external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/roaming_common.c b/roaming_common.c
index 9adbe56..ea06460 100644
--- a/roaming_common.c
+++ b/roaming_common.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: roaming_common.c,v 1.8 2010/01/12 00:59:29 djm Exp $ */
+/* $OpenBSD: roaming_common.c,v 1.13 2015/01/27 12:54:06 okan Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@@ -22,9 +22,6 @@
#include <sys/uio.h>
#include <errno.h>
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
@@ -36,6 +33,7 @@
#include "cipher.h"
#include "buffer.h"
#include "roaming.h"
+#include "digest.h"
static size_t out_buf_size = 0;
static char *out_buf = NULL;
@@ -49,7 +47,7 @@
int resume_in_progress = 0;
int
-get_snd_buf_size()
+get_snd_buf_size(void)
{
int fd = packet_get_connection_out();
int optval;
@@ -61,7 +59,7 @@
}
int
-get_recv_buf_size()
+get_recv_buf_size(void)
{
int fd = packet_get_connection_in();
int optval;
@@ -75,6 +73,8 @@
void
set_out_buffer_size(size_t size)
{
+ if (size == 0 || size > MAX_ROAMBUF)
+ fatal("%s: bad buffer size %lu", __func__, (u_long)size);
/*
* The buffer size can only be set once and the buffer will live
* as long as the session lives.
@@ -223,9 +223,7 @@
void
calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge)
{
- const EVP_MD *md = EVP_sha1();
- EVP_MD_CTX ctx;
- char hash[EVP_MAX_MD_SIZE];
+ u_char hash[SSH_DIGEST_MAX_LENGTH];
Buffer b;
buffer_init(&b);
@@ -233,12 +231,11 @@
buffer_put_int64(&b, cookie);
buffer_put_int64(&b, challenge);
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&ctx, hash, NULL);
+ if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0)
+ fatal("%s: digest_buffer failed", __func__);
buffer_clear(&b);
- buffer_append(&b, hash, EVP_MD_size(md));
+ buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
*key = buffer_get_int64(&b);
buffer_free(&b);
}