From 2703194cdb82a76b40432e529906cc0cdfe2fe26 Mon Sep 17 00:00:00 2001 From: HOLZSCHUCH Nicolas Date: Mon, 6 Jul 2020 22:16:17 +0200 Subject: [PATCH] Removed ssh-keygen-110 from repository --- ssh_keygen_110/addrmatch.c | 498 -- ssh_keygen_110/atomicio.c | 170 - ssh_keygen_110/atomicio.h | 51 - ssh_keygen_110/authfd.c | 580 --- ssh_keygen_110/authfd.h | 90 - ssh_keygen_110/authfile.c | 538 --- ssh_keygen_110/authfile.h | 52 - ssh_keygen_110/bitmap.c | 214 - ssh_keygen_110/bitmap.h | 57 - ssh_keygen_110/chacha.c | 219 - ssh_keygen_110/chacha.h | 36 - ssh_keygen_110/cipher-aesctr.h | 35 - ssh_keygen_110/cipher-chachapoly.c | 119 - ssh_keygen_110/cipher-chachapoly.h | 41 - ssh_keygen_110/cipher.c | 527 --- ssh_keygen_110/cipher.h | 75 - ssh_keygen_110/cleanup.c | 32 - ssh_keygen_110/compat.h | 73 - ssh_keygen_110/config.h | 1867 -------- ssh_keygen_110/crypto_api.h | 40 - ssh_keygen_110/defines.h | 876 ---- ssh_keygen_110/dh.h | 80 - ssh_keygen_110/digest-openssl.c | 206 - ssh_keygen_110/digest.h | 70 - ssh_keygen_110/dns.c | 356 -- ssh_keygen_110/dns.h | 58 - ssh_keygen_110/ed25519.c | 144 - ssh_keygen_110/entropy.c | 250 - ssh_keygen_110/entropy.h | 34 - ssh_keygen_110/fatal.c | 46 - ssh_keygen_110/fe25519.c | 337 -- ssh_keygen_110/fe25519.h | 70 - ssh_keygen_110/ge25519.c | 321 -- ssh_keygen_110/ge25519.h | 43 - ssh_keygen_110/ge25519_base.data | 858 ---- ssh_keygen_110/hash.c | 27 - ssh_keygen_110/hmac.c | 197 - ssh_keygen_110/hmac.h | 38 - ssh_keygen_110/hostfile.c | 834 ---- ssh_keygen_110/hostfile.h | 108 - ssh_keygen_110/includes.h | 183 - ssh_keygen_110/krl.c | 1366 ------ ssh_keygen_110/krl.h | 66 - ssh_keygen_110/log.c | 485 -- ssh_keygen_110/log.h | 81 - ssh_keygen_110/match.c | 350 -- ssh_keygen_110/match.h | 29 - ssh_keygen_110/misc.c | 2044 -------- ssh_keygen_110/misc.h | 176 - ssh_keygen_110/moduli.c | 808 ---- ssh_keygen_110/openbsd-compat/Makefile.in | 115 - ssh_keygen_110/openbsd-compat/arc4random.c | 338 -- ssh_keygen_110/openbsd-compat/base64.c | 315 -- ssh_keygen_110/openbsd-compat/base64.h | 63 - ssh_keygen_110/openbsd-compat/basename.c | 67 - ssh_keygen_110/openbsd-compat/bcrypt_pbkdf.c | 179 - ssh_keygen_110/openbsd-compat/bindresvport.c | 119 - ssh_keygen_110/openbsd-compat/blf.h | 88 - ssh_keygen_110/openbsd-compat/blowfish.c | 696 --- ssh_keygen_110/openbsd-compat/bsd-asprintf.c | 98 - ssh_keygen_110/openbsd-compat/bsd-closefrom.c | 109 - .../openbsd-compat/bsd-cygwin_util.c | 120 - .../openbsd-compat/bsd-cygwin_util.h | 65 - ssh_keygen_110/openbsd-compat/bsd-err.c | 77 - .../openbsd-compat/bsd-getpeereid.c | 73 - ssh_keygen_110/openbsd-compat/bsd-misc.c | 329 -- ssh_keygen_110/openbsd-compat/bsd-misc.h | 160 - ssh_keygen_110/openbsd-compat/bsd-nextstep.c | 103 - ssh_keygen_110/openbsd-compat/bsd-nextstep.h | 57 - ssh_keygen_110/openbsd-compat/bsd-openpty.c | 195 - ssh_keygen_110/openbsd-compat/bsd-poll.c | 117 - ssh_keygen_110/openbsd-compat/bsd-poll.h | 61 - ssh_keygen_110/openbsd-compat/bsd-setres_id.c | 98 - ssh_keygen_110/openbsd-compat/bsd-setres_id.h | 22 - ssh_keygen_110/openbsd-compat/bsd-signal.h | 39 - ssh_keygen_110/openbsd-compat/bsd-snprintf.c | 880 ---- ssh_keygen_110/openbsd-compat/bsd-statvfs.c | 88 - ssh_keygen_110/openbsd-compat/bsd-statvfs.h | 72 - ssh_keygen_110/openbsd-compat/bsd-waitpid.c | 53 - ssh_keygen_110/openbsd-compat/bsd-waitpid.h | 49 - .../openbsd-compat/chacha_private.h | 222 - ssh_keygen_110/openbsd-compat/charclass.h | 31 - ssh_keygen_110/openbsd-compat/daemon.c | 82 - ssh_keygen_110/openbsd-compat/dirname.c | 72 - .../openbsd-compat/explicit_bzero.c | 57 - ssh_keygen_110/openbsd-compat/fake-rfc2553.c | 235 - ssh_keygen_110/openbsd-compat/fake-rfc2553.h | 176 - ssh_keygen_110/openbsd-compat/fmt_scaled.c | 303 -- ssh_keygen_110/openbsd-compat/freezero.c | 34 - ssh_keygen_110/openbsd-compat/getcwd.c | 240 - ssh_keygen_110/openbsd-compat/getgrouplist.c | 95 - ssh_keygen_110/openbsd-compat/getopt.h | 74 - ssh_keygen_110/openbsd-compat/getopt_long.c | 532 --- .../openbsd-compat/getrrsetbyname-ldns.c | 284 -- .../openbsd-compat/getrrsetbyname.c | 610 --- .../openbsd-compat/getrrsetbyname.h | 110 - ssh_keygen_110/openbsd-compat/glob.c | 1066 ----- ssh_keygen_110/openbsd-compat/glob.h | 107 - ssh_keygen_110/openbsd-compat/inet_aton.c | 179 - ssh_keygen_110/openbsd-compat/inet_ntoa.c | 59 - ssh_keygen_110/openbsd-compat/inet_ntop.c | 211 - ssh_keygen_110/openbsd-compat/kludge-fd_set.c | 28 - .../openbsd-compat/libressl-api-compat.c | 637 --- ssh_keygen_110/openbsd-compat/md5.c | 251 - ssh_keygen_110/openbsd-compat/md5.h | 51 - ssh_keygen_110/openbsd-compat/mktemp.c | 141 - .../openbsd-compat/openbsd-compat.h | 356 -- .../openbsd-compat/openssl-compat.c | 88 - .../openbsd-compat/openssl-compat.h | 236 - ssh_keygen_110/openbsd-compat/port-aix.c | 480 -- ssh_keygen_110/openbsd-compat/port-aix.h | 126 - ssh_keygen_110/openbsd-compat/port-irix.c | 90 - ssh_keygen_110/openbsd-compat/port-irix.h | 37 - ssh_keygen_110/openbsd-compat/port-linux.c | 313 -- ssh_keygen_110/openbsd-compat/port-linux.h | 33 - ssh_keygen_110/openbsd-compat/port-net.h | 48 - ssh_keygen_110/openbsd-compat/port-solaris.c | 363 -- ssh_keygen_110/openbsd-compat/port-solaris.h | 35 - ssh_keygen_110/openbsd-compat/port-uw.c | 153 - ssh_keygen_110/openbsd-compat/port-uw.h | 30 - ssh_keygen_110/openbsd-compat/pwcache.c | 114 - .../openbsd-compat/readpassphrase.c | 211 - .../openbsd-compat/readpassphrase.h | 44 - ssh_keygen_110/openbsd-compat/reallocarray.c | 46 - ssh_keygen_110/openbsd-compat/realpath.c | 229 - ssh_keygen_110/openbsd-compat/recallocarray.c | 90 - .../openbsd-compat/regress/Makefile.in | 36 - .../openbsd-compat/regress/closefromtest.c | 63 - .../openbsd-compat/regress/opensslvertest.c | 69 - .../openbsd-compat/regress/snprintftest.c | 73 - .../openbsd-compat/regress/strduptest.c | 45 - .../openbsd-compat/regress/strtonumtest.c | 80 - ssh_keygen_110/openbsd-compat/rmd160.c | 378 -- ssh_keygen_110/openbsd-compat/rmd160.h | 61 - ssh_keygen_110/openbsd-compat/rresvport.c | 108 - ssh_keygen_110/openbsd-compat/setenv.c | 226 - ssh_keygen_110/openbsd-compat/setproctitle.c | 169 - ssh_keygen_110/openbsd-compat/sha1.c | 177 - ssh_keygen_110/openbsd-compat/sha1.h | 58 - ssh_keygen_110/openbsd-compat/sha2.c | 904 ---- ssh_keygen_110/openbsd-compat/sha2.h | 134 - ssh_keygen_110/openbsd-compat/sigact.c | 132 - ssh_keygen_110/openbsd-compat/sigact.h | 90 - ssh_keygen_110/openbsd-compat/strcasestr.c | 69 - ssh_keygen_110/openbsd-compat/strlcat.c | 62 - ssh_keygen_110/openbsd-compat/strlcpy.c | 58 - ssh_keygen_110/openbsd-compat/strmode.c | 148 - ssh_keygen_110/openbsd-compat/strnlen.c | 37 - ssh_keygen_110/openbsd-compat/strptime.c | 401 -- ssh_keygen_110/openbsd-compat/strsep.c | 79 - ssh_keygen_110/openbsd-compat/strtoll.c | 148 - ssh_keygen_110/openbsd-compat/strtonum.c | 72 - ssh_keygen_110/openbsd-compat/strtoul.c | 108 - ssh_keygen_110/openbsd-compat/strtoull.c | 110 - ssh_keygen_110/openbsd-compat/sys-queue.h | 658 --- ssh_keygen_110/openbsd-compat/sys-tree.h | 755 --- .../openbsd-compat/timingsafe_bcmp.c | 34 - ssh_keygen_110/openbsd-compat/vis.c | 251 - ssh_keygen_110/openbsd-compat/vis.h | 98 - ssh_keygen_110/openbsd-compat/xcrypt.c | 163 - ssh_keygen_110/pathnames.h | 172 - ssh_keygen_110/pkcs11.h | 1357 ------ ssh_keygen_110/platform.h | 37 - ssh_keygen_110/poly1305.c | 160 - ssh_keygen_110/poly1305.h | 22 - ssh_keygen_110/readpass.c | 119 - ssh_keygen_110/rijndael.h | 56 - ssh_keygen_110/sc25519.c | 308 -- ssh_keygen_110/sc25519.h | 80 - ssh_keygen_110/ssh-dss.c | 209 - ssh_keygen_110/ssh-ecdsa.c | 202 - ssh_keygen_110/ssh-ed25519.c | 167 - ssh_keygen_110/ssh-keygen.c | 3021 ------------ ssh_keygen_110/ssh-pkcs11.c | 732 --- ssh_keygen_110/ssh-pkcs11.h | 24 - ssh_keygen_110/ssh-rsa.c | 449 -- ssh_keygen_110/ssh.h | 95 - ssh_keygen_110/ssh2.h | 174 - ssh_keygen_110/sshbuf-getput-basic.c | 464 -- ssh_keygen_110/sshbuf-getput-crypto.c | 224 - ssh_keygen_110/sshbuf-misc.c | 161 - ssh_keygen_110/sshbuf.c | 399 -- ssh_keygen_110/sshbuf.h | 348 -- ssh_keygen_110/ssherr.c | 147 - ssh_keygen_110/ssherr.h | 87 - ssh_keygen_110/sshkey-xmss.h | 56 - ssh_keygen_110/sshkey.c | 4163 ----------------- ssh_keygen_110/sshkey.h | 277 -- ssh_keygen_110/utf8.c | 340 -- ssh_keygen_110/utf8.h | 25 - ssh_keygen_110/uuencode.c | 95 - ssh_keygen_110/uuencode.h | 29 - ssh_keygen_110/verify.c | 49 - ssh_keygen_110/xmalloc.c | 118 - ssh_keygen_110/xmalloc.h | 27 - ssh_keygen_110/xmss_fast.h | 111 - 196 files changed, 50267 deletions(-) delete mode 100644 ssh_keygen_110/addrmatch.c delete mode 100644 ssh_keygen_110/atomicio.c delete mode 100644 ssh_keygen_110/atomicio.h delete mode 100644 ssh_keygen_110/authfd.c delete mode 100644 ssh_keygen_110/authfd.h delete mode 100644 ssh_keygen_110/authfile.c delete mode 100644 ssh_keygen_110/authfile.h delete mode 100644 ssh_keygen_110/bitmap.c delete mode 100644 ssh_keygen_110/bitmap.h delete mode 100644 ssh_keygen_110/chacha.c delete mode 100644 ssh_keygen_110/chacha.h delete mode 100644 ssh_keygen_110/cipher-aesctr.h delete mode 100644 ssh_keygen_110/cipher-chachapoly.c delete mode 100644 ssh_keygen_110/cipher-chachapoly.h delete mode 100644 ssh_keygen_110/cipher.c delete mode 100644 ssh_keygen_110/cipher.h delete mode 100644 ssh_keygen_110/cleanup.c delete mode 100644 ssh_keygen_110/compat.h delete mode 100644 ssh_keygen_110/config.h delete mode 100644 ssh_keygen_110/crypto_api.h delete mode 100644 ssh_keygen_110/defines.h delete mode 100644 ssh_keygen_110/dh.h delete mode 100644 ssh_keygen_110/digest-openssl.c delete mode 100644 ssh_keygen_110/digest.h delete mode 100644 ssh_keygen_110/dns.c delete mode 100644 ssh_keygen_110/dns.h delete mode 100644 ssh_keygen_110/ed25519.c delete mode 100644 ssh_keygen_110/entropy.c delete mode 100644 ssh_keygen_110/entropy.h delete mode 100644 ssh_keygen_110/fatal.c delete mode 100644 ssh_keygen_110/fe25519.c delete mode 100644 ssh_keygen_110/fe25519.h delete mode 100644 ssh_keygen_110/ge25519.c delete mode 100644 ssh_keygen_110/ge25519.h delete mode 100644 ssh_keygen_110/ge25519_base.data delete mode 100644 ssh_keygen_110/hash.c