdio_fwd failed", __func__); channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0); + channel_register_open_confirm(c->self, ssh_stdio_confirm, NULL); } static void @@ -1090,18 +1399,18 @@ ssh_init_forwarding(void) for (i = 0; i < options.num_local_forwards; i++) { debug("Local connections to %.200s:%d forwarded to remote " "address %.200s:%d", + (options.local_forwards[i].listen_path != NULL) ? + options.local_forwards[i].listen_path : (options.local_forwards[i].listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : + (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") : options.local_forwards[i].listen_host, options.local_forwards[i].listen_port, + (options.local_forwards[i].connect_path != NULL) ? + options.local_forwards[i].connect_path : options.local_forwards[i].connect_host, options.local_forwards[i].connect_port); success += channel_setup_local_fwd_listener( - options.local_forwards[i].listen_host, - options.local_forwards[i].listen_port, - options.local_forwards[i].connect_host, - options.local_forwards[i].connect_port, - options.gateway_ports); + &options.local_forwards[i], &options.fwd_opts); } if (i > 0 && success != i && options.exit_on_forward_failure) fatal("Could not request local forwarding."); @@ -1112,17 +1421,18 @@ ssh_init_forwarding(void) for (i = 0; i < options.num_remote_forwards; i++) { debug("Remote connections from %.200s:%d forwarded to " "local address %.200s:%d", + (options.remote_forwards[i].listen_path != NULL) ? + options.remote_forwards[i].listen_path : (options.remote_forwards[i].listen_host == NULL) ? "LOCALHOST" : options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, + (options.remote_forwards[i].connect_path != NULL) ? + options.remote_forwards[i].connect_path : options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); options.remote_forwards[i].handle = channel_request_remote_forwarding( - options.remote_forwards[i].listen_host, - options.remote_forwards[i].listen_port, - options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port); + &options.remote_forwards[i]); if (options.remote_forwards[i].handle < 0) { if (options.exit_on_forward_failure) fatal("Could not request remote forwarding."); @@ -1238,7 +1548,7 @@ ssh_session(void) char *proto, *data; /* Get reasonable local authentication information. */ client_x11_get_proto(display, options.xauth_location, - options.forward_x11_trusted, + options.forward_x11_trusted, options.forward_x11_timeout, &proto, &data); /* Request forwarding with authentication spoofing. */ @@ -1456,6 +1766,11 @@ ssh_session2(void) if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) id = ssh_session2_open(); + else { + packet_set_interactive( + options.control_master == SSHCTL_MASTER_NO, + options.ip_qos_interactive, options.ip_qos_bulk); + } /* If we don't expect to open a new session, then disallow it */ if (options.control_master == SSHCTL_MASTER_NO && @@ -1509,8 +1824,8 @@ load_public_identity_files(void) #endif /* PKCS11 */ n_ids = 0; - bzero(identity_files, sizeof(identity_files)); - bzero(identity_keys, sizeof(identity_keys)); + memset(identity_files, 0, sizeof(identity_files)); + memset(identity_keys, 0, sizeof(identity_keys)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && @@ -1528,7 +1843,7 @@ load_public_identity_files(void) xstrdup(options.pkcs11_provider); /* XXX */ n_ids++; } - xfree(keys); + free(keys); } #endif /* ENABLE_PKCS11 */ if ((pw = getpwuid(original_real_uid)) == NULL) @@ -1539,8 +1854,9 @@ load_public_identity_files(void) fatal("load_public_identity_files: gethostname: %s", strerror(errno)); for (i = 0; i < options.num_identity_files; i++) { - if (n_ids >= SSH_MAX_IDENTITY_FILES) { - xfree(options.identity_files[i]); + if (n_ids >= SSH_MAX_IDENTITY_FILES || + strcasecmp(options.identity_files[i], "none") == 0) { + free(options.identity_files[i]); continue; } cp = tilde_expand_filename(options.identity_files[i], @@ -1548,11 +1864,11 @@ load_public_identity_files(void) filename = percent_expand(cp, "d", pwdir, "u", pwname, "l", thishost, "h", host, "r", options.user, (char *)NULL); - xfree(cp); + free(cp); public = key_load_public(filename, NULL); debug("identity file %s type %d", filename, public ? public->type : -1); - xfree(options.identity_files[i]); + free(options.identity_files[i]); identity_files[n_ids] = filename; identity_keys[n_ids] = public; @@ -1565,14 +1881,14 @@ load_public_identity_files(void) debug("identity file %s type %d", cp, public ? public->type : -1); if (public == NULL) { - xfree(cp); + free(cp); continue; } if (!key_is_cert(public)) { debug("%s: key %s type %s is not a certificate", __func__, cp, key_type(public)); key_free(public); - xfree(cp); + free(cp); continue; } identity_keys[n_ids] = public; @@ -1584,10 +1900,10 @@ load_public_identity_files(void) memcpy(options.identity_files, identity_files, sizeof(identity_files)); memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); - bzero(pwname, strlen(pwname)); - xfree(pwname); - bzero(pwdir, strlen(pwdir)); - xfree(pwdir); + explicit_bzero(pwname, strlen(pwname)); + free(pwname); + explicit_bzero(pwdir, strlen(pwdir)); + free(pwdir); } static void @@ -1604,4 +1920,3 @@ main_sigchld_handler(int sig) signal(sig, main_sigchld_handler); errno = save_errno; } - diff --git a/crypto/openssh/ssh2.h b/crypto/openssh/ssh2.h index 51a963cae2..59417e6121 100644 --- a/crypto/openssh/ssh2.h +++ b/crypto/openssh/ssh2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh2.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: ssh2.h,v 1.15 2014/01/29 06:18:35 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -115,12 +115,6 @@ #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 -#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1 60 -#define SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1 61 -#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2 62 -#define SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2 63 -#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM 64 -#define SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM 65 /* connection protocol: generic */ diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 18936740f6..03a228fbd4 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ +# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -45,3 +45,4 @@ # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com +# RekeyLimit 1G 1h diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 36b1af195d..f9ede7a315 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $ -.Dd $Mdocdate: June 29 2012 $ +.\" $OpenBSD: ssh_config.5,v 1.191 2014/07/15 15:54:14 millert Exp $ +.Dd $Mdocdate: July 15 2014 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -100,6 +100,8 @@ keywords are case-insensitive and arguments are case-sensitive): .It Cm Host Restricts the following declarations (up to the next .Cm Host +or +.Cm Match keyword) to be only for those hosts that match one of the patterns given after the keyword. If more than one pattern is provided, they should be separated by whitespace. @@ -124,6 +126,73 @@ matches. See .Sx PATTERNS for more information on patterns. +.It Cm Match +Restricts the following declarations (up to the next +.Cm Host +or +.Cm Match +keyword) to be used only when the conditions following the +.Cm Match +keyword are satisfied. +Match conditions are specified using one or more keyword/criteria pairs +or the single token +.Cm all +which matches all criteria. +The available keywords are: +.Cm exec , +.Cm host , +.Cm originalhost , +.Cm user , +and +.Cm localuser . +.Pp +The +.Cm exec +keyword executes the specified command under the user's shell. +If the command returns a zero exit status then the condition is considered true. +Commands containing whitespace characters must be quoted. +The following character sequences in the command will be expanded prior to +execution: +.Ql %L +will be substituted by the first component of the local host name, +.Ql %l +will be substituted by the local host name (including any domain name), +.Ql %h +will be substituted by the target host name, +.Ql %n +will be substituted by the original target host name +specified on the command-line, +.Ql %p +the destination port, +.Ql %r +by the remote login username, and +.Ql %u +by the username of the user running +.Xr ssh 1 . +.Pp +The other keywords' criteria must be single entries or comma-separated +lists and may use the wildcard and negation operators described in the +.Sx PATTERNS +section. +The criteria for the +.Cm host +keyword are matched against the target hostname, after any substitution +by the +.Cm Hostname +option. +The +.Cm originalhost +keyword matches against the hostname as it was specified on the command-line. +The +.Cm user +keyword matches against the target username on the remote host. +The +.Cm localuser +keyword matches against the name of the local user running +.Xr ssh 1 +(this keyword may be useful in system-wide +.Nm +files). .It Cm AddressFamily Specifies which address family to use when connecting. Valid arguments are @@ -152,6 +221,81 @@ Note that this option does not work if .Cm UsePrivilegedPort is set to .Dq yes . +.It Cm CanonicalDomains +When +.Cm CanonicalizeHostname +is enabled, this option specifies the list of domain suffixes in which to +search for the specified destination host. +.It Cm CanonicalizeFallbackLocal +Specifies whether to fail with an error when hostname canonicalization fails. +The default, +.Dq yes , +will attempt to look up the unqualified hostname using the system resolver's +search rules. +A value of +.Dq no +will cause +.Xr ssh 1 +to fail instantly if +.Cm CanonicalizeHostname +is enabled and the target hostname cannot be found in any of the domains +specified by +.Cm CanonicalDomains . +.It Cm CanonicalizeHostname +Controls whether explicit hostname canonicalization is performed. +The default, +.Dq no , +is not to perform any name rewriting and let the system resolver handle all +hostname lookups. +If set to +.Dq yes +then, for connections that do not use a +.Cm ProxyCommand , +.Xr ssh 1 +will attempt to canonicalize the hostname specified on the command line +using the +.Cm CanonicalDomains +suffixes and +.Cm CanonicalizePermittedCNAMEs +rules. +If +.Cm CanonicalizeHostname +is set to +.Dq always , +then canonicalization is applied to proxied connections too. +.Pp +If this option is enabled and canonicalisation results in the target hostname +changing, then the configuration files are processed again using the new +target name to pick up any new configuration in matching +.Cm Host +stanzas. +.It Cm CanonicalizeMaxDots +Specifies the maximum number of dot characters in a hostname before +canonicalization is disabled. +The default, +.Dq 1 , +allows a single dot (i.e. hostname.subdomain). +.It Cm CanonicalizePermittedCNAMEs +Specifies rules to determine whether CNAMEs should be followed when +canonicalizing hostnames. +The rules consist of one or more arguments of +.Ar source_domain_list : Ns Ar target_domain_list , +where +.Ar source_domain_list +is a pattern-list of domains that may follow CNAMEs in canonicalization, +and +.Ar target_domain_list +is a pattern-list of domains that they may resolve to. +.Pp +For example, +.Dq *.a.example.com:*.b.example.com,*.c.example.com +will allow hostnames matching +.Dq *.a.example.com +to be canonicalized to names in the +.Dq *.b.example.com +or +.Dq *.c.example.com +domains. .It Cm ChallengeResponseAuthentication Specifies whether to use challenge-response authentication. The argument to this keyword must be @@ -196,26 +340,55 @@ The default is Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. -The supported ciphers are -.Dq 3des-cbc , -.Dq aes128-cbc , -.Dq aes192-cbc , -.Dq aes256-cbc , -.Dq aes128-ctr , -.Dq aes192-ctr , -.Dq aes256-ctr , -.Dq arcfour128 , -.Dq arcfour256 , -.Dq arcfour , -.Dq blowfish-cbc , -and -.Dq cast128-cbc . +The supported ciphers are: +.Pp +.Bl -item -compact -offset indent +.It +3des-cbc +.It +aes128-cbc +.It +aes192-cbc +.It +aes256-cbc +.It +aes128-ctr +.It +aes192-ctr +.It +aes256-ctr +.It +aes128-gcm@openssh.com +.It +aes256-gcm@openssh.com +.It +arcfour +.It +arcfour128 +.It +arcfour256 +.It +blowfish-cbc +.It +cast128-cbc +.It +chacha20-poly1305@openssh.com +.El +.Pp The default is: -.Bd -literal -offset 3n -aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, -aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, -aes256-cbc,arcfour +.Bd -literal -offset indent +aes128-ctr,aes192-ctr,aes256-ctr, +aes128-gcm@openssh.com,aes256-gcm@openssh.com, +chacha20-poly1305@openssh.com, +arcfour256,arcfour128, +aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, +aes192-cbc,aes256-cbc,arcfour .Ed +.Pp +The list of available ciphers may also be obtained using the +.Fl Q +option of +.Xr ssh 1 . .It Cm ClearAllForwardings Specifies that all local, remote, and dynamic port forwardings specified in the configuration files or on the command line be @@ -324,16 +497,18 @@ will be substituted by the target host name, will be substituted by the original target host name specified on the command line, .Ql %p -the port, +the destination port, .Ql %r -by the remote login username, and +by the remote login username, .Ql %u by the username of the user running -.Xr ssh 1 . +.Xr ssh 1 , and +.Ql \&%C +by a hash of the concatenation: %l%h%p%r. It is recommended that any .Cm ControlPath used for opportunistic connection sharing include -at least %h, %p, and %r. +at least %h, %p, and %r (or alternatively %C). This ensures that shared connections are uniquely identified. .It Cm ControlPersist When used in conjunction with @@ -471,8 +646,7 @@ option is also enabled. .It Cm ForwardX11Timeout Specify a timeout for untrusted X11 forwarding using the format described in the -.Sx TIME FORMATS -section of +TIME FORMATS section of .Xr sshd_config 5 . X11 connections received by .Xr ssh 1 @@ -569,10 +743,11 @@ The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, +ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-rsa,ssh-dss +ssh-ed25519,ssh-rsa,ssh-dss .Ed .Pp If hostkeys are known for the destination host then this default is modified @@ -590,6 +765,12 @@ If the hostname contains the character sequence .Ql %h , then this will be replaced with the host name specified on the command line (this is useful for manipulating unqualified names). +The character sequence +.Ql %% +will be replaced by a single +.Ql % +character, which may be used when specifying IPv6 link-local addresses. +.Pp The default is the name given on the command line. Numeric IP addresses are also permitted (both on the command line and in .Cm HostName @@ -602,6 +783,8 @@ should only use the authentication identity files configured in the files, even if .Xr ssh-agent 1 +or a +.Cm PKCS11Provider offers more identities. The argument to this keyword must be .Dq yes @@ -612,18 +795,21 @@ offers many different identities. The default is .Dq no . .It Cm IdentityFile -Specifies a file from which the user's DSA, ECDSA or RSA authentication +Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA authentication identity is read. The default is .Pa ~/.ssh/identity for protocol version 1, and .Pa ~/.ssh/id_dsa , -.Pa ~/.ssh/id_ecdsa +.Pa ~/.ssh/id_ecdsa , +.Pa ~/.ssh/id_ed25519 and .Pa ~/.ssh/id_rsa for protocol version 2. Additionally, any identities represented by the authentication agent -will be used for authentication. +will be used for authentication unless +.Cm IdentitiesOnly +is set. .Xr ssh 1 will try to load certificate information from the filename obtained by appending @@ -652,6 +838,22 @@ Multiple .Cm IdentityFile directives will add to the list of identities tried (this behaviour differs from that of other configuration directives). +.Pp +.Cm IdentityFile +may be used in conjunction with +.Cm IdentitiesOnly +to select which identities in an agent are offered during authentication. +.It Cm IgnoreUnknown +Specifies a pattern-list of unknown options to be ignored if they are +encountered in configuration parsing. +This may be used to suppress errors if +.Nm +contains options that are unrecognised by +.Xr ssh 1 . +It is recommended that +.Cm IgnoreUnknown +be listed early in the configuration file as it will not be applied +to unknown options that appear before it. .It Cm IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. Accepted values are @@ -713,10 +915,11 @@ Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated. The default is: .Bd -literal -offset indent +curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, -diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, +diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1 .Ed .It Cm LocalCommand @@ -738,7 +941,9 @@ The following escape character substitutions will be performed: .Ql %r (remote user name) or .Ql %u -(local user name). +(local user name) or +.Ql \&%C +by a hash of the concatenation: %l%h%p%r. .Pp The command is run synchronously and does not have access to the session of the @@ -790,10 +995,20 @@ in order of preference. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. +The algorithms that contain +.Dq -etm +calculate the MAC after encryption (encrypt-then-mac). +These are considered safer and their use recommended. The default is: .Bd -literal -offset indent -hmac-md5,hmac-sha1,umac-64@openssh.com, -hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, +umac-64-etm@openssh.com,umac-128-etm@openssh.com, +hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +umac-64@openssh.com,umac-128@openssh.com, +hmac-sha2-256,hmac-sha2-512, +hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, +hmac-ripemd160-etm@openssh.com, +hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, +hmac-md5,hmac-sha1,hmac-ripemd160, hmac-sha1-96,hmac-md5-96 .Ed .It Cm NoHostAuthenticationForLocalhost @@ -871,8 +1086,11 @@ The default is .It Cm ProxyCommand Specifies the command to use to connect to the server. The command -string extends to the end of the line, and is executed with -the user's shell. +string extends to the end of the line, and is executed +using the user's shell +.Ql exec +directive to avoid a lingering shell process. +.Pp In the command string, any occurrence of .Ql %h will be substituted by the host name to @@ -906,6 +1124,14 @@ For example, the following directive would connect via an HTTP proxy at .Bd -literal -offset 3n ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p .Ed +.It Cm ProxyUseFdpass +Specifies that +.Cm ProxyCommand +will pass a connected file descriptor back to +.Xr ssh 1 +instead of continuing to execute and pass data. +The default is +.Dq no . .It Cm PubkeyAuthentication Specifies whether to try public key authentication. The argument to this keyword must be @@ -917,8 +1143,9 @@ The default is This option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the -session key is renegotiated. -The argument is the number of bytes, with an optional suffix of +session key is renegotiated, optionally followed a maximum amount of +time that may pass before the session key is renegotiated. +The first argument is specified in bytes and may have a suffix of .Sq K , .Sq M , or @@ -929,6 +1156,16 @@ The default is between and .Sq 4G , depending on the cipher. +The optional second value is specified in seconds and may use any of the +units documented in the +TIME FORMATS section of +.Xr sshd_config 5 . +The default value for +.Cm RekeyLimit +is +.Dq default none , +which means that rekeying is performed after the cipher's default amount +of data has been sent or received and no time based rekeying is done. This option applies to protocol version 2 only. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over @@ -1066,6 +1303,33 @@ channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. This option applies to protocol version 2 only. +.It Cm StreamLocalBindMask +Sets the octal file creation mode mask +.Pq umask +used when creating a Unix-domain socket file for local or remote +port forwarding. +This option is only used for port forwarding to a Unix-domain socket file. +.Pp +The default value is 0177, which creates a Unix-domain socket file that is +readable and writable only by the owner. +Note that not all operating systems honor the file mode on Unix-domain +socket files. +.It Cm StreamLocalBindUnlink +Specifies whether to remove an existing Unix-domain socket file for local +or remote port forwarding before creating a new one. +If the socket file already exists and +.Cm StreamLocalBindUnlink +is not enabled, +.Nm ssh +will be unable to forward the port to the Unix-domain socket file. +This option is only used for port forwarding to a Unix-domain socket file. +.Pp +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm StrictHostKeyChecking If this flag is set to .Dq yes , @@ -1207,9 +1471,7 @@ The default is .Dq no . Note that this option applies to protocol version 2 only. .Pp -See also -.Sx VERIFYING HOST KEYS -in +See also VERIFYING HOST KEYS in .Xr ssh 1 . .It Cm VisualHostKey If this flag is set to @@ -1258,7 +1520,7 @@ Patterns within pattern-lists may be negated by preceding them with an exclamation mark .Pq Sq !\& . For example, -to allow a key to be used from anywhere within an organisation +to allow a key to be used from anywhere within an organization except from the .Dq dialup pool, diff --git a/crypto/openssh/sshbuf-getput-basic.c b/crypto/openssh/sshbuf-getput-basic.c new file mode 100644 index 0000000000..b7d0758c2b --- /dev/null +++ b/crypto/openssh/sshbuf-getput-basic.c @@ -0,0 +1,421 @@ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.1 2014/04/30 05:29:56 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSHBUF_INTERNAL +#include "includes.h" + +#include +#include +#include +#include + +#include "ssherr.h" +#include "sshbuf.h" + +int +sshbuf_get(struct sshbuf *buf, void *v, size_t len) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, len)) < 0) + return r; + if (v != NULL) + memcpy(v, p, len); + return 0; +} + +int +sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, 8)) < 0) + return r; + if (valp != NULL) + *valp = PEEK_U64(p); + return 0; +} + +int +sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, 4)) < 0) + return r; + if (valp != NULL) + *valp = PEEK_U32(p); + return 0; +} + +int +sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, 2)) < 0) + return r; + if (valp != NULL) + *valp = PEEK_U16(p); + return 0; +} + +int +sshbuf_get_u8(struct sshbuf *buf, u_char *valp) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, 1)) < 0) + return r; + if (valp != NULL) + *valp = (u_int8_t)*p; + return 0; +} + +int +sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp) +{ + const u_char *val; + size_t len; + int r; + + if (valp != NULL) + *valp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshbuf_get_string_direct(buf, &val, &len)) < 0) + return r; + if (valp != NULL) { + if ((*valp = malloc(len + 1)) == NULL) { + SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); + return SSH_ERR_ALLOC_FAIL; + } + memcpy(*valp, val, len); + (*valp)[len] = '\0'; + } + if (lenp != NULL) + *lenp = len; + return 0; +} + +int +sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp) +{ + size_t len; + const u_char *p; + int r; + + if (valp != NULL) + *valp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0) + return r; + if (valp != 0) + *valp = p; + if (lenp != NULL) + *lenp = len; + if (sshbuf_consume(buf, len + 4) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +int +sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, + size_t *lenp) +{ + u_int32_t len; + const u_char *p = sshbuf_ptr(buf); + + if (valp != NULL) + *valp = NULL; + if (lenp != NULL) + *lenp = 0; + if (sshbuf_len(buf) < 4) { + SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); + return SSH_ERR_MESSAGE_INCOMPLETE; + } + len = PEEK_U32(p); + if (len > SSHBUF_SIZE_MAX - 4) { + SSHBUF_DBG(("SSH_ERR_STRING_TOO_LARGE")); + return SSH_ERR_STRING_TOO_LARGE; + } + if (sshbuf_len(buf) - 4 < len) { + SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); + return SSH_ERR_MESSAGE_INCOMPLETE; + } + if (valp != 0) + *valp = p + 4; + if (lenp != NULL) + *lenp = len; + return 0; +} + +int +sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp) +{ + size_t len; + const u_char *p, *z; + int r; + + if (valp != NULL) + *valp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0) + return r; + /* Allow a \0 only at the end of the string */ + if (len > 0 && + (z = memchr(p , '\0', len)) != NULL && z < p + len - 1) { + SSHBUF_DBG(("SSH_ERR_INVALID_FORMAT")); + return SSH_ERR_INVALID_FORMAT; + } + if ((r = sshbuf_skip_string(buf)) != 0) + return -1; + if (valp != NULL) { + if ((*valp = malloc(len + 1)) == NULL) { + SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); + return SSH_ERR_ALLOC_FAIL; + } + memcpy(*valp, p, len); + (*valp)[len] = '\0'; + } + if (lenp != NULL) + *lenp = (size_t)len; + return 0; +} + +int +sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v) +{ + u_int32_t len; + u_char *p; + int r; + + /* + * Use sshbuf_peek_string_direct() to figure out if there is + * a complete string in 'buf' and copy the string directly + * into 'v'. + */ + if ((r = sshbuf_peek_string_direct(buf, NULL, NULL)) != 0 || + (r = sshbuf_get_u32(buf, &len)) != 0 || + (r = sshbuf_reserve(v, len, &p)) != 0 || + (r = sshbuf_get(buf, p, len)) != 0) + return r; + return 0; +} + +int +sshbuf_put(struct sshbuf *buf, const void *v, size_t len) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, len, &p)) < 0) + return r; + memcpy(p, v, len); + return 0; +} + +int +sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v) +{ + return sshbuf_put(buf, sshbuf_ptr(v), sshbuf_len(v)); +} + +int +sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) +{ + va_list ap; + int r; + + va_start(ap, fmt); + r = sshbuf_putfv(buf, fmt, ap); + va_end(ap); + return r; +} + +int +sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap) +{ + va_list ap2; + int r, len; + u_char *p; + + va_copy(ap2, ap); + if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if (len == 0) { + r = 0; + goto out; /* Nothing to do */ + } + va_end(ap2); + va_copy(ap2, ap); + if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0) + goto out; + if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; /* Shouldn't happen */ + } + /* Consume terminating \0 */ + if ((r = sshbuf_consume_end(buf, 1)) != 0) + goto out; + r = 0; + out: + va_end(ap2); + return r; +} + +int +sshbuf_put_u64(struct sshbuf *buf, u_int64_t val) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, 8, &p)) < 0) + return r; + POKE_U64(p, val); + return 0; +} + +int +sshbuf_put_u32(struct sshbuf *buf, u_int32_t val) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, 4, &p)) < 0) + return r; + POKE_U32(p, val); + return 0; +} + +int +sshbuf_put_u16(struct sshbuf *buf, u_int16_t val) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, 2, &p)) < 0) + return r; + POKE_U16(p, val); + return 0; +} + +int +sshbuf_put_u8(struct sshbuf *buf, u_char val) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, 1, &p)) < 0) + return r; + p[0] = val; + return 0; +} + +int +sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) +{ + u_char *d; + int r; + + if (len > SSHBUF_SIZE_MAX - 4) { + SSHBUF_DBG(("SSH_ERR_NO_BUFFER_SPACE")); + return SSH_ERR_NO_BUFFER_SPACE; + } + if ((r = sshbuf_reserve(buf, len + 4, &d)) < 0) + return r; + POKE_U32(d, len); + memcpy(d + 4, v, len); + return 0; +} + +int +sshbuf_put_cstring(struct sshbuf *buf, const char *v) +{ + return sshbuf_put_string(buf, (u_char *)v, strlen(v)); +} + +int +sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v) +{ + return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v)); +} + +int +sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp) +{ + const u_char *p; + size_t len; + struct sshbuf *ret; + int r; + + if (buf == NULL || bufp == NULL) + return SSH_ERR_INVALID_ARGUMENT; + *bufp = NULL; + if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0) + return r; + if ((ret = sshbuf_from(p, len)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_consume(buf, len + 4)) != 0 || /* Shouldn't happen */ + (r = sshbuf_set_parent(ret, buf)) != 0) { + sshbuf_free(ret); + return r; + } + *bufp = ret; + return 0; +} + +int +sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len) +{ + u_char *d; + const u_char *s = (const u_char *)v; + int r, prepend; + + if (len > SSHBUF_SIZE_MAX - 5) { + SSHBUF_DBG(("SSH_ERR_NO_BUFFER_SPACE")); + return SSH_ERR_NO_BUFFER_SPACE; + } + /* Skip leading zero bytes */ + for (; len > 0 && *s == 0; len--, s++) + ; + /* + * If most significant bit is set then prepend a zero byte to + * avoid interpretation as a negative number. + */ + prepend = len > 0 && (s[0] & 0x80) != 0; + if ((r = sshbuf_reserve(buf, len + 4 + prepend, &d)) < 0) + return r; + POKE_U32(d, len + prepend); + if (prepend) + d[4] = 0; + memcpy(d + 4 + prepend, s, len); + return 0; +} diff --git a/crypto/openssh/sshbuf-getput-crypto.c b/crypto/openssh/sshbuf-getput-crypto.c new file mode 100644 index 0000000000..74351d3e5c --- /dev/null +++ b/crypto/openssh/sshbuf-getput-crypto.c @@ -0,0 +1,237 @@ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.2 2014/06/18 15:42:09 naddy Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSHBUF_INTERNAL +#include "includes.h" + +#include +#include +#include +#include + +#include +#ifdef OPENSSL_HAS_ECC +# include +#endif /* OPENSSL_HAS_ECC */ + +#include "ssherr.h" +#include "sshbuf.h" + +int +sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) +{ + const u_char *d; + size_t len; + int r; + + if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) + return r; + /* Refuse negative (MSB set) bignums */ + if ((len != 0 && (*d & 0x80) != 0)) + return SSH_ERR_BIGNUM_IS_NEGATIVE; + /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ + if (len > SSHBUF_MAX_BIGNUM + 1 || + (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) + return SSH_ERR_BIGNUM_TOO_LARGE; + if (v != NULL && BN_bin2bn(d, len, v) == NULL) + return SSH_ERR_ALLOC_FAIL; + /* Consume the string */ + if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +int +sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v) +{ + const u_char *d = sshbuf_ptr(buf); + u_int16_t len_bits; + size_t len_bytes; + + /* Length in bits */ + if (sshbuf_len(buf) < 2) + return SSH_ERR_MESSAGE_INCOMPLETE; + len_bits = PEEK_U16(d); + len_bytes = (len_bits + 7) >> 3; + if (len_bytes > SSHBUF_MAX_BIGNUM) + return SSH_ERR_BIGNUM_TOO_LARGE; + if (sshbuf_len(buf) < 2 + len_bytes) + return SSH_ERR_MESSAGE_INCOMPLETE; + if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_consume(buf, 2 + len_bytes) != 0) { + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +#ifdef OPENSSL_HAS_ECC +static int +get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g) +{ + /* Refuse overlong bignums */ + if (len == 0 || len > SSHBUF_MAX_ECPOINT) + return SSH_ERR_ECPOINT_TOO_LARGE; + /* Only handle uncompressed points */ + if (*d != POINT_CONVERSION_UNCOMPRESSED) + return SSH_ERR_INVALID_FORMAT; + if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1) + return SSH_ERR_INVALID_FORMAT; /* XXX assumption */ + return 0; +} + +int +sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g) +{ + const u_char *d; + size_t len; + int r; + + if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) + return r; + if ((r = get_ec(d, len, v, g)) != 0) + return r; + /* Skip string */ + if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +int +sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) +{ + EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v)); + int r; + const u_char *d; + size_t len; + + if (pt == NULL) { + SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); + return SSH_ERR_ALLOC_FAIL; + } + if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) { + EC_POINT_free(pt); + return r; + } + if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) { + EC_POINT_free(pt); + return r; + } + if (EC_KEY_set_public_key(v, pt) != 1) { + EC_POINT_free(pt); + return SSH_ERR_ALLOC_FAIL; /* XXX assumption */ + } + EC_POINT_free(pt); + /* Skip string */ + if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} +#endif /* OPENSSL_HAS_ECC */ + +int +sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) +{ + u_char d[SSHBUF_MAX_BIGNUM + 1]; + int len = BN_num_bytes(v), prepend = 0, r; + + if (len < 0 || len > SSHBUF_MAX_BIGNUM) + return SSH_ERR_INVALID_ARGUMENT; + *d = '\0'; + if (BN_bn2bin(v, d + 1) != len) + return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ + /* If MSB is set, prepend a \0 */ + if (len > 0 && (d[1] & 0x80) != 0) + prepend = 1; + if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) { + bzero(d, sizeof(d)); + return r; + } + bzero(d, sizeof(d)); + return 0; +} + +int +sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) +{ + int r, len_bits = BN_num_bits(v); + size_t len_bytes = (len_bits + 7) / 8; + u_char d[SSHBUF_MAX_BIGNUM], *dp; + + if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM) + return SSH_ERR_INVALID_ARGUMENT; + if (BN_bn2bin(v, d) != (int)len_bytes) + return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ + if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) { + bzero(d, sizeof(d)); + return r; + } + POKE_U16(dp, len_bits); + memcpy(dp + 2, d, len_bytes); + bzero(d, sizeof(d)); + return 0; +} + +#ifdef OPENSSL_HAS_ECC +int +sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) +{ + u_char d[SSHBUF_MAX_ECPOINT]; + BN_CTX *bn_ctx; + size_t len; + int ret; + + if ((bn_ctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) { + BN_CTX_free(bn_ctx); + return SSH_ERR_INVALID_ARGUMENT; + } + if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, + d, len, bn_ctx) != len) { + BN_CTX_free(bn_ctx); + return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ + } + BN_CTX_free(bn_ctx); + ret = sshbuf_put_string(buf, d, len); + bzero(d, len); + return ret; +} + +int +sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v) +{ + return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v), + EC_KEY_get0_group(v)); +} +#endif /* OPENSSL_HAS_ECC */ + diff --git a/crypto/openssh/sshbuf-misc.c b/crypto/openssh/sshbuf-misc.c new file mode 100644 index 0000000000..bfeffe6749 --- /dev/null +++ b/crypto/openssh/sshbuf-misc.c @@ -0,0 +1,135 @@ +/* $OpenBSD: sshbuf-misc.c,v 1.2 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "ssherr.h" +#define SSHBUF_INTERNAL +#include "sshbuf.h" + +void +sshbuf_dump_data(const void *s, size_t len, FILE *f) +{ + size_t i, j; + const u_char *p = (const u_char *)s; + + for (i = 0; i < len; i += 16) { + fprintf(f, "%.4zd: ", i); + for (j = i; j < i + 16; j++) { + if (j < len) + fprintf(f, "%02x ", p[j]); + else + fprintf(f, " "); + } + fprintf(f, " "); + for (j = i; j < i + 16; j++) { + if (j < len) { + if (isascii(p[j]) && isprint(p[j])) + fprintf(f, "%c", p[j]); + else + fprintf(f, "."); + } + } + fprintf(f, "\n"); + } +} + +void +sshbuf_dump(struct sshbuf *buf, FILE *f) +{ + fprintf(f, "buffer %p len = %zu\n", buf, sshbuf_len(buf)); + sshbuf_dump_data(sshbuf_ptr(buf), sshbuf_len(buf), f); +} + +char * +sshbuf_dtob16(struct sshbuf *buf) +{ + size_t i, j, len = sshbuf_len(buf); + const u_char *p = sshbuf_ptr(buf); + char *ret; + const char hex[] = "0123456789abcdef"; + + if (len == 0) + return strdup(""); + if (SIZE_MAX / 2 <= len || (ret = malloc(len * 2 + 1)) == NULL) + return NULL; + for (i = j = 0; i < len; i++) { + ret[j++] = hex[(p[i] >> 4) & 0xf]; + ret[j++] = hex[p[i] & 0xf]; + } + ret[j] = '\0'; + return ret; +} + +char * +sshbuf_dtob64(struct sshbuf *buf) +{ + size_t len = sshbuf_len(buf), plen; + const u_char *p = sshbuf_ptr(buf); + char *ret; + int r; + + if (len == 0) + return strdup(""); + plen = ((len + 2) / 3) * 4 + 1; + if (SIZE_MAX / 2 <= len || (ret = malloc(plen)) == NULL) + return NULL; + if ((r = b64_ntop(p, len, ret, plen)) == -1) { + bzero(ret, plen); + free(ret); + return NULL; + } + return ret; +} + +int +sshbuf_b64tod(struct sshbuf *buf, const char *b64) +{ + size_t plen = strlen(b64); + int nlen, r; + u_char *p; + + if (plen == 0) + return 0; + if ((p = malloc(plen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((nlen = b64_pton(b64, p, plen)) < 0) { + bzero(p, plen); + free(p); + return SSH_ERR_INVALID_FORMAT; + } + if ((r = sshbuf_put(buf, p, nlen)) < 0) { + bzero(p, plen); + free(p); + return r; + } + bzero(p, plen); + free(p); + return 0; +} + diff --git a/crypto/openssh/sshbuf.c b/crypto/openssh/sshbuf.c new file mode 100644 index 0000000000..78f5340a18 --- /dev/null +++ b/crypto/openssh/sshbuf.c @@ -0,0 +1,406 @@ +/* $OpenBSD: sshbuf.c,v 1.2 2014/06/25 14:16:09 deraadt Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSHBUF_INTERNAL +#include "includes.h" + +#include +#include +#include +#include +#include +#include + +#include "ssherr.h" +#include "sshbuf.h" + +static inline int +sshbuf_check_sanity(const struct sshbuf *buf) +{ + SSHBUF_TELL("sanity"); + if (__predict_false(buf == NULL || + (!buf->readonly && buf->d != buf->cd) || + buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX || + buf->cd == NULL || + (buf->dont_free && (buf->readonly || buf->parent != NULL)) || + buf->max_size > SSHBUF_SIZE_MAX || + buf->alloc > buf->max_size || + buf->size > buf->alloc || + buf->off > buf->size)) { + /* Do not try to recover from corrupted buffer internals */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + signal(SIGSEGV, SIG_DFL); + raise(SIGSEGV); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +static void +sshbuf_maybe_pack(struct sshbuf *buf, int force) +{ + SSHBUF_DBG(("force %d", force)); + SSHBUF_TELL("pre-pack"); + if (buf->off == 0 || buf->readonly || buf->refcount > 1) + return; + if (force || + (buf->off >= SSHBUF_PACK_MIN && buf->off >= buf->size / 2)) { + memmove(buf->d, buf->d + buf->off, buf->size - buf->off); + buf->size -= buf->off; + buf->off = 0; + SSHBUF_TELL("packed"); + } +} + +struct sshbuf * +sshbuf_new(void) +{ + struct sshbuf *ret; + + if ((ret = calloc(sizeof(*ret), 1)) == NULL) + return NULL; + ret->alloc = SSHBUF_SIZE_INIT; + ret->max_size = SSHBUF_SIZE_MAX; + ret->readonly = 0; + ret->refcount = 1; + ret->parent = NULL; + if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) { + free(ret); + return NULL; + } + return ret; +} + +struct sshbuf * +sshbuf_from(const void *blob, size_t len) +{ + struct sshbuf *ret; + + if (blob == NULL || len > SSHBUF_SIZE_MAX || + (ret = calloc(sizeof(*ret), 1)) == NULL) + return NULL; + ret->alloc = ret->size = ret->max_size = len; + ret->readonly = 1; + ret->refcount = 1; + ret->parent = NULL; + ret->cd = blob; + ret->d = NULL; + return ret; +} + +int +sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent) +{ + int r; + + if ((r = sshbuf_check_sanity(child)) != 0 || + (r = sshbuf_check_sanity(parent)) != 0) + return r; + child->parent = parent; + child->parent->refcount++; + return 0; +} + +struct sshbuf * +sshbuf_fromb(struct sshbuf *buf) +{ + struct sshbuf *ret; + + if (sshbuf_check_sanity(buf) != 0) + return NULL; + if ((ret = sshbuf_from(sshbuf_ptr(buf), sshbuf_len(buf))) == NULL) + return NULL; + if (sshbuf_set_parent(ret, buf) != 0) { + sshbuf_free(ret); + return NULL; + } + return ret; +} + +void +sshbuf_init(struct sshbuf *ret) +{ + bzero(ret, sizeof(*ret)); + ret->alloc = SSHBUF_SIZE_INIT; + ret->max_size = SSHBUF_SIZE_MAX; + ret->readonly = 0; + ret->dont_free = 1; + ret->refcount = 1; + if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) + ret->alloc = 0; +} + +void +sshbuf_free(struct sshbuf *buf) +{ + int dont_free = 0; + + if (buf == NULL) + return; + /* + * The following will leak on insane buffers, but this is the safest + * course of action - an invalid pointer or already-freed pointer may + * have been passed to us and continuing to scribble over memory would + * be bad. + */ + if (sshbuf_check_sanity(buf) != 0) + return; + /* + * If we are a child, the free our parent to decrement its reference + * count and possibly free it. + */ + if (buf->parent != NULL) { + sshbuf_free(buf->parent); + buf->parent = NULL; + } + /* + * If we are a parent with still-extant children, then don't free just + * yet. The last child's call to sshbuf_free should decrement our + * refcount to 0 and trigger the actual free. + */ + buf->refcount--; + if (buf->refcount > 0) + return; + dont_free = buf->dont_free; + if (!buf->readonly) { + bzero(buf->d, buf->alloc); + free(buf->d); + } + bzero(buf, sizeof(*buf)); + if (!dont_free) + free(buf); +} + +void +sshbuf_reset(struct sshbuf *buf) +{ + u_char *d; + + if (buf->readonly || buf->refcount > 1) { + /* Nonsensical. Just make buffer appear empty */ + buf->off = buf->size; + return; + } + if (sshbuf_check_sanity(buf) == 0) + bzero(buf->d, buf->alloc); + buf->off = buf->size = 0; + if (buf->alloc != SSHBUF_SIZE_INIT) { + if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) { + buf->cd = buf->d = d; + buf->alloc = SSHBUF_SIZE_INIT; + } + } +} + +size_t +sshbuf_max_size(const struct sshbuf *buf) +{ + return buf->max_size; +} + +size_t +sshbuf_alloc(const struct sshbuf *buf) +{ + return buf->alloc; +} + +const struct sshbuf * +sshbuf_parent(const struct sshbuf *buf) +{ + return buf->parent; +} + +u_int +sshbuf_refcount(const struct sshbuf *buf) +{ + return buf->refcount; +} + +int +sshbuf_set_max_size(struct sshbuf *buf, size_t max_size) +{ + size_t rlen; + u_char *dp; + int r; + + SSHBUF_DBG(("set max buf = %p len = %zu", buf, max_size)); + if ((r = sshbuf_check_sanity(buf)) != 0) + return r; + if (max_size == buf->max_size) + return 0; + if (buf->readonly || buf->refcount > 1) + return SSH_ERR_BUFFER_READ_ONLY; + if (max_size > SSHBUF_SIZE_MAX) + return SSH_ERR_NO_BUFFER_SPACE; + /* pack and realloc if necessary */ + sshbuf_maybe_pack(buf, max_size < buf->size); + if (max_size < buf->alloc && max_size > buf->size) { + if (buf->size < SSHBUF_SIZE_INIT) + rlen = SSHBUF_SIZE_INIT; + else + rlen = roundup(buf->size, SSHBUF_SIZE_INC); + if (rlen > max_size) + rlen = max_size; + bzero(buf->d + buf->size, buf->alloc - buf->size); + SSHBUF_DBG(("new alloc = %zu", rlen)); + if ((dp = realloc(buf->d, rlen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + buf->cd = buf->d = dp; + buf->alloc = rlen; + } + SSHBUF_TELL("new-max"); + if (max_size < buf->alloc) + return SSH_ERR_NO_BUFFER_SPACE; + buf->max_size = max_size; + return 0; +} + +size_t +sshbuf_len(const struct sshbuf *buf) +{ + if (sshbuf_check_sanity(buf) != 0) + return 0; + return buf->size - buf->off; +} + +size_t +sshbuf_avail(const struct sshbuf *buf) +{ + if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) + return 0; + return buf->max_size - (buf->size - buf->off); +} + +const u_char * +sshbuf_ptr(const struct sshbuf *buf) +{ + if (sshbuf_check_sanity(buf) != 0) + return NULL; + return buf->cd + buf->off; +} + +u_char * +sshbuf_mutable_ptr(const struct sshbuf *buf) +{ + if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) + return NULL; + return buf->d + buf->off; +} + +int +sshbuf_check_reserve(const struct sshbuf *buf, size_t len) +{ + int r; + + if ((r = sshbuf_check_sanity(buf)) != 0) + return r; + if (buf->readonly || buf->refcount > 1) + return SSH_ERR_BUFFER_READ_ONLY; + SSHBUF_TELL("check"); + /* Check that len is reasonable and that max_size + available < len */ + if (len > buf->max_size || buf->max_size - len < buf->size - buf->off) + return SSH_ERR_NO_BUFFER_SPACE; + return 0; +} + +int +sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) +{ + size_t rlen, need; + u_char *dp; + int r; + + if (dpp != NULL) + *dpp = NULL; + + SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len)); + if ((r = sshbuf_check_reserve(buf, len)) != 0) + return r; + /* + * If the requested allocation appended would push us past max_size + * then pack the buffer, zeroing buf->off. + */ + sshbuf_maybe_pack(buf, buf->size + len > buf->max_size); + SSHBUF_TELL("reserve"); + if (len + buf->size > buf->alloc) { + /* + * Prefer to alloc in SSHBUF_SIZE_INC units, but + * allocate less if doing so would overflow max_size. + */ + need = len + buf->size - buf->alloc; + rlen = roundup(buf->alloc + need, SSHBUF_SIZE_INC); + SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen)); + if (rlen > buf->max_size) + rlen = buf->alloc + need; + SSHBUF_DBG(("adjusted rlen %zu", rlen)); + if ((dp = realloc(buf->d, rlen)) == NULL) { + SSHBUF_DBG(("realloc fail")); + if (dpp != NULL) + *dpp = NULL; + return SSH_ERR_ALLOC_FAIL; + } + buf->alloc = rlen; + buf->cd = buf->d = dp; + if ((r = sshbuf_check_reserve(buf, len)) < 0) { + /* shouldn't fail */ + if (dpp != NULL) + *dpp = NULL; + return r; + } + } + dp = buf->d + buf->size; + buf->size += len; + SSHBUF_TELL("done"); + if (dpp != NULL) + *dpp = dp; + return 0; +} + +int +sshbuf_consume(struct sshbuf *buf, size_t len) +{ + int r; + + SSHBUF_DBG(("len = %zu", len)); + if ((r = sshbuf_check_sanity(buf)) != 0) + return r; + if (len == 0) + return 0; + if (len > sshbuf_len(buf)) + return SSH_ERR_MESSAGE_INCOMPLETE; + buf->off += len; + SSHBUF_TELL("done"); + return 0; +} + +int +sshbuf_consume_end(struct sshbuf *buf, size_t len) +{ + int r; + + SSHBUF_DBG(("len = %zu", len)); + if ((r = sshbuf_check_sanity(buf)) != 0) + return r; + if (len == 0) + return 0; + if (len > sshbuf_len(buf)) + return SSH_ERR_MESSAGE_INCOMPLETE; + buf->size -= len; + SSHBUF_TELL("done"); + return 0; +} + diff --git a/crypto/openssh/sshbuf.h b/crypto/openssh/sshbuf.h new file mode 100644 index 0000000000..3602bc53f2 --- /dev/null +++ b/crypto/openssh/sshbuf.h @@ -0,0 +1,336 @@ +/* $OpenBSD: sshbuf.h,v 1.3 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _SSHBUF_H +#define _SSHBUF_H + +#include +#include +#include +#ifdef WITH_OPENSSL +# include +# ifdef OPENSSL_HAS_ECC +# include +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + +#define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ +#define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ +#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ +#define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ + +/* + * NB. do not depend on the internals of this. It will be made opaque + * one day. + */ +struct sshbuf { + u_char *d; /* Data */ + const u_char *cd; /* Const data */ + size_t off; /* First available byte is buf->d + buf->off */ + size_t size; /* Last byte is buf->d + buf->size - 1 */ + size_t max_size; /* Maximum size of buffer */ + size_t alloc; /* Total bytes allocated to buf->d */ + int readonly; /* Refers to external, const data */ + int dont_free; /* Kludge to support sshbuf_init */ + u_int refcount; /* Tracks self and number of child buffers */ + struct sshbuf *parent; /* If child, pointer to parent */ +}; + +#ifndef SSHBUF_NO_DEPREACTED +/* + * NB. Please do not use sshbuf_init() in new code. Please use sshbuf_new() + * instead. sshbuf_init() is deprectated and will go away soon (it is + * only included to allow compat with buffer_* in OpenSSH) + */ +void sshbuf_init(struct sshbuf *buf); +#endif + +/* + * Create a new sshbuf buffer. + * Returns pointer to buffer on success, or NULL on allocation failure. + */ +struct sshbuf *sshbuf_new(void); + +/* + * Create a new, read-only sshbuf buffer from existing data. + * Returns pointer to buffer on success, or NULL on allocation failure. + */ +struct sshbuf *sshbuf_from(const void *blob, size_t len); + +/* + * Create a new, read-only sshbuf buffer from the contents of an existing + * buffer. The contents of "buf" must not change in the lifetime of the + * resultant buffer. + * Returns pointer to buffer on success, or NULL on allocation failure. + */ +struct sshbuf *sshbuf_fromb(struct sshbuf *buf); + +/* + * Create a new, read-only sshbuf buffer from the contents of a string in + * an existing buffer (the string is consumed in the process). + * The contents of "buf" must not change in the lifetime of the resultant + * buffer. + * Returns pointer to buffer on success, or NULL on allocation failure. + */ +int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp); + +/* + * Clear and free buf + */ +void sshbuf_free(struct sshbuf *buf); + +/* + * Reset buf, clearing its contents. NB. max_size is preserved. + */ +void sshbuf_reset(struct sshbuf *buf); + +/* + * Return the maximum size of buf + */ +size_t sshbuf_max_size(const struct sshbuf *buf); + +/* + * Set the maximum size of buf + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size); + +/* + * Returns the length of data in buf + */ +size_t sshbuf_len(const struct sshbuf *buf); + +/* + * Returns number of bytes left in buffer before hitting max_size. + */ +size_t sshbuf_avail(const struct sshbuf *buf); + +/* + * Returns a read-only pointer to the start of the the data in buf + */ +const u_char *sshbuf_ptr(const struct sshbuf *buf); + +/* + * Returns a mutable pointer to the start of the the data in buf, or + * NULL if the buffer is read-only. + */ +u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); + +/* + * Check whether a reservation of size len will succeed in buf + * Safer to use than direct comparisons again sshbuf_avail as it copes + * with unsigned overflows correctly. + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_check_reserve(const struct sshbuf *buf, size_t len); + +/* + * Reserve len bytes in buf. + * Returns 0 on success and a pointer to the first reserved byte via the + * optional dpp parameter or a negative * SSH_ERR_* error code on failure. + */ +int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp); + +/* + * Consume len bytes from the start of buf + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_consume(struct sshbuf *buf, size_t len); + +/* + * Consume len bytes from the end of buf + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_consume_end(struct sshbuf *buf, size_t len); + +/* Extract or deposit some bytes */ +int sshbuf_get(struct sshbuf *buf, void *v, size_t len); +int sshbuf_put(struct sshbuf *buf, const void *v, size_t len); +int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v); + +/* Append using a printf(3) format */ +int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) + __attribute__((format(printf, 2, 3))); +int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap); + +/* Functions to extract or store big-endian words of various sizes */ +int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp); +int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp); +int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp); +int sshbuf_get_u8(struct sshbuf *buf, u_char *valp); +int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val); +int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val); +int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val); +int sshbuf_put_u8(struct sshbuf *buf, u_char val); + +/* + * Functions to extract or store SSH wire encoded strings (u32 len || data) + * The "cstring" variants admit no \0 characters in the string contents. + * Caller must free *valp. + */ +int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp); +int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp); +int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v); +int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len); +int sshbuf_put_cstring(struct sshbuf *buf, const char *v); +int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v); + +/* + * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to + * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the + * next sshbuf-modifying function call. Caller does not free. + */ +int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, + size_t *lenp); + +/* Skip past a string */ +#define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL) + +/* Another variant: "peeks" into the buffer without modifying it */ +int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, + size_t *lenp); + +/* + * Functions to extract or store SSH wire encoded bignums and elliptic + * curve points. + */ +int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); +#ifdef WITH_OPENSSL +int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); +int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); +int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); +int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); +# ifdef OPENSSL_HAS_ECC +int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); +int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v); +int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g); +int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v); +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + +/* Dump the contents of the buffer in a human-readable format */ +void sshbuf_dump(struct sshbuf *buf, FILE *f); + +/* Dump specified memory in a human-readable format */ +void sshbuf_dump_data(const void *s, size_t len, FILE *f); + +/* Return the hexadecimal representation of the contents of the buffer */ +char *sshbuf_dtob16(struct sshbuf *buf); + +/* Encode the contents of the buffer as base64 */ +char *sshbuf_dtob64(struct sshbuf *buf); + +/* Decode base64 data and append it to the buffer */ +int sshbuf_b64tod(struct sshbuf *buf, const char *b64); + +/* Macros for decoding/encoding integers */ +#define PEEK_U64(p) \ + (((u_int64_t)(((u_char *)(p))[0]) << 56) | \ + ((u_int64_t)(((u_char *)(p))[1]) << 48) | \ + ((u_int64_t)(((u_char *)(p))[2]) << 40) | \ + ((u_int64_t)(((u_char *)(p))[3]) << 32) | \ + ((u_int64_t)(((u_char *)(p))[4]) << 24) | \ + ((u_int64_t)(((u_char *)(p))[5]) << 16) | \ + ((u_int64_t)(((u_char *)(p))[6]) << 8) | \ + (u_int64_t)(((u_char *)(p))[7])) +#define PEEK_U32(p) \ + (((u_int32_t)(((u_char *)(p))[0]) << 24) | \ + ((u_int32_t)(((u_char *)(p))[1]) << 16) | \ + ((u_int32_t)(((u_char *)(p))[2]) << 8) | \ + (u_int32_t)(((u_char *)(p))[3])) +#define PEEK_U16(p) \ + (((u_int16_t)(((u_char *)(p))[0]) << 8) | \ + (u_int16_t)(((u_char *)(p))[1])) + +#define POKE_U64(p, v) \ + do { \ + ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 56) & 0xff; \ + ((u_char *)(p))[1] = (((u_int64_t)(v)) >> 48) & 0xff; \ + ((u_char *)(p))[2] = (((u_int64_t)(v)) >> 40) & 0xff; \ + ((u_char *)(p))[3] = (((u_int64_t)(v)) >> 32) & 0xff; \ + ((u_char *)(p))[4] = (((u_int64_t)(v)) >> 24) & 0xff; \ + ((u_char *)(p))[5] = (((u_int64_t)(v)) >> 16) & 0xff; \ + ((u_char *)(p))[6] = (((u_int64_t)(v)) >> 8) & 0xff; \ + ((u_char *)(p))[7] = ((u_int64_t)(v)) & 0xff; \ + } while (0) +#define POKE_U32(p, v) \ + do { \ + ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 24) & 0xff; \ + ((u_char *)(p))[1] = (((u_int64_t)(v)) >> 16) & 0xff; \ + ((u_char *)(p))[2] = (((u_int64_t)(v)) >> 8) & 0xff; \ + ((u_char *)(p))[3] = ((u_int64_t)(v)) & 0xff; \ + } while (0) +#define POKE_U16(p, v) \ + do { \ + ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 8) & 0xff; \ + ((u_char *)(p))[1] = ((u_int64_t)(v)) & 0xff; \ + } while (0) + +/* Internal definitions follow. Exposed for regress tests */ +#ifdef SSHBUF_INTERNAL + +/* + * Return the allocation size of buf + */ +size_t sshbuf_alloc(const struct sshbuf *buf); + +/* + * Increment the reference count of buf. + */ +int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent); + +/* + * Return the parent buffer of buf, or NULL if it has no parent. + */ +const struct sshbuf *sshbuf_parent(const struct sshbuf *buf); + +/* + * Return the reference count of buf + */ +u_int sshbuf_refcount(const struct sshbuf *buf); + +# define SSHBUF_SIZE_INIT 256 /* Initial allocation */ +# define SSHBUF_SIZE_INC 256 /* Preferred increment length */ +# define SSHBUF_PACK_MIN 8192 /* Minimim packable offset */ + +/* # define SSHBUF_ABORT abort */ +/* # define SSHBUF_DEBUG */ + +# ifndef SSHBUF_ABORT +# define SSHBUF_ABORT() +# endif + +# ifdef SSHBUF_DEBUG +# define SSHBUF_TELL(what) do { \ + printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \ + __FILE__, __LINE__, __func__, what, \ + buf->size, buf->alloc, buf->off, buf->max_size); \ + fflush(stdout); \ + } while (0) +# define SSHBUF_DBG(x) do { \ + printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \ + printf x; \ + printf("\n"); \ + fflush(stdout); \ + } while (0) +# else +# define SSHBUF_TELL(what) +# define SSHBUF_DBG(x) +# endif +#endif /* SSHBUF_INTERNAL */ + +#endif /* _SSHBUF_H */ diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index 0ee726637c..ac09eae67f 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.234 2011/05/24 07:15:47 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.251 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,16 +54,18 @@ #include "sshconnect.h" #include "hostfile.h" #include "log.h" +#include "misc.h" #include "readconf.h" #include "atomicio.h" -#include "misc.h" #include "dns.h" #include "roaming.h" +#include "monitor_fdpass.h" #include "ssh2.h" #include "version.h" char *client_version_string = NULL; char *server_version_string = NULL; +Key *previous_host_key = NULL; static int matching_host_key_dns = 0; @@ -78,40 +80,122 @@ extern uid_t original_effective_uid; static int show_other_keys(struct hostkeys *, Key *); static void warn_changed_key(Key *); +/* Expand a proxy command */ +static char * +expand_proxy_command(const char *proxy_command, const char *user, + const char *host, int port) +{ + char *tmp, *ret, strport[NI_MAXSERV]; + + snprintf(strport, sizeof strport, "%d", port); + xasprintf(&tmp, "exec %s", proxy_command); + ret = percent_expand(tmp, "h", host, "p", strport, + "r", options.user, (char *)NULL); + free(tmp); + return ret; +} + +/* + * Connect to the given ssh server using a proxy command that passes a + * a connected fd back to us. + */ +static int +ssh_proxy_fdpass_connect(const char *host, u_short port, + const char *proxy_command) +{ + char *command_string; + int sp[2], sock; + pid_t pid; + char *shell; + + if ((shell = getenv("SHELL")) == NULL) + shell = _PATH_BSHELL; + + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) + fatal("Could not create socketpair to communicate with " + "proxy dialer: %.100s", strerror(errno)); + + command_string = expand_proxy_command(proxy_command, options.user, + host, port); + debug("Executing proxy dialer command: %.500s", command_string); + + /* Fork and execute the proxy command. */ + if ((pid = fork()) == 0) { + char *argv[10]; + + /* Child. Permanently give up superuser privileges. */ + permanently_drop_suid(original_real_uid); + + close(sp[1]); + /* Redirect stdin and stdout. */ + if (sp[0] != 0) { + if (dup2(sp[0], 0) < 0) + perror("dup2 stdin"); + } + if (sp[0] != 1) { + if (dup2(sp[0], 1) < 0) + perror("dup2 stdout"); + } + if (sp[0] >= 2) + close(sp[0]); + + /* + * Stderr is left as it is so that error messages get + * printed on the user's terminal. + */ + argv[0] = shell; + argv[1] = "-c"; + argv[2] = command_string; + argv[3] = NULL; + + /* + * Execute the proxy command. + * Note that we gave up any extra privileges above. + */ + execv(argv[0], argv); + perror(argv[0]); + exit(1); + } + /* Parent. */ + if (pid < 0) + fatal("fork failed: %.100s", strerror(errno)); + close(sp[0]); + free(command_string); + + if ((sock = mm_receive_fd(sp[1])) == -1) + fatal("proxy dialer did not pass back a connection"); + + while (waitpid(pid, NULL, 0) == -1) + if (errno != EINTR) + fatal("Couldn't wait for child: %s", strerror(errno)); + + /* Set the connection file descriptors. */ + packet_set_connection(sock, sock); + + return 0; +} + /* * Connect to the given ssh server using a proxy command. */ static int ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) { - char *command_string, *tmp; + char *command_string; int pin[2], pout[2]; pid_t pid; - char *shell, strport[NI_MAXSERV]; + char *shell; if ((shell = getenv("SHELL")) == NULL || *shell == '\0') shell = _PATH_BSHELL; - /* Convert the port number into a string. */ - snprintf(strport, sizeof strport, "%hu", port); - - /* - * Build the final command string in the buffer by making the - * appropriate substitutions to the given proxy command. - * - * Use "exec" to avoid "sh -c" processes on some platforms - * (e.g. Solaris) - */ - xasprintf(&tmp, "exec %s", proxy_command); - command_string = percent_expand(tmp, "h", host, "p", strport, - "r", options.user, (char *)NULL); - xfree(tmp); - /* Create pipes for communicating with the proxy. */ if (pipe(pin) < 0 || pipe(pout) < 0) fatal("Could not create pipes to communicate with the proxy: %.100s", strerror(errno)); + command_string = expand_proxy_command(proxy_command, options.user, + host, port); debug("Executing proxy command: %.500s", command_string); /* Fork and execute the proxy command. */ @@ -159,12 +243,10 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) close(pout[1]); /* Free the command name. */ - xfree(command_string); + free(command_string); /* Set the connection file descriptors. */ packet_set_connection(pout[0], pin[1]); - packet_set_timeout(options.server_alive_interval, - options.server_alive_count_max); /* Indicate OK return */ return 0; @@ -187,55 +269,59 @@ ssh_kill_proxy_command(void) static int ssh_create_socket(int privileged, struct addrinfo *ai) { - int sock, gaierr; - struct addrinfo hints, *res; + int sock, r, gaierr; + struct addrinfo hints, *res = NULL; - /* - * If we are running as root and want to connect to a privileged - * port, bind our own socket to a privileged port. - */ - if (privileged) { - int p = IPPORT_RESERVED - 1; - PRIV_START; - sock = rresvport_af(&p, ai->ai_family); - PRIV_END; - if (sock < 0) - error("rresvport: af=%d %.100s", ai->ai_family, - strerror(errno)); - else - debug("Allocated local port %d.", p); - return sock; - } sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { - error("socket: %.100s", strerror(errno)); + error("socket: %s", strerror(errno)); return -1; } fcntl(sock, F_SETFD, FD_CLOEXEC); /* Bind the socket to an alternative local IP address */ - if (options.bind_address == NULL) + if (options.bind_address == NULL && !privileged) return sock; - memset(&hints, 0, sizeof(hints)); - hints.ai_family = ai->ai_family; - hints.ai_socktype = ai->ai_socktype; - hints.ai_protocol = ai->ai_protocol; - hints.ai_flags = AI_PASSIVE; - gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); - if (gaierr) { - error("getaddrinfo: %s: %s", options.bind_address, - ssh_gai_strerror(gaierr)); - close(sock); - return -1; + if (options.bind_address) { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = ai->ai_family; + hints.ai_socktype = ai->ai_socktype; + hints.ai_protocol = ai->ai_protocol; + hints.ai_flags = AI_PASSIVE; + gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); + if (gaierr) { + error("getaddrinfo: %s: %s", options.bind_address, + ssh_gai_strerror(gaierr)); + close(sock); + return -1; + } } - if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { - error("bind: %s: %s", options.bind_address, strerror(errno)); - close(sock); - freeaddrinfo(res); - return -1; + /* + * If we are running as root and want to connect to a privileged + * port, bind our own socket to a privileged port. + */ + if (privileged) { + PRIV_START; + r = bindresvport_sa(sock, res ? res->ai_addr : NULL); + PRIV_END; + if (r < 0) { + error("bindresvport_sa: af=%d %s", ai->ai_family, + strerror(errno)); + goto fail; + } + } else { + if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { + error("bind: %s: %s", options.bind_address, + strerror(errno)); + fail: + close(sock); + freeaddrinfo(res); + return -1; + } } - freeaddrinfo(res); + if (res != NULL) + freeaddrinfo(res); return sock; } @@ -308,7 +394,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, fatal("Bogus return (%d) from select()", rc); } - xfree(fdset); + free(fdset); done: if (result == 0 && *timeoutp > 0) { @@ -333,33 +419,18 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, * and %p substituted for host and port, respectively) to use to contact * the daemon. */ -int -ssh_connect(const char *host, struct sockaddr_storage * hostaddr, - u_short port, int family, int connection_attempts, int *timeout_ms, - int want_keepalive, int needpriv, const char *proxy_command) +static int +ssh_connect_direct(const char *host, struct addrinfo *aitop, + struct sockaddr_storage *hostaddr, u_short port, int family, + int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) { - int gaierr; int on = 1; int sock = -1, attempt; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - struct addrinfo hints, *ai, *aitop; + struct addrinfo *ai; debug2("ssh_connect: needpriv %d", needpriv); - /* If a proxy command is given, connect using it. */ - if (proxy_command != NULL) - return ssh_proxy_connect(host, port, proxy_command); - - /* No proxy command. */ - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = family; - hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%u", port); - if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) - fatal("%s: Could not resolve hostname %.100s: %s", __progname, - host, ssh_gai_strerror(gaierr)); - for (attempt = 0; attempt < connection_attempts; attempt++) { if (attempt > 0) { /* Sleep a moment before retrying. */ @@ -371,7 +442,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, * sequence until the connection succeeds. */ for (ai = aitop; ai; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + if (ai->ai_family != AF_INET && + ai->ai_family != AF_INET6) continue; if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), @@ -404,8 +476,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, break; /* Successful connection. */ } - freeaddrinfo(aitop); - /* Return failure if we didn't get a successful connection. */ if (sock == -1) { error("ssh: connect to host %s port %s: %s", @@ -423,12 +493,46 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, /* Set the connection. */ packet_set_connection(sock, sock); - packet_set_timeout(options.server_alive_interval, - options.server_alive_count_max); return 0; } +int +ssh_connect(const char *host, struct addrinfo *addrs, + struct sockaddr_storage *hostaddr, u_short port, int family, + int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) +{ + if (options.proxy_command == NULL) { + return ssh_connect_direct(host, addrs, hostaddr, port, family, + connection_attempts, timeout_ms, want_keepalive, needpriv); + } else if (strcmp(options.proxy_command, "-") == 0) { + packet_set_connection(STDIN_FILENO, STDOUT_FILENO); + return 0; /* Always succeeds */ + } else if (options.proxy_use_fdpass) { + return ssh_proxy_fdpass_connect(host, port, + options.proxy_command); + } + return ssh_proxy_connect(host, port, options.proxy_command); +} + +static void +send_client_banner(int connection_out, int minor1) +{ + /* Send our own protocol version identification. */ + if (compat20) { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); + } else { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", + PROTOCOL_MAJOR_1, minor1, SSH_VERSION); + } + if (roaming_atomicio(vwrite, connection_out, client_version_string, + strlen(client_version_string)) != strlen(client_version_string)) + fatal("write: %.100s", strerror(errno)); + chop(client_version_string); + debug("Local version string %.100s", client_version_string); +} + /* * Waits for the server identification string, and sends our own * identification string. @@ -440,7 +544,7 @@ ssh_exchange_identification(int timeout_ms) int remote_major, remote_minor, mismatch; int connection_in = packet_get_connection_in(); int connection_out = packet_get_connection_out(); - int minor1 = PROTOCOL_MINOR_1; + int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0; u_int i, n; size_t len; int fdsetsz, remaining, rc; @@ -450,6 +554,16 @@ ssh_exchange_identification(int timeout_ms) fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); fdset = xcalloc(1, fdsetsz); + /* + * If we are SSH2-only then we can send the banner immediately and + * save a round-trip. + */ + if (options.protocol == SSH_PROTO_2) { + enable_compat20(); + send_client_banner(connection_out, 0); + client_banner_sent = 1; + } + /* Read other side's version identification. */ remaining = timeout_ms; for (n = 0;;) { @@ -499,7 +613,7 @@ ssh_exchange_identification(int timeout_ms) debug("ssh_exchange_identification: %s", buf); } server_version_string = xstrdup(buf); - xfree(fdset); + free(fdset); /* * Check that the versions match. In future this might accept @@ -552,18 +666,15 @@ ssh_exchange_identification(int timeout_ms) fatal("Protocol major versions differ: %d vs. %d", (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, remote_major); - /* Send our own protocol version identification. */ - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", - compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, - compat20 ? PROTOCOL_MINOR_2 : minor1, - SSH_VERSION, compat20 ? "\r\n" : "\n"); - if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) - != strlen(buf)) - fatal("write: %.100s", strerror(errno)); - client_version_string = xstrdup(buf); - chop(client_version_string); + if ((datafellows & SSH_BUG_DERIVEKEY) != 0) + fatal("Server version \"%.100s\" uses unsafe key agreement; " + "refusing connection", remote_version); + if ((datafellows & SSH_BUG_RSASIGMD5) != 0) + logit("Server version \"%.100s\" uses unsafe RSA signature " + "scheme; disabling use of RSA keys", remote_version); + if (!client_banner_sent) + send_client_banner(connection_out, minor1); chop(server_version_string); - debug("Local version string %.100s", client_version_string); } /* defaults to 'no' */ @@ -584,8 +695,7 @@ confirm(const char *prompt) ret = 0; if (p && strncasecmp(p, "yes", 3) == 0) ret = 1; - if (p) - xfree(p); + free(p); if (ret != -1) return ret; } @@ -600,7 +710,7 @@ check_host_cert(const char *host, const Key *host_key) error("%s", reason); return 0; } - if (buffer_len(&host_key->cert->critical) != 0) { + if (buffer_len(host_key->cert->critical) != 