external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/ssh_api.h b/ssh_api.h
new file mode 100644
index 0000000..642acd5
--- /dev/null
+++ b/ssh_api.h
@@ -0,0 +1,137 @@
+/* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */
+/*
+ * Copyright (c) 2012 Markus Friedl. All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef API_H
+#define API_H
+
+#include <sys/types.h>
+#include <signal.h>
+
+#include "openbsd-compat/sys-queue.h"
+
+#include "cipher.h"
+#include "sshkey.h"
+#include "kex.h"
+#include "ssh.h"
+#include "ssh2.h"
+#include "packet.h"
+
+struct kex_params {
+ char *proposal[PROPOSAL_MAX];
+};
+
+/* public SSH API functions */
+
+/*
+ * ssh_init() create a ssh connection object with given (optional)
+ * key exchange parameters.
+ */
+int ssh_init(struct ssh **, int is_server, struct kex_params *kex_params);
+
+/*
+ * release ssh connection state.
+ */
+void ssh_free(struct ssh *);
+
+/*
+ * attach application specific data to the connection state
+ */
+void ssh_set_app_data(struct ssh *, void *);
+void *ssh_get_app_data(struct ssh *);
+
+/*
+ * ssh_add_hostkey() registers a private/public hostkey for an ssh
+ * connection.
+ * ssh_add_hostkey() needs to be called before a key exchange is
+ * initiated with ssh_packet_next().
+ * private hostkeys are required if we need to act as a server.
+ * public hostkeys are used to verify the servers hostkey.
+ */
+int ssh_add_hostkey(struct ssh *ssh, struct sshkey *key);
+
+/*
+ * ssh_set_verify_host_key_callback() registers a callback function
+ * which should be called instead of the default verification. The
+ * function given must return 0 if the hostkey is ok, -1 if the
+ * verification has failed.
+ */
+int ssh_set_verify_host_key_callback(struct ssh *ssh,
+ int (*cb)(struct sshkey *, struct ssh *));
+
+/*
+ * ssh_packet_next() advances to the next input packet and returns
+ * the packet type in typep.
+ * ssh_packet_next() works by processing an input byte-stream,
+ * decrypting the received data and hiding the key-exchange from
+ * the caller.
+ * ssh_packet_next() sets typep if there is no new packet available.
+ * in this case the caller must fill the input byte-stream by passing
+ * the data received over network to ssh_input_append().
+ * additinally, the caller needs to send the resulting output
+ * byte-stream back over the network. otherwise the key exchange
+ * would not proceed. the output byte-stream is accessed through
+ * ssh_output_ptr().
+ */
+int ssh_packet_next(struct ssh *ssh, u_char *typep);
+
+/*
+ * ssh_packet_payload() returns a pointer to the raw payload data of
+ * the current input packet and the length of this payload.
+ * the payload is accessible until ssh_packet_next() is called again.
+ */
+const u_char *ssh_packet_payload(struct ssh *ssh, size_t *lenp);
+
+/*
+ * ssh_packet_put() creates an encrypted packet with the given type
+ * and payload.
+ * the encrypted packet is appended to the output byte-stream.
+ */
+int ssh_packet_put(struct ssh *ssh, int type, const u_char *data,
+ size_t len);
+
+/*
+ * ssh_input_space() checks if 'len' bytes can be appended to the
+ * input byte-stream.
+ */
+int ssh_input_space(struct ssh *ssh, size_t len);
+
+/*
+ * ssh_input_append() appends data to the input byte-stream.
+ */
+int ssh_input_append(struct ssh *ssh, const u_char *data, size_t len);
+
+/*
+ * ssh_output_space() checks if 'len' bytes can be appended to the
+ * output byte-stream. XXX
+ */
+int ssh_output_space(struct ssh *ssh, size_t len);
+
+/*
+ * ssh_output_ptr() retrieves both a pointer and the length of the
+ * current output byte-stream. the bytes need to be sent over the
+ * network. the number of bytes that have been successfully sent can
+ * be removed from the output byte-stream with ssh_output_consume().
+ */
+const u_char *ssh_output_ptr(struct ssh *ssh, size_t *len);
+
+/*
+ * ssh_output_consume() removes the given number of bytes from
+ * the output byte-stream.
+ */
+int ssh_output_consume(struct ssh *ssh, size_t len);
+
+#endif