delete mode 100644 ssh_keygen_110/hmac.c delete mode 100644 ssh_keygen_110/hmac.h delete mode 100644 ssh_keygen_110/hostfile.c delete mode 100644 ssh_keygen_110/hostfile.h delete mode 100644 ssh_keygen_110/includes.h delete mode 100644 ssh_keygen_110/krl.c delete mode 100644 ssh_keygen_110/krl.h delete mode 100644 ssh_keygen_110/log.c delete mode 100644 ssh_keygen_110/log.h delete mode 100644 ssh_keygen_110/match.c delete mode 100644 ssh_keygen_110/match.h delete mode 100644 ssh_keygen_110/misc.c delete mode 100644 ssh_keygen_110/misc.h delete mode 100644 ssh_keygen_110/moduli.c delete mode 100644 ssh_keygen_110/openbsd-compat/Makefile.in delete mode 100644 ssh_keygen_110/openbsd-compat/arc4random.c delete mode 100644 ssh_keygen_110/openbsd-compat/base64.c delete mode 100644 ssh_keygen_110/openbsd-compat/base64.h delete mode 100644 ssh_keygen_110/openbsd-compat/basename.c delete mode 100644 ssh_keygen_110/openbsd-compat/bcrypt_pbkdf.c delete mode 100644 ssh_keygen_110/openbsd-compat/bindresvport.c delete mode 100644 ssh_keygen_110/openbsd-compat/blf.h delete mode 100644 ssh_keygen_110/openbsd-compat/blowfish.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-asprintf.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-closefrom.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-cygwin_util.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-cygwin_util.h delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-err.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-getpeereid.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-misc.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-misc.h delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-nextstep.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-nextstep.h delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-openpty.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-poll.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-poll.h delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-setres_id.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-setres_id.h delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-signal.h delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-snprintf.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-statvfs.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-statvfs.h delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-waitpid.c delete mode 100644 ssh_keygen_110/openbsd-compat/bsd-waitpid.h delete mode 100644 ssh_keygen_110/openbsd-compat/chacha_private.h delete mode 100644 ssh_keygen_110/openbsd-compat/charclass.h delete mode 100644 ssh_keygen_110/openbsd-compat/daemon.c delete mode 100644 ssh_keygen_110/openbsd-compat/dirname.c delete mode 100644 ssh_keygen_110/openbsd-compat/explicit_bzero.c delete mode 100644 ssh_keygen_110/openbsd-compat/fake-rfc2553.c delete mode 100644 ssh_keygen_110/openbsd-compat/fake-rfc2553.h delete mode 100644 ssh_keygen_110/openbsd-compat/fmt_scaled.c delete mode 100644 ssh_keygen_110/openbsd-compat/freezero.c delete mode 100644 ssh_keygen_110/openbsd-compat/getcwd.c delete mode 100644 ssh_keygen_110/openbsd-compat/getgrouplist.c delete mode 100644 ssh_keygen_110/openbsd-compat/getopt.h delete mode 100644 ssh_keygen_110/openbsd-compat/getopt_long.c delete mode 100644 ssh_keygen_110/openbsd-compat/getrrsetbyname-ldns.c delete mode 100644 