0) { error("Certificate for %s contains unsupported " "critical options(s)", host); return 0; @@ -809,8 +919,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, ra = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_RANDOMART); logit("Host key fingerprint is %s\n%s\n", fp, ra); - xfree(ra); - xfree(fp); + free(ra); + free(fp); } break; case HOST_NEW: @@ -870,8 +980,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, options.visual_host_key ? "\n" : "", options.visual_host_key ? ra : "", msg2); - xfree(ra); - xfree(fp); + free(ra); + free(fp); if (!confirm(msg)) goto fail; } @@ -1072,8 +1182,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, } } - xfree(ip); - xfree(host); + free(ip); + free(host); if (host_hostkeys != NULL) free_hostkeys(host_hostkeys); if (ip_hostkeys != NULL) @@ -1095,8 +1205,8 @@ fail: } if (raw_key != NULL) key_free(raw_key); - xfree(ip); - xfree(host); + free(ip); + free(host); if (host_hostkeys != NULL) free_hostkeys(host_hostkeys); if (ip_hostkeys != NULL) @@ -1108,36 +1218,60 @@ fail: int verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) { - int flags = 0; + int r = -1, flags = 0; char *fp; + Key *plain = NULL; fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); debug("Server host key: %s %s", key_type(host_key), fp); - xfree(fp); + free(fp); - /* XXX certs are not yet supported for DNS */ - if (!key_is_cert(host_key) && options.verify_host_key_dns && - verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) { - if (flags & DNS_VERIFY_FOUND) { - - if (options.verify_host_key_dns == 1 && - flags & DNS_VERIFY_MATCH && - flags & DNS_VERIFY_SECURE) - return 0; + if (key_equal(previous_host_key, host_key)) { + debug("%s: server host key matches cached key", __func__); + return 0; + } - if (flags & DNS_VERIFY_MATCH) { - matching_host_key_dns = 1; - } else { - warn_changed_key(host_key); - error("Update the SSHFP RR in DNS with the new " - "host key to get rid of this message."); + if (options.verify_host_key_dns) { + /* + * XXX certs are not yet supported for DNS, so downgrade + * them and try the plain key. + */ + plain = key_from_private(host_key); + if (key_is_cert(plain)) + key_drop_cert(plain); + if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) { + if (flags & DNS_VERIFY_FOUND) { + if (options.verify_host_key_dns == 1 && + flags & DNS_VERIFY_MATCH && + flags & DNS_VERIFY_SECURE) { + key_free(plain); + r = 0; + goto done; + } + if (flags & DNS_VERIFY_MATCH) { + matching_host_key_dns = 1; + } else { + warn_changed_key(plain); + error("Update the SSHFP RR in DNS " + "with the new host key to get rid " + "of this message."); + } } } + key_free(plain); } - return check_host_key(host, hostaddr, options.port, host_key, RDRW, + r = check_host_key(host, hostaddr, options.port, host_key, RDRW, options.user_hostfiles, options.num_user_hostfiles, options.system_hostfiles, options.num_system_hostfiles); + +done: + if (r == 0 && host_key != NULL) { + key_free(previous_host_key); + previous_host_key = key_from_private(host_key); + } + + return r; } /* @@ -1151,7 +1285,7 @@ void ssh_login(Sensitive *sensitive, const char *orighost, struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms) { - char *host, *cp; + char *host; char *server_user, *local_user; local_user = xstrdup(pw->pw_name); @@ -1159,9 +1293,7 @@ ssh_login(Sensitive *sensitive, const char *orighost, /* Convert the user-supplied hostname into all lowercase. */ host = xstrdup(orighost); - for (cp = host; *cp; cp++) - if (isupper(*cp)) - *cp = (char)tolower(*cp); + lowercase(host); /* Exchange protocol version identification strings with the server. */ ssh_exchange_identification(timeout_ms); @@ -1175,10 +1307,14 @@ ssh_login(Sensitive *sensitive, const char *orighost, ssh_kex2(host, hostaddr, port); ssh_userauth2(local_user, server_user, host, sensitive); } else { +#ifdef WITH_SSH1 ssh_kex(host, hostaddr); ssh_userauth1(local_user, server_user, host, sensitive); +#else + fatal("ssh1 is not unsupported"); +#endif } - xfree(local_user); + free(local_user); } void @@ -1195,15 +1331,22 @@ ssh_put_password(char *password) padded = xcalloc(1, size); strlcpy(padded, password, size); packet_put_string(padded, size); - memset(padded, 0, size); - xfree(padded); + explicit_bzero(padded, size); + free(padded); } /* print all known host keys for a given host, but skip keys of given type */ static int show_other_keys(struct hostkeys *hostkeys, Key *key) { - int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, -1}; + int type[] = { + KEY_RSA1, + KEY_RSA, + KEY_DSA, + KEY_ECDSA, + KEY_ED25519, + -1 + }; int i, ret = 0; char *fp, *ra; const struct hostkey_entry *found; @@ -1223,8 +1366,8 @@ show_other_keys(struct hostkeys *hostkeys, Key *key) key_type(found->key), fp); if (options.visual_host_key) logit("%s", ra); - xfree(ra); - xfree(fp); + free(ra); + free(fp); ret = 1; } return ret; @@ -1247,7 +1390,7 @@ warn_changed_key(Key *host_key) key_type(host_key), fp); error("Please contact your system administrator."); - xfree(fp); + free(fp); } /* diff --git a/crypto/openssh/sshconnect.h b/crypto/openssh/sshconnect.h index fd7f7f7c61..0ea6e99f61 100644 --- a/crypto/openssh/sshconnect.h +++ b/crypto/openssh/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.27 2010/11/29 23:45:51 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.28 2013/10/16 02:31:47 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -31,9 +31,9 @@ struct Sensitive { int external_keysign; }; -int -ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int, - int *, int, int, const char *); +struct addrinfo; +int ssh_connect(const char *, struct addrinfo *, struct sockaddr_storage *, + u_short, int, int, int *, int, int); void ssh_kill_proxy_command(void); void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short, diff --git a/crypto/openssh/sshconnect1.c b/crypto/openssh/sshconnect1.c index fd07bbf741..dd12a3af2c 100644 --- a/crypto/openssh/sshconnect1.c +++ b/crypto/openssh/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.76 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -19,7 +19,6 @@ #include #include -#include #include #include @@ -39,14 +38,15 @@ #include "kex.h" #include "uidswap.h" #include "log.h" +#include "misc.h" #include "readconf.h" #include "authfd.h" #include "sshconnect.h" #include "authfile.h" -#include "misc.h" #include "canohost.h" #include "hostfile.h" #include "auth.h" +#include "digest.h" /* Session id for the current session. */ u_char session_id[16]; @@ -84,7 +84,7 @@ try_agent_authentication(void) /* Try this identity. */ debug("Trying RSA authentication via agent with '%.100s'", comment); - xfree(comment); + free(comment); /* Tell the server that we are willing to authenticate using this key. */ packet_start(SSH_CMSG_AUTH_RSA); @@ -120,7 +120,7 @@ try_agent_authentication(void) * return a wrong value. */ logit("Authentication agent failed to decrypt challenge."); - memset(response, 0, sizeof(response)); + explicit_bzero(response, sizeof(response)); } key_free(key); debug("Sending response to RSA challenge."); @@ -161,12 +161,12 @@ static void respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) { u_char buf[32], response[16]; - MD5_CTX md; + struct ssh_digest_ctx *md; int i, len; /* Decrypt the challenge using the private key. */ /* XXX think about Bleichenbacher, too */ - if (rsa_private_decrypt(challenge, challenge, prv) <= 0) + if (rsa_private_decrypt(challenge, challenge, prv) != 0) packet_disconnect( "respond_to_rsa_challenge: rsa_private_decrypt failed"); @@ -179,10 +179,12 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) memset(buf, 0, sizeof(buf)); BN_bn2bin(challenge, buf + sizeof(buf) - len); - MD5_Init(&md); - MD5_Update(&md, buf, 32); - MD5_Update(&md, session_id, 16); - MD5_Final(response, &md); + if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || + ssh_digest_update(md, buf, 32) < 0 || + ssh_digest_update(md, session_id, 16) < 0 || + ssh_digest_final(md, response, sizeof(response)) < 0) + fatal("%s: md5 failed", __func__); + ssh_digest_free(md); debug("Sending response to host key RSA challenge."); @@ -193,9 +195,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) packet_send(); packet_write_wait(); - memset(buf, 0, sizeof(buf)); - memset(response, 0, sizeof(response)); - memset(&md, 0, sizeof(md)); + explicit_bzero(buf, sizeof(buf)); + explicit_bzero(response, sizeof(response)); + explicit_bzero(&md, sizeof(md)); } /* @@ -231,7 +233,7 @@ try_rsa_authentication(int idx) */ if (type == SSH_SMSG_FAILURE) { debug("Server refused our key."); - xfree(comment); + free(comment); return 0; } /* Otherwise, the server should respond with a challenge. */ @@ -251,7 +253,7 @@ try_rsa_authentication(int idx) * load the private key. Try first with empty passphrase; if it * fails, ask for a passphrase. */ - if (public->flags & KEY_FLAG_EXT) + if (public->flags & SSHKEY_FLAG_EXT) private = public; else private = key_load_private_type(KEY_RSA1, authfile, "", NULL, @@ -269,15 +271,15 @@ try_rsa_authentication(int idx) debug2("no passphrase given, try next key"); quit = 1; } - memset(passphrase, 0, strlen(passphrase)); - xfree(passphrase); + explicit_bzero(passphrase, strlen(passphrase)); + free(passphrase); if (private != NULL || quit) break; debug2("bad passphrase given, try again..."); } } /* We no longer need the comment. */ - xfree(comment); + free(comment); if (private == NULL) { if (!options.batch_mode && perm_ok) @@ -300,7 +302,7 @@ try_rsa_authentication(int idx) respond_to_rsa_challenge(challenge, private->rsa); /* Destroy the private key unless it in external hardware. */ - if (!(private->flags & KEY_FLAG_EXT)) + if (!(private->flags & SSHKEY_FLAG_EXT)) key_free(private); /* We no longer need the challenge. */ @@ -412,7 +414,7 @@ try_challenge_response_authentication(void) packet_check_eom(); snprintf(prompt, sizeof prompt, "%s%s", challenge, strchr(challenge, '\n') ? "" : "\nResponse: "); - xfree(challenge); + free(challenge); if (i != 0) error("Permission denied, please try again."); if (options.cipher == SSH_CIPHER_NONE) @@ -420,13 +422,13 @@ try_challenge_response_authentication(void) "Response will be transmitted in clear text."); response = read_passphrase(prompt, 0); if (strcmp(response, "") == 0) { - xfree(response); + free(response); break; } packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); ssh_put_password(response); - memset(response, 0, strlen(response)); - xfree(response); + explicit_bzero(response, strlen(response)); + free(response); packet_send(); packet_write_wait(); type = packet_read(); @@ -458,8 +460,8 @@ try_password_authentication(char *prompt) password = read_passphrase(prompt, 0); packet_start(SSH_CMSG_AUTH_PASSWORD); ssh_put_password(password); - memset(password, 0, strlen(password)); - xfree(password); + explicit_bzero(password, strlen(password)); + free(password); packet_send(); packet_write_wait(); @@ -542,9 +544,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr) derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); - /* Generate a session key. */ - arc4random_stir(); - /* * Generate an encryption key for the session. The key is a 256 bit * random number, interpreted as a 32-byte key, with the least @@ -593,8 +592,9 @@ ssh_kex(char *host, struct sockaddr *hostaddr) BN_num_bits(server_key->rsa->n), SSH_KEY_BITS_RESERVED); } - rsa_public_encrypt(key, key, server_key->rsa); - rsa_public_encrypt(key, key, host_key->rsa); + if (rsa_public_encrypt(key, key, server_key->rsa) != 0 || + rsa_public_encrypt(key, key, host_key->rsa) != 0) + fatal("%s: rsa_public_encrypt failed", __func__); } else { /* Host key has smaller modulus (or they are equal). */ if (BN_num_bits(server_key->rsa->n) < @@ -605,8 +605,9 @@ ssh_kex(char *host, struct sockaddr *hostaddr) BN_num_bits(host_key->rsa->n), SSH_KEY_BITS_RESERVED); } - rsa_public_encrypt(key, key, host_key->rsa); - rsa_public_encrypt(key, key, server_key->rsa); + if (rsa_public_encrypt(key, key, host_key->rsa) != 0 || + rsa_public_encrypt(key, key, server_key->rsa) != 0) + fatal("%s: rsa_public_encrypt failed", __func__); } /* Destroy the public keys since we no longer need them. */ @@ -653,8 +654,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr) /* Set the encryption key. */ packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); - /* We will no longer need the session key here. Destroy any extra copies. */ - memset(session_key, 0, sizeof(session_key)); + /* + * We will no longer need the session key here. + * Destroy any extra copies. + */ + explicit_bzero(session_key, sizeof(session_key)); /* * Expect a success message from the server. Note that this message diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 7c369d7431..68f7f4fdd2 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.189 2012/06/22 12:30:26 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.210 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -40,7 +40,7 @@ #include #include #include -#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) #include #endif @@ -61,8 +61,8 @@ #include "dh.h" #include "authfd.h" #include "log.h" -#include "readconf.h" #include "misc.h" +#include "readconf.h" #include "match.h" #include "dispatch.h" #include "canohost.h" @@ -70,8 +70,6 @@ #include "pathnames.h" #include "uidswap.h" #include "hostfile.h" -#include "schnorr.h" -#include "jpake.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -146,10 +144,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) if (*first != '\0') debug3("%s: prefer hostkeyalgs: %s", __func__, first); - xfree(first); - xfree(last); - xfree(hostname); - xfree(oavail); + free(first); + free(last); + free(hostname); + free(oavail); free_hostkeys(hostkeys); return ret; @@ -158,6 +156,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) void ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; Kex *kex; xxx_host = host; @@ -188,25 +187,32 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) } if (options.hostkeyalgorithms != NULL) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - options.hostkeyalgorithms; + compat_pkalg_proposal(options.hostkeyalgorithms); else { /* Prefer algorithms that we already have keys for */ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - order_hostkeyalgs(host, hostaddr, port); + compat_pkalg_proposal( + order_hostkeyalgs(host, hostaddr, port)); } if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( + myproposal[PROPOSAL_KEX_ALGS]); - if (options.rekey_limit) - packet_set_rekey_limit((u_int32_t)options.rekey_limit); + if (options.rekey_limit || options.rekey_interval) + packet_set_rekey_limits((u_int32_t)options.rekey_limit, + (time_t)options.rekey_interval); /* start key exchange */ kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +#endif + kex->kex[KEX_C25519_SHA256] = kexc25519_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; @@ -248,6 +254,7 @@ struct identity { char *filename; /* comment for agent-only keys */ int tried; int isprivate; /* key points to the private key */ + int userprovided; }; TAILQ_HEAD(idlist, identity); @@ -285,18 +292,12 @@ void input_userauth_error(int, u_int32_t, void *); void input_userauth_info_req(int, u_int32_t, void *); void input_userauth_pk_ok(int, u_int32_t, void *); void input_userauth_passwd_changereq(int, u_int32_t, void *); -void input_userauth_jpake_server_step1(int, u_int32_t, void *); -void input_userauth_jpake_server_step2(int, u_int32_t, void *); -void input_userauth_jpake_server_confirm(int, u_int32_t, void *); int userauth_none(Authctxt *); int userauth_pubkey(Authctxt *); int userauth_passwd(Authctxt *); int userauth_kbdint(Authctxt *); int userauth_hostbased(Authctxt *); -int userauth_jpake(Authctxt *); - -void userauth_jpake_cleanup(Authctxt *); #ifdef GSSAPI int userauth_gssapi(Authctxt *authctxt); @@ -312,7 +313,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); -static Key *load_identity_file(char *); +static Key *load_identity_file(char *, int); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmethod_lookup(const char *name); @@ -336,13 +337,6 @@ Authmethod authmethods[] = { NULL, &options.pubkey_authentication, NULL}, -#ifdef JPAKE - {"jpake-01@openssh.com", - userauth_jpake, - userauth_jpake_cleanup, - &options.zero_knowledge_password_authentication, - &options.batch_mode}, -#endif {"keyboard-interactive", userauth_kbdint, NULL, @@ -382,7 +376,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, if (packet_remaining() > 0) { char *reply = packet_get_string(NULL); debug2("service_accept: %s", reply); - xfree(reply); + free(reply); } else { debug2("buggy server: service_accept w/o service"); } @@ -429,15 +423,12 @@ userauth(Authctxt *authctxt, char *authlist) if (authctxt->method != NULL && authctxt->method->cleanup != NULL) authctxt->method->cleanup(authctxt); - if (authctxt->methoddata) { - xfree(authctxt->methoddata); - authctxt->methoddata = NULL; - } + free(authctxt->methoddata); + authctxt->methoddata = NULL; if (authlist == NULL) { authlist = authctxt->authlist; } else { - if (authctxt->authlist) - xfree(authctxt->authlist); + free(authctxt->authlist); authctxt->authlist = authlist; } for (;;) { @@ -485,10 +476,10 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); fprintf(stderr, "%s", msg); - xfree(msg); + free(msg); } - xfree(raw); - xfree(lang); + free(raw); + free(lang); } /* ARGSUSED */ @@ -499,16 +490,12 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) if (authctxt == NULL) fatal("input_userauth_success: no authentication context"); - if (authctxt->authlist) { - xfree(authctxt->authlist); - authctxt->authlist = NULL; - } + free(authctxt->authlist); + authctxt->authlist = NULL; if (authctxt->method != NULL && authctxt->method->cleanup != NULL) authctxt->method->cleanup(authctxt); - if (authctxt->methoddata) { - xfree(authctxt->methoddata); - authctxt->methoddata = NULL; - } + free(authctxt->methoddata); + authctxt->methoddata = NULL; authctxt->success = 1; /* break out */ } @@ -539,8 +526,12 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) partial = packet_get_char(); packet_check_eom(); - if (partial != 0) + if (partial != 0) { logit("Authenticated with partial success."); + /* reset state */ + pubkey_cleanup(authctxt); + pubkey_prepare(authctxt); + } debug("Authentications that can continue: %s", authlist); userauth(authctxt, authlist); @@ -593,7 +584,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) } fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); - xfree(fp); + free(fp); /* * search keys in the reverse order, because last candidate has been @@ -609,8 +600,8 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) done: if (key != NULL) key_free(key); - xfree(pkalg); - xfree(pkblob); + free(pkalg); + free(pkblob); /* try another method if we did not send a packet */ if (sent == 0) @@ -748,7 +739,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) if (oidlen <= 2 || oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen - 2) { - xfree(oidv); + free(oidv); debug("Badly encoded mechanism OID received"); userauth(authctxt, NULL); return; @@ -759,7 +750,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) packet_check_eom(); - xfree(oidv); + free(oidv); if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { /* Start again with next method on list */ @@ -788,7 +779,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) status = process_gssapi_token(ctxt, &recv_tok); - xfree(recv_tok.value); + free(recv_tok.value); if (GSS_ERROR(status)) { /* Start again with the next method in the list */ @@ -805,7 +796,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) Gssctxt *gssctxt; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; - OM_uint32 status, ms; + OM_uint32 ms; u_int len; if (authctxt == NULL) @@ -818,10 +809,10 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) packet_check_eom(); /* Stick it into GSSAPI and see what it says */ - status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, + (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, &recv_tok, &send_tok, NULL); - xfree(recv_tok.value); + free(recv_tok.value); gss_release_buffer(&ms, &send_tok); /* Server will be returning a failed packet after this one */ @@ -831,20 +822,19 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) void input_gssapi_error(int type, u_int32_t plen, void *ctxt) { - OM_uint32 maj, min; char *msg; char *lang; - maj=packet_get_int(); - min=packet_get_int(); + /* maj */(void)packet_get_int(); + /* min */(void)packet_get_int(); msg=packet_get_string(NULL); lang=packet_get_string(NULL); packet_check_eom(); debug("Server GSSAPI Error:\n%s", msg); - xfree(msg); - xfree(lang); + free(msg); + free(lang); } #endif /* GSSAPI */ @@ -884,8 +874,8 @@ userauth_passwd(Authctxt *authctxt) packet_put_cstring(authctxt->method->name); packet_put_char(0); packet_put_cstring(password); - memset(password, 0, strlen(password)); - xfree(password); + explicit_bzero(password, strlen(password)); + free(password); packet_add_padding(64); packet_send(); @@ -918,8 +908,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) lang = packet_get_string(NULL); if (strlen(info) > 0) logit("%s", info); - xfree(info); - xfree(lang); + free(info); + free(lang); packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_put_cstring(authctxt->server_user); packet_put_cstring(authctxt->service); @@ -930,8 +920,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) authctxt->server_user, host); password = read_passphrase(prompt, 0); packet_put_cstring(password); - memset(password, 0, strlen(password)); - xfree(password); + explicit_bzero(password, strlen(password)); + free(password); password = NULL; while (password == NULL) { snprintf(prompt, sizeof(prompt), @@ -947,17 +937,17 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) authctxt->server_user, host); retype = read_passphrase(prompt, 0); if (strcmp(password, retype) != 0) { - memset(password, 0, strlen(password)); - xfree(password); + explicit_bzero(password, strlen(password)); + free(password); logit("Mismatch; try again, EOF to quit."); password = NULL; } - memset(retype, 0, strlen(retype)); - xfree(retype); + explicit_bzero(retype, strlen(retype)); + free(retype); } packet_put_cstring(password); - memset(password, 0, strlen(password)); - xfree(password); + explicit_bzero(password, strlen(password)); + free(password); packet_add_padding(64); packet_send(); @@ -965,209 +955,6 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) &input_userauth_passwd_changereq); } -#ifdef JPAKE -static char * -pw_encrypt(const char *password, const char *crypt_scheme, const char *salt) -{ - /* OpenBSD crypt(3) handles all of these */ - if (strcmp(crypt_scheme, "crypt") == 0 || - strcmp(crypt_scheme, "bcrypt") == 0 || - strcmp(crypt_scheme, "md5crypt") == 0 || - strcmp(crypt_scheme, "crypt-extended") == 0) - return xstrdup(crypt(password, salt)); - error("%s: unsupported password encryption scheme \"%.100s\"", - __func__, crypt_scheme); - return NULL; -} - -static BIGNUM * -jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme, - const char *salt) -{ - char prompt[256], *password, *crypted; - u_char *secret; - u_int secret_len; - BIGNUM *ret; - - snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ", - authctxt->server_user, authctxt->host); - password = read_passphrase(prompt, 0); - - if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) { - logit("Disabling %s authentication", authctxt->method->name); - authctxt->method->enabled = NULL; - /* Continue with an empty password to fail gracefully */ - crypted = xstrdup(""); - } - -#ifdef JPAKE_DEBUG - debug3("%s: salt = %s", __func__, salt); - debug3("%s: scheme = %s", __func__, crypt_scheme); - debug3("%s: crypted = %s", __func__, crypted); -#endif - - if (hash_buffer(crypted, strlen(crypted), EVP_sha256(), - &secret, &secret_len) != 0) - fatal("%s: hash_buffer", __func__); - - bzero(password, strlen(password)); - bzero(crypted, strlen(crypted)); - xfree(password); - xfree(crypted); - - if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) - fatal("%s: BN_bin2bn (secret)", __func__); - bzero(secret, secret_len); - xfree(secret); - - return ret; -} - -/* ARGSUSED */ -void -input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->methoddata; - u_char *x3_proof, *x4_proof, *x2_s_proof; - u_int x3_proof_len, x4_proof_len, x2_s_proof_len; - char *crypt_scheme, *salt; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL); - - if ((pctx->g_x3 = BN_new()) == NULL || - (pctx->g_x4 = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - /* Fetch step 1 values */ - crypt_scheme = packet_get_string(NULL); - salt = packet_get_string(NULL); - pctx->server_id = packet_get_string(&pctx->server_id_len); - packet_get_bignum2(pctx->g_x3); - packet_get_bignum2(pctx->g_x4); - x3_proof = packet_get_string(&x3_proof_len); - x4_proof = packet_get_string(&x4_proof_len); - packet_check_eom(); - - JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__)); - - /* Obtain password and derive secret */ - pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); - bzero(crypt_scheme, strlen(crypt_scheme)); - bzero(salt, strlen(salt)); - xfree(crypt_scheme); - xfree(salt); - JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); - - /* Calculate step 2 values */ - jpake_step2(pctx->grp, pctx->s, pctx->g_x1, - pctx->g_x3, pctx->g_x4, pctx->x2, - pctx->server_id, pctx->server_id_len, - pctx->client_id, pctx->client_id_len, - x3_proof, x3_proof_len, - x4_proof, x4_proof_len, - &pctx->a, - &x2_s_proof, &x2_s_proof_len); - - bzero(x3_proof, x3_proof_len); - bzero(x4_proof, x4_proof_len); - xfree(x3_proof); - xfree(x4_proof); - - JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); - - /* Send values for step 2 */ - packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2); - packet_put_bignum2(pctx->a); - packet_put_string(x2_s_proof, x2_s_proof_len); - packet_send(); - - bzero(x2_s_proof, x2_s_proof_len); - xfree(x2_s_proof); - - /* Expect step 2 packet from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, - input_userauth_jpake_server_step2); -} - -/* ARGSUSED */ -void -input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->methoddata; - u_char *x4_s_proof; - u_int x4_s_proof_len; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL); - - if ((pctx->b = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - /* Fetch step 2 values */ - packet_get_bignum2(pctx->b); - x4_s_proof = packet_get_string(&x4_s_proof_len); - packet_check_eom(); - - JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__)); - - /* Derive shared key and calculate confirmation hash */ - jpake_key_confirm(pctx->grp, pctx->s, pctx->b, - pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4, - pctx->client_id, pctx->client_id_len, - pctx->server_id, pctx->server_id_len, - session_id2, session_id2_len, - x4_s_proof, x4_s_proof_len, - &pctx->k, - &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); - - bzero(x4_s_proof, x4_s_proof_len); - xfree(x4_s_proof); - - JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); - - /* Send key confirmation proof */ - packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM); - packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len); - packet_send(); - - /* Expect confirmation from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, - input_userauth_jpake_server_confirm); -} - -/* ARGSUSED */ -void -input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->methoddata; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL); - - pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len); - packet_check_eom(); - - JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__)); - - /* Verify expected confirmation hash */ - if (jpake_check_confirm(pctx->k, - pctx->server_id, pctx->server_id_len, - session_id2, session_id2_len, - pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1) - debug("%s: %s success", __func__, authctxt->method->name); - else { - debug("%s: confirmation mismatch", __func__); - /* XXX stash this so if auth succeeds then we can warn/kill */ - } - - userauth_jpake_cleanup(authctxt); -} -#endif /* JPAKE */ - static int identity_sign(Identity *id, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) @@ -1183,10 +970,10 @@ identity_sign(Identity *id, u_char **sigp, u_int *lenp, * we have already loaded the private key or * the private key is stored in external hardware */ - if (id->isprivate || (id->key->flags & KEY_FLAG_EXT)) + if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) return (key_sign(id->key, sigp, lenp, data, datalen)); /* load the private key from the file */ - if ((prv = load_identity_file(id->filename)) == NULL) + if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL) return (-1); ret = key_sign(prv, sigp, lenp, data, datalen); key_free(prv); @@ -1206,7 +993,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); - xfree(fp); + free(fp); if (key_to_blob(id->key, &blob, &bloblen) == 0) { /* we cannot handle this key */ @@ -1241,7 +1028,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) ret = identity_sign(id, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); if (ret == -1) { - xfree(blob); + free(blob); buffer_free(&b); return 0; } @@ -1261,11 +1048,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) buffer_put_cstring(&b, key_ssh_name(id->key)); buffer_put_string(&b, blob, bloblen); } - xfree(blob); + free(blob); /* append signature */ buffer_put_string(&b, signature, slen); - xfree(signature); + free(signature); /* skip session id and packet type */ if (buffer_len(&b) < skip + 1) @@ -1305,13 +1092,13 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) if (!(datafellows & SSH_BUG_PKAUTH)) packet_put_cstring(key_ssh_name(id->key)); packet_put_string(blob, bloblen); - xfree(blob); + free(blob); packet_send(); return 1; } static Key * -load_identity_file(char *filename) +load_identity_file(char *filename, int userprovided) { Key *private; char prompt[300], *passphrase; @@ -1319,12 +1106,16 @@ load_identity_file(char *filename) struct stat st; if (stat(filename, &st) < 0) { - debug3("no such identity: %s", filename); + (userprovided ? logit : debug3)("no such identity: %s: %s", + filename, strerror(errno)); return NULL; } private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); - if (!perm_ok) + if (!perm_ok) { + if (private != NULL) + key_free(private); return NULL; + } if (private == NULL) { if (options.batch_mode) return NULL; @@ -1340,8 +1131,8 @@ load_identity_file(char *filename) debug2("no passphrase given, try next key"); quit = 1; } - memset(passphrase, 0, strlen(passphrase)); - xfree(passphrase); + explicit_bzero(passphrase, strlen(passphrase)); + free(passphrase); if (private != NULL || quit) break; debug2("bad passphrase given, try again..."); @@ -1359,7 +1150,7 @@ load_identity_file(char *filename) static void pubkey_prepare(Authctxt *authctxt) { - Identity *id; + Identity *id, *id2, *tmp; Idlist agent, files, *preferred; Key *key; AuthenticationConnection *ac; @@ -1371,7 +1162,7 @@ pubkey_prepare(Authctxt *authctxt) preferred = &authctxt->keys; TAILQ_INIT(preferred); /* preferred order of keys */ - /* list of keys stored in the filesystem */ + /* list of keys stored in the filesystem and PKCS#11 */ for (i = 0; i < options.num_identity_files; i++) { key = options.identity_keys[i]; if (key && key->type == KEY_RSA1) @@ -1382,8 +1173,32 @@ pubkey_prepare(Authctxt *authctxt) id = xcalloc(1, sizeof(*id)); id->key = key; id->filename = xstrdup(options.identity_files[i]); + id->userprovided = options.identity_file_userprovided[i]; TAILQ_INSERT_TAIL(&files, id, next); } + /* Prefer PKCS11 keys that are explicitly listed */ + TAILQ_FOREACH_SAFE(id, &files, next, tmp) { + if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + found = 0; + TAILQ_FOREACH(id2, &files, next) { + if (id2->key == NULL || + (id2->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + if (key_equal(id->key, id2->key)) { + TAILQ_REMOVE(&files, id, next); + TAILQ_INSERT_TAIL(preferred, id, next); + found = 1; + break; + } + } + /* If IdentitiesOnly set and key not found then don't use it */ + if (!found && options.identities_only) { + TAILQ_REMOVE(&files, id, next); + explicit_bzero(id, sizeof(*id)); + free(id); + } + } /* list of keys supported by the agent */ if ((ac = ssh_get_authentication_connection())) { for (key = ssh_get_first_identity(ac, &comment, 2); @@ -1394,7 +1209,7 @@ pubkey_prepare(Authctxt *authctxt) /* agent keys from the config file are preferred */ if (key_equal(key, id->key)) { key_free(key); - xfree(comment); + free(comment); TAILQ_REMOVE(&files, id, next); TAILQ_INSERT_TAIL(preferred, id, next); id->ac = ac; @@ -1423,7 +1238,8 @@ pubkey_prepare(Authctxt *authctxt) TAILQ_INSERT_TAIL(preferred, id, next); } TAILQ_FOREACH(id, preferred, next) { - debug2("key: %s (%p)", id->filename, id->key); + debug2("key: %s (%p),%s", id->filename, id->key, + id->userprovided ? " explicit" : ""); } } @@ -1439,9 +1255,8 @@ pubkey_cleanup(Authctxt *authctxt) TAILQ_REMOVE(&authctxt->keys, id, next); if (id->key) key_free(id->key); - if (id->filename) - xfree(id->filename); - xfree(id); + free(id->filename); + free(id); } } @@ -1462,16 +1277,31 @@ userauth_pubkey(Authctxt *authctxt) * encrypted keys we cannot do this and have to load the * private key instead */ - if (id->key && id->key->type != KEY_RSA1) { - debug("Offering %s public key: %s", key_type(id->key), - id->filename); - sent = send_pubkey_test(authctxt, id); - } else if (id->key == NULL) { + if (id->key != NULL) { + if (key_type_plain(id->key->type) == KEY_RSA && + (datafellows & SSH_BUG_RSASIGMD5) != 0) { + debug("Skipped %s key %s for RSA/MD5 server", + key_type(id->key), id->filename); + } else if (id->key->type != KEY_RSA1) { + debug("Offering %s public key: %s", + key_type(id->key), id->filename); + sent = send_pubkey_test(authctxt, id); + } + } else { debug("Trying private key: %s", id->filename); - id->key = load_identity_file(id->filename); + id->key = load_identity_file(id->filename, + id->userprovided); if (id->key != NULL) { id->isprivate = 1; - sent = sign_and_send_pubkey(authctxt, id); + if (key_type_plain(id->key->type) == KEY_RSA && + (datafellows & SSH_BUG_RSASIGMD5) != 0) { + debug("Skipped %s key %s for RSA/MD5 " + "server", key_type(id->key), + id->filename); + } else { + sent = sign_and_send_pubkey( + authctxt, id); + } key_free(id->key); id->key = NULL; } @@ -1538,9 +1368,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) logit("%s", name); if (strlen(inst) > 0) logit("%s", inst); - xfree(name); - xfree(inst); - xfree(lang); + free(name); + free(inst); + free(lang); num_prompts = packet_get_int(); /* @@ -1560,9 +1390,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) response = read_passphrase(prompt, echo ? RP_ECHO : 0); packet_put_cstring(response); - memset(response, 0, strlen(response)); - xfree(response); - xfree(prompt); + explicit_bzero(response, strlen(response)); + free(response); + free(prompt); } packet_check_eom(); /* done with parsing incoming message. */ @@ -1682,12 +1512,12 @@ userauth_hostbased(Authctxt *authctxt) if (p == NULL) { error("userauth_hostbased: cannot get local ipaddr/name"); key_free(private); - xfree(blob); + free(blob); return 0; } xasprintf(&chost, "%s.", p); debug2("userauth_hostbased: chost %s", chost); - xfree(p); + free(p); service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; @@ -1716,9 +1546,9 @@ userauth_hostbased(Authctxt *authctxt) buffer_free(&b); if (ok != 0) { error("key_sign failed"); - xfree(chost); - xfree(pkalg); - xfree(blob); + free(chost); + free(pkalg); + free(blob); return 0; } packet_start(SSH2_MSG_USERAUTH_REQUEST); @@ -1730,89 +1560,16 @@ userauth_hostbased(Authctxt *authctxt) packet_put_cstring(chost); packet_put_cstring(authctxt->local_user); packet_put_string(signature, slen); - memset(signature, 's', slen); - xfree(signature); - xfree(chost); - xfree(pkalg); - xfree(blob); - - packet_send(); - return 1; -} - -#ifdef JPAKE -int -userauth_jpake(Authctxt *authctxt) -{ - struct jpake_ctx *pctx; - u_char *x1_proof, *x2_proof; - u_int x1_proof_len, x2_proof_len; - static int attempt = 0; /* XXX share with userauth_password's? */ - - if (attempt++ >= options.number_of_password_prompts) - return 0; - if (attempt != 1) - error("Permission denied, please try again."); - - if (authctxt->methoddata != NULL) - fatal("%s: authctxt->methoddata already set (%p)", - __func__, authctxt->methoddata); + explicit_bzero(signature, slen); + free(signature); + free(chost); + free(pkalg); + free(blob); - authctxt->methoddata = pctx = jpake_new(); - - /* - * Send request immediately, to get the protocol going while - * we do the initial computations. - */ - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); packet_send(); - packet_write_wait(); - - jpake_step1(pctx->grp, - &pctx->client_id, &pctx->client_id_len, - &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2, - &x1_proof, &x1_proof_len, - &x2_proof, &x2_proof_len); - - JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__)); - - packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1); - packet_put_string(pctx->client_id, pctx->client_id_len); - packet_put_bignum2(pctx->g_x1); - packet_put_bignum2(pctx->g_x2); - packet_put_string(x1_proof, x1_proof_len); - packet_put_string(x2_proof, x2_proof_len); - packet_send(); - - bzero(x1_proof, x1_proof_len); - bzero(x2_proof, x2_proof_len); - xfree(x1_proof); - xfree(x2_proof); - - /* Expect step 1 packet from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, - input_userauth_jpake_server_step1); - dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, - &input_userauth_success_unexpected); - return 1; } -void -userauth_jpake_cleanup(Authctxt *authctxt) -{ - debug3("%s: clean up", __func__); - if (authctxt->methoddata != NULL) { - jpake_free(authctxt->methoddata); - authctxt->methoddata = NULL; - } - dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); -} -#endif /* JPAKE */ - /* find auth method */ /* @@ -1867,8 +1624,7 @@ authmethod_get(char *authlist) if (supported == NULL || strcmp(authlist, supported) != 0) { debug3("start over, passed a different list %s", authlist); - if (supported != NULL) - xfree(supported); + free(supported); supported = xstrdup(authlist); preferred = options.preferred_authentications; debug3("preferred %s", preferred); @@ -1889,9 +1645,10 @@ authmethod_get(char *authlist) authmethod_is_enabled(current)) { debug3("authmethod_is_enabled %s", name); debug("Next authentication method: %s", name); - xfree(name); + free(name); return current; } + free(name); } } diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index a1a74d86ad..01459d637f 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.266 2012/06/18 12:07:07 dtucker Exp $ -.Dd $Mdocdate: June 18 2012 $ +.