external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index cd33515..ceabc8b 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.3 2010/02/24 06:12:53 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.10 2015/01/20 23:14:00 deraadt Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@@ -79,7 +79,7 @@
nxt = TAILQ_NEXT(ki, next);
if (!strcmp(ki->providername, name)) {
TAILQ_REMOVE(&pkcs11_keylist, ki, next);
- xfree(ki->providername);
+ free(ki->providername);
key_free(ki->key);
free(ki);
}
@@ -127,18 +127,19 @@
buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER);
buffer_put_int(&msg, nkeys);
for (i = 0; i < nkeys; i++) {
- key_to_blob(keys[i], &blob, &blen);
+ if (key_to_blob(keys[i], &blob, &blen) == 0)
+ continue;
buffer_put_string(&msg, blob, blen);
buffer_put_cstring(&msg, name);
- xfree(blob);
+ free(blob);
add_key(keys[i], name);
}
- xfree(keys);
+ free(keys);
} else {
buffer_put_char(&msg, SSH_AGENT_FAILURE);
}
- xfree(pin);
- xfree(name);
+ free(pin);
+ free(name);
send_msg(&msg);
buffer_free(&msg);
}
@@ -157,8 +158,8 @@
buffer_put_char(&msg, SSH_AGENT_SUCCESS);
else
buffer_put_char(&msg, SSH_AGENT_FAILURE);
- xfree(pin);
- xfree(name);
+ free(pin);
+ free(name);
send_msg(&msg);
buffer_free(&msg);
}
@@ -168,16 +169,19 @@
{
u_char *blob, *data, *signature = NULL;
u_int blen, dlen, slen = 0;
- int ok = -1, flags, ret;
+ int ok = -1;
Key *key, *found;
Buffer msg;
blob = get_string(&blen);
data = get_string(&dlen);
- flags = get_int(); /* XXX ignore */
+ (void)get_int(); /* XXX ignore flags */
if ((key = key_from_blob(blob, blen)) != NULL) {
if ((found = lookup_key(key)) != NULL) {
+#ifdef WITH_OPENSSL
+ int ret;
+
slen = RSA_size(key->rsa);
signature = xmalloc(slen);
if ((ret = RSA_private_encrypt(dlen, data, signature,
@@ -185,6 +189,7 @@
slen = ret;
ok = 0;
}
+#endif /* WITH_OPENSSL */
}
key_free(key);
}
@@ -195,10 +200,9 @@
} else {
buffer_put_char(&msg, SSH_AGENT_FAILURE);
}
- xfree(data);
- xfree(blob);
- if (signature != NULL)
- xfree(signature);
+ free(data);
+ free(blob);
+ free(signature);
send_msg(&msg);
buffer_free(&msg);
}
@@ -274,7 +278,6 @@
LogLevel log_level = SYSLOG_LEVEL_ERROR;
char buf[4*4096];
- extern char *optarg;
extern char *__progname;
TAILQ_INIT(&pkcs11_keylist);