ssh_keygen_110/openbsd-compat/getrrsetbyname.c delete mode 100644 ssh_keygen_110/openbsd-compat/getrrsetbyname.h delete mode 100644 ssh_keygen_110/openbsd-compat/glob.c delete mode 100644 ssh_keygen_110/openbsd-compat/glob.h delete mode 100644 ssh_keygen_110/openbsd-compat/inet_aton.c delete mode 100644 ssh_keygen_110/openbsd-compat/inet_ntoa.c delete mode 100644 ssh_keygen_110/openbsd-compat/inet_ntop.c delete mode 100644 ssh_keygen_110/openbsd-compat/kludge-fd_set.c delete mode 100644 ssh_keygen_110/openbsd-compat/libressl-api-compat.c delete mode 100644 ssh_keygen_110/openbsd-compat/md5.c delete mode 100644 ssh_keygen_110/openbsd-compat/md5.h delete mode 100644 ssh_keygen_110/openbsd-compat/mktemp.c delete mode 100644 ssh_keygen_110/openbsd-compat/openbsd-compat.h delete mode 100644 ssh_keygen_110/openbsd-compat/openssl-compat.c delete mode 100644 ssh_keygen_110/openbsd-compat/openssl-compat.h delete mode 100644 ssh_keygen_110/openbsd-compat/port-aix.c delete mode 100644 ssh_keygen_110/openbsd-compat/port-aix.h delete mode 100644 ssh_keygen_110/openbsd-compat/port-irix.c delete mode 100644 ssh_keygen_110/openbsd-compat/port-irix.h delete mode 100644 ssh_keygen_110/openbsd-compat/port-linux.c delete mode 100644 ssh_keygen_110/openbsd-compat/port-linux.h delete mode 100644 ssh_keygen_110/openbsd-compat/port-net.h delete mode 100644 ssh_keygen_110/openbsd-compat/port-solaris.c delete mode 100644 ssh_keygen_110/openbsd-compat/port-solaris.h delete mode 100644 ssh_keygen_110/openbsd-compat/port-uw.c delete mode 100644 ssh_keygen_110/openbsd-compat/port-uw.h delete mode 100644 ssh_keygen_110/openbsd-compat/pwcache.c delete mode 100644 ssh_keygen_110/openbsd-compat/readpassphrase.c delete mode 100644 ssh_keygen_110/openbsd-compat/readpassphrase.h delete mode 100644 ssh_keygen_110/openbsd-compat/reallocarray.c delete mode 100644 ssh_keygen_110/openbsd-compat/realpath.c delete mode 100644 ssh_keygen_110/openbsd-compat/recallocarray.c delete mode 100644 ssh_keygen_110/openbsd-compat/regress/Makefile.in delete mode 100644 ssh_keygen_110/openbsd-compat/regress/closefromtest.c delete mode 100644 ssh_keygen_110/openbsd-compat/regress/opensslvertest.c delete mode 100644 ssh_keygen_110/openbsd-compat/regress/snprintftest.c delete mode 100644 ssh_keygen_110/openbsd-compat/regress/strduptest.c delete mode 100644 ssh_keygen_110/openbsd-compat/regress/strtonumtest.c delete mode 100644 ssh_keygen_110/openbsd-compat/rmd160.c delete mode 100644 ssh_keygen_110/openbsd-compat/rmd160.h delete mode 100644 ssh_keygen_110/openbsd-compat/rresvport.c delete mode 100644 ssh_keygen_110/openbsd-compat/setenv.c delete mode 100644 ssh_keygen_110/openbsd-compat/setproctitle.c delete mode 100644 ssh_keygen_110/openbsd-compat/sha1.c delete mode 100644 ssh_keygen_110/openbsd-compat/sha1.h delete mode 100644 ssh_keygen_110/openbsd-compat/sha2.c delete mode 100644 ssh_keygen_110/openbsd-compat/sha2.h delete mode 100644 ssh_keygen_110/openbsd-compat/sigact.c delete mode 100644 ssh_keygen_110/openbsd-compat/sigact.h delete mode 100644 ssh_keygen_110/openbsd-compat/strcasestr.c delete mode 100644 ssh_keygen_110/openbsd-compat/strlcat.c delete mode 100644 ssh_keygen_110/openbsd-compat/strlcpy.c delete mode 100644 ssh_keygen_110/openbsd-compat/strmode.c delete mode 100644 ssh_keygen_110/openbsd-compat/strnlen.c delete mode 100644 