\" $OpenBSD: sshd.8,v 1.276 2014/07/03 22:40:43 djm Exp $ +.Dd $Mdocdate: July 3 2014 $ .Dt SSHD 8 .Os .Sh NAME @@ -47,6 +47,7 @@ .Op Fl b Ar bits .Op Fl C Ar connection_spec .Op Fl c Ar host_certificate_file +.Op Fl E Ar log_file .Op Fl f Ar config_file .Op Fl g Ar login_grace_time .Op Fl h Ar host_key_file @@ -59,10 +60,7 @@ .Nm (OpenSSH Daemon) is the daemon program for .Xr ssh 1 . -Together these programs replace -.Xr rlogin 1 -and -.Xr rsh 1 , +Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. .Pp @@ -146,10 +144,12 @@ Multiple .Fl d options increase the debugging level. Maximum is 3. +.It Fl E Ar log_file +Append debug logs to +.Ar log_file +instead of the system log. .It Fl e -When this option is specified, -.Nm -will send the output to the standard error instead of the system log. +Write debug logs to standard error instead of the system log. .It Fl f Ar config_file Specifies the name of the configuration file. The default is @@ -172,7 +172,8 @@ The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and .Pa /etc/ssh/ssh_host_dsa_key , -.Pa /etc/ssh/ssh_host_ecdsa_key +.Pa /etc/ssh/ssh_host_ecdsa_key . +.Pa /etc/ssh/ssh_host_ed25519_key and .Pa /etc/ssh/ssh_host_rsa_key for protocol version 2. @@ -277,7 +278,7 @@ though this can be changed via the .Cm Protocol option in .Xr sshd_config 5 . -Protocol 2 supports DSA, ECDSA and RSA keys; +Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; protocol 1 only supports RSA keys. For both protocols, each host has a host-specific key, @@ -316,7 +317,7 @@ The client selects the encryption algorithm to use from those offered by the server. Additionally, session integrity is provided through a cryptographic message authentication code -(hmac-md5, hmac-sha1, umac-64, hmac-ripemd160, +(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512). .Pp Finally, the server and the client enter an authentication dialog. @@ -407,7 +408,10 @@ Changes to user's home directory. .It If .Pa ~/.ssh/rc -exists, runs it; else if +exists and the +.Xr sshd_config 5 +.Cm PermitUserRC +option is set, runs it; else if .Pa /etc/ssh/sshrc exists, runs it; otherwise runs xauth. @@ -491,6 +495,7 @@ For protocol version 2 the keytype is .Dq ecdsa-sha2-nistp256 , .Dq ecdsa-sha2-nistp384 , .Dq ecdsa-sha2-nistp521 , +.Dq ssh-ed25519 , .Dq ssh-dss or .Dq ssh-rsa . @@ -503,6 +508,7 @@ You don't want to type them in; instead, copy the .Pa identity.pub , .Pa id_dsa.pub , .Pa id_ecdsa.pub , +.Pa id_ed25519.pub , or the .Pa id_rsa.pub file and edit it. @@ -564,9 +570,7 @@ is enabled. Specifies that in addition to public key authentication, either the canonical name of the remote host or its IP address must be present in the comma-separated list of patterns. -See -.Sx PATTERNS -in +See PATTERNS in .Xr ssh_config 5 for more information on patterns. .Pp @@ -804,8 +808,8 @@ secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp .It Pa ~/.ssh/authorized_keys -Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in -as this user. +Lists the public keys (DSA, ECDSA, ED25519, RSA) +that can be used for logging in as this user. The format of this file is described above. The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. @@ -847,12 +851,6 @@ the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp -.It Pa /etc/hosts.allow -.It Pa /etc/hosts.deny -Access controls that should be enforced by tcp-wrappers are defined here. -Further details are described in -.Xr hosts_access 5 . -.Pp .It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . @@ -885,6 +883,7 @@ rlogin/rsh. .It Pa /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key +.It Pa /etc/ssh/ssh_host_ed25519_key .It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not @@ -896,6 +895,7 @@ does not start if these files are group/world-accessible. .It Pa /etc/ssh/ssh_host_key.pub .It Pa /etc/ssh/ssh_host_dsa_key.pub .It Pa /etc/ssh/ssh_host_ecdsa_key.pub +.It Pa /etc/ssh/ssh_host_ed25519_key.pub .It Pa /etc/ssh/ssh_host_rsa_key.pub These files contain the public parts of the host keys. These files should be world-readable but writable only by @@ -954,7 +954,6 @@ The content of this file is not sensitive; it can be world-readable. .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr chroot 2 , -.Xr hosts_access 5 , .Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , @@ -971,14 +970,3 @@ Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -.Sh CAVEATS -System security is not improved unless -.Nm rshd , -.Nm rlogind , -and -.Nm rexecd -are disabled (thus completely disabling -.Xr rlogin -and -.Xr rsh -into the machine). diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 9aff5e8afd..481d001557 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.428 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -72,11 +72,12 @@ #include #include +#ifdef WITH_OPENSSL #include #include -#include #include #include "openbsd-compat/openssl-compat.h" +#endif #ifdef HAVE_SECUREWARE #include @@ -92,13 +93,14 @@ #include "packet.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" #include "uidswap.h" #include "compat.h" #include "cipher.h" +#include "digest.h" #include "key.h" #include "kex.h" -#include "dh.h" #include "myproposal.h" #include "authfile.h" #include "pathnames.h" @@ -106,7 +108,7 @@ #include "canohost.h" #include "hostfile.h" #include "auth.h" -#include "misc.h" +#include "authfd.h" #include "msg.h" #include "dispatch.h" #include "channels.h" @@ -121,13 +123,6 @@ #include "ssh-sandbox.h" #include "version.h" -#ifdef LIBWRAP -#include -#include -int allow_severity; -int deny_severity; -#endif /* LIBWRAP */ - #ifndef O_NOCTTY #define O_NOCTTY 0 #endif @@ -194,6 +189,10 @@ char *server_version_string = NULL; /* for rekeying XXX fixme */ Kex *xxx_kex; +/* Daemon's agent connection */ +AuthenticationConnection *auth_conn = NULL; +int have_agent = 0; + /* * Any really sensitive data in the application is contained in this * structure. The idea is that this structure could be locked into memory so @@ -206,6 +205,7 @@ struct { Key *server_key; /* ephemeral server key */ Key *ssh1_host_key; /* ssh1 host key */ Key **host_keys; /* all private host keys */ + Key **host_pubkeys; /* all public host keys */ Key **host_certificates; /* all public host certificates */ int have_ssh1_key; int have_ssh2_key; @@ -257,7 +257,9 @@ struct passwd *privsep_pw = NULL; void destroy_sensitive_data(void); void demote_sensitive_data(void); +#ifdef WITH_SSH1 static void do_ssh1_kex(void); +#endif static void do_ssh2_kex(void); /* @@ -309,6 +311,7 @@ static void sighup_restart(void) { logit("Received SIGHUP; restarting."); + platform_pre_restart(); close_listen_socks(); close_startup_pipes(); alarm(0); /* alarm timer persists across exec */ @@ -359,6 +362,15 @@ grace_alarm_handler(int sig) if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) kill(pmonitor->m_pid, SIGALRM); + /* + * Try to kill any processes that we have spawned, E.g. authorized + * keys command helpers. + */ + if (getpgid(0) == getpid()) { + signal(SIGTERM, SIG_IGN); + kill(0, SIGTERM); + } + /* Log error and exit. */ sigdie("Timeout before authentication for %s", get_remote_ipaddr()); } @@ -382,7 +394,6 @@ generate_ephemeral_server_key(void) verbose("RSA key generation complete."); arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); - arc4random_stir(); } /*ARGSUSED*/ @@ -465,10 +476,11 @@ sshd_exchange_identification(int sock_in, int sock_out) &remote_major, &remote_minor, remote_version) != 3) { s = "Protocol mismatch.\n"; (void) atomicio(vwrite, sock_out, s, strlen(s)); + logit("Bad protocol version identification '%.100s' " + "from %s port %d", client_version_string, + get_remote_ipaddr(), get_remote_port()); close(sock_in); close(sock_out); - logit("Bad protocol version identification '%.100s' from %s", - client_version_string, get_remote_ipaddr()); cleanup_exit(255); } debug("Client protocol version %d.%d; client software version %.100s", @@ -476,17 +488,24 @@ sshd_exchange_identification(int sock_in, int sock_out) compat_datafellows(remote_version); - if (datafellows & SSH_BUG_PROBE) { + if ((datafellows & SSH_BUG_PROBE) != 0) { logit("probed from %s with %s. Don't panic.", get_remote_ipaddr(), client_version_string); cleanup_exit(255); } - - if (datafellows & SSH_BUG_SCANNER) { + if ((datafellows & SSH_BUG_SCANNER) != 0) { logit("scanned from %s with %s. Don't panic.", get_remote_ipaddr(), client_version_string); cleanup_exit(255); } + if ((datafellows & SSH_BUG_RSASIGMD5) != 0) { + logit("Client version \"%.100s\" uses unsafe RSA signature " + "scheme; disabling use of RSA keys", remote_version); + } + if ((datafellows & SSH_BUG_DERIVEKEY) != 0) { + fatal("Client version \"%.100s\" uses unsafe key agreement; " + "refusing connection", remote_version); + } mismatch = 0; switch (remote_major) { @@ -556,7 +575,7 @@ destroy_sensitive_data(void) } } sensitive_data.ssh1_host_key = NULL; - memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH); + explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); } /* Demote private to public keys for network child */ @@ -595,9 +614,16 @@ privsep_preauth_child(void) /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); +#ifdef GSSAPI + /* Cache supported mechanism OIDs for later use */ + if (options.gss_authentication) + ssh_gssapi_prepare_supported_oids(); +#endif + arc4random_stir(); arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); + explicit_bzero(rnd, sizeof(rnd)); /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -636,7 +662,7 @@ privsep_preauth(Authctxt *authctxt) pmonitor->m_pkex = &xxx_kex; if (use_privsep == PRIVSEP_ON) - box = ssh_sandbox_init(); + box = ssh_sandbox_init(pmonitor); pid = fork(); if (pid == -1) { fatal("fork of unprivileged child failed"); @@ -644,6 +670,8 @@ privsep_preauth(Authctxt *authctxt) debug2("Network child is on pid %ld", (long)pid); pmonitor->m_pid = pid; + if (have_agent) + auth_conn = ssh_get_authentication_connection(); if (box != NULL) ssh_sandbox_parent_preauth(box, pid); monitor_child_preauth(authctxt, pmonitor); @@ -730,6 +758,7 @@ privsep_postauth(Authctxt *authctxt) arc4random_stir(); arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); + explicit_bzero(rnd, sizeof(rnd)); /* Drop privileges */ do_setusercontext(authctxt->pw); @@ -758,11 +787,14 @@ list_hostkey_types(void) for (i = 0; i < options.num_host_key_files; i++) { key = sensitive_data.host_keys[i]; if (key == NULL) + key = sensitive_data.host_pubkeys[i]; + if (key == NULL) continue; switch (key->type) { case KEY_RSA: case KEY_DSA: case KEY_ECDSA: + case KEY_ED25519: if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); p = key_ssh_name(key); @@ -779,6 +811,7 @@ list_hostkey_types(void) case KEY_RSA_CERT: case KEY_DSA_CERT: case KEY_ECDSA_CERT: + case KEY_ED25519_CERT: if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); p = key_ssh_name(key); @@ -806,10 +839,13 @@ get_hostkey_by_type(int type, int need_private) case KEY_RSA_CERT: case KEY_DSA_CERT: case KEY_ECDSA_CERT: + case KEY_ED25519_CERT: key = sensitive_data.host_certificates[i]; break; default: key = sensitive_data.host_keys[i]; + if (key == NULL && !need_private) + key = sensitive_data.host_pubkeys[i]; break; } if (key != NULL && key->type == type) @@ -839,6 +875,14 @@ get_hostkey_by_index(int ind) return (sensitive_data.host_keys[ind]); } +Key * +get_hostkey_public_by_index(int ind) +{ + if (ind < 0 || ind >= options.num_host_key_files) + return (NULL); + return (sensitive_data.host_pubkeys[ind]); +} + int get_hostkey_index(Key *key) { @@ -851,6 +895,8 @@ get_hostkey_index(Key *key) } else { if (key == sensitive_data.host_keys[i]) return (i); + if (key == sensitive_data.host_pubkeys[i]) + return (i); } } return (-1); @@ -888,11 +934,18 @@ static void usage(void) { fprintf(stderr, "%s, %s\n", - SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); fprintf(stderr, "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" -" [-f config_file] [-g login_grace_time] [-h host_key_file]\n" -" [-k key_gen_time] [-o option] [-p port] [-u len]\n" +" [-E log_file] [-f config_file] [-g login_grace_time]\n" +" [-h host_key_file] [-k key_gen_time] [-o option] [-p port]\n" +" [-u len]\n" ); exit(1); } @@ -920,6 +973,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); +#ifdef WITH_SSH1 if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { buffer_put_int(&m, 1); @@ -930,6 +984,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); } else +#endif buffer_put_int(&m, 0); #ifndef OPENSSL_PRNG_ONLY @@ -963,9 +1018,10 @@ recv_rexec_state(int fd, Buffer *conf) cp = buffer_get_string(&m, &len); if (conf != NULL) buffer_append(conf, cp, len + 1); - xfree(cp); + free(cp); if (buffer_get_int(&m)) { +#ifdef WITH_SSH1 if (sensitive_data.server_key != NULL) key_free(sensitive_data.server_key); sensitive_data.server_key = key_new_private(KEY_RSA1); @@ -975,8 +1031,13 @@ recv_rexec_state(int fd, Buffer *conf) buffer_get_bignum(&m, sensitive_data.server_key->rsa->iqmp); buffer_get_bignum(&m, sensitive_data.server_key->rsa->p); buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); - rsa_generate_additional_parameters( - sensitive_data.server_key->rsa); + if (rsa_generate_additional_parameters( + sensitive_data.server_key->rsa) != 0) + fatal("%s: rsa_generate_additional_parameters " + "error", __func__); +#else + fatal("ssh1 not supported"); +#endif } #ifndef OPENSSL_PRNG_ONLY @@ -1014,7 +1075,9 @@ server_accept_inetd(int *sock_in, int *sock_out) if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { dup2(fd, STDIN_FILENO); dup2(fd, STDOUT_FILENO); - if (fd > STDOUT_FILENO) + if (!log_stderr) + dup2(fd, STDERR_FILENO); + if (fd > (log_stderr ? STDERR_FILENO : STDOUT_FILENO)) close(fd); } debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); @@ -1105,6 +1168,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) struct sockaddr_storage from; socklen_t fromlen; pid_t pid; + u_char rnd[256]; /* setup fd set for accept */ fdset = NULL; @@ -1125,7 +1189,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) if (received_sighup) sighup_restart(); if (fdset != NULL) - xfree(fdset); + free(fdset); fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); @@ -1174,8 +1238,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) *newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); if (*newsock < 0) { - if (errno != EINTR && errno != EAGAIN && - errno != EWOULDBLOCK) + if (errno != EINTR && errno != EWOULDBLOCK && + errno != ECONNABORTED && errno != EAGAIN) error("accept: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) @@ -1305,6 +1369,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * from that of the child */ arc4random_stir(); + arc4random_buf(rnd, sizeof(rnd)); + RAND_seed(rnd, sizeof(rnd)); + explicit_bzero(rnd, sizeof(rnd)); } /* child process check (or debug mode) */ @@ -1326,11 +1393,14 @@ main(int ac, char **av) int sock_in = -1, sock_out = -1, newsock = -1; const char *remote_ip; int remote_port; - char *line; + char *line, *logfile = NULL; int config_s[2] = { -1 , -1 }; + u_int n; u_int64_t ibytes, obytes; mode_t new_umask; Key *key; + Key *pubkey; + int keytype; Authctxt *authctxt; struct connection_info *connection_info = get_connection_info(0, 0); @@ -1363,7 +1433,7 @@ main(int ac, char **av) initialize_server_options(&options); /* Parse command-line arguments. */ - while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) { + while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeE:iqrtQRT46")) != -1) { switch (opt) { case '4': options.address_family = AF_INET; @@ -1392,6 +1462,9 @@ main(int ac, char **av) case 'D': no_daemon_flag = 1; break; + case 'E': + logfile = xstrdup(optarg); + /* FALLTHROUGH */ case 'e': log_stderr = 1; break; @@ -1470,7 +1543,7 @@ main(int ac, char **av) if (process_server_config_line(&options, line, "command-line", 0, NULL, NULL) != 0) exit(1); - xfree(line); + free(line); break; case '?': default: @@ -1487,8 +1560,15 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif + /* If requested, redirect the logs to the specified logfile. */ + if (logfile != NULL) { + log_redirect_stderr_to(logfile); + free(logfile); + } /* * Force logging to stderr until we have loaded the private host * key (unless started from inetd) @@ -1550,6 +1630,33 @@ main(int ac, char **av) if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; + /* Check that options are sensible */ + if (options.authorized_keys_command_user == NULL && + (options.authorized_keys_command != NULL && + strcasecmp(options.authorized_keys_command, "none") != 0)) + fatal("AuthorizedKeysCommand set without " + "AuthorizedKeysCommandUser"); + + /* + * Check whether there is any path through configured auth methods. + * Unfortunately it is not possible to verify this generally before + * daemonisation in the presence of Match block, but this catches + * and warns for trivial misconfigurations that could break login. + */ + if (options.num_auth_methods != 0) { + if ((options.protocol & SSH_PROTO_1)) + fatal("AuthenticationMethods is not supported with " + "SSH protocol 1"); + for (n = 0; n < options.num_auth_methods; n++) { + if (auth2_methods_valid(options.auth_methods[n], + 1) == 0) + break; + } + if (n >= options.num_auth_methods) + fatal("AuthenticationMethods cannot be satisfied by " + "enabled authentication methods"); + } + /* set default channel AF */ channel_set_af(options.address_family); @@ -1559,7 +1666,13 @@ main(int ac, char **av) exit(1); } - debug("sshd version %.100s", SSH_RELEASE); + debug("sshd version %s, %s", SSH_VERSION, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); /* Store privilege separation user for later use if required. */ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { @@ -1567,29 +1680,53 @@ main(int ac, char **av) fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); } else { - memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + explicit_bzero(privsep_pw->pw_passwd, + strlen(privsep_pw->pw_passwd)); privsep_pw = pwcopy(privsep_pw); - xfree(privsep_pw->pw_passwd); + free(privsep_pw->pw_passwd); privsep_pw->pw_passwd = xstrdup("*"); } endpwent(); - /* load private host keys */ + /* load host keys */ sensitive_data.host_keys = xcalloc(options.num_host_key_files, sizeof(Key *)); - for (i = 0; i < options.num_host_key_files; i++) + sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, + sizeof(Key *)); + for (i = 0; i < options.num_host_key_files; i++) { sensitive_data.host_keys[i] = NULL; + sensitive_data.host_pubkeys[i] = NULL; + } + + if (options.host_key_agent) { + if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) + setenv(SSH_AUTHSOCKET_ENV_NAME, + options.host_key_agent, 1); + have_agent = ssh_agent_present(); + } for (i = 0; i < options.num_host_key_files; i++) { key = key_load_private(options.host_key_files[i], "", NULL); + pubkey = key_load_public(options.host_key_files[i], NULL); sensitive_data.host_keys[i] = key; - if (key == NULL) { + sensitive_data.host_pubkeys[i] = pubkey; + + if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 && + have_agent) { + debug("will rely on agent for hostkey %s", + options.host_key_files[i]); + keytype = pubkey->type; + } else if (key != NULL) { + keytype = key->type; + } else { error("Could not load host key: %s", options.host_key_files[i]); sensitive_data.host_keys[i] = NULL; + sensitive_data.host_pubkeys[i] = NULL; continue; } - switch (key->type) { + + switch (keytype) { case KEY_RSA1: sensitive_data.ssh1_host_key = key; sensitive_data.have_ssh1_key = 1; @@ -1597,11 +1734,12 @@ main(int ac, char **av) case KEY_RSA: case KEY_DSA: case KEY_ECDSA: + case KEY_ED25519: sensitive_data.have_ssh2_key = 1; break; } - debug("private host key: #%d type %d %s", i, key->type, - key_type(key)); + debug("private host key: #%d type %d %s", i, keytype, + key_type(key ? key : pubkey)); } if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { logit("Disabling protocol version 1. Could not load host key"); @@ -1656,6 +1794,8 @@ main(int ac, char **av) debug("host certificate: #%d type %d %s", j, key->type, key_type(key)); } + +#ifdef WITH_SSH1 /* Check certain values for sanity. */ if (options.protocol & SSH_PROTO_1) { if (options.server_key_bits < 512 || @@ -1680,6 +1820,7 @@ main(int ac, char **av) options.server_key_bits); } } +#endif if (use_privsep) { struct stat st; @@ -1763,12 +1904,10 @@ main(int ac, char **av) /* Reinitialize the log (because of the fork above). */ log_init(__progname, options.log_level, options.log_facility, log_stderr); - /* Initialize the random number generator. */ - arc4random_stir(); - /* Chdir to the root directory so that the current disk can be unmounted if desired. */ - chdir("/"); + if (chdir("/") == -1) + error("chdir(\"/\"): %s", strerror(errno)); /* ignore SIGPIPE */ signal(SIGPIPE, SIG_IGN); @@ -1836,13 +1975,14 @@ main(int ac, char **av) dup2(STDIN_FILENO, STDOUT_FILENO); if (startup_pipe == -1) close(REEXEC_STARTUP_PIPE_FD); - else + else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) { dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD); + close(startup_pipe); + startup_pipe = REEXEC_STARTUP_PIPE_FD; + } dup2(config_s[1], REEXEC_CONFIG_PASS_FD); close(config_s[1]); - if (startup_pipe != -1) - close(startup_pipe); execv(rexec_argv[0], rexec_argv); @@ -1853,8 +1993,6 @@ main(int ac, char **av) options.log_facility, log_stderr); /* Clean up fds */ - startup_pipe = REEXEC_STARTUP_PIPE_FD; - close(config_s[1]); close(REEXEC_CONFIG_PASS_FD); newsock = sock_out = sock_in = dup(STDIN_FILENO); if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { @@ -1916,27 +2054,11 @@ main(int ac, char **av) #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); #endif -#ifdef LIBWRAP - allow_severity = options.log_facility|LOG_INFO; - deny_severity = options.log_facility|LOG_WARNING; - /* Check whether logins are denied from this host. */ - if (packet_connection_is_on_socket()) { - struct request_info req; - - request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); - fromhost(&req); - - if (!hosts_access(&req)) { - debug("Connection refused by tcp wrapper"); - refuse(&req); - /* NOTREACHED */ - fatal("libwrap refuse returns"); - } - } -#endif /* LIBWRAP */ /* Log the connection. */ - verbose("Connection from %.500s port %d", remote_ip, remote_port); + verbose("Connection from %s port %d on %s port %d", + remote_ip, remote_port, + get_local_ipaddr(sock_in), get_local_port()); /* * We don't want to listen forever unless the other side @@ -1970,9 +2092,11 @@ main(int ac, char **av) buffer_init(&loginmsg); auth_debug_reset(); - if (use_privsep) + if (use_privsep) { if (privsep_preauth(authctxt) == 1) goto authenticated; + } else if (compat20 && have_agent) + auth_conn = ssh_get_authentication_connection(); /* perform the key exchange */ /* authenticate user and start session */ @@ -1980,8 +2104,12 @@ main(int ac, char **av) do_ssh2_kex(); do_authentication2(authctxt); } else { +#ifdef WITH_SSH1 do_ssh1_kex(); do_authentication(authctxt); +#else + fatal("ssh1 not supported"); +#endif } /* * If we use privilege separation, the unprivileged child transfers @@ -2065,6 +2193,7 @@ main(int ac, char **av) exit(0); } +#ifdef WITH_SSH1 /* * Decrypt session_key_int using our private server key and private host key * (key with larger modulus first). @@ -2088,10 +2217,10 @@ ssh1_session_key(BIGNUM *session_key_int) SSH_KEY_BITS_RESERVED); } if (rsa_private_decrypt(session_key_int, session_key_int, - sensitive_data.server_key->rsa) <= 0) + sensitive_data.server_key->rsa) != 0) rsafail++; if (rsa_private_decrypt(session_key_int, session_key_int, - sensitive_data.ssh1_host_key->rsa) <= 0) + sensitive_data.ssh1_host_key->rsa) != 0) rsafail++; } else { /* Host key has bigger modulus (or they are equal). */ @@ -2106,14 +2235,15 @@ ssh1_session_key(BIGNUM *session_key_int) SSH_KEY_BITS_RESERVED); } if (rsa_private_decrypt(session_key_int, session_key_int, - sensitive_data.ssh1_host_key->rsa) < 0) + sensitive_data.ssh1_host_key->rsa) != 0) rsafail++; if (rsa_private_decrypt(session_key_int, session_key_int, - sensitive_data.server_key->rsa) < 0) + sensitive_data.server_key->rsa) != 0) rsafail++; } return (rsafail); } + /* * SSH1 key exchange */ @@ -2226,7 +2356,7 @@ do_ssh1_kex(void) get_remote_ipaddr(), len, (u_long)sizeof(session_key)); rsafail++; } else { - memset(session_key, 0, sizeof(session_key)); + explicit_bzero(session_key, sizeof(session_key)); BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len); @@ -2245,21 +2375,27 @@ do_ssh1_kex(void) if (rsafail) { int bytes = BN_num_bytes(session_key_int); u_char *buf = xmalloc(bytes); - MD5_CTX md; + struct ssh_digest_ctx *md; logit("do_connection: generating a fake encryption key"); BN_bn2bin(session_key_int, buf); - MD5_Init(&md); - MD5_Update(&md, buf, bytes); - MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); - MD5_Final(session_key, &md); - MD5_Init(&md); - MD5_Update(&md, session_key, 16); - MD5_Update(&md, buf, bytes); - MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); - MD5_Final(session_key + 16, &md); - memset(buf, 0, bytes); - xfree(buf); + if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || + ssh_digest_update(md, buf, bytes) < 0 || + ssh_digest_update(md, sensitive_data.ssh1_cookie, + SSH_SESSION_KEY_LENGTH) < 0 || + ssh_digest_final(md, session_key, sizeof(session_key)) < 0) + fatal("%s: md5 failed", __func__); + ssh_digest_free(md); + if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || + ssh_digest_update(md, session_key, 16) < 0 || + ssh_digest_update(md, sensitive_data.ssh1_cookie, + SSH_SESSION_KEY_LENGTH) < 0 || + ssh_digest_final(md, session_key + 16, + sizeof(session_key) - 16) < 0) + fatal("%s: md5 failed", __func__); + ssh_digest_free(md); + explicit_bzero(buf, bytes); + free(buf); for (i = 0; i < 16; i++) session_id[i] = session_key[i] ^ session_key[i + 16]; } @@ -2276,7 +2412,7 @@ do_ssh1_kex(void) packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); /* Destroy our copy of the session key. It is no longer needed. */ - memset(session_key, 0, sizeof(session_key)); + explicit_bzero(session_key, sizeof(session_key)); debug("Received session key; encryption turned on."); @@ -2285,6 +2421,24 @@ do_ssh1_kex(void) packet_send(); packet_write_wait(); } +#endif + +void +sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, + u_char *data, u_int dlen) +{ + if (privkey) { + if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0)) + fatal("%s: key_sign failed", __func__); + } else if (use_privsep) { + if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0) + fatal("%s: pubkey_sign failed", __func__); + } else { + if (ssh_agent_sign(auth_conn, pubkey, signature, slen, data, + dlen)) + fatal("%s: ssh_agent_sign failed", __func__); + } +} /* * SSH2 key exchange: diffie-hellman-group1-sha1 @@ -2292,6 +2446,7 @@ do_ssh1_kex(void) static void do_ssh2_kex(void) { + char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; Kex *kex; if (options.ciphers != NULL) { @@ -2317,21 +2472,33 @@ do_ssh2_kex(void) if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( + myproposal[PROPOSAL_KEX_ALGS]); + + if (options.rekey_limit || options.rekey_interval) + packet_set_rekey_limits((u_int32_t)options.rekey_limit, + (time_t)options.rekey_interval); + + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( + list_hostkey_types()); /* start key exchange */ kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#endif + kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; + kex->sign = sshd_hostkey_sign; xxx_kex = kex; @@ -2356,7 +2523,8 @@ cleanup_exit(int i) { if (the_authctxt) { do_cleanup(the_authctxt); - if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) { + if (use_privsep && privsep_is_preauth && + pmonitor != NULL && pmonitor->m_pid > 1) { debug("Killing privsep child %d", pmonitor->m_pid); if (kill(pmonitor->m_pid, SIGKILL) != 0 && errno != ESRCH) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 9424ee2c64..e9045bc4d7 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $ +# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -24,11 +24,15 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 +# Ciphers and keying +#RekeyLimit default none + # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH @@ -51,6 +55,9 @@ AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -78,8 +85,8 @@ AuthorizedKeysFile .ssh/authorized_keys #GSSAPIAuthentication no #GSSAPICleanupCredentials yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -95,6 +102,7 @@ AuthorizedKeysFile .ssh/authorized_keys #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes +#PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes @@ -106,7 +114,7 @@ UsePrivilegeSeparation sandbox # Default for new installations. #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid -#MaxStartups 10 +#MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none @@ -121,4 +129,5 @@ Subsystem sftp /usr/libexec/sftp-server #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no +# PermitTTY no # ForceCommand cvs server diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 314ecfb0e6..fd44abe75e 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $ -.Dd $Mdocdate: June 29 2012 $ +.\" $OpenBSD: sshd_config.5,v 1.176 2014/07/28 15:40:08 schwarze Exp $ +.Dd $Mdocdate: July 28 2014 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -117,18 +117,49 @@ The allow/deny directives are processed in the following order: and finally .Cm AllowGroups . .Pp -See -.Sx PATTERNS -in +See PATTERNS in .Xr ssh_config 5 for more information on patterns. .It Cm AllowTcpForwarding Specifies whether TCP forwarding is permitted. +The available options are +.Dq yes +or +.Dq all +to allow TCP forwarding, +.Dq no +to prevent all TCP forwarding, +.Dq local +to allow local (from the perspective of +.Xr ssh 1 ) +forwarding only or +.Dq remote +to allow remote forwarding only. The default is .Dq yes . Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. +.It Cm AllowStreamLocalForwarding +Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. +The available options are +.Dq yes +or +.Dq all +to allow StreamLocal forwarding, +.Dq no +to prevent all StreamLocal forwarding, +.Dq local +to allow local (from the perspective of +.Xr ssh 1 ) +forwarding only or +.Dq remote +to allow remote forwarding only. +The default is +.Dq yes . +Note that disabling StreamLocal forwarding does not improve security unless +users are also denied shell access, as they can always install their +own forwarders. .It Cm AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. @@ -146,16 +177,66 @@ The allow/deny directives are processed in the following order: and finally .Cm AllowGroups . .Pp -See -.Sx PATTERNS -in +See PATTERNS in .Xr ssh_config 5 for more information on patterns. +.It Cm AuthenticationMethods +Specifies the authentication methods that must be successfully completed +for a user to be granted access. +This option must be followed by one or more comma-separated lists of +authentication method names. +Successful authentication requires completion of every method in at least +one of these lists. +.Pp +For example, an argument of +.Dq publickey,password publickey,keyboard-interactive +would require the user to complete public key authentication, followed by +either password or keyboard interactive authentication. +Only methods that are next in one or more lists are offered at each stage, +so for this example, it would not be possible to attempt password or +keyboard-interactive authentication before public key. +.Pp +For keyboard interactive authentication it is also possible to +restrict authentication to a specific device by appending a +colon followed by the device identifier +.Dq bsdauth , +.Dq pam , +or +.Dq skey , +depending on the server configuration. +For example, +.Dq keyboard-interactive:bsdauth +would restrict keyboard interactive authentication to the +.Dq bsdauth +device. +.Pp +This option is only available for SSH protocol 2 and will yield a fatal +error if enabled if protocol 1 is also enabled. +Note that each authentication method listed should also be explicitly enabled +in the configuration. +The default is not to require multiple authentication; successful completion +of a single authentication method is sufficient. +.It Cm AuthorizedKeysCommand +Specifies a program to be used to look up the user's public keys. +The program must be owned by root and not writable by group or others. +It will be invoked with a single argument of the username +being authenticated, and should produce on standard output zero or +more lines of authorized_keys output (see AUTHORIZED_KEYS in +.Xr sshd 8 ) . +If a key supplied by AuthorizedKeysCommand does not successfully authenticate +and authorize the user then public key authentication continues using the usual +.Cm AuthorizedKeysFile +files. +By default, no AuthorizedKeysCommand is run. +.It Cm AuthorizedKeysCommandUser +Specifies the user under whose account the AuthorizedKeysCommand is run. +It is recommended to use a dedicated user that has no other role on the host +than running authorized keys commands. .It Cm AuthorizedKeysFile Specifies the file that contains the public keys that can be used for user authentication. The format is described in the -.Sx AUTHORIZED_KEYS FILE FORMAT +AUTHORIZED_KEYS FILE FORMAT section of .Xr sshd 8 . .Cm AuthorizedKeysFile @@ -179,9 +260,7 @@ When using certificates signed by a key listed in this file lists names, one of which must appear in the certificate for it to be accepted for authentication. Names are listed one per line preceded by key options (as described -in -.Sx AUTHORIZED_KEYS FILE FORMAT -in +in AUTHORIZED_KEYS FILE FORMAT in .Xr sshd 8 ) . Empty lines and comments starting with .Ql # @@ -224,7 +303,7 @@ This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed (e.g. via -PAM or though authentication styles supported in +PAM or through authentication styles supported in .Xr login.conf 5 ) The default is .Dq yes . @@ -265,9 +344,9 @@ For file transfer sessions using .Dq sftp , no additional configuration of the environment is necessary if the in-process sftp server is used, -though sessions which use logging do require +though sessions which use logging may require .Pa /dev/log -inside the chroot directory (see +inside the chroot directory on some operating systems (see .Xr sftp-server 8 for details). .Pp @@ -276,26 +355,52 @@ The default is not to .It Cm Ciphers Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. -The supported ciphers are -.Dq 3des-cbc , -.Dq aes128-cbc , -.Dq aes192-cbc , -.Dq aes256-cbc , -.Dq aes128-ctr , -.Dq aes192-ctr , -.Dq aes256-ctr , -.Dq arcfour128 , -.Dq arcfour256 , -.Dq arcfour , -.Dq blowfish-cbc , -and -.Dq cast128-cbc . +The supported ciphers are: +.Pp +.Bl -item -compact -offset indent +.It +3des-cbc +.It +aes128-cbc +.It +aes192-cbc +.It +aes256-cbc +.It +aes128-ctr +.It +aes192-ctr +.It +aes256-ctr +.It +aes128-gcm@openssh.com +.It +aes256-gcm@openssh.com +.It +arcfour +.It +arcfour128 +.It +arcfour256 +.It +blowfish-cbc +.It +cast128-cbc +.It +chacha20-poly1305@openssh.com +.El +.Pp The default is: -.Bd -literal -offset 3n -aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, -aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, -aes256-cbc,arcfour +.Bd -literal -offset indent +aes128-ctr,aes192-ctr,aes256-ctr, +aes128-gcm@openssh.com,aes256-gcm@openssh.com, +chacha20-poly1305@openssh.com .Ed +.Pp +The list of available ciphers may also be obtained using the +.Fl Q +option of +.Xr ssh 1 . .It Cm ClientAliveCountMax Sets the number of client alive messages (see below) which may be sent without @@ -356,9 +461,7 @@ The allow/deny directives are processed in the following order: and finally .Cm AllowGroups . .Pp -See -.Sx PATTERNS -in +See PATTERNS in .Xr ssh_config 5 for more information on patterns. .It Cm DenyUsers @@ -377,9 +480,7 @@ The allow/deny directives are processed in the following order: and finally .Cm AllowGroups . .Pp -See -.Sx PATTERNS -in +See PATTERNS in .Xr ssh_config 5 for more information on patterns. .It Cm ForceCommand @@ -473,7 +574,8 @@ The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and .Pa /etc/ssh/ssh_host_dsa_key , -.Pa /etc/ssh/ssh_host_ecdsa_key +.Pa /etc/ssh/ssh_host_ecdsa_key , +.Pa /etc/ssh/ssh_host_ed25519_key and .Pa /etc/ssh/ssh_host_rsa_key for protocol version 2. @@ -484,10 +586,23 @@ It is possible to have multiple host key files. .Dq rsa1 keys are used for version 1 and .Dq dsa , -.Dq ecdsa +.Dq ecdsa , +.Dq ed25519 or .Dq rsa are used for version 2 of the SSH protocol. +It is also possible to specify public host key files instead. +In this case operations on the private key will be delegated +to an +.Xr ssh-agent 1 . +.It Cm HostKeyAgent +Identifies the UNIX-domain socket used to communicate +with an agent that has access to the private host keys. +If +.Dq SSH_AUTH_SOCK +is specified, the location of the socket will be read from the +.Ev SSH_AUTH_SOCK +environment variable. .It Cm IgnoreRhosts Specifies that .Pa .rhosts @@ -552,6 +667,17 @@ The default is for interactive sessions and .Dq throughput for non-interactive sessions. +.It Cm KbdInteractiveAuthentication +Specifies whether to allow keyboard-interactive authentication. +The argument to this keyword must be +.Dq yes +or +.Dq no . +The default is to use whatever value +.Cm ChallengeResponseAuthentication +is set to +(by default +.Dq yes ) . .It Cm KerberosAuthentication Specifies whether the password provided by the user for .Cm PasswordAuthentication @@ -580,14 +706,34 @@ The default is .It Cm KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated. -The default is -.Dq ecdh-sha2-nistp256 , -.Dq ecdh-sha2-nistp384 , -.Dq ecdh-sha2-nistp521 , -.Dq diffie-hellman-group-exchange-sha256 , -.Dq diffie-hellman-group-exchange-sha1 , -.Dq diffie-hellman-group14-sha1 , -.Dq diffie-hellman-group1-sha1 . +The supported algorithms are: +.Pp +.Bl -item -compact -offset indent +.It +curve25519-sha256@libssh.org +.It +diffie-hellman-group1-sha1 +.It +diffie-hellman-group14-sha1 +.It +diffie-hellman-group-exchange-sha1 +.It +diffie-hellman-group-exchange-sha256 +.It +ecdh-sha2-nistp256 +.It +ecdh-sha2-nistp384 +.It +ecdh-sha2-nistp521 +.El +.Pp +The default is: +.Bd -literal -offset indent +curve25519-sha256@libssh.org, +ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, +diffie-hellman-group-exchange-sha256, +diffie-hellman-group14-sha1 +.Ed .It Cm KeyRegenerationInterval In protocol version 1, the ephemeral server key is automatically regenerated after this many seconds (if it has been used). @@ -654,11 +800,57 @@ Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. +The algorithms that contain +.Dq -etm +calculate the MAC after encryption (encrypt-then-mac). +These are considered safer and their use recommended. +The supported MACs are: +.Pp +.Bl -item -compact -offset indent +.It +hmac-md5 +.It +hmac-md5-96 +.It +hmac-ripemd160 +.It +hmac-sha1 +.It +hmac-sha1-96 +.It +hmac-sha2-256 +.It +hmac-sha2-512 +.It +umac-64@openssh.com +.It +umac-128@openssh.com +.It +hmac-md5-etm@openssh.com +.It +hmac-md5-96-etm@openssh.com +.It +hmac-ripemd160-etm@openssh.com +.It +hmac-sha1-etm@openssh.com +.It +hmac-sha1-96-etm@openssh.com +.It +hmac-sha2-256-etm@openssh.com +.It +hmac-sha2-512-etm@openssh.com +.It +umac-64-etm@openssh.com +.It +umac-128-etm@openssh.com +.El +.Pp The default is: .Bd -literal -offset indent -hmac-md5,hmac-sha1,umac-64@openssh.com, -hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, -hmac-sha1-96,hmac-md5-96 +umac-64-etm@openssh.com,umac-128-etm@openssh.com, +hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +umac-64@openssh.com,umac-128@openssh.com, +hmac-sha2-256,hmac-sha2-512 .Ed .It Cm Match Introduces a conditional block. @@ -668,10 +860,16 @@ line are satisfied, the keywords on the following lines override those set in the global section of the config file, until either another .Cm Match line or the end of the file. +If a keyword appears in multiple +.Cm Match +blocks that are satisified, only the first instance of the keyword is +applied. .Pp The arguments to .Cm Match -are one or more criteria-pattern pairs. +are one or more criteria-pattern pairs or the single token +.Cm All +which matches all criteria. The available criteria are .Cm User , .Cm Group , @@ -682,8 +880,7 @@ and .Cm Address . The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the -.Sx PATTERNS -section of +PATTERNS section of .Xr ssh_config 5 . .Pp The patterns in an @@ -711,6 +908,9 @@ Available keywords are .Cm AllowGroups , .Cm AllowTcpForwarding , .Cm AllowUsers , +.Cm AuthenticationMethods , +.Cm AuthorizedKeysCommand , +.Cm AuthorizedKeysCommandUser , .Cm AuthorizedKeysFile , .Cm AuthorizedPrincipalsFile , .Cm Banner , @@ -730,8 +930,11 @@ Available keywords are .Cm PermitEmptyPasswords , .Cm PermitOpen , .Cm PermitRootLogin , +.Cm PermitTTY , .Cm PermitTunnel , +.Cm PermitUserRC , .Cm PubkeyAuthentication , +.Cm RekeyLimit , .Cm RhostsRSAAuthentication , .Cm RSAAuthentication , .Cm X11DisplayOffset , @@ -753,7 +956,7 @@ SSH daemon. Additional connections will be dropped until authentication succeeds or the .Cm LoginGraceTime expires for a connection. -The default is 10. +The default is 10:30:100. .Pp Alternatively, random early drop can be enabled by specifying the three colon separated values @@ -858,6 +1061,12 @@ and .Dq ethernet . The default is .Dq no . +.It Cm PermitTTY +Specifies whether +.Xr pty 4 +allocation is permitted. +The default is +.Dq yes . .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment @@ -872,6 +1081,12 @@ The default is Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as .Ev LD_PRELOAD . +.It Cm PermitUserRC +Specifies whether any +.Pa ~/.ssh/rc +file is executed. +The default is +.Dq yes . .It Cm PidFile Specifies the file that contains the process ID of the SSH daemon. @@ -926,11 +1141,42 @@ Specifies whether public key authentication is allowed. The default is .Dq yes . Note that this option applies to protocol version 2 only. +.It Cm RekeyLimit +Specifies the maximum amount of data that may be transmitted before the +session key is renegotiated, optionally followed a maximum amount of +time that may pass before the session key is renegotiated. +The first argument is specified in bytes and may have a suffix of +.Sq K , +.Sq M , +or +.Sq G +to indicate Kilobytes, Megabytes, or Gigabytes, respectively. +The default is between +.Sq 1G +and +.Sq 4G , +depending on the cipher. +The optional second value is specified in seconds and may use any of the +units documented in the +.Sx TIME FORMATS +section. +The default value for +.Cm RekeyLimit +is +.Dq default none , +which means that rekeying is performed after the cipher's default amount +of data has been sent or received and no time based rekeying is done. +This option applies to protocol version 2 only. .It Cm RevokedKeys -Specifies a list of revoked public keys. +Specifies revoked public keys. Keys listed in this file will be refused for public key authentication. Note that if this file is not readable, then public key authentication will be refused for all users. +Keys may be specified as a text file, listing one public key per line, or as +an OpenSSH Key Revocation List (KRL) as generated by +.Xr ssh-keygen 1 . +For more information on KRLs, see the KEY REVOCATION LISTS section in +.Xr ssh-keygen 1 . .It Cm RhostsRSAAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is allowed. @@ -945,6 +1191,33 @@ This option applies to protocol version 1 only. .It Cm ServerKeyBits Defines the number of bits in the ephemeral protocol version 1 server key. The minimum value is 512, and the default is 1024. +.It Cm StreamLocalBindMask +Sets the octal file creation mode mask +.Pq umask +used when creating a Unix-domain socket file for local or remote +port forwarding. +This option is only used for port forwarding to a Unix-domain socket file. +.Pp +The default value is 0177, which creates a Unix-domain socket file that is +readable and writable only by the owner. +Note that not all operating systems honor the file mode on Unix-domain +socket files. +.It Cm StreamLocalBindUnlink +Specifies whether to remove an existing Unix-domain socket file for local +or remote port forwarding before creating a new one. +If the socket file already exists and +.Cm StreamLocalBindUnlink +is not enabled, +.Nm sshd +will be unable to forward the port to the Unix-domain socket file. +This option is only used for port forwarding to a Unix-domain socket file. +.Pp +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm StrictModes Specifies whether .Xr sshd 8 @@ -1018,9 +1291,7 @@ listed in the certificate's principals list. Note that certificates that lack a list of principals will not be permitted for authentication using .Cm TrustedUserCAKeys . -For more details on certificates, see the -.Sx CERTIFICATES -section in +For more details on certificates, see the CERTIFICATES section in .Xr ssh-keygen 1 . .It Cm UseDNS Specifies whether diff --git a/crypto/openssh/ssherr.c b/crypto/openssh/ssherr.c new file mode 100644 index 0000000000..49fbb71de7 --- /dev/null +++ b/crypto/openssh/ssherr.c @@ -0,0 +1,131 @@ +/* $OpenBSD: ssherr.c,v 1.1 2014/04/30 05:29:56 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include "ssherr.h" + +const char * +ssh_err(int n) +{ + switch (n) { + case SSH_ERR_SUCCESS: + return "success"; + case SSH_ERR_INTERNAL_ERROR: + return "unexpected internal error"; + case SSH_ERR_ALLOC_FAIL: + return "memory allocation failed"; + case SSH_ERR_MESSAGE_INCOMPLETE: + return "incomplete message"; + case SSH_ERR_INVALID_FORMAT: + return "invalid format"; + case SSH_ERR_BIGNUM_IS_NEGATIVE: + return "bignum is negative"; + case SSH_ERR_STRING_TOO_LARGE: + return "string is too large"; + case SSH_ERR_BIGNUM_TOO_LARGE: + return "bignum is too large"; + case SSH_ERR_ECPOINT_TOO_LARGE: + return "elliptic curve point is too large"; + case SSH_ERR_NO_BUFFER_SPACE: + return "insufficient buffer space"; + case SSH_ERR_INVALID_ARGUMENT: + return "invalid argument"; + case SSH_ERR_KEY_BITS_MISMATCH: + return "key bits do not match"; + case SSH_ERR_EC_CURVE_INVALID: + return "invalid elliptic curve"; + case SSH_ERR_KEY_TYPE_MISMATCH: + return "key type does not match"; + case SSH_ERR_KEY_TYPE_UNKNOWN: + return "unknown or unsupported key type"; + case SSH_ERR_EC_CURVE_MISMATCH: + return "elliptic curve does not match"; + case SSH_ERR_EXPECTED_CERT: + return "plain key provided where certificate required"; + case SSH_ERR_KEY_LACKS_CERTBLOB: + return "key lacks certificate data"; + case SSH_ERR_KEY_CERT_UNKNOWN_TYPE: + return "unknown/unsupported certificate type"; + case SSH_ERR_KEY_CERT_INVALID_SIGN_KEY: + return "invalid certificate signing key"; + case SSH_ERR_KEY_INVALID_EC_VALUE: + return "invalid elliptic curve value"; + case SSH_ERR_SIGNATURE_INVALID: + return "incorrect signature"; + case SSH_ERR_LIBCRYPTO_ERROR: + return "error in libcrypto"; /* XXX fetch and return */ + case SSH_ERR_UNEXPECTED_TRAILING_DATA: + return "unexpected bytes remain after decoding"; + case SSH_ERR_SYSTEM_ERROR: + return strerror(errno); + case SSH_ERR_KEY_CERT_INVALID: + return "invalid certificate"; + case SSH_ERR_AGENT_COMMUNICATION: + return "communication with agent failed"; + case SSH_ERR_AGENT_FAILURE: + return "agent refused operation"; + case SSH_ERR_DH_GEX_OUT_OF_RANGE: + return "DH GEX group out of range"; + case SSH_ERR_DISCONNECTED: + return "disconnected"; + case SSH_ERR_MAC_INVALID: + return "message authentication code incorrect"; + case SSH_ERR_NO_CIPHER_ALG_MATCH: + return "no matching cipher found"; + case SSH_ERR_NO_MAC_ALG_MATCH: + return "no matching MAC found"; + case SSH_ERR_NO_COMPRESS_ALG_MATCH: + return "no matching compression method found"; + case SSH_ERR_NO_KEX_ALG_MATCH: + return "no matching key exchange method found"; + case SSH_ERR_NO_HOSTKEY_ALG_MATCH: + return "no matching host key type found"; + case SSH_ERR_PROTOCOL_MISMATCH: + return "protocol version mismatch"; + case SSH_ERR_NO_PROTOCOL_VERSION: + return "could not read protocol version"; + case SSH_ERR_NO_HOSTKEY_LOADED: + return "could not load host key"; + case SSH_ERR_NEED_REKEY: + return "rekeying not supported by peer"; + case SSH_ERR_PASSPHRASE_TOO_SHORT: + return "passphrase is too short (minimum four characters)"; + case SSH_ERR_FILE_CHANGED: + return "file changed while reading"; + case SSH_ERR_KEY_UNKNOWN_CIPHER: + return "key encrypted using unsupported cipher"; + case SSH_ERR_KEY_WRONG_PASSPHRASE: + return "incorrect passphrase supplied to decrypt private key"; + case SSH_ERR_KEY_BAD_PERMISSIONS: + return "bad permissions"; + case SSH_ERR_KEY_CERT_MISMATCH: + return "certificate does not match key"; + case SSH_ERR_KEY_NOT_FOUND: + return "key not found"; + case SSH_ERR_AGENT_NOT_PRESENT: + return "agent not present"; + case SSH_ERR_AGENT_NO_IDENTITIES: + return "agent contains no identities"; + case SSH_ERR_KRL_BAD_MAGIC: + return "KRL file has invalid magic number"; + case SSH_ERR_KEY_REVOKED: + return "Key is revoked"; + default: + return "unknown error"; + } +} diff --git a/crypto/openssh/ssherr.h b/crypto/openssh/ssherr.h new file mode 100644 index 0000000000..106f786ea4 --- /dev/null +++ b/crypto/openssh/ssherr.h @@ -0,0 +1,80 @@ +/* $OpenBSD: ssherr.h,v 1.1 2014/04/30 05:29:56 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _SSHERR_H +#define _SSHERR_H + +/* XXX are these too granular? not granular enough? I can't decide - djm */ + +/* Error codes */ +#define SSH_ERR_SUCCESS 0 +#define SSH_ERR_INTERNAL_ERROR -1 +#define SSH_ERR_ALLOC_FAIL -2 +#define SSH_ERR_MESSAGE_INCOMPLETE -3 +#define SSH_ERR_INVALID_FORMAT -4 +#define SSH_ERR_BIGNUM_IS_NEGATIVE -5 +#define SSH_ERR_STRING_TOO_LARGE -6 +#define SSH_ERR_BIGNUM_TOO_LARGE -7 +#define SSH_ERR_ECPOINT_TOO_LARGE -8 +#define SSH_ERR_NO_BUFFER_SPACE -9 +#define SSH_ERR_INVALID_ARGUMENT -10 +#define SSH_ERR_KEY_BITS_MISMATCH -11 +#define SSH_ERR_EC_CURVE_INVALID -12 +#define SSH_ERR_KEY_TYPE_MISMATCH -13 +#define SSH_ERR_KEY_TYPE_UNKNOWN -14 /* XXX UNSUPPORTED? */ +#define SSH_ERR_EC_CURVE_MISMATCH -15 +#define SSH_ERR_EXPECTED_CERT -16 +#define SSH_ERR_KEY_LACKS_CERTBLOB -17 +#define SSH_ERR_KEY_CERT_UNKNOWN_TYPE -18 +#define SSH_ERR_KEY_CERT_INVALID_SIGN_KEY -19 +#define SSH_ERR_KEY_INVALID_EC_VALUE -20 +#define SSH_ERR_SIGNATURE_INVALID -21 +#define SSH_ERR_LIBCRYPTO_ERROR -22 +#define SSH_ERR_UNEXPECTED_TRAILING_DATA -23 +#define SSH_ERR_SYSTEM_ERROR -24 +#define SSH_ERR_KEY_CERT_INVALID -25 +#define SSH_ERR_AGENT_COMMUNICATION -26 +#define SSH_ERR_AGENT_FAILURE -27 +#define SSH_ERR_DH_GEX_OUT_OF_RANGE -28 +#define SSH_ERR_DISCONNECTED -29 +#define SSH_ERR_MAC_INVALID -30 +#define SSH_ERR_NO_CIPHER_ALG_MATCH -31 +#define SSH_ERR_NO_MAC_ALG_MATCH -32 +#define SSH_ERR_NO_COMPRESS_ALG_MATCH -33 +#define SSH_ERR_NO_KEX_ALG_MATCH -34 +#define SSH_ERR_NO_HOSTKEY_ALG_MATCH -35 +#define SSH_ERR_NO_HOSTKEY_LOADED -36 +#define SSH_ERR_PROTOCOL_MISMATCH -37 +#define SSH_ERR_NO_PROTOCOL_VERSION -38 +#define SSH_ERR_NEED_REKEY -39 +#define SSH_ERR_PASSPHRASE_TOO_SHORT -40 +#define SSH_ERR_FILE_CHANGED -41 +#define SSH_ERR_KEY_UNKNOWN_CIPHER -42 +#define SSH_ERR_KEY_WRONG_PASSPHRASE -43 +#define SSH_ERR_KEY_BAD_PERMISSIONS -44 +#define SSH_ERR_KEY_CERT_MISMATCH -45 +#define SSH_ERR_KEY_NOT_FOUND -46 +#define SSH_ERR_AGENT_NOT_PRESENT -47 +#define SSH_ERR_AGENT_NO_IDENTITIES -48 +#define SSH_ERR_BUFFER_READ_ONLY -49 +#define SSH_ERR_KRL_BAD_MAGIC -50 +#define SSH_ERR_KEY_REVOKED -51 + +/* Translate a numeric error code to a human-readable error string */ +const char *ssh_err(int n); + +#endif /* _SSHERR_H */ diff --git a/crypto/openssh/sshkey.c b/crypto/openssh/sshkey.c new file mode 100644 index 0000000000..fdd0c8a89a --- /dev/null +++ b/crypto/openssh/sshkey.c @@ -0,0 +1,3856 @@ +/* $OpenBSD: sshkey.c,v 1.3 2014/07/03 01:45:38 djm Exp $ */ +/* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Alexander von Gernler. All rights reserved. + * Copyright (c) 2010,2011 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#include + +#include +#include +#include + +#include "crypto_api.h" + +#include +#include +#include +#ifdef HAVE_UTIL_H +#include +#endif /* HAVE_UTIL_H */ + +#include "ssh2.h" +#include "ssherr.h" +#include "misc.h" +#include "sshbuf.h" +#include "rsa.h" +#include "cipher.h" +#include "digest.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" + +/* openssh private key file format */ +#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n" +#define MARK_END "-----END OPENSSH PRIVATE KEY-----\n" +#define MARK_BEGIN_LEN (sizeof(MARK_BEGIN) - 1) +#define MARK_END_LEN (sizeof(MARK_END) - 1) +#define KDFNAME "bcrypt" +#define AUTH_MAGIC "openssh-key-v1" +#define SALT_LEN 16 +#define DEFAULT_CIPHERNAME "aes256-cbc" +#define DEFAULT_ROUNDS 16 + +/* Version identification string for SSH v1 identity files. */ +#define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n" + +static int sshkey_from_blob_internal(const u_char *blob, size_t blen, + struct sshkey **keyp, int allow_cert); + +/* Supported key types */ +struct keytype { + const char *name; + const char *shortname; + int type; + int nid; + int cert; +}; +static const struct keytype keytypes[] = { + { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, + { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", + KEY_ED25519_CERT, 0, 1 }, +#ifdef WITH_OPENSSL + { NULL, "RSA1", KEY_RSA1, 0, 0 }, + { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, + { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, +# ifdef OPENSSL_HAS_ECC + { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, + { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, +# ifdef OPENSSL_HAS_NISTP521 + { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, +# endif /* OPENSSL_HAS_NISTP521 */ +# endif /* OPENSSL_HAS_ECC */ + { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, + { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, +# ifdef OPENSSL_HAS_ECC + { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", + KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, + { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", + KEY_ECDSA_CERT, NID_secp384r1, 1 }, +# ifdef OPENSSL_HAS_NISTP521 + { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", + KEY_ECDSA_CERT, NID_secp521r1, 1 }, +# endif /* OPENSSL_HAS_NISTP521 */ +# endif /* OPENSSL_HAS_ECC */ + { "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00", + KEY_RSA_CERT_V00, 0, 1 }, + { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", + KEY_DSA_CERT_V00, 0, 1 }, +#endif /* WITH_OPENSSL */ + { NULL, NULL, -1, -1, 0 } +}; + +const char * +sshkey_type(const struct sshkey *k) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type == k->type) + return kt->shortname; + } + return "unknown"; +} + +static const char * +sshkey_ssh_name_from_type_nid(int type, int nid) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type == type && (kt->nid == 0 || kt->nid == nid)) + return kt->name; + } + return "ssh-unknown"; +} + +int +sshkey_type_is_cert(int type) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type == type) + return kt->cert; + } + return 0; +} + +const char * +sshkey_ssh_name(const struct sshkey *k) +{ + return sshkey_ssh_name_from_type_nid(k->type, k->ecdsa_nid); +} + +const char * +sshkey_ssh_name_plain(const struct sshkey *k) +{ + return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type), + k->ecdsa_nid); +} + +int +sshkey_type_from_name(const char *name) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + /* Only allow shortname matches for plain key types */ + if ((kt->name != NULL && strcmp(name, kt->name) == 0) || + (!kt->cert && strcasecmp(kt->shortname, name) == 0)) + return kt->type; + } + return KEY_UNSPEC; +} + +int +sshkey_ecdsa_nid_from_name(const char *name) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT) + continue; + if (kt->name != NULL && strcmp(name, kt->name) == 0) + return kt->nid; + } + return -1; +} + +char * +key_alg_list(int certs_only, int plain_only) +{ + char *tmp, *ret = NULL; + size_t nlen, rlen = 0; + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->name == NULL) + continue; + if ((certs_only && !kt->cert) || (plain_only && kt->cert)) + continue; + if (ret != NULL) + ret[rlen++] = '\n'; + nlen = strlen(kt->name); + if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { + free(ret); + return NULL; + } + ret = tmp; + memcpy(ret + rlen, kt->name, nlen + 1); + rlen += nlen; + } + return ret; +} + +int +sshkey_names_valid2(const char *names) +{ + char *s, *cp, *p; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + if ((s = cp = strdup(names)) == NULL) + return 0; + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + switch (sshkey_type_from_name(p)) { + case KEY_RSA1: + case KEY_UNSPEC: + free(s); + return 0; + } + } + free(s); + return 1; +} + +u_int +sshkey_size(const struct sshkey *k) +{ + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + return BN_num_bits(k->rsa->n); + case KEY_DSA: + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + return BN_num_bits(k->dsa->p); + case KEY_ECDSA: + case KEY_ECDSA_CERT: + return sshkey_curve_nid_to_bits(k->ecdsa_nid); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + return 256; /* XXX */ + } + return 0; +} + +int +sshkey_cert_is_legacy(const struct sshkey *k) +{ + switch (k->type) { + case KEY_DSA_CERT_V00: + case KEY_RSA_CERT_V00: + return 1; + default: + return 0; + } +} + +static int +sshkey_type_is_valid_ca(int type) +{ + switch (type) { + case KEY_RSA: + case KEY_DSA: + case KEY_ECDSA: + case KEY_ED25519: + return 1; + default: + return 0; + } +} + +int +sshkey_is_cert(const struct sshkey *k) +{ + if (k == NULL) + return 0; + return sshkey_type_is_cert(k->type); +} + +/* Return the cert-less equivalent to a certified key type */ +int +sshkey_type_plain(int type) +{ + switch (type) { + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + return KEY_RSA; + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + return KEY_DSA; + case KEY_ECDSA_CERT: + return KEY_ECDSA; + case KEY_ED25519_CERT: + return KEY_ED25519; + default: + return type; + } +} + +#ifdef WITH_OPENSSL +/* XXX: these are really begging for a table-driven approach */ +int +sshkey_curve_name_to_nid(const char *name) +{ + if (strcmp(name, "nistp256") == 0) + return NID_X9_62_prime256v1; + else if (strcmp(name, "nistp384") == 0) + return NID_secp384r1; +# ifdef OPENSSL_HAS_NISTP521 + else if (strcmp(name, "nistp521") == 0) + return NID_secp521r1; +# endif /* OPENSSL_HAS_NISTP521 */ + else + return -1; +} + +u_int +sshkey_curve_nid_to_bits(int nid) +{ + switch (nid) { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; +# ifdef OPENSSL_HAS_NISTP521 + case NID_secp521r1: + return 521; +# endif /* OPENSSL_HAS_NISTP521 */ + default: + return 0; + } +} + +int +sshkey_ecdsa_bits_to_nid(int bits) +{ + switch (bits) { + case 256: + return NID_X9_62_prime256v1; + case 384: + return NID_secp384r1; +# ifdef OPENSSL_HAS_NISTP521 + case 521: + return NID_secp521r1; +# endif /* OPENSSL_HAS_NISTP521 */ + default: + return -1; + } +} + +const char * +sshkey_curve_nid_to_name(int nid) +{ + switch (nid) { + case NID_X9_62_prime256v1: + return "nistp256"; + case NID_secp384r1: + return "nistp384"; +# ifdef OPENSSL_HAS_NISTP521 + case NID_secp521r1: + return "nistp521"; +# endif /* OPENSSL_HAS_NISTP521 */ + default: + return NULL; + } +} + +int +sshkey_ec_nid_to_hash_alg(int nid) +{ + int kbits = sshkey_curve_nid_to_bits(nid); + + if (kbits <= 0) + return -1; + + /* RFC5656 section 6.2.1 */ + if (kbits <= 256) + return SSH_DIGEST_SHA256; + else if (kbits <= 384) + return SSH_DIGEST_SHA384; + else + return SSH_DIGEST_SHA512; +} +#endif /* WITH_OPENSSL */ + +static void +cert_free(struct sshkey_cert *cert) +{ + u_int i; + + if (cert == NULL) + return; + if (cert->certblob != NULL) + sshbuf_free(cert->certblob); + if (cert->critical != NULL) + sshbuf_free(cert->critical); + if (cert->extensions != NULL) + sshbuf_free(cert->extensions); + if (cert->key_id != NULL) + free(cert->key_id); + for (i = 0; i < cert->nprincipals; i++) + free(cert->principals[i]); + if (cert->principals != NULL) + free(cert->principals); + if (cert->signature_key != NULL) + sshkey_free(cert->signature_key); + explicit_bzero(cert, sizeof(*cert)); + free(cert); +} + +static struct sshkey_cert * +cert_new(void) +{ + struct sshkey_cert *cert; + + if ((cert = calloc(1, sizeof(*cert))) == NULL) + return NULL; + if ((cert->certblob = sshbuf_new()) == NULL || + (cert->critical = sshbuf_new()) == NULL || + (cert->extensions = sshbuf_new()) == NULL) { + cert_free(cert); + return NULL; + } + cert->key_id = NULL; + cert->principals = NULL; + cert->signature_key = NULL; + return cert; +} + +struct sshkey * +sshkey_new(int type) +{ + struct sshkey *k; +#ifdef WITH_OPENSSL + RSA *rsa; + DSA *dsa; +#endif /* WITH_OPENSSL */ + + if ((k = calloc(1, sizeof(*k))) == NULL) + return NULL; + k->type = type; + k->ecdsa = NULL; + k->ecdsa_nid = -1; + k->dsa = NULL; + k->rsa = NULL; + k->cert = NULL; + k->ed25519_sk = NULL; + k->ed25519_pk = NULL; + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + if ((rsa = RSA_new()) == NULL || + (rsa->n = BN_new()) == NULL || + (rsa->e = BN_new()) == NULL) { + if (rsa != NULL) + RSA_free(rsa); + free(k); + return NULL; + } + k->rsa = rsa; + break; + case KEY_DSA: + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if ((dsa = DSA_new()) == NULL || + (dsa->p = BN_new()) == NULL || + (dsa->q = BN_new()) == NULL || + (dsa->g = BN_new()) == NULL || + (dsa->pub_key = BN_new()) == NULL) { + if (dsa != NULL) + DSA_free(dsa); + free(k); + return NULL; + } + k->dsa = dsa; + break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + /* Cannot do anything until we know the group */ + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + /* no need to prealloc */ + break; + case KEY_UNSPEC: + break; + default: + free(k); + return NULL; + break; + } + + if (sshkey_is_cert(k)) { + if ((k->cert = cert_new()) == NULL) { + sshkey_free(k); + return NULL; + } + } + + return k; +} + +int +sshkey_add_private(struct sshkey *k) +{ + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: +#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) + if (bn_maybe_alloc_failed(k->rsa->d) || + bn_maybe_alloc_failed(k->rsa->iqmp) || + bn_maybe_alloc_failed(k->rsa->q) || + bn_maybe_alloc_failed(k->rsa->p) || + bn_maybe_alloc_failed(k->rsa->dmq1) || + bn_maybe_alloc_failed(k->rsa->dmp1)) + return SSH_ERR_ALLOC_FAIL; + break; + case KEY_DSA: + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if (bn_maybe_alloc_failed(k->dsa->priv_key)) + return SSH_ERR_ALLOC_FAIL; + break; +#undef bn_maybe_alloc_failed + case KEY_ECDSA: + case KEY_ECDSA_CERT: + /* Cannot do anything until we know the group */ + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + /* no need to prealloc */ + break; + case KEY_UNSPEC: + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + return 0; +} + +struct sshkey * +sshkey_new_private(int type) +{ + struct sshkey *k = sshkey_new(type); + + if (k == NULL) + return NULL; + if (sshkey_add_private(k) != 0) { + sshkey_free(k); + return NULL; + } + return k; +} + +void +sshkey_free(struct sshkey *k) +{ + if (k == NULL) + return; + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + if (k->rsa != NULL) + RSA_free(k->rsa); + k->rsa = NULL; + break; + case KEY_DSA: + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if (k->dsa != NULL) + DSA_free(k->dsa); + k->dsa = NULL; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + case KEY_ECDSA_CERT: + if (k->ecdsa != NULL) + EC_KEY_free(k->ecdsa); + k->ecdsa = NULL; + break; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + if (k->ed25519_pk) { + explicit_bzero(k->ed25519_pk, ED25519_PK_SZ); + free(k->ed25519_pk); + k->ed25519_pk = NULL; + } + if (k->ed25519_sk) { + explicit_bzero(k->ed25519_sk, ED25519_SK_SZ); + free(k->ed25519_sk); + k->ed25519_sk = NULL; + } + break; + case KEY_UNSPEC: + break; + default: + break; + } + if (sshkey_is_cert(k)) + cert_free(k->cert); + explicit_bzero(k, sizeof(*k)); + free(k); +} + +static int +cert_compare(struct sshkey_cert *a, struct sshkey_cert *b) +{ + if (a == NULL && b == NULL) + return 1; + if (a == NULL || b == NULL) + return 0; + if (sshbuf_len(a->certblob) != sshbuf_len(b->certblob)) + return 0; + if (timingsafe_bcmp(sshbuf_ptr(a->certblob), sshbuf_ptr(b->certblob), + sshbuf_len(a->certblob)) != 0) + return 0; + return 1; +} + +/* + * Compare public portions of key only, allowing comparisons between + * certificates and plain keys too. + */ +int +sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) +{ +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + BN_CTX *bnctx; +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ + + if (a == NULL || b == NULL || + sshkey_type_plain(a->type) != sshkey_type_plain(b->type)) + return 0; + + switch (a->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && + BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + case KEY_ECDSA: + if (a->ecdsa == NULL || b->ecdsa == NULL || + EC_KEY_get0_public_key(a->ecdsa) == NULL || + EC_KEY_get0_public_key(b->ecdsa) == NULL) + return 0; + if ((bnctx = BN_CTX_new()) == NULL) + return 0; + if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa), + EC_KEY_get0_group(b->ecdsa), bnctx) != 0 || + EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa), + EC_KEY_get0_public_key(a->ecdsa), + EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) { + BN_CTX_free(bnctx); + return 0; + } + BN_CTX_free(bnctx); + return 1; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + return a->ed25519_pk != NULL && b->ed25519_pk != NULL && + memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; + default: + return 0; + } + /* NOTREACHED */ +} + +int +sshkey_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (a == NULL || b == NULL || a->type != b->type) + return 0; + if (sshkey_is_cert(a)) { + if (!cert_compare(a->cert, b->cert)) + return 0; + } + return sshkey_equal_public(a, b); +} + +static int +to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) +{ + int type, ret = SSH_ERR_INTERNAL_ERROR; + const char *typename; + + if (key == NULL) + return SSH_ERR_INVALID_ARGUMENT; + + type = force_plain ? sshkey_type_plain(key->type) : key->type; + typename = sshkey_ssh_name_from_type_nid(type, key->ecdsa_nid); + + switch (type) { +#ifdef WITH_OPENSSL + case KEY_DSA_CERT_V00: + case KEY_RSA_CERT_V00: + case KEY_DSA_CERT: + case KEY_ECDSA_CERT: + case KEY_RSA_CERT: +#endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: + /* Use the existing blob */ + /* XXX modified flag? */ + if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0) + return ret; + break; +#ifdef WITH_OPENSSL + case KEY_DSA: + if (key->dsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || + (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || + (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || + (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) + return ret; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + if (key->ecdsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_cstring(b, + sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || + (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0) + return ret; + break; +# endif + case KEY_RSA: + if (key->rsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || + (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0) + return ret; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + if (key->ed25519_pk == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_string(b, + key->ed25519_pk, ED25519_PK_SZ)) != 0) + return ret; + break; + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } + return 0; +} + +int +sshkey_to_blob_buf(const struct sshkey *key, struct sshbuf *b) +{ + return to_blob_buf(key, b, 0); +} + +int +sshkey_plain_to_blob_buf(const struct sshkey *key, struct sshbuf *b) +{ + return to_blob_buf(key, b, 1); +} + +static int +to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain) +{ + int ret = SSH_ERR_INTERNAL_ERROR; + size_t len; + struct sshbuf *b = NULL; + + if (lenp != NULL) + *lenp = 0; + if (blobp != NULL) + *blobp = NULL; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((ret = to_blob_buf(key, b, force_plain)) != 0) + goto out; + len = sshbuf_len(b); + if (lenp != NULL) + *lenp = len; + if (blobp != NULL) { + if ((*blobp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*blobp, sshbuf_ptr(b), len); + } + ret = 0; + out: + sshbuf_free(b); + return ret; +} + +int +sshkey_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) +{ + return to_blob(key, blobp, lenp, 0); +} + +int +sshkey_plain_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) +{ + return to_blob(key, blobp, lenp, 1); +} + +int +sshkey_fingerprint_raw(const struct sshkey *k, enum sshkey_fp_type dgst_type, + u_char **retp, size_t *lenp) +{ + u_char *blob = NULL, *ret = NULL; + size_t blob_len = 0; + int hash_alg = -1, r = SSH_ERR_INTERNAL_ERROR; + + if (retp != NULL) + *retp = NULL; + if (lenp != NULL) + *lenp = 0; + + switch (dgst_type) { + case SSH_FP_MD5: + hash_alg = SSH_DIGEST_MD5; + break; + case SSH_FP_SHA1: + hash_alg = SSH_DIGEST_SHA1; + break; + case SSH_FP_SHA256: + hash_alg = SSH_DIGEST_SHA256; + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + + if (k->type == KEY_RSA1) { +#ifdef WITH_OPENSSL + int nlen = BN_num_bytes(k->rsa->n); + int elen = BN_num_bytes(k->rsa->e); + + blob_len = nlen + elen; + if (nlen >= INT_MAX - elen || + (blob = malloc(blob_len)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + BN_bn2bin(k->rsa->n, blob); + BN_bn2bin(k->rsa->e, blob + nlen); +#endif /* WITH_OPENSSL */ + } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) + goto out; + if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = ssh_digest_memory(hash_alg, blob, blob_len, + ret, SSH_DIGEST_MAX_LENGTH)) != 0) + goto out; + /* success */ + if (retp != NULL) { + *retp = ret; + ret = NULL; + } + if (lenp != NULL) + *lenp = ssh_digest_bytes(hash_alg); + r = 0; + out: + free(ret); + if (blob != NULL) { + explicit_bzero(blob, blob_len); + free(blob); + } + return r; +} + +static char * +fingerprint_hex(u_char *dgst_raw, size_t dgst_raw_len) +{ + char *retval; + size_t i; + + if ((retval = calloc(1, dgst_raw_len * 3 + 1)) == NULL) + return NULL; + for (i = 0; i < dgst_raw_len; i++) { + char hex[4]; + snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); + strlcat(retval, hex, dgst_raw_len * 3 + 1); + } + + /* Remove the trailing ':' character */ + retval[(dgst_raw_len * 3) - 1] = '\0'; + return retval; +} + +static char * +fingerprint_bubblebabble(u_char *dgst_raw, size_t dgst_raw_len) +{ + char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; + char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', + 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; + u_int i, j = 0, rounds, seed = 1; + char *retval; + + rounds = (dgst_raw_len / 2) + 1; + if ((retval = calloc(rounds, 6)) == NULL) + return NULL; + retval[j++] = 'x'; + for (i = 0; i < rounds; i++) { + u_int idx0, idx1, idx2, idx3, idx4; + if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) { + idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) + + seed) % 6; + idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15; + idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) + + (seed / 6)) % 6; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + if ((i + 1) < rounds) { + idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15; + idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15; + retval[j++] = consonants[idx3]; + retval[j++] = '-'; + retval[j++] = consonants[idx4]; + seed = ((seed * 5) + + ((((u_int)(dgst_raw[2 * i])) * 7) + + ((u_int)(dgst_raw[(2 * i) + 1])))) % 36; + } + } else { + idx0 = seed % 6; + idx1 = 16; + idx2 = seed / 6; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + } + } + retval[j++] = 'x'; + retval[j++] = '\0'; + return retval; +} + +/* + * Draw an ASCII-Art representing the fingerprint so human brain can + * profit from its built-in pattern recognition ability. + * This technique is called "random art" and can be found in some + * scientific publications like this original paper: + * + * "Hash Visualization: a New Technique to improve Real-World Security", + * Perrig A. and Song D., 1999, International Workshop on Cryptographic + * Techniques and E-Commerce (CrypTEC '99) + * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf + * + * The subject came up in a talk by Dan Kaminsky, too. + * + * If you see the picture is different, the key is different. + * If the picture looks the same, you still know nothing. + * + * The algorithm used here is a worm crawling over a discrete plane, + * leaving a trace (augmenting the field) everywhere it goes. + * Movement is taken from dgst_raw 2bit-wise. Bumping into walls + * makes the respective movement vector be ignored for this turn. + * Graphs are not unambiguous, because circles in graphs can be + * walked in either direction. + */ + +/* + * Field sizes for the random art. Have to be odd, so the starting point + * can be in the exact middle of the picture, and FLDBASE should be >=8 . + * Else pictures would be too dense, and drawing the frame would + * fail, too, because the key type would not fit in anymore. + */ +#define FLDBASE 8 +#define FLDSIZE_Y (FLDBASE + 1) +#define FLDSIZE_X (FLDBASE * 2 + 1) +static char * +fingerprint_randomart(u_char *dgst_raw, size_t dgst_raw_len, + const struct sshkey *k) +{ + /* + * Chars to be used after each other every time the worm + * intersects with itself. Matter of taste. + */ + char *augmentation_string = " .o+=*BOX@%&#/^SE"; + char *retval, *p, title[FLDSIZE_X]; + u_char field[FLDSIZE_X][FLDSIZE_Y]; + size_t i, tlen; + u_int b; + int x, y, r; + size_t len = strlen(augmentation_string) - 1; + + if ((retval = calloc((FLDSIZE_X + 3), (FLDSIZE_Y + 2))) == NULL) + return NULL; + + /* initialize field */ + memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char)); + x = FLDSIZE_X / 2; + y = FLDSIZE_Y / 2; + + /* process raw key */ + for (i = 0; i < dgst_raw_len; i++) { + int input; + /* each byte conveys four 2-bit move commands */ + input = dgst_raw[i]; + for (b = 0; b < 4; b++) { + /* evaluate 2 bit, rest is shifted later */ + x += (input & 0x1) ? 1 : -1; + y += (input & 0x2) ? 1 : -1; + + /* assure we are still in bounds */ + x = MAX(x, 0); + y = MAX(y, 0); + x = MIN(x, FLDSIZE_X - 1); + y = MIN(y, FLDSIZE_Y - 1); + + /* augment the field */ + if (field[x][y] < len - 2) + field[x][y]++; + input = input >> 2; + } + } + + /* mark starting point and end point*/ + field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1; + field[x][y] = len; + + /* assemble title */ + r = snprintf(title, sizeof(title), "[%s %u]", + sshkey_type(k), sshkey_size(k)); + /* If [type size] won't fit, then try [type]; fits "[ED25519-CERT]" */ + if (r < 0 || r > (int)sizeof(title)) + snprintf(title, sizeof(title), "[%s]", sshkey_type(k)); + tlen = strlen(title); + + /* output upper border */ + p = retval; + *p++ = '+'; + for (i = 0; i < (FLDSIZE_X - tlen) / 2; i++) + *p++ = '-'; + memcpy(p, title, tlen); + p += tlen; + for (i = p - retval - 1; i < FLDSIZE_X; i++) + *p++ = '-'; + *p++ = '+'; + *p++ = '\n'; + + /* output content */ + for (y = 0; y < FLDSIZE_Y; y++) { + *p++ = '|'; + for (x = 0; x < FLDSIZE_X; x++) + *p++ = augmentation_string[MIN(field[x][y], len)]; + *p++ = '|'; + *p++ = '\n'; + } + + /* output lower border */ + *p++ = '+'; + for (i = 0; i < FLDSIZE_X; i++) + *p++ = '-'; + *p++ = '+'; + + return retval; +} + +char * +sshkey_fingerprint(const struct sshkey *k, enum sshkey_fp_type dgst_type, + enum sshkey_fp_rep dgst_rep) +{ + char *retval = NULL; + u_char *dgst_raw; + size_t dgst_raw_len; + + if (sshkey_fingerprint_raw(k, dgst_type, &dgst_raw, &dgst_raw_len) != 0) + return NULL; + switch (dgst_rep) { + case SSH_FP_HEX: + retval = fingerprint_hex(dgst_raw, dgst_raw_len); + break; + case SSH_FP_BUBBLEBABBLE: + retval = fingerprint_bubblebabble(dgst_raw, dgst_raw_len); + break; + case SSH_FP_RANDOMART: + retval = fingerprint_randomart(dgst_raw, dgst_raw_len, k); + break; + default: + explicit_bzero(dgst_raw, dgst_raw_len); + free(dgst_raw); + return NULL; + } + explicit_bzero(dgst_raw, dgst_raw_len); + free(dgst_raw); + return retval; +} + +#ifdef WITH_SSH1 +/* + * Reads a multiple-precision integer in decimal from the buffer, and advances + * the pointer. The integer must already be initialized. This function is + * permitted to modify the buffer. This leaves *cpp to point just beyond the + * last processed character. + */ +static int +read_decimal_bignum(char **cpp, BIGNUM *v) +{ + char *cp; + size_t e; + int skip = 1; /* skip white space */ + + cp = *cpp; + while (*cp == ' ' || *cp == '\t') + cp++; + e = strspn(cp, "0123456789"); + if (e == 0) + return SSH_ERR_INVALID_FORMAT; + if (e > SSHBUF_MAX_BIGNUM * 3) + return SSH_ERR_BIGNUM_TOO_LARGE; + if (cp[e] == '\0') + skip = 0; + else if (index(" \t\r\n", cp[e]) == NULL) + return SSH_ERR_INVALID_FORMAT; + cp[e] = '\0'; + if (BN_dec2bn(&v, cp) <= 0) + return SSH_ERR_INVALID_FORMAT; + *cpp = cp + e + skip; + return 0; +} +#endif /* WITH_SSH1 */ + +/* returns 0 ok, and < 0 error */ +int +sshkey_read(struct sshkey *ret, char **cpp) +{ + struct sshkey *k; + int retval = SSH_ERR_INVALID_FORMAT; + char *cp, *space; + int r, type, curve_nid = -1; + struct sshbuf *blob; +#ifdef WITH_SSH1 + char *ep; + u_long bits; +#endif /* WITH_SSH1 */ + + cp = *cpp; + + switch (ret->type) { + case KEY_RSA1: +#ifdef WITH_SSH1 + /* Get number of bits. */ + bits = strtoul(cp, &ep, 10); + if (*cp == '\0' || index(" \t\r\n", *ep) == NULL || + bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ + /* Get public exponent, public modulus. */ + if ((r = read_decimal_bignum(&ep, ret->rsa->e)) < 0) + return r; + if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) + return r; + *cpp = ep; + /* validate the claimed number of bits */ + if (BN_num_bits(ret->rsa->n) != (int)bits) + return SSH_ERR_KEY_BITS_MISMATCH; + retval = 0; +#endif /* WITH_SSH1 */ + break; + case KEY_UNSPEC: + case KEY_RSA: + case KEY_DSA: + case KEY_ECDSA: + case KEY_ED25519: + case KEY_DSA_CERT_V00: + case KEY_RSA_CERT_V00: + case KEY_DSA_CERT: + case KEY_ECDSA_CERT: + case KEY_RSA_CERT: + case KEY_ED25519_CERT: + space = strchr(cp, ' '); + if (space == NULL) + return SSH_ERR_INVALID_FORMAT; + *space = '\0'; + type = sshkey_type_from_name(cp); + if (sshkey_type_plain(type) == KEY_ECDSA && + (curve_nid = sshkey_ecdsa_nid_from_name(cp)) == -1) + return SSH_ERR_EC_CURVE_INVALID; + *space = ' '; + if (type == KEY_UNSPEC) + return SSH_ERR_INVALID_FORMAT; + cp = space+1; + if (*cp == '\0') + return SSH_ERR_INVALID_FORMAT; + if (ret->type == KEY_UNSPEC) { + ret->type = type; + } else if (ret->type != type) + return SSH_ERR_KEY_TYPE_MISMATCH; + if ((blob = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + /* trim comment */ + space = strchr(cp, ' '); + if (space) + *space = '\0'; + if ((r = sshbuf_b64tod(blob, cp)) != 0) { + sshbuf_free(blob); + return r; + } + if ((r = sshkey_from_blob(sshbuf_ptr(blob), + sshbuf_len(blob), &k)) != 0) { + sshbuf_free(blob); + return r; + } + sshbuf_free(blob); + if (k->type != type) { + sshkey_free(k); + return SSH_ERR_KEY_TYPE_MISMATCH; + } + if (sshkey_type_plain(type) == KEY_ECDSA && + curve_nid != k->ecdsa_nid) { + sshkey_free(k); + return SSH_ERR_EC_CURVE_MISMATCH; + } +/*XXXX*/ + if (sshkey_is_cert(ret)) { + if (!sshkey_is_cert(k)) { + sshkey_free(k); + return SSH_ERR_EXPECTED_CERT; + } + if (ret->cert != NULL) + cert_free(ret->cert); + ret->cert = k->cert; + k->cert = NULL; + } +#ifdef WITH_OPENSSL + if (sshkey_type_plain(ret->type) == KEY_RSA) { + if (ret->rsa != NULL) + RSA_free(ret->rsa); + ret->rsa = k->rsa; + k->rsa = NULL; +#ifdef DEBUG_PK + RSA_print_fp(stderr, ret->rsa, 8); +#endif + } + if (sshkey_type_plain(ret->type) == KEY_DSA) { + if (ret->dsa != NULL) + DSA_free(ret->dsa); + ret->dsa = k->dsa; + k->dsa = NULL; +#ifdef DEBUG_PK + DSA_print_fp(stderr, ret->dsa, 8); +#endif + } +# ifdef OPENSSL_HAS_ECC + if (sshkey_type_plain(ret->type) == KEY_ECDSA) { + if (ret->ecdsa != NULL) + EC_KEY_free(ret->ecdsa); + ret->ecdsa = k->ecdsa; + ret->ecdsa_nid = k->ecdsa_nid; + k->ecdsa = NULL; + k->ecdsa_nid = -1; +#ifdef DEBUG_PK + sshkey_dump_ec_key(ret->ecdsa); +#endif + } +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + if (sshkey_type_plain(ret->type) == KEY_ED25519) { + free(ret->ed25519_pk); + ret->ed25519_pk = k->ed25519_pk; + k->ed25519_pk = NULL; +#ifdef DEBUG_PK + /* XXX */ +#endif + } + retval = 0; +/*XXXX*/ + sshkey_free(k); + if (retval != 0) + break; + /* advance cp: skip whitespace and data */ + while (*cp == ' ' || *cp == '\t') + cp++; + while (*cp != '\0' && *cp != ' ' && *cp != '\t') + cp++; + *cpp = cp; + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + return retval; +} + +int +sshkey_write(const struct sshkey *key, FILE *f) +{ + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL, *bb = NULL; + char *uu = NULL; +#ifdef WITH_SSH1 + u_int bits = 0; + char *dec_e = NULL, *dec_n = NULL; +#endif /* WITH_SSH1 */ + + if (sshkey_is_cert(key)) { + if (key->cert == NULL) + return SSH_ERR_EXPECTED_CERT; + if (sshbuf_len(key->cert->certblob) == 0) + return SSH_ERR_KEY_LACKS_CERTBLOB; + } + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + switch (key->type) { +#ifdef WITH_SSH1 + case KEY_RSA1: + if (key->rsa == NULL || key->rsa->e == NULL || + key->rsa->n == NULL) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((dec_e = BN_bn2dec(key->rsa->e)) == NULL || + (dec_n = BN_bn2dec(key->rsa->n)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + /* size of modulus 'n' */ + if ((bits = BN_num_bits(key->rsa->n)) <= 0) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((ret = sshbuf_putf(b, "%u %s %s", bits, dec_e, dec_n)) != 0) + goto out; +#endif /* WITH_SSH1 */ + break; +#ifdef WITH_OPENSSL + case KEY_DSA: + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + case KEY_ECDSA: + case KEY_ECDSA_CERT: + case KEY_RSA: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + if ((bb = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshkey_to_blob_buf(key, bb)) != 0) + goto out; + if ((uu = sshbuf_dtob64(bb)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_putf(b, "%s ", sshkey_ssh_name(key))) != 0) + goto out; + if ((ret = sshbuf_put(b, uu, strlen(uu))) != 0) + goto out; + break; + default: + ret = SSH_ERR_KEY_TYPE_UNKNOWN; + goto out; + } + if (fwrite(sshbuf_ptr(b), sshbuf_len(b), 1, f) != 1) { + if (feof(f)) + errno = EPIPE; + ret = SSH_ERR_SYSTEM_ERROR; + goto out; + } + ret = 0; + out: + if (b != NULL) + sshbuf_free(b); + if (bb != NULL) + sshbuf_free(bb); + if (uu != NULL) + free(uu); +#ifdef WITH_SSH1 + if (dec_e != NULL) + OPENSSL_free(dec_e); + if (dec_n != NULL) + OPENSSL_free(dec_n); +#endif /* WITH_SSH1 */ + return ret; +} + +const char * +sshkey_cert_type(const struct sshkey *k) +{ + switch (k->cert->type) { + case SSH2_CERT_TYPE_USER: + return "user"; + case SSH2_CERT_TYPE_HOST: + return "host"; + default: + return "unknown"; + } +} + +#ifdef WITH_OPENSSL +static int +rsa_generate_private_key(u_int bits, RSA **rsap) +{ + RSA *private = NULL; + BIGNUM *f4 = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (rsap == NULL || + bits < SSH_RSA_MINIMUM_MODULUS_SIZE || + bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_INVALID_ARGUMENT; + *rsap = NULL; + if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!BN_set_word(f4, RSA_F4) || + !RSA_generate_key_ex(private, bits, f4, NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + *rsap = private; + private = NULL; + ret = 0; + out: + if (private != NULL) + RSA_free(private); + if (f4 != NULL) + BN_free(f4); + return ret; +} + +static int +dsa_generate_private_key(u_int bits, DSA **dsap) +{ + DSA *private; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (dsap == NULL || bits != 1024) + return SSH_ERR_INVALID_ARGUMENT; + if ((private = DSA_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + *dsap = NULL; + if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, + NULL, NULL) || !DSA_generate_key(private)) { + DSA_free(private); + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + *dsap = private; + private = NULL; + ret = 0; + out: + if (private != NULL) + DSA_free(private); + return ret; +} + +# ifdef OPENSSL_HAS_ECC +int +sshkey_ecdsa_key_to_nid(EC_KEY *k) +{ + EC_GROUP *eg; + int nids[] = { + NID_X9_62_prime256v1, + NID_secp384r1, +# ifdef OPENSSL_HAS_NISTP521 + NID_secp521r1, +# endif /* OPENSSL_HAS_NISTP521 */ + -1 + }; + int nid; + u_int i; + BN_CTX *bnctx; + const EC_GROUP *g = EC_KEY_get0_group(k); + + /* + * The group may be stored in a ASN.1 encoded private key in one of two + * ways: as a "named group", which is reconstituted by ASN.1 object ID + * or explicit group parameters encoded into the key blob. Only the + * "named group" case sets the group NID for us, but we can figure + * it out for the other case by comparing against all the groups that + * are supported. + */ + if ((nid = EC_GROUP_get_curve_name(g)) > 0) + return nid; + if ((bnctx = BN_CTX_new()) == NULL) + return -1; + for (i = 0; nids[i] != -1; i++) { + if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) { + BN_CTX_free(bnctx); + return -1; + } + if (EC_GROUP_cmp(g, eg, bnctx) == 0) + break; + EC_GROUP_free(eg); + } + BN_CTX_free(bnctx); + if (nids[i] != -1) { + /* Use the group with the NID attached */ + EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(k, eg) != 1) { + EC_GROUP_free(eg); + return -1; + } + } + return nids[i]; +} + +static int +ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) +{ + EC_KEY *private; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (nid == NULL || ecdsap == NULL || + (*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) + return SSH_ERR_INVALID_ARGUMENT; + *ecdsap = NULL; + if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EC_KEY_generate_key(private) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); + *ecdsap = private; + private = NULL; + ret = 0; + out: + if (private != NULL) + EC_KEY_free(private); + return ret; +} +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + +int +sshkey_generate(int type, u_int bits, struct sshkey **keyp) +{ + struct sshkey *k; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (keyp == NULL) + return SSH_ERR_INVALID_ARGUMENT; + *keyp = NULL; + if ((k = sshkey_new(KEY_UNSPEC)) == NULL) + return SSH_ERR_ALLOC_FAIL; + switch (type) { + case KEY_ED25519: + if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL || + (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + break; + } + crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); + ret = 0; + break; +#ifdef WITH_OPENSSL + case KEY_DSA: + ret = dsa_generate_private_key(bits, &k->dsa); + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + ret = ecdsa_generate_private_key(bits, &k->ecdsa_nid, + &k->ecdsa); + break; +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA: + case KEY_RSA1: + ret = rsa_generate_private_key(bits, &k->rsa); + break; +#endif /* WITH_OPENSSL */ + default: + ret = SSH_ERR_INVALID_ARGUMENT; + } + if (ret == 0) { + k->type = type; + *keyp = k; + } else + sshkey_free(k); + return ret; +} + +int +sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) +{ + u_int i; + const struct sshkey_cert *from; + struct sshkey_cert *to; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (to_key->cert != NULL) { + cert_free(to_key->cert); + to_key->cert = NULL; + } + + if ((from = from_key->cert) == NULL) + return SSH_ERR_INVALID_ARGUMENT; + + if ((to = to_key->cert = cert_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + + if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || + (ret = sshbuf_putb(to->critical, from->critical)) != 0 || + (ret = sshbuf_putb(to->extensions, from->extensions) != 0)) + return ret; + + to->serial = from->serial; + to->type = from->type; + if (from->key_id == NULL) + to->key_id = NULL; + else if ((to->key_id = strdup(from->key_id)) == NULL) + return SSH_ERR_ALLOC_FAIL; + to->valid_after = from->valid_after; + to->valid_before = from->valid_before; + if (from->signature_key == NULL) + to->signature_key = NULL; + else if ((ret = sshkey_from_private(from->signature_key, + &to->signature_key)) != 0) + return ret; + + if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) + return SSH_ERR_INVALID_ARGUMENT; + if (from->nprincipals > 0) { + if ((to->principals = calloc(from->nprincipals, + sizeof(*to->principals))) == NULL) + return SSH_ERR_ALLOC_FAIL; + for (i = 0; i < from->nprincipals; i++) { + to->principals[i] = strdup(from->principals[i]); + if (to->principals[i] == NULL) { + to->nprincipals = i; + return SSH_ERR_ALLOC_FAIL; + } + } + } + to->nprincipals = from->nprincipals; + return 0; +} + +int +sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) +{ + struct sshkey *n = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (pkp != NULL) + *pkp = NULL; + + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_DSA: + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || + (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + case KEY_ECDSA_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + n->ecdsa_nid = k->ecdsa_nid; + n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); + if (n->ecdsa == NULL) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + if (EC_KEY_set_public_key(n->ecdsa, + EC_KEY_get0_public_key(k->ecdsa)) != 1) { + sshkey_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + break; +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA: + case KEY_RSA1: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (k->ed25519_pk != NULL) { + if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); + } + break; + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } + if (sshkey_is_cert(k)) { + if ((ret = sshkey_cert_copy(k, n)) != 0) { + sshkey_free(n); + return ret; + } + } + *pkp = n; + return 0; +} + +static int +cert_parse(struct sshbuf *b, struct sshkey *key, const u_char *blob, + size_t blen) +{ + u_char *principals = NULL, *critical = NULL, *exts = NULL; + u_char *sig_key = NULL, *sig = NULL; + size_t signed_len, plen, clen, sklen, slen, kidlen, elen; + struct sshbuf *tmp; + char *principal; + int ret = SSH_ERR_INTERNAL_ERROR; + int v00 = sshkey_cert_is_legacy(key); + char **oprincipals; + + if ((tmp = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + + /* Copy the entire key blob for verification and later serialisation */ + if ((ret = sshbuf_put(key->cert->certblob, blob, blen)) != 0) + return ret; + + elen = 0; /* Not touched for v00 certs */ + principals = exts = critical = sig_key = sig = NULL; + if ((!v00 && (ret = sshbuf_get_u64(b, &key->cert->serial)) != 0) || + (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 || + (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 || + (ret = sshbuf_get_string(b, &principals, &plen)) != 0 || + (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 || + (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 || + (ret = sshbuf_get_string(b, &critical, &clen)) != 0 || + (!v00 && (ret = sshbuf_get_string(b, &exts, &elen)) != 0) || + (v00 && (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0) || + (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 || + (ret = sshbuf_get_string(b, &sig_key, &sklen)) != 0) { + /* XXX debug print error for ret */ + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* Signature is left in the buffer so we can calculate this length */ + signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b); + + if ((ret = sshbuf_get_string(b, &sig, &slen)) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + + if (key->cert->type != SSH2_CERT_TYPE_USER && + key->cert->type != SSH2_CERT_TYPE_HOST) { + ret = SSH_ERR_KEY_CERT_UNKNOWN_TYPE; + goto out; + } + + if ((ret = sshbuf_put(tmp, principals, plen)) != 0) + goto out; + while (sshbuf_len(tmp) > 0) { + if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((ret = sshbuf_get_cstring(tmp, &principal, &plen)) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + oprincipals = key->cert->principals; + key->cert->principals = realloc(key->cert->principals, + (key->cert->nprincipals + 1) * + sizeof(*key->cert->principals)); + if (key->cert->principals == NULL) { + free(principal); + key->cert->principals = oprincipals; + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + key->cert->principals[key->cert->nprincipals++] = principal; + } + + sshbuf_reset(tmp); + + if ((ret = sshbuf_put(key->cert->critical, critical, clen)) != 0 || + (ret = sshbuf_put(tmp, critical, clen)) != 0) + goto out; + + /* validate structure */ + while (sshbuf_len(tmp) != 0) { + if ((ret = sshbuf_get_string_direct(tmp, NULL, NULL)) != 0 || + (ret = sshbuf_get_string_direct(tmp, NULL, NULL)) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + sshbuf_reset(tmp); + + if ((ret = sshbuf_put(key->cert->extensions, exts, elen)) != 0 || + (ret = sshbuf_put(tmp, exts, elen)) != 0) + goto out; + + /* validate structure */ + while (sshbuf_len(tmp) != 0) { + if ((ret = sshbuf_get_string_direct(tmp, NULL, NULL)) != 0 || + (ret = sshbuf_get_string_direct(tmp, NULL, NULL)) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + sshbuf_reset(tmp); + + if (sshkey_from_blob_internal(sig_key, sklen, + &key->cert->signature_key, 0) != 0) { + ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + goto out; + } + if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) { + ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + goto out; + } + + if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, + sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0) + goto out; + ret = 0; + + out: + sshbuf_free(tmp); + free(principals); + free(critical); + free(exts); + free(sig_key); + free(sig); + return ret; +} + +static int +sshkey_from_blob_internal(const u_char *blob, size_t blen, + struct sshkey **keyp, int allow_cert) +{ + struct sshbuf *b = NULL; + int type, nid = -1, ret = SSH_ERR_INTERNAL_ERROR; + char *ktype = NULL, *curve = NULL; + struct sshkey *key = NULL; + size_t len; + u_char *pk = NULL; +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + EC_POINT *q = NULL; +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ + +#ifdef DEBUG_PK /* XXX */ + dump_base64(stderr, blob, blen); +#endif + *keyp = NULL; + if ((b = sshbuf_from(blob, blen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + + type = sshkey_type_from_name(ktype); + if (sshkey_type_plain(type) == KEY_ECDSA) + nid = sshkey_ecdsa_nid_from_name(ktype); + if (!allow_cert && sshkey_type_is_cert(type)) { + ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + goto out; + } + switch (type) { +#ifdef WITH_OPENSSL + case KEY_RSA_CERT: + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ + case KEY_RSA: + case KEY_RSA_CERT_V00: + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshbuf_get_bignum2(b, key->rsa->e) == -1 || + sshbuf_get_bignum2(b, key->rsa->n) == -1) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } +#ifdef DEBUG_PK + RSA_print_fp(stderr, key->rsa, 8); +#endif + break; + case KEY_DSA_CERT: + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ + case KEY_DSA: + case KEY_DSA_CERT_V00: + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshbuf_get_bignum2(b, key->dsa->p) == -1 || + sshbuf_get_bignum2(b, key->dsa->q) == -1 || + sshbuf_get_bignum2(b, key->dsa->g) == -1 || + sshbuf_get_bignum2(b, key->dsa->pub_key) == -1) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } +#ifdef DEBUG_PK + DSA_print_fp(stderr, key->dsa, 8); +#endif + break; + case KEY_ECDSA_CERT: + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + key->ecdsa_nid = nid; + if (sshbuf_get_cstring(b, &curve, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (key->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { + ret = SSH_ERR_EC_CURVE_MISMATCH; + goto out; + } + if (key->ecdsa != NULL) + EC_KEY_free(key->ecdsa); + if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) + == NULL) { + ret = SSH_ERR_EC_CURVE_INVALID; + goto out; + } + if ((q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa)) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), + q) != 0) { + ret = SSH_ERR_KEY_INVALID_EC_VALUE; + goto out; + } + if (EC_KEY_set_public_key(key->ecdsa, q) != 1) { + /* XXX assume it is a allocation error */ + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +#ifdef DEBUG_PK + sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); +#endif + break; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ + case KEY_ED25519: + if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) + goto out; + if (len != ED25519_PK_SZ) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + key->ed25519_pk = pk; + pk = NULL; + break; + case KEY_UNSPEC: + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + break; + default: + ret = SSH_ERR_KEY_TYPE_UNKNOWN; + goto out; + } + + /* Parse certificate potion */ + if (sshkey_is_cert(key) && + (ret = cert_parse(b, key, blob, blen)) != 0) + goto out; + + if (key != NULL && sshbuf_len(b) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + ret = 0; + *keyp = key; + key = NULL; + out: + sshbuf_free(b); + sshkey_free(key); + free(ktype); + free(curve); + free(pk); +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + if (q != NULL) + EC_POINT_free(q); +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ + return ret; +} + +int +sshkey_from_blob(const u_char *blob, size_t blen, struct sshkey **keyp) +{ + return sshkey_from_blob_internal(blob, blen, keyp, 1); +} + +int +sshkey_sign(const struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + if (sigp != NULL) + *sigp = NULL; + if (lenp != NULL) + *lenp = 0; + if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) + return SSH_ERR_INVALID_ARGUMENT; + switch (key->type) { +#ifdef WITH_OPENSSL + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + case KEY_DSA: + return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + case KEY_ECDSA: + return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + case KEY_RSA: + return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } +} + +/* + * ssh_key_verify returns 0 for a correct signature and < 0 on error. + */ +int +sshkey_verify(const struct sshkey *key, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, u_int compat) +{ + if (siglen == 0) + return -1; + + if (dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) + return SSH_ERR_INVALID_ARGUMENT; + switch (key->type) { +#ifdef WITH_OPENSSL + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + case KEY_DSA: + return ssh_dss_verify(key, sig, siglen, data, dlen, compat); +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + case KEY_ECDSA: + return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + case KEY_RSA: + return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } +} + +/* Converts a private to a public key */ +int +sshkey_demote(const struct sshkey *k, struct sshkey **dkp) +{ + struct sshkey *pk; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (dkp != NULL) + *dkp = NULL; + + if ((pk = calloc(1, sizeof(*pk))) == NULL) + return SSH_ERR_ALLOC_FAIL; + pk->type = k->type; + pk->flags = k->flags; + pk->ecdsa_nid = k->ecdsa_nid; + pk->dsa = NULL; + pk->ecdsa = NULL; + pk->rsa = NULL; + pk->ed25519_pk = NULL; + pk->ed25519_sk = NULL; + + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ + case KEY_RSA1: + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL || + (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || + (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + break; + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL || + (pk->dsa->p = BN_dup(k->dsa->p)) == NULL || + (pk->dsa->q = BN_dup(k->dsa->q)) == NULL || + (pk->dsa->g = BN_dup(k->dsa->g)) == NULL || + (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + break; + case KEY_ECDSA_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid); + if (pk->ecdsa == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + if (EC_KEY_set_public_key(pk->ecdsa, + EC_KEY_get0_public_key(k->ecdsa)) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto fail; + } + break; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ + case KEY_ED25519: + if (k->ed25519_pk != NULL) { + if ((pk->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); + } + break; + default: + ret = SSH_ERR_KEY_TYPE_UNKNOWN; + fail: + sshkey_free(pk); + return ret; + } + *dkp = pk; + return 0; +} + +/* Convert a plain key to their _CERT