ssh_keygen_110/openbsd-compat/strptime.c delete mode 100644 ssh_keygen_110/openbsd-compat/strsep.c delete mode 100644 ssh_keygen_110/openbsd-compat/strtoll.c delete mode 100644 ssh_keygen_110/openbsd-compat/strtonum.c delete mode 100644 ssh_keygen_110/openbsd-compat/strtoul.c delete mode 100644 ssh_keygen_110/openbsd-compat/strtoull.c delete mode 100644 ssh_keygen_110/openbsd-compat/sys-queue.h delete mode 100644 ssh_keygen_110/openbsd-compat/sys-tree.h delete mode 100644 ssh_keygen_110/openbsd-compat/timingsafe_bcmp.c delete mode 100644 ssh_keygen_110/openbsd-compat/vis.c delete mode 100644 ssh_keygen_110/openbsd-compat/vis.h delete mode 100644 ssh_keygen_110/openbsd-compat/xcrypt.c delete mode 100644 ssh_keygen_110/pathnames.h delete mode 100644 ssh_keygen_110/pkcs11.h delete mode 100644 ssh_keygen_110/platform.h delete mode 100644 ssh_keygen_110/poly1305.c delete mode 100644 ssh_keygen_110/poly1305.h delete mode 100644 ssh_keygen_110/readpass.c delete mode 100644 ssh_keygen_110/rijndael.h delete mode 100644 ssh_keygen_110/sc25519.c delete mode 100644 ssh_keygen_110/sc25519.h delete mode 100644 ssh_keygen_110/ssh-dss.c delete mode 100644 ssh_keygen_110/ssh-ecdsa.c delete mode 100644 ssh_keygen_110/ssh-ed25519.c delete mode 100644 ssh_keygen_110/ssh-keygen.c delete mode 100644 ssh_keygen_110/ssh-pkcs11.c delete mode 100644 ssh_keygen_110/ssh-pkcs11.h delete mode 100644 ssh_keygen_110/ssh-rsa.c delete mode 100644 ssh_keygen_110/ssh.h delete mode 100644 ssh_keygen_110/ssh2.h delete mode 100644 ssh_keygen_110/sshbuf-getput-basic.c delete mode 100644 ssh_keygen_110/sshbuf-getput-crypto.c delete mode 100644 ssh_keygen_110/sshbuf-misc.c delete mode 100644 ssh_keygen_110/sshbuf.c delete mode 100644 ssh_keygen_110/sshbuf.h delete mode 100644 ssh_keygen_110/ssherr.c delete mode 100644 ssh_keygen_110/ssherr.h delete mode 100644 ssh_keygen_110/sshkey-xmss.h delete mode 100644 ssh_keygen_110/sshkey.c delete mode 100644 ssh_keygen_110/sshkey.h delete mode 100644 ssh_keygen_110/utf8.c delete mode 100644 ssh_keygen_110/utf8.h delete mode 100644 ssh_keygen_110/uuencode.c delete mode 100644 ssh_keygen_110/uuencode.h delete mode 100644 ssh_keygen_110/verify.c delete mode 100644 ssh_keygen_110/xmalloc.c delete mode 100644 ssh_keygen_110/xmalloc.h delete mode 100644 ssh_keygen_110/xmss_fast.h diff --git a/ssh_keygen_110/addrmatch.c b/ssh_keygen_110/addrmatch.c deleted file mode 100644 index 5a402d06..00000000 --- a/ssh_keygen_110/addrmatch.c +++ /dev/null @@ -1,498 +0,0 @@ -/* $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */ - -/* - * Copyright (c) 2004-2008 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include "match.h" -#include "log.h" - -struct xaddr { - sa_family_t af; - union { - struct in_addr v4; - struct in6_addr v6; - u_int8_t addr8[16]; - u_int32_t addr32[4]; - } xa; /* 128-bit address */ - u_int32_t scope_id; /* iface scope id for v6 */ -#define v4 xa.v4 -#define v6 xa.v6 -#define addr8 xa.addr8 -#define addr32 xa.addr32 -}; - -static int -addr_unicast_masklen(int af) -{ - switch (af) { - case AF_INET: - return 32; - case AF_INET6: - return 128; - default: - return -1; - } -} - -static inline int -masklen_valid(int af, u_int masklen) -{ - switch (af) { - case AF_INET: - return masklen <= 32 ? 0 : -1; - case AF_INET6: - return masklen <= 128 ? 