equivalent */ +int +sshkey_to_certified(struct sshkey *k, int legacy) +{ + int newtype; + + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA: + newtype = legacy ? KEY_RSA_CERT_V00 : KEY_RSA_CERT; + break; + case KEY_DSA: + newtype = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT; + break; + case KEY_ECDSA: + if (legacy) + return SSH_ERR_INVALID_ARGUMENT; + newtype = KEY_ECDSA_CERT; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + if (legacy) + return SSH_ERR_INVALID_ARGUMENT; + newtype = KEY_ED25519_CERT; + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + if ((k->cert = cert_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + k->type = newtype; + return 0; +} + +/* Convert a certificate to its raw key equivalent */ +int +sshkey_drop_cert(struct sshkey *k) +{ + if (!sshkey_type_is_cert(k->type)) + return SSH_ERR_KEY_TYPE_UNKNOWN; + cert_free(k->cert); + k->cert = NULL; + k->type = sshkey_type_plain(k->type); + return 0; +} + +/* Sign a certified key, (re-)generating the signed certblob. */ +int +sshkey_certify(struct sshkey *k, struct sshkey *ca) +{ + struct sshbuf *principals = NULL; + u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; + size_t i, ca_len, sig_len; + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *cert; + + if (k == NULL || k->cert == NULL || + k->cert->certblob == NULL || ca == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (!sshkey_is_cert(k)) + return SSH_ERR_KEY_TYPE_UNKNOWN; + if (!sshkey_type_is_valid_ca(ca->type)) + return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + + if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0) + return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + + cert = k->cert->certblob; /* for readability */ + sshbuf_reset(cert); + if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0) + goto out; + + /* -v01 certs put nonce first */ + arc4random_buf(&nonce, sizeof(nonce)); + if (!sshkey_cert_is_legacy(k)) { + if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) + goto out; + } + + /* XXX this substantially duplicates to_blob(); refactor */ + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || + (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || + (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || + (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) + goto out; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + if ((ret = sshbuf_put_cstring(cert, + sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 || + (ret = sshbuf_put_ec(cert, + EC_KEY_get0_public_key(k->ecdsa), + EC_KEY_get0_group(k->ecdsa))) != 0) + goto out; + break; +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || + (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) + goto out; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: + if ((ret = sshbuf_put_string(cert, + k->ed25519_pk, ED25519_PK_SZ)) != 0) + goto out; + break; + default: + ret = SSH_ERR_INVALID_ARGUMENT; + } + + /* -v01 certs have a serial number next */ + if (!sshkey_cert_is_legacy(k)) { + if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0) + goto out; + } + + if ((ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || + (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0) + goto out; + + if ((principals = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + for (i = 0; i < k->cert->nprincipals; i++) { + if ((ret = sshbuf_put_cstring(principals, + k->cert->principals[i])) != 0) + goto out; + } + if ((ret = sshbuf_put_stringb(cert, principals)) != 0 || + (ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 || + (ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 || + (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0) + goto out; + + /* -v01 certs have non-critical options here */ + if (!sshkey_cert_is_legacy(k)) { + if ((ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0) + goto out; + } + + /* -v00 certs put the nonce at the end */ + if (sshkey_cert_is_legacy(k)) { + if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) + goto out; + } + + if ((ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ + (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) + goto out; + + /* Sign the whole mess */ + if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), + sshbuf_len(cert), 0)) != 0) + goto out; + + /* Append signature and we are done */ + if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0) + goto out; + ret = 0; + out: + if (ret != 0) + sshbuf_reset(cert); + if (sig_blob != NULL) + free(sig_blob); + if (ca_blob != NULL) + free(ca_blob); + if (principals != NULL) + sshbuf_free(principals); + return ret; +} + +int +sshkey_cert_check_authority(const struct sshkey *k, + int want_host, int require_principal, + const char *name, const char **reason) +{ + u_int i, principal_matches; + time_t now = time(NULL); + + if (reason != NULL) + *reason = NULL; + + if (want_host) { + if (k->cert->type != SSH2_CERT_TYPE_HOST) { + *reason = "Certificate invalid: not a host certificate"; + return SSH_ERR_KEY_CERT_INVALID; + } + } else { + if (k->cert->type != SSH2_CERT_TYPE_USER) { + *reason = "Certificate invalid: not a user certificate"; + return SSH_ERR_KEY_CERT_INVALID; + } + } + if (now < 0) { + /* yikes - system clock before epoch! */ + *reason = "Certificate invalid: not yet valid"; + return SSH_ERR_KEY_CERT_INVALID; + } + if ((u_int64_t)now < k->cert->valid_after) { + *reason = "Certificate invalid: not yet valid"; + return SSH_ERR_KEY_CERT_INVALID; + } + if ((u_int64_t)now >= k->cert->valid_before) { + *reason = "Certificate invalid: expired"; + return SSH_ERR_KEY_CERT_INVALID; + } + if (k->cert->nprincipals == 0) { + if (require_principal) { + *reason = "Certificate lacks principal list"; + return SSH_ERR_KEY_CERT_INVALID; + } + } else if (name != NULL) { + principal_matches = 0; + for (i = 0; i < k->cert->nprincipals; i++) { + if (strcmp(name, k->cert->principals[i]) == 0) { + principal_matches = 1; + break; + } + } + if (!principal_matches) { + *reason = "Certificate invalid: name is not a listed " + "principal"; + return SSH_ERR_KEY_CERT_INVALID; + } + } + return 0; +} + +int +sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) +{ + int r = SSH_ERR_INTERNAL_ERROR; + + if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) + goto out; + switch (key->type) { +#ifdef WITH_OPENSSL + case KEY_RSA: + if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) + goto out; + break; + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || + (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) + goto out; + break; + case KEY_DSA: + if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || + (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || + (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || + (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 || + (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) + goto out; + break; + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) + goto out; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + if ((r = sshbuf_put_cstring(b, + sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || + (r = sshbuf_put_eckey(b, key->ecdsa)) != 0 || + (r = sshbuf_put_bignum2(b, + EC_KEY_get0_private_key(key->ecdsa))) != 0) + goto out; + break; + case KEY_ECDSA_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_bignum2(b, + EC_KEY_get0_private_key(key->ecdsa))) != 0) + goto out; + break; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + if ((r = sshbuf_put_string(b, key->ed25519_pk, + ED25519_PK_SZ)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_sk, + ED25519_SK_SZ)) != 0) + goto out; + break; + case KEY_ED25519_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_pk, + ED25519_PK_SZ)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_sk, + ED25519_SK_SZ)) != 0) + goto out; + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + /* success */ + r = 0; + out: + return r; +} + +int +sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) +{ + char *tname = NULL, *curve = NULL; + struct sshkey *k = NULL; + const u_char *cert; + size_t len, pklen = 0, sklen = 0; + int type, r = SSH_ERR_INTERNAL_ERROR; + u_char *ed25519_pk = NULL, *ed25519_sk = NULL; +#ifdef WITH_OPENSSL + BIGNUM *exponent = NULL; +#endif /* WITH_OPENSSL */ + + if (kp != NULL) + *kp = NULL; + if ((r = sshbuf_get_cstring(buf, &tname, NULL)) != 0) + goto out; + type = sshkey_type_from_name(tname); + switch (type) { +#ifdef WITH_OPENSSL + case KEY_DSA: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 || + (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 || + (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 || + (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 || + (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) + goto out; + break; + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 || + (r = sshkey_from_blob(cert, len, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) + goto out; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0) + goto out; + if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { + r = SSH_ERR_EC_CURVE_MISMATCH; + goto out; + } + k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); + if (k->ecdsa == NULL || (exponent = BN_new()) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || + (r = sshbuf_get_bignum2(buf, exponent))) + goto out; + if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa)) != 0) || + (r = sshkey_ec_validate_private(k->ecdsa)) != 0) + goto out; + break; + case KEY_ECDSA_CERT: + if ((exponent = BN_new()) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 || + (r = sshkey_from_blob(cert, len, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_bignum2(buf, exponent)) != 0) + goto out; + if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa)) != 0) || + (r = sshkey_ec_validate_private(k->ecdsa)) != 0) + goto out; + break; +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || + (r = rsa_generate_additional_parameters(k->rsa)) != 0) + goto out; + break; + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 || + (r = sshkey_from_blob(cert, len, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->d) != 0) || + (r = sshbuf_get_bignum2(buf, k->rsa->iqmp) != 0) || + (r = sshbuf_get_bignum2(buf, k->rsa->p) != 0) || + (r = sshbuf_get_bignum2(buf, k->rsa->q) != 0) || + (r = rsa_generate_additional_parameters(k->rsa)) != 0) + goto out; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || + (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) + goto out; + if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + k->ed25519_pk = ed25519_pk; + k->ed25519_sk = ed25519_sk; + ed25519_pk = ed25519_sk = NULL; + break; + case KEY_ED25519_CERT: + if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 || + (r = sshkey_from_blob(cert, len, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || + (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) + goto out; + if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + k->ed25519_pk = ed25519_pk; + k->ed25519_sk = ed25519_sk; + ed25519_pk = ed25519_sk = NULL; + break; + default: + r = SSH_ERR_KEY_TYPE_UNKNOWN; + goto out; + } +#ifdef WITH_OPENSSL + /* enable blinding */ + switch (k->type) { + case KEY_RSA: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + case KEY_RSA1: + if (RSA_blinding_on(k->rsa, NULL) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + break; + } +#endif /* WITH_OPENSSL */ + /* success */ + r = 0; + if (kp != NULL) { + *kp = k; + k = NULL; + } + out: + free(tname); + free(curve); +#ifdef WITH_OPENSSL + if (exponent != NULL) + BN_clear_free(exponent); +#endif /* WITH_OPENSSL */ + sshkey_free(k); + if (ed25519_pk != NULL) { + explicit_bzero(ed25519_pk, pklen); + free(ed25519_pk); + } + if (ed25519_sk != NULL) { + explicit_bzero(ed25519_sk, sklen); + free(ed25519_sk); + } + return r; +} + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) +int +sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) +{ + BN_CTX *bnctx; + EC_POINT *nq = NULL; + BIGNUM *order, *x, *y, *tmp; + int ret = SSH_ERR_KEY_INVALID_EC_VALUE; + + if ((bnctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + BN_CTX_start(bnctx); + + /* + * We shouldn't ever hit this case because bignum_get_ecpoint() + * refuses to load GF2m points. + */ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_prime_field) + goto out; + + /* Q != infinity */ + if (EC_POINT_is_at_infinity(group, public)) + goto out; + + if ((x = BN_CTX_get(bnctx)) == NULL || + (y = BN_CTX_get(bnctx)) == NULL || + (order = BN_CTX_get(bnctx)) == NULL || + (tmp = BN_CTX_get(bnctx)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ + if (EC_GROUP_get_order(group, order, bnctx) != 1 || + EC_POINT_get_affine_coordinates_GFp(group, public, + x, y, bnctx) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (BN_num_bits(x) <= BN_num_bits(order) / 2 || + BN_num_bits(y) <= BN_num_bits(order) / 2) + goto out; + + /* nQ == infinity (n == order of subgroup) */ + if ((nq = EC_POINT_new(group)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (EC_POINT_is_at_infinity(group, nq) != 1) + goto out; + + /* x < order - 1, y < order - 1 */ + if (!BN_sub(tmp, order, BN_value_one())) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (BN_cmp(x, tmp) >= 0 || BN_cmp(y, tmp) >= 0) + goto out; + ret = 0; + out: + BN_CTX_free(bnctx); + if (nq != NULL) + EC_POINT_free(nq); + return ret; +} + +int +sshkey_ec_validate_private(const EC_KEY *key) +{ + BN_CTX *bnctx; + BIGNUM *order, *tmp; + int ret = SSH_ERR_KEY_INVALID_EC_VALUE; + + if ((bnctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + BN_CTX_start(bnctx); + + if ((order = BN_CTX_get(bnctx)) == NULL || + (tmp = BN_CTX_get(bnctx)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* log2(private) > log2(order)/2 */ + if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (BN_num_bits(EC_KEY_get0_private_key(key)) <= + BN_num_bits(order) / 2) + goto out; + + /* private < order - 1 */ + if (!BN_sub(tmp, order, BN_value_one())) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) + goto out; + ret = 0; + out: + BN_CTX_free(bnctx); + return ret; +} + +void +sshkey_dump_ec_point(const EC_GROUP *group, const EC_POINT *point) +{ + BIGNUM *x, *y; + BN_CTX *bnctx; + + if (point == NULL) { + fputs("point=(NULL)\n", stderr); + return; + } + if ((bnctx = BN_CTX_new()) == NULL) { + fprintf(stderr, "%s: BN_CTX_new failed\n", __func__); + return; + } + BN_CTX_start(bnctx); + if ((x = BN_CTX_get(bnctx)) == NULL || + (y = BN_CTX_get(bnctx)) == NULL) { + fprintf(stderr, "%s: BN_CTX_get failed\n", __func__); + return; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_prime_field) { + fprintf(stderr, "%s: group is not a prime field\n", __func__); + return; + } + if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, + bnctx) != 1) { + fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n", + __func__); + return; + } + fputs("x=", stderr); + BN_print_fp(stderr, x); + fputs("\ny=", stderr); + BN_print_fp(stderr, y); + fputs("\n", stderr); + BN_CTX_free(bnctx); +} + +void +sshkey_dump_ec_key(const EC_KEY *key) +{ + const BIGNUM *exponent; + + sshkey_dump_ec_point(EC_KEY_get0_group(key), + EC_KEY_get0_public_key(key)); + fputs("exponent=", stderr); + if ((exponent = EC_KEY_get0_private_key(key)) == NULL) + fputs("(NULL)", stderr); + else + BN_print_fp(stderr, EC_KEY_get0_private_key(key)); + fputs("\n", stderr); +} +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ + +static int +sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, + const char *passphrase, const char *comment, const char *ciphername, + int rounds) +{ + u_char *cp, *b64 = NULL, *key = NULL, *pubkeyblob = NULL; + u_char salt[SALT_LEN]; + size_t i, pubkeylen, keylen, ivlen, blocksize, authlen; + u_int check; + int r = SSH_ERR_INTERNAL_ERROR; + struct sshcipher_ctx ciphercontext; + const struct sshcipher *cipher; + const char *kdfname = KDFNAME; + struct sshbuf *encoded = NULL, *encrypted = NULL, *kdf = NULL; + + memset(&ciphercontext, 0, sizeof(ciphercontext)); + + if (rounds <= 0) + rounds = DEFAULT_ROUNDS; + if (passphrase == NULL || !strlen(passphrase)) { + ciphername = "none"; + kdfname = "none"; + } else if (ciphername == NULL) + ciphername = DEFAULT_CIPHERNAME; + else if (cipher_number(ciphername) != SSH_CIPHER_SSH2) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((cipher = cipher_by_name(ciphername)) == NULL) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + + if ((kdf = sshbuf_new()) == NULL || + (encoded = sshbuf_new()) == NULL || + (encrypted = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + blocksize = cipher_blocksize(cipher); + keylen = cipher_keylen(cipher); + ivlen = cipher_ivlen(cipher); + authlen = cipher_authlen(cipher); + if ((key = calloc(1, keylen + ivlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (strcmp(kdfname, "bcrypt") == 0) { + arc4random_buf(salt, SALT_LEN); + if (bcrypt_pbkdf(passphrase, strlen(passphrase), + salt, SALT_LEN, key, keylen + ivlen, rounds) < 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_string(kdf, salt, SALT_LEN)) != 0 || + (r = sshbuf_put_u32(kdf, rounds)) != 0) + goto out; + } else if (strcmp(kdfname, "none") != 0) { + /* Unsupported KDF type */ + r = SSH_ERR_KEY_UNKNOWN_CIPHER; + goto out; + } + if ((r = cipher_init(&ciphercontext, cipher, key, keylen, + key + keylen, ivlen, 1)) != 0) + goto out; + + if ((r = sshbuf_put(encoded, AUTH_MAGIC, sizeof(AUTH_MAGIC))) != 0 || + (r = sshbuf_put_cstring(encoded, ciphername)) != 0 || + (r = sshbuf_put_cstring(encoded, kdfname)) != 0 || + (r = sshbuf_put_stringb(encoded, kdf)) != 0 || + (r = sshbuf_put_u32(encoded, 1)) != 0 || /* number of keys */ + (r = sshkey_to_blob(prv, &pubkeyblob, &pubkeylen)) != 0 || + (r = sshbuf_put_string(encoded, pubkeyblob, pubkeylen)) != 0) + goto out; + + /* set up the buffer that will be encrypted */ + + /* Random check bytes */ + check = arc4random(); + if ((r = sshbuf_put_u32(encrypted, check)) != 0 || + (r = sshbuf_put_u32(encrypted, check)) != 0) + goto out; + + /* append private key and comment*/ + if ((r = sshkey_private_serialize(prv, encrypted)) != 0 || + (r = sshbuf_put_cstring(encrypted, comment)) != 0) + goto out; + + /* padding */ + i = 0; + while (sshbuf_len(encrypted) % blocksize) { + if ((r = sshbuf_put_u8(encrypted, ++i & 0xff)) != 0) + goto out; + } + + /* length in destination buffer */ + if ((r = sshbuf_put_u32(encoded, sshbuf_len(encrypted))) != 0) + goto out; + + /* encrypt */ + if ((r = sshbuf_reserve(encoded, + sshbuf_len(encrypted) + authlen, &cp)) != 0) + goto out; + if ((r = cipher_crypt(&ciphercontext, 0, cp, + sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0) + goto out; + + /* uuencode */ + if ((b64 = sshbuf_dtob64(encoded)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + sshbuf_reset(blob); + if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0) + goto out; + for (i = 0; i < strlen(b64); i++) { + if ((r = sshbuf_put_u8(blob, b64[i])) != 0) + goto out; + /* insert line breaks */ + if (i % 70 == 69 && (r = sshbuf_put_u8(blob, '\n')) != 0) + goto out; + } + if (i % 70 != 69 && (r = sshbuf_put_u8(blob, '\n')) != 0) + goto out; + if ((r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0) + goto out; + + /* success */ + r = 0; + + out: + sshbuf_free(kdf); + sshbuf_free(encoded); + sshbuf_free(encrypted); + cipher_cleanup(&ciphercontext); + explicit_bzero(salt, sizeof(salt)); + if (key != NULL) { + explicit_bzero(key, keylen + ivlen); + free(key); + } + if (pubkeyblob != NULL) { + explicit_bzero(pubkeyblob, pubkeylen); + free(pubkeyblob); + } + if (b64 != NULL) { + explicit_bzero(b64, strlen(b64)); + free(b64); + } + return r; +} + +static int +sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, + struct sshkey **keyp, char **commentp) +{ + char *comment = NULL, *ciphername = NULL, *kdfname = NULL; + const struct sshcipher *cipher = NULL; + const u_char *cp; + int r = SSH_ERR_INTERNAL_ERROR; + size_t encoded_len; + size_t i, keylen = 0, ivlen = 0, slen = 0; + struct sshbuf *encoded = NULL, *decoded = NULL; + struct sshbuf *kdf = NULL, *decrypted = NULL; + struct sshcipher_ctx ciphercontext; + struct sshkey *k = NULL; + u_char *key = NULL, *salt = NULL, *dp, pad, last; + u_int blocksize, rounds, nkeys, encrypted_len, check1, check2; + + memset(&ciphercontext, 0, sizeof(ciphercontext)); + if (keyp != NULL) + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + if ((encoded = sshbuf_new()) == NULL || + (decoded = sshbuf_new()) == NULL || + (decrypted = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* check preamble */ + cp = sshbuf_ptr(blob); + encoded_len = sshbuf_len(blob); + if (encoded_len < (MARK_BEGIN_LEN + MARK_END_LEN) || + memcmp(cp, MARK_BEGIN, MARK_BEGIN_LEN) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + cp += MARK_BEGIN_LEN; + encoded_len -= MARK_BEGIN_LEN; + + /* Look for end marker, removing whitespace as we go */ + while (encoded_len > 0) { + if (*cp != '\n' && *cp != '\r') { + if ((r = sshbuf_put_u8(encoded, *cp)) != 0) + goto out; + } + last = *cp; + encoded_len--; + cp++; + if (last == '\n') { + if (encoded_len >= MARK_END_LEN && + memcmp(cp, MARK_END, MARK_END_LEN) == 0) { + /* \0 terminate */ + if ((r = sshbuf_put_u8(encoded, 0)) != 0) + goto out; + break; + } + } + } + if (encoded_len == 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* decode base64 */ + if ((r = sshbuf_b64tod(decoded, sshbuf_ptr(encoded))) != 0) + goto out; + + /* check magic */ + if (sshbuf_len(decoded) < sizeof(AUTH_MAGIC) || + memcmp(sshbuf_ptr(decoded), AUTH_MAGIC, sizeof(AUTH_MAGIC))) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* parse public portion of key */ + if ((r = sshbuf_consume(decoded, sizeof(AUTH_MAGIC))) != 0 || + (r = sshbuf_get_cstring(decoded, &ciphername, NULL)) != 0 || + (r = sshbuf_get_cstring(decoded, &kdfname, NULL)) != 0 || + (r = sshbuf_froms(decoded, &kdf)) != 0 || + (r = sshbuf_get_u32(decoded, &nkeys)) != 0 || + (r = sshbuf_skip_string(decoded)) != 0 || /* pubkey */ + (r = sshbuf_get_u32(decoded, &encrypted_len)) != 0) + goto out; + + if ((cipher = cipher_by_name(ciphername)) == NULL) { + r = SSH_ERR_KEY_UNKNOWN_CIPHER; + goto out; + } + if ((passphrase == NULL || strlen(passphrase) == 0) && + strcmp(ciphername, "none") != 0) { + /* passphrase required */ + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) { + r = SSH_ERR_KEY_UNKNOWN_CIPHER; + goto out; + } + if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (nkeys != 1) { + /* XXX only one key supported */ + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* check size of encrypted key blob */ + blocksize = cipher_blocksize(cipher); + if (encrypted_len < blocksize || (encrypted_len % blocksize) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* setup key */ + keylen = cipher_keylen(cipher); + ivlen = cipher_ivlen(cipher); + if ((key = calloc(1, keylen + ivlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (strcmp(kdfname, "bcrypt") == 0) { + if ((r = sshbuf_get_string(kdf, &salt, &slen)) != 0 || + (r = sshbuf_get_u32(kdf, &rounds)) != 0) + goto out; + if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen, + key, keylen + ivlen, rounds) < 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + + /* decrypt private portion of key */ + if ((r = sshbuf_reserve(decrypted, encrypted_len, &dp)) != 0 || + (r = cipher_init(&ciphercontext, cipher, key, keylen, + key + keylen, ivlen, 0)) != 0) + goto out; + if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded), + sshbuf_len(decoded), 0, cipher_authlen(cipher))) != 0) { + /* an integrity error here indicates an incorrect passphrase */ + if (r == SSH_ERR_MAC_INVALID) + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + if ((r = sshbuf_consume(decoded, encrypted_len)) != 0) + goto out; + /* there should be no trailing data */ + if (sshbuf_len(decoded) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* check check bytes */ + if ((r = sshbuf_get_u32(decrypted, &check1)) != 0 || + (r = sshbuf_get_u32(decrypted, &check2)) != 0) + goto out; + if (check1 != check2) { + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + + /* Load the private key and comment */ + if ((r = sshkey_private_deserialize(decrypted, &k)) != 0 || + (r = sshbuf_get_cstring(decrypted, &comment, NULL)) != 0) + goto out; + + /* Check deterministic padding */ + i = 0; + while (sshbuf_len(decrypted)) { + if ((r = sshbuf_get_u8(decrypted, &pad)) != 0) + goto out; + if (pad != (++i & 0xff)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + + /* XXX decode pubkey and check against private */ + + /* success */ + r = 0; + if (keyp != NULL) { + *keyp = k; + k = NULL; + } + if (commentp != NULL) { + *commentp = comment; + comment = NULL; + } + out: + pad = 0; + cipher_cleanup(&ciphercontext); + free(ciphername); + free(kdfname); + free(comment); + if (salt != NULL) { + explicit_bzero(salt, slen); + free(salt); + } + if (key != NULL) { + explicit_bzero(key, keylen + ivlen); + free(key); + } + sshbuf_free(encoded); + sshbuf_free(decoded); + sshbuf_free(kdf); + sshbuf_free(decrypted); + sshkey_free(k); + return r; +} + +#if WITH_SSH1 +/* + * Serialises the authentication (private) key to a blob, encrypting it with + * passphrase. The identification of the blob (lowest 64 bits of n) will + * precede the key to provide identification of the key without needing a + * passphrase. + */ +static int +sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, + const char *passphrase, const char *comment) +{ + struct sshbuf *buffer = NULL, *encrypted = NULL; + u_char buf[8]; + int r, cipher_num; + struct sshcipher_ctx ciphercontext; + const struct sshcipher *cipher; + u_char *cp; + + /* + * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting + * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. + */ + cipher_num = (strcmp(passphrase, "") == 0) ? + SSH_CIPHER_NONE : SSH_CIPHER_3DES; + if ((cipher = cipher_by_number(cipher_num)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + + /* This buffer is used to build the secret part of the private key. */ + if ((buffer = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + + /* Put checkbytes for checking passphrase validity. */ + if ((r = sshbuf_reserve(buffer, 4, &cp)) != 0) + goto out; + arc4random_buf(cp, 2); + memcpy(cp + 2, cp, 2); + + /* + * Store the private key (n and e will not be stored because they + * will be stored in plain text, and storing them also in encrypted + * format would just give known plaintext). + * Note: q and p are stored in reverse order to SSL. + */ + if ((r = sshbuf_put_bignum1(buffer, key->rsa->d)) != 0 || + (r = sshbuf_put_bignum1(buffer, key->rsa->iqmp)) != 0 || + (r = sshbuf_put_bignum1(buffer, key->rsa->q)) != 0 || + (r = sshbuf_put_bignum1(buffer, key->rsa->p)) != 0) + goto out; + + /* Pad the part to be encrypted to a size that is a multiple of 8. */ + explicit_bzero(buf, 8); + if ((r = sshbuf_put(buffer, buf, 8 - (sshbuf_len(buffer) % 8))) != 0) + goto out; + + /* This buffer will be used to contain the data in the file. */ + if ((encrypted = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* First store keyfile id string. */ + if ((r = sshbuf_put(encrypted, LEGACY_BEGIN, + sizeof(LEGACY_BEGIN))) != 0) + goto out; + + /* Store cipher type and "reserved" field. */ + if ((r = sshbuf_put_u8(encrypted, cipher_num)) != 0 || + (r = sshbuf_put_u32(encrypted, 0)) != 0) + goto out; + + /* Store public key. This will be in plain text. */ + if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || + (r = sshbuf_put_bignum1(encrypted, key->rsa->n) != 0) || + (r = sshbuf_put_bignum1(encrypted, key->rsa->e) != 0) || + (r = sshbuf_put_cstring(encrypted, comment) != 0)) + goto out; + + /* Allocate space for the private part of the key in the buffer. */ + if ((r = sshbuf_reserve(encrypted, sshbuf_len(buffer), &cp)) != 0) + goto out; + + if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, + CIPHER_ENCRYPT)) != 0) + goto out; + if ((r = cipher_crypt(&ciphercontext, 0, cp, + sshbuf_ptr(buffer), sshbuf_len(buffer), 0, 0)) != 0) + goto out; + if ((r = cipher_cleanup(&ciphercontext)) != 0) + goto out; + + r = sshbuf_putb(blob, encrypted); + + out: + explicit_bzero(&ciphercontext, sizeof(ciphercontext)); + explicit_bzero(buf, sizeof(buf)); + if (buffer != NULL) + sshbuf_free(buffer); + if (encrypted != NULL) + sshbuf_free(encrypted); + + return r; +} +#endif /* WITH_SSH1 */ + +#ifdef WITH_OPENSSL +/* convert SSH v2 key in OpenSSL PEM format */ +static int +sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, + const char *_passphrase, const char *comment) +{ + int success, r; + int blen, len = strlen(_passphrase); + u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; +#if (OPENSSL_VERSION_NUMBER < 0x00907000L) + const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; +#else + const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; +#endif + const u_char *bptr; + BIO *bio = NULL; + + if (len > 0 && len <= 4) + return SSH_ERR_PASSPHRASE_TOO_SHORT; + if ((bio = BIO_new(BIO_s_mem())) == NULL) + return SSH_ERR_ALLOC_FAIL; + + switch (key->type) { + case KEY_DSA: + success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, + cipher, passphrase, len, NULL, NULL); + break; +#ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, + cipher, passphrase, len, NULL, NULL); + break; +#endif + case KEY_RSA: + success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, + cipher, passphrase, len, NULL, NULL); + break; + default: + success = 0; + break; + } + if (success == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + if ((r = sshbuf_put(blob, bptr, blen)) != 0) + goto out; + r = 0; + out: + BIO_free(bio); + return r; +} +#endif /* WITH_OPENSSL */ + +/* Serialise "key" to buffer "blob" */ +int +sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, + const char *passphrase, const char *comment, + int force_new_format, const char *new_format_cipher, int new_format_rounds) +{ + switch (key->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + return sshkey_private_rsa1_to_blob(key, blob, + passphrase, comment); + case KEY_DSA: + case KEY_ECDSA: + case KEY_RSA: + if (force_new_format) { + return sshkey_private_to_blob2(key, blob, passphrase, + comment, new_format_cipher, new_format_rounds); + } + return sshkey_private_pem_to_blob(key, blob, + passphrase, comment); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + return sshkey_private_to_blob2(key, blob, passphrase, + comment, new_format_cipher, new_format_rounds); + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } +} + +#ifdef WITH_SSH1 +/* + * Parse the public, unencrypted portion of a RSA1 key. + */ +int +sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, + struct sshkey **keyp, char **commentp) +{ + int r; + struct sshkey *pub = NULL; + struct sshbuf *copy = NULL; + + if (keyp != NULL) + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + /* Check that it is at least big enough to contain the ID string. */ + if (sshbuf_len(blob) < sizeof(LEGACY_BEGIN)) + return SSH_ERR_INVALID_FORMAT; + + /* + * Make sure it begins with the id string. Consume the id string + * from the buffer. + */ + if (memcmp(sshbuf_ptr(blob), LEGACY_BEGIN, sizeof(LEGACY_BEGIN)) != 0) + return SSH_ERR_INVALID_FORMAT; + /* Make a working copy of the keyblob and skip past the magic */ + if ((copy = sshbuf_fromb(blob)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_consume(copy, sizeof(LEGACY_BEGIN))) != 0) + goto out; + + /* Skip cipher type, reserved data and key bits. */ + if ((r = sshbuf_get_u8(copy, NULL)) != 0 || /* cipher type */ + (r = sshbuf_get_u32(copy, NULL)) != 0 || /* reserved */ + (r = sshbuf_get_u32(copy, NULL)) != 0) /* key bits */ + goto out; + + /* Read the public key from the buffer. */ + if ((pub = sshkey_new(KEY_RSA1)) == NULL || + (r = sshbuf_get_bignum1(copy, pub->rsa->n)) != 0 || + (r = sshbuf_get_bignum1(copy, pub->rsa->e)) != 0) + goto out; + + /* Finally, the comment */ + if ((r = sshbuf_get_string(copy, (u_char**)commentp, NULL)) != 0) + goto out; + + /* The encrypted private part is not parsed by this function. */ + + r = 0; + if (keyp != NULL) + *keyp = pub; + else + sshkey_free(pub); + pub = NULL; + + out: + if (copy != NULL) + sshbuf_free(copy); + if (pub != NULL) + sshkey_free(pub); + return r; +} + +static int +sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, + struct sshkey **keyp, char **commentp) +{ + int r; + u_int16_t check1, check2; + u_int8_t cipher_type; + struct sshbuf *decrypted = NULL, *copy = NULL; + u_char *cp; + char *comment = NULL; + struct sshcipher_ctx ciphercontext; + const struct sshcipher *cipher; + struct sshkey *prv = NULL; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + /* Check that it is at least big enough to contain the ID string. */ + if (sshbuf_len(blob) < sizeof(LEGACY_BEGIN)) + return SSH_ERR_INVALID_FORMAT; + + /* + * Make sure it begins with the id string. Consume the id string + * from the buffer. + */ + if (memcmp(sshbuf_ptr(blob), LEGACY_BEGIN, sizeof(LEGACY_BEGIN)) != 0) + return SSH_ERR_INVALID_FORMAT; + + if ((prv = sshkey_new_private(KEY_RSA1)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((copy = sshbuf_fromb(blob)) == NULL || + (decrypted = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_consume(copy, sizeof(LEGACY_BEGIN))) != 0) + goto out; + + /* Read cipher type. */ + if ((r = sshbuf_get_u8(copy, &cipher_type)) != 0 || + (r = sshbuf_get_u32(copy, NULL)) != 0) /* reserved */ + goto out; + + /* Read the public key and comment from the buffer. */ + if ((r = sshbuf_get_u32(copy, NULL)) != 0 || /* key bits */ + (r = sshbuf_get_bignum1(copy, prv->rsa->n)) != 0 || + (r = sshbuf_get_bignum1(copy, prv->rsa->e)) != 0 || + (r = sshbuf_get_cstring(copy, &comment, NULL)) != 0) + goto out; + + /* Check that it is a supported cipher. */ + cipher = cipher_by_number(cipher_type); + if (cipher == NULL) { + r = SSH_ERR_KEY_UNKNOWN_CIPHER; + goto out; + } + /* Initialize space for decrypted data. */ + if ((r = sshbuf_reserve(decrypted, sshbuf_len(copy), &cp)) != 0) + goto out; + + /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ + if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, + CIPHER_DECRYPT)) != 0) + goto out; + if ((r = cipher_crypt(&ciphercontext, 0, cp, + sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) { + cipher_cleanup(&ciphercontext); + goto out; + } + if ((r = cipher_cleanup(&ciphercontext)) != 0) + goto out; + + if ((r = sshbuf_get_u16(decrypted, &check1)) != 0 || + (r = sshbuf_get_u16(decrypted, &check2)) != 0) + goto out; + if (check1 != check2) { + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + + /* Read the rest of the private key. */ + if ((r = sshbuf_get_bignum1(decrypted, prv->rsa->d)) != 0 || + (r = sshbuf_get_bignum1(decrypted, prv->rsa->iqmp)) != 0 || + (r = sshbuf_get_bignum1(decrypted, prv->rsa->q)) != 0 || + (r = sshbuf_get_bignum1(decrypted, prv->rsa->p)) != 0) + goto out; + + /* calculate p-1 and q-1 */ + if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0) + goto out; + + /* enable blinding */ + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + *keyp = prv; + prv = NULL; + if (commentp != NULL) { + *commentp = comment; + comment = NULL; + } + out: + explicit_bzero(&ciphercontext, sizeof(ciphercontext)); + if (comment != NULL) + free(comment); + if (prv != NULL) + sshkey_free(prv); + if (copy != NULL) + sshbuf_free(copy); + if (decrypted != NULL) + sshbuf_free(decrypted); + return r; +} +#endif /* WITH_SSH1 */ + +#ifdef WITH_OPENSSL +/* XXX make private once ssh-keysign.c fixed */ +int +sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, + const char *passphrase, struct sshkey **keyp, char **commentp) +{ + EVP_PKEY *pk = NULL; + struct sshkey *prv = NULL; + char *name = ""; + BIO *bio = NULL; + int r; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX) + return SSH_ERR_ALLOC_FAIL; + if (BIO_write(bio, sshbuf_ptr(blob), sshbuf_len(blob)) != + (int)sshbuf_len(blob)) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, + (char *)passphrase)) == NULL) { + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + if (pk->type == EVP_PKEY_RSA && + (type == KEY_UNSPEC || type == KEY_RSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + prv->rsa = EVP_PKEY_get1_RSA(pk); + prv->type = KEY_RSA; + name = "rsa w/o comment"; +#ifdef DEBUG_PK + RSA_print_fp(stderr, prv->rsa, 8); +#endif + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + } else if (pk->type == EVP_PKEY_DSA && + (type == KEY_UNSPEC || type == KEY_DSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + prv->dsa = EVP_PKEY_get1_DSA(pk); + prv->type = KEY_DSA; + name = "dsa w/o comment"; +#ifdef DEBUG_PK + DSA_print_fp(stderr, prv->dsa, 8); +#endif +#ifdef OPENSSL_HAS_ECC + } else if (pk->type == EVP_PKEY_EC && + (type == KEY_UNSPEC || type == KEY_ECDSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); + prv->type = KEY_ECDSA; + prv->ecdsa_nid = sshkey_ecdsa_key_to_nid(prv->ecdsa); + if (prv->ecdsa_nid == -1 || + sshkey_curve_nid_to_name(prv->ecdsa_nid) == NULL || + sshkey_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), + EC_KEY_get0_public_key(prv->ecdsa)) != 0 || + sshkey_ec_validate_private(prv->ecdsa) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + name = "ecdsa w/o comment"; +# ifdef DEBUG_PK + if (prv != NULL && prv->ecdsa != NULL) + sshkey_dump_ec_key(prv->ecdsa); +# endif +#endif /* OPENSSL_HAS_ECC */ + } else { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (commentp != NULL && + (*commentp = strdup(name)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + r = 0; + *keyp = prv; + prv = NULL; + out: + BIO_free(bio); + if (pk != NULL) + EVP_PKEY_free(pk); + if (prv != NULL) + sshkey_free(prv); + return r; +} +#endif /* WITH_OPENSSL */ + +int +sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, + const char *passphrase, struct sshkey **keyp, char **commentp) +{ + int r; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + switch (type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + return sshkey_parse_private_rsa1(blob, passphrase, + keyp, commentp); + case KEY_DSA: + case KEY_ECDSA: + case KEY_RSA: + return sshkey_parse_private_pem_fileblob(blob, type, passphrase, + keyp, commentp); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + return sshkey_parse_private2(blob, type, passphrase, + keyp, commentp); + case KEY_UNSPEC: + if ((r = sshkey_parse_private2(blob, type, passphrase, keyp, + commentp)) == 0) + return 0; +#ifdef WITH_OPENSSL + return sshkey_parse_private_pem_fileblob(blob, type, passphrase, + keyp, commentp); +#else + return SSH_ERR_INVALID_FORMAT; +#endif /* WITH_OPENSSL */ + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } +} + +int +sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, + const char *filename, struct sshkey **keyp, char **commentp) +{ + int r; + + if (keyp != NULL) + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + +#ifdef WITH_SSH1 + /* it's a SSH v1 key if the public key part is readable */ + if ((r = sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL)) == 0) { + return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, + passphrase, keyp, commentp); + } +#endif /* WITH_SSH1 */ + if ((r = sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, + passphrase, keyp, commentp)) == 0) + return 0; + return r; +} diff --git a/crypto/openssh/sshkey.h b/crypto/openssh/sshkey.h new file mode 100644 index 0000000000..450b30c1f3 --- /dev/null +++ b/crypto/openssh/sshkey.h @@ -0,0 +1,232 @@ +/* $OpenBSD: sshkey.h,v 1.1 2014/06/24 01:16:58 djm Exp $ */ + +/* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef SSHKEY_H +#define SSHKEY_H + +#include + +#ifdef WITH_OPENSSL +#include +#include +# ifdef OPENSSL_HAS_ECC +# include +# else /* OPENSSL_HAS_ECC */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +# endif /* OPENSSL_HAS_ECC */ +#else /* WITH_OPENSSL */ +# define RSA void +# define DSA void +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +#endif /* WITH_OPENSSL */ + +#define SSH_RSA_MINIMUM_MODULUS_SIZE 768 +#define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) + +struct sshbuf; + +/* Key types */ +enum sshkey_types { + KEY_RSA1, + KEY_RSA, + KEY_DSA, + KEY_ECDSA, + KEY_ED25519, + KEY_RSA_CERT, + KEY_DSA_CERT, + KEY_ECDSA_CERT, + KEY_ED25519_CERT, + KEY_RSA_CERT_V00, + KEY_DSA_CERT_V00, + KEY_UNSPEC +}; + +/* Fingerprint hash algorithms */ +enum sshkey_fp_type { + SSH_FP_SHA1, + SSH_FP_MD5, + SSH_FP_SHA256 +}; + +/* Fingerprint representation formats */ +enum sshkey_fp_rep { + SSH_FP_HEX, + SSH_FP_BUBBLEBABBLE, + SSH_FP_RANDOMART +}; + +/* key is stored in external hardware */ +#define SSHKEY_FLAG_EXT 0x0001 + +#define SSHKEY_CERT_MAX_PRINCIPALS 256 +/* XXX opaquify? */ +struct sshkey_cert { + struct sshbuf *certblob; /* Kept around for use on wire */ + u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ + u_int64_t serial; + char *key_id; + u_int nprincipals; + char **principals; + u_int64_t valid_after, valid_before; + struct sshbuf *critical; + struct sshbuf *extensions; + struct sshkey *signature_key; +}; + +/* XXX opaquify? */ +struct sshkey { + int type; + int flags; + RSA *rsa; + DSA *dsa; + int ecdsa_nid; /* NID of curve */ + EC_KEY *ecdsa; + u_char *ed25519_sk; + u_char *ed25519_pk; + struct sshkey_cert *cert; +}; + +#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES +#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES + +struct sshkey *sshkey_new(int); +int sshkey_add_private(struct sshkey *); +struct sshkey *sshkey_new_private(int); +void sshkey_free(struct sshkey *); +int sshkey_demote(const struct sshkey *, struct sshkey **); +int sshkey_equal_public(const struct sshkey *, + const struct sshkey *); +int sshkey_equal(const struct sshkey *, const struct sshkey *); +char *sshkey_fingerprint(const struct sshkey *, + enum sshkey_fp_type, enum sshkey_fp_rep); +int sshkey_fingerprint_raw(const struct sshkey *k, + enum sshkey_fp_type dgst_type, u_char **retp, size_t *lenp); +const char *sshkey_type(const struct sshkey *); +const char *sshkey_cert_type(const struct sshkey *); +int sshkey_write(const struct sshkey *, FILE *); +int sshkey_read(struct sshkey *, char **); +u_int sshkey_size(const struct sshkey *); + +int sshkey_generate(int type, u_int bits, struct sshkey **keyp); +int sshkey_from_private(const struct sshkey *, struct sshkey **); +int sshkey_type_from_name(const char *); +int sshkey_is_cert(const struct sshkey *); +int sshkey_type_is_cert(int); +int sshkey_type_plain(int); +int sshkey_to_certified(struct sshkey *, int); +int sshkey_drop_cert(struct sshkey *); +int sshkey_certify(struct sshkey *, struct sshkey *); +int sshkey_cert_copy(const struct sshkey *, struct sshkey *); +int sshkey_cert_check_authority(const struct sshkey *, int, int, + const char *, const char **); +int sshkey_cert_is_legacy(const struct sshkey *); + +int sshkey_ecdsa_nid_from_name(const char *); +int sshkey_curve_name_to_nid(const char *); +const char * sshkey_curve_nid_to_name(int); +u_int sshkey_curve_nid_to_bits(int); +int sshkey_ecdsa_bits_to_nid(int); +int sshkey_ecdsa_key_to_nid(EC_KEY *); +int sshkey_ec_nid_to_hash_alg(int nid); +int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *); +int sshkey_ec_validate_private(const EC_KEY *); +const char *sshkey_ssh_name(const struct sshkey *); +const char *sshkey_ssh_name_plain(const struct sshkey *); +int sshkey_names_valid2(const char *); +char *key_alg_list(int, int); + +int sshkey_from_blob(const u_char *, size_t, struct sshkey **); +int sshkey_to_blob_buf(const struct sshkey *, struct sshbuf *); +int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); +int sshkey_plain_to_blob_buf(const struct sshkey *, struct sshbuf *); +int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); + +int sshkey_sign(const struct sshkey *, u_char **, size_t *, + const u_char *, size_t, u_int); +int sshkey_verify(const struct sshkey *, const u_char *, size_t, + const u_char *, size_t, u_int); + +/* for debug */ +void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); +void sshkey_dump_ec_key(const EC_KEY *); + +/* private key parsing and serialisation */ +int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); +int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); + +/* private key file format parsing and serialisation */ +int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, + const char *passphrase, const char *comment, + int force_new_format, const char *new_format_cipher, int new_format_rounds); +int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, + struct sshkey **keyp, char **commentp); +int sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, + const char *passphrase, struct sshkey **keyp, char **commentp); +int sshkey_parse_private_fileblob(struct sshbuf *buffer, + const char *passphrase, const char *filename, struct sshkey **keyp, + char **commentp); +int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, + const char *passphrase, struct sshkey **keyp, char **commentp); + +#ifdef SSHKEY_INTERNAL +int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_rsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); +int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_dss_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); +int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_ecdsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); +int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_ed25519_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); +#endif + +#if !defined(WITH_OPENSSL) +# undef RSA +# undef DSA +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#elif !defined(OPENSSL_HAS_ECC) +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#endif + +#endif /* SSHKEY_H */ diff --git a/crypto/openssh/sshlogin.c b/crypto/openssh/sshlogin.c index 54629f7477..7b951c844e 100644 --- a/crypto/openssh/sshlogin.c +++ b/crypto/openssh/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.27 2011/01/11 06:06:09 djm Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.29 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -58,6 +58,7 @@ #include "loginrec.h" #include "log.h" #include "buffer.h" +#include "misc.h" #include "servconf.h" extern Buffer loginmsg; @@ -97,7 +98,7 @@ store_lastlog_message(const char *user, uid_t uid) time_string = sys_auth_get_lastlogin_msg(user, uid); if (time_string != NULL) { buffer_append(&loginmsg, time_string, strlen(time_string)); - xfree(time_string); + free(time_string); } # else last_login_time = get_last_login_time(uid, user, hostname, diff --git a/crypto/openssh/sshlogin.h b/crypto/openssh/sshlogin.h index 500d3fefd6..52119a979f 100644 --- a/crypto/openssh/sshlogin.h +++ b/crypto/openssh/sshlogin.h @@ -15,7 +15,7 @@ void record_login(pid_t, const char *, const char *, uid_t, const char *, struct sockaddr *, socklen_t); void record_logout(pid_t, const char *, const char *); -time_t get_last_login_time(uid_t, const char *, char *, u_int); +time_t get_last_login_time(uid_t, const char *, char *, size_t); #ifdef LOGIN_NEEDS_UTMPX void record_utmp_only(pid_t, const char *, const char *, const char *, diff --git a/crypto/openssh/sshpty.c b/crypto/openssh/sshpty.c index bbbc0fefee..a2059b76d8 100644 --- a/crypto/openssh/sshpty.c +++ b/crypto/openssh/sshpty.c @@ -99,9 +99,6 @@ void pty_make_controlling_tty(int *ttyfd, const char *tty) { int fd; -#ifdef USE_VHANGUP - void *old; -#endif /* USE_VHANGUP */ #ifdef _UNICOS if (setsid() < 0) @@ -157,21 +154,11 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) if (setpgrp(0,0) < 0) error("SETPGRP %s",strerror(errno)); #endif /* NEED_SETPGRP */ -#ifdef USE_VHANGUP - old = signal(SIGHUP, SIG_IGN); - vhangup(); - signal(SIGHUP, old); -#endif /* USE_VHANGUP */ fd = open(tty, O_RDWR); if (fd < 0) { error("%.100s: %.100s", tty, strerror(errno)); } else { -#ifdef USE_VHANGUP - close(*ttyfd); - *ttyfd = fd; -#else /* USE_VHANGUP */ close(fd); -#endif /* USE_VHANGUP */ } /* Verify that we now have a controlling tty. */ fd = open(_PATH_TTY, O_WRONLY); diff --git a/crypto/openssh/uidswap.c b/crypto/openssh/uidswap.c index 8376483967..1f09d58876 100644 --- a/crypto/openssh/uidswap.c +++ b/crypto/openssh/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: uidswap.c,v 1.36 2013/11/08 11:15:19 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -20,6 +20,7 @@ #include #include #include +#include #include @@ -90,8 +91,7 @@ temporarily_use_uid(struct passwd *pw) if (getgroups(saved_egroupslen, saved_egroups) < 0) fatal("getgroups: %.100s", strerror(errno)); } else { /* saved_egroupslen == 0 */ - if (saved_egroups != NULL) - xfree(saved_egroups); + free(saved_egroups); } /* set and save the user's groups */ @@ -109,8 +109,7 @@ temporarily_use_uid(struct passwd *pw) if (getgroups(user_groupslen, user_groups) < 0) fatal("getgroups: %.100s", strerror(errno)); } else { /* user_groupslen == 0 */ - if (user_groups) - xfree(user_groups); + free(user_groups); } } /* Set the effective uid to the given (unprivileged) uid. */ @@ -135,23 +134,13 @@ temporarily_use_uid(struct passwd *pw) void permanently_drop_suid(uid_t uid) { +#ifndef HAVE_CYGWIN uid_t old_uid = getuid(); +#endif debug("permanently_drop_suid: %u", (u_int)uid); -#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID) if (setresuid(uid, uid, uid) < 0) fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); -#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID) - if (setreuid(uid, uid) < 0) - fatal("setreuid %u: %.100s", (u_int)uid, strerror(errno)); -#else -# ifndef SETEUID_BREAKS_SETUID - if (seteuid(uid) < 0) - fatal("seteuid %u: %.100s", (u_int)uid, strerror(errno)); -# endif - if (setuid(uid) < 0) - fatal("setuid %u: %.100s", (u_int)uid, strerror(errno)); -#endif #ifndef HAVE_CYGWIN /* Try restoration of UID if changed (test clearing of saved uid) */ @@ -210,8 +199,10 @@ restore_uid(void) void permanently_set_uid(struct passwd *pw) { +#ifndef HAVE_CYGWIN uid_t old_uid = getuid(); gid_t old_gid = getgid(); +#endif if (pw == NULL) fatal("permanently_set_uid: no user given"); @@ -220,18 +211,8 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); -#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID) if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); -#elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID) - if (setregid(pw->pw_gid, pw->pw_gid) < 0) - fatal("setregid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); -#else - if (setegid(pw->pw_gid) < 0) - fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); - if (setgid(pw->pw_gid) < 0) - fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); -#endif #ifdef __APPLE__ /* @@ -243,20 +224,8 @@ permanently_set_uid(struct passwd *pw) pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); #endif -#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID) if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); -#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID) - if (setreuid(pw->pw_uid, pw->pw_uid) < 0) - fatal("setreuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); -#else -# ifndef SETEUID_BREAKS_SETUID - if (seteuid(pw->pw_uid) < 0) - fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); -# endif - if (setuid(pw->pw_uid) < 0) - fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); -#endif #ifndef HAVE_CYGWIN /* Try restoration of GID if changed (test clearing of saved gid) */ diff --git a/crypto/openssh/umac.c b/crypto/openssh/umac.c index e78d2cc5f5..6eb55b26ef 100644 --- a/crypto/openssh/umac.c +++ b/crypto/openssh/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.4 2011/10/19 10:39:48 djm Exp $ */ +/* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -52,7 +52,15 @@ /* --- User Switches ---------------------------------------------------- */ /* ---------------------------------------------------------------------- */ +#ifndef UMAC_OUTPUT_LEN #define UMAC_OUTPUT_LEN 8 /* Alowable: 4, 8, 12, 16 */ +#endif + +#if UMAC_OUTPUT_LEN != 4 && UMAC_OUTPUT_LEN != 8 && \ + UMAC_OUTPUT_LEN != 12 && UMAC_OUTPUT_LEN != 16 +# error UMAC_OUTPUT_LEN must be defined to 4, 8, 12 or 16 +#endif + /* #define FORCE_C_ONLY 1 ANSI C and 64-bit integers req'd */ /* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */ /* #define SSE2 0 Is SSE2 is available? */ @@ -65,13 +73,15 @@ #include "includes.h" #include - -#include "xmalloc.h" -#include "umac.h" #include +#include #include #include +#include "xmalloc.h" +#include "umac.h" +#include "misc.h" + /* ---------------------------------------------------------------------- */ /* --- Primitive Data Types --- */ /* ---------------------------------------------------------------------- */ @@ -123,41 +133,17 @@ typedef unsigned int UWORD; /* Register */ /* --- Endian Conversion --- Forcing assembly on some platforms */ /* ---------------------------------------------------------------------- */ -#if HAVE_SWAP32 -#define LOAD_UINT32_REVERSED(p) (swap32(*(UINT32 *)(p))) -#define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = swap32(v)) -#else /* HAVE_SWAP32 */ - -static UINT32 LOAD_UINT32_REVERSED(void *ptr) -{ - UINT32 temp = *(UINT32 *)ptr; - temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 ) - | ((temp & 0x0000FF00) << 8 ) | (temp << 24); - return (UINT32)temp; -} - -# if (__LITTLE_ENDIAN__) -static void STORE_UINT32_REVERSED(void *ptr, UINT32 x) -{ - UINT32 i = (UINT32)x; - *(UINT32 *)ptr = (i >> 24) | ((i & 0x00FF0000) >> 8 ) - | ((i & 0x0000FF00) << 8 ) | (i << 24); -} -# endif /* __LITTLE_ENDIAN */ -#endif /* HAVE_SWAP32 */ - -/* The following definitions use the above reversal-primitives to do the right - * thing on endian specific load and stores. - */ - #if (__LITTLE_ENDIAN__) -#define LOAD_UINT32_LITTLE(ptr) (*(UINT32 *)(ptr)) -#define STORE_UINT32_BIG(ptr,x) STORE_UINT32_REVERSED(ptr,x) +#define LOAD_UINT32_REVERSED(p) get_u32(p) +#define STORE_UINT32_REVERSED(p,v) put_u32(p,v) #else -#define LOAD_UINT32_LITTLE(ptr) LOAD_UINT32_REVERSED(ptr) -#define STORE_UINT32_BIG(ptr,x) (*(UINT32 *)(ptr) = (UINT32)(x)) +#define LOAD_UINT32_REVERSED(p) get_u32_le(p) +#define STORE_UINT32_REVERSED(p,v) put_u32_le(p,v) #endif +#define LOAD_UINT32_LITTLE(p) (get_u32_le(p)) +#define STORE_UINT32_BIG(p,v) put_u32(p, v) + /* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */ /* ----- Begin KDF & PDF Section ---------------------------------------- */ @@ -168,6 +154,7 @@ static void STORE_UINT32_REVERSED(void *ptr, UINT32 x) #define AES_BLOCK_LEN 16 /* OpenSSL's AES */ +#ifdef WITH_OPENSSL #include "openbsd-compat/openssl-compat.h" #ifndef USE_BUILTIN_RIJNDAEL # include @@ -176,7 +163,17 @@ typedef AES_KEY aes_int_key[1]; #define aes_encryption(in,out,int_key) \ AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) #define aes_key_setup(key,int_key) \ - AES_set_encrypt_key((u_char *)(key),UMAC_KEY_LEN*8,int_key) + AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) +#else +#include "rijndael.h" +#define AES_ROUNDS ((UMAC_KEY_LEN / 4) + 6) +typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */ +#define aes_encryption(in,out,int_key) \ + rijndaelEncrypt((u32 *)(int_key), AES_ROUNDS, (u8 *)(in), (u8 *)(out)) +#define aes_key_setup(key,int_key) \ + rijndaelKeySetupEnc((u32 *)(int_key), (const unsigned char *)(key), \ + UMAC_KEY_LEN*8) +#endif /* The user-supplied UMAC key is stretched using AES in a counter * mode to supply all random bits needed by UMAC. The kdf function takes @@ -232,7 +229,7 @@ static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) aes_encryption(pc->nonce, pc->cache, pc->prf_key); } -static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) +static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) { /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes * of the AES output. If last time around we returned the ndx-1st @@ -246,19 +243,21 @@ static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) #elif (UMAC_OUTPUT_LEN > 8) #define LOW_BIT_MASK 0 #endif - - UINT8 tmp_nonce_lo[4]; + union { + UINT8 tmp_nonce_lo[4]; + UINT32 align; + } t; #if LOW_BIT_MASK != 0 int ndx = nonce[7] & LOW_BIT_MASK; #endif - *(UINT32 *)tmp_nonce_lo = ((UINT32 *)nonce)[1]; - tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ + *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; + t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ - if ( (((UINT32 *)tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || - (((UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) + if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || + (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) { - ((UINT32 *)pc->nonce)[0] = ((UINT32 *)nonce)[0]; - ((UINT32 *)pc->nonce)[1] = ((UINT32 *)tmp_nonce_lo)[0]; + ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0]; + ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; aes_encryption(pc->nonce, pc->cache, pc->prf_key); } @@ -325,7 +324,7 @@ typedef struct { #if (UMAC_OUTPUT_LEN == 4) -static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) +static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) /* NH hashing primitive. Previous (partial) hash result is loaded and * then stored via hp pointer. The length of the data pointed at by "dp", * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key @@ -335,7 +334,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) UINT64 h; UWORD c = dlen / 32; UINT32 *k = (UINT32 *)kp; - UINT32 *d = (UINT32 *)dp; + const UINT32 *d = (const UINT32 *)dp; UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 k0,k1,k2,k3,k4,k5,k6,k7; @@ -360,7 +359,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) #elif (UMAC_OUTPUT_LEN == 8) -static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) +static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) /* Same as previous nh_aux, but two streams are handled in one pass, * reading and writing 16 bytes of hash-state per call. */ @@ -368,7 +367,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) UINT64 h1,h2; UWORD c = dlen / 32; UINT32 *k = (UINT32 *)kp; - UINT32 *d = (UINT32 *)dp; + const UINT32 *d = (const UINT32 *)dp; UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 k0,k1,k2,k3,k4,k5,k6,k7, k8,k9,k10,k11; @@ -407,7 +406,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) #elif (UMAC_OUTPUT_LEN == 12) -static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) +static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) /* Same as previous nh_aux, but two streams are handled in one pass, * reading and writing 24 bytes of hash-state per call. */ @@ -415,7 +414,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) UINT64 h1,h2,h3; UWORD c = dlen / 32; UINT32 *k = (UINT32 *)kp; - UINT32 *d = (UINT32 *)dp; + const UINT32 *d = (const UINT32 *)dp; UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 k0,k1,k2,k3,k4,k5,k6,k7, k8,k9,k10,k11,k12,k13,k14,k15; @@ -462,7 +461,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) #elif (UMAC_OUTPUT_LEN == 16) -static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) +static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) /* Same as previous nh_aux, but two streams are handled in one pass, * reading and writing 24 bytes of hash-state per call. */ @@ -470,7 +469,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) UINT64 h1,h2,h3,h4; UWORD c = dlen / 32; UINT32 *k = (UINT32 *)kp; - UINT32 *d = (UINT32 *)dp; + const UINT32 *d = (const UINT32 *)dp; UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 k0,k1,k2,k3,k4,k5,k6,k7, k8,k9,k10,k11,k12,k13,k14,k15, @@ -531,7 +530,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) /* ---------------------------------------------------------------------- */ -static void nh_transform(nh_ctx *hc, UINT8 *buf, UINT32 nbytes) +static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) /* This function is a wrapper for the primitive NH hash functions. It takes * as argument "hc" the current hash context and a buffer which must be a * multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset @@ -606,7 +605,7 @@ static void nh_init(nh_ctx *hc, aes_int_key prf_key) /* ---------------------------------------------------------------------- */ -static void nh_update(nh_ctx *hc, UINT8 *buf, UINT32 nbytes) +static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) /* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */ /* even multiple of HASH_BUF_BYTES. */ { @@ -701,7 +700,7 @@ static void nh_final(nh_ctx *hc, UINT8 *result) /* ---------------------------------------------------------------------- */ -static void nh(nh_ctx *hc, UINT8 *buf, UINT32 padded_len, +static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, UINT32 unpadded_len, UINT8 *result) /* All-in-one nh_update() and nh_final() equivalent. * Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is @@ -1039,7 +1038,7 @@ static int uhash_free(uhash_ctx_t ctx) #endif /* ---------------------------------------------------------------------- */ -static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) +static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len) /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and * hash each one with NH, calling the polyhash on each NH output. */ @@ -1049,7 +1048,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) UINT8 *nh_result = (UINT8 *)&result_buf; if (ctx->msg_len + len <= L1_KEY_LEN) { - nh_update(&ctx->hash, (UINT8 *)input, len); + nh_update(&ctx->hash, (const UINT8 *)input, len); ctx->msg_len += len; } else { @@ -1064,7 +1063,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) /* bytes to complete the current nh_block. */ if (bytes_hashed) { bytes_remaining = (L1_KEY_LEN - bytes_hashed); - nh_update(&ctx->hash, (UINT8 *)input, bytes_remaining); + nh_update(&ctx->hash, (const UINT8 *)input, bytes_remaining); nh_final(&ctx->hash, nh_result); ctx->msg_len += bytes_remaining; poly_hash(ctx,(UINT32 *)nh_result); @@ -1074,7 +1073,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) /* Hash directly from input stream if enough bytes */ while (len >= L1_KEY_LEN) { - nh(&ctx->hash, (UINT8 *)input, L1_KEY_LEN, + nh(&ctx->hash, (const UINT8 *)input, L1_KEY_LEN, L1_KEY_LEN, nh_result); ctx->msg_len += L1_KEY_LEN; len -= L1_KEY_LEN; @@ -1085,7 +1084,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) /* pass remaining < L1_KEY_LEN bytes of input data to NH */ if (len) { - nh_update(&ctx->hash, (UINT8 *)input, len); + nh_update(&ctx->hash, (const UINT8 *)input, len); ctx->msg_len += len; } } @@ -1201,14 +1200,14 @@ int umac_delete(struct umac_ctx *ctx) if (ctx) { if (ALLOC_BOUNDARY) ctx = (struct umac_ctx *)ctx->free_ptr; - xfree(ctx); + free(ctx); } return (1); } /* ---------------------------------------------------------------------- */ -struct umac_ctx *umac_new(u_char key[]) +struct umac_ctx *umac_new(const u_char key[]) /* Dynamically allocate a umac_ctx struct, initialize variables, * generate subkeys from key. Align to 16-byte boundary. */ @@ -1217,7 +1216,7 @@ struct umac_ctx *umac_new(u_char key[]) size_t bytes_to_add; aes_int_key prf_key; - octx = ctx = xmalloc(sizeof(*ctx) + ALLOC_BOUNDARY); + octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); if (ctx) { if (ALLOC_BOUNDARY) { bytes_to_add = ALLOC_BOUNDARY - @@ -1225,7 +1224,7 @@ struct umac_ctx *umac_new(u_char key[]) ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add); } ctx->free_ptr = octx; - aes_key_setup(key,prf_key); + aes_key_setup(key, prf_key); pdf_init(&ctx->pdf, prf_key); uhash_init(&ctx->hash, prf_key); } @@ -1235,18 +1234,18 @@ struct umac_ctx *umac_new(u_char key[]) /* ---------------------------------------------------------------------- */ -int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]) +int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]) /* Incorporate any pending data, pad, and generate tag */ { uhash_final(&ctx->hash, (u_char *)tag); - pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); + pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); return (1); } /* ---------------------------------------------------------------------- */ -int umac_update(struct umac_ctx *ctx, u_char *input, long len) +int umac_update(struct umac_ctx *ctx, const u_char *input, long len) /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */ /* hash each one, calling the PDF on the hashed output whenever the hash- */ /* output buffer is full. */ diff --git a/crypto/openssh/umac.h b/crypto/openssh/umac.h index 055c705f89..7fb770f8a5 100644 --- a/crypto/openssh/umac.h +++ b/crypto/openssh/umac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.h,v 1.1 2007/06/07 19:37:34 pvalchev Exp $ */ +/* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */ /* ----------------------------------------------------------------------- * * umac.h -- C Implementation UMAC Message Authentication @@ -52,7 +52,7 @@ extern "C" { #endif -struct umac_ctx *umac_new(u_char key[]); +struct umac_ctx *umac_new(const u_char key[]); /* Dynamically allocate a umac_ctx struct, initialize variables, * generate subkeys from key. */ @@ -62,10 +62,10 @@ int umac_reset(struct umac_ctx *ctx); /* Reset a umac_ctx to begin authenicating a new message */ #endif -int umac_update(struct umac_ctx *ctx, u_char *input, long len); +int umac_update(struct umac_ctx *ctx, const u_char *input, long len); /* Incorporate len bytes pointed to by input into context ctx */ -int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]); +int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); /* Incorporate any pending data and the ctr value, and return tag. * This function returns error code if ctr < 0. */ @@ -116,6 +116,12 @@ int uhash(uhash_ctx_t ctx, #endif +/* matching umac-128 API, we reuse umac_ctx, since it's opaque */ +struct umac_ctx *umac128_new(const u_char key[]); +int umac128_update(struct umac_ctx *ctx, const u_char *input, long len); +int umac128_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); +int umac128_delete(struct umac_ctx *ctx); + #ifdef __cplusplus } #endif diff --git a/crypto/openssh/uuencode.c b/crypto/openssh/uuencode.c index 09d80d2fcc..294c743046 100644 --- a/crypto/openssh/uuencode.c +++ b/crypto/openssh/uuencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.c,v 1.26 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: uuencode.c,v 1.27 2013/05/17 00:13:14 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -29,6 +29,7 @@ #include #include #include +#include #include "xmalloc.h" #include "uuencode.h" @@ -67,7 +68,7 @@ uudecode(const char *src, u_char *target, size_t targsize) /* and remove trailing whitespace because __b64_pton needs this */ *p = '\0'; len = __b64_pton(encoded, target, targsize); - xfree(encoded); + free(encoded); return len; } @@ -90,5 +91,5 @@ dump_base64(FILE *fp, const u_char *data, u_int len) } if (i % 70 != 69) fprintf(fp, "\n"); - xfree(buf); + free(buf); } diff --git a/crypto/openssh/verify.c b/crypto/openssh/verify.c new file mode 100644 index 0000000000..1671a4132c --- /dev/null +++ b/crypto/openssh/verify.c @@ -0,0 +1,49 @@ +/* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Author: Daniel J. Bernstein + * Copied from nacl-20110221/crypto_verify/32/ref/verify.c + */ + +#include "includes.h" + +#include "crypto_api.h" + +int crypto_verify_32(const unsigned char *x,const unsigned char *y) +{ + unsigned int differentbits = 0; +#define F(i) differentbits |= x[i] ^ y[i]; + F(0) + F(1) + F(2) + F(3) + F(4) + F(5) + F(6) + F(7) + F(8) + F(9) + F(10) + F(11) + F(12) + F(13) + F(14) + F(15) + F(16) + F(17) + F(18) + F(19) + F(20) + F(21) + F(22) + F(23) + F(24) + F(25) + F(26) + F(27) + F(28) + F(29) + F(30) + F(31) + return (1 & ((differentbits - 1) >> 8)) - 1; +} diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h new file mode 100644 index 0000000000..cc8a079a91 --- /dev/null +++ b/crypto/openssh/version.h @@ -0,0 +1,6 @@ +/* $OpenBSD: version.h,v 1.71 2014/04/18 23:52:25 djm Exp $ */ + +#define SSH_VERSION "OpenSSH_6.7" + +#define SSH_PORTABLE "p1" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/crypto/openssh/xmalloc.c b/crypto/openssh/xmalloc.c index 9985b4cc2a..2f1cd23069 100644 --- a/crypto/openssh/xmalloc.c +++ b/crypto/openssh/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.29 2014/01/04 17:50:55 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -33,7 +33,7 @@ xmalloc(size_t size) fatal("xmalloc: zero size"); ptr = malloc(size); if (ptr == NULL) - fatal("xmalloc: out of memory (allocating %lu bytes)", (u_long) size); + fatal("xmalloc: out of memory (allocating %zu bytes)", size); return ptr; } @@ -48,8 +48,8 @@ xcalloc(size_t nmemb, size_t size) fatal("xcalloc: nmemb * size > SIZE_T_MAX"); ptr = calloc(nmemb, size); if (ptr == NULL) - fatal("xcalloc: out of memory (allocating %lu bytes)", - (u_long)(size * nmemb)); + fatal("xcalloc: out of memory (allocating %zu bytes)", + size * nmemb); return ptr; } @@ -68,19 +68,11 @@ xrealloc(void *ptr, size_t nmemb, size_t size) else new_ptr = realloc(ptr, new_size); if (new_ptr == NULL) - fatal("xrealloc: out of memory (new_size %lu bytes)", - (u_long) new_size); + fatal("xrealloc: out of memory (new_size %zu bytes)", + new_size); return new_ptr; } -void -xfree(void *ptr) -{ - if (ptr == NULL) - fatal("xfree: NULL pointer given as argument"); - free(ptr); -} - char * xstrdup(const char *str) { diff --git a/crypto/openssh/xmalloc.h b/crypto/openssh/xmalloc.h index fb217a45c9..261dfd612c 100644 --- a/crypto/openssh/xmalloc.h +++ b/crypto/openssh/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.14 2013/05/17 00:13:14 djm Exp $ */ /* * Author: Tatu Ylonen @@ -19,7 +19,6 @@ void *xmalloc(size_t); void *xcalloc(size_t, size_t); void *xrealloc(void *, size_t, size_t); -void xfree(void *); char *xstrdup(const char *); int xasprintf(char **, const char *, ...) __attribute__((__format__ (printf, 2, 3))) -- 2.11.4.GIT