0 : -1; - default: - return -1; - } -} - -/* - * Convert struct sockaddr to struct xaddr - * Returns 0 on success, -1 on failure. - */ -static int -addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa) -{ - struct sockaddr_in *in4 = (struct sockaddr_in *)sa; - struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa; - - memset(xa, '\0', sizeof(*xa)); - - switch (sa->sa_family) { - case AF_INET: - if (slen < (socklen_t)sizeof(*in4)) - return -1; - xa->af = AF_INET; - memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4)); - break; - case AF_INET6: - if (slen < (socklen_t)sizeof(*in6)) - return -1; - xa->af = AF_INET6; - memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6)); -#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID - xa->scope_id = in6->sin6_scope_id; -#endif - break; - default: - return -1; - } - - return 0; -} - -/* - * Calculate a netmask of length 'l' for address family 'af' and - * store it in 'n'. - * Returns 0 on success, -1 on failure. - */ -static int -addr_netmask(int af, u_int l, struct xaddr *n) -{ - int i; - - if (masklen_valid(af, l) != 0 || n == NULL) - return -1; - - memset(n, '\0', sizeof(*n)); - switch (af) { - case AF_INET: - n->af = AF_INET; - if (l == 0) - return 0; - n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff); - return 0; - case AF_INET6: - n->af = AF_INET6; - for (i = 0; i < 4 && l >= 32; i++, l -= 32) - n->addr32[i] = 0xffffffffU; - if (i < 4 && l != 0) - n->addr32[i] = htonl((0xffffffff << (32 - l)) & - 0xffffffff); - return 0; - default: - return -1; - } -} - -/* - * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'. - * Returns 0 on success, -1 on failure. - */ -static int -addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b) -{ - int i; - - if (dst == NULL || a == NULL || b == NULL || a->af != b->af) - return -1; - - memcpy(dst, a, sizeof(*dst)); - switch (a->af) { - case AF_INET: - dst->v4.s_addr &= b->v4.s_addr; - return 0; - case AF_INET6: - dst->scope_id = a->scope_id; - for (i = 0; i < 4; i++) - dst->addr32[i] &= b->addr32[i]; - return 0; - default: - return -1; - } -} - -/* - * Compare addresses 'a' and 'b' - * Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b) - */ -static int -addr_cmp(const struct xaddr *a, const struct xaddr *b) -{ - int i; - - if (a->af != b->af) - return a->af == AF_INET6 ? 1 : -1; - - switch (a->af) { - case AF_INET: - if (a->v4.s_addr == b->v4.s_addr) - return 0; - return ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1; - case AF_INET6: - for (i = 0; i < 16; i++) - if (a->addr8[i] - b->addr8[i] != 0) - return a->addr8[i] > b->addr8[i] ? 1 : -1; - if (a->scope_id == b->scope_id) - return 0; - return a->scope_id > b->scope_id ? 1 : -1; - default: - return -1; - } -} - -/* - * Parse string address 'p' into 'n' - * Returns 0 on success, -1 on failure. - */ -static int -addr_pton(const char *p, struct xaddr *n) -{ - struct addrinfo hints, *ai = NULL; - int ret = -1; - - memset(&hints, '\0', sizeof(hints)); - hints.ai_flags = AI_NUMERICHOST; - - if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0) - goto out; - if (ai == NULL || ai->ai_addr == NULL) - goto out; - if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1) - goto out; - /* success */ - ret = 0; - out: - if (ai != NULL) - freeaddrinfo(ai); - return ret; -} - -/* - * Perform bitwise negation of address - * Returns 0 on success, -1 on failure. - */ -static int -addr_invert(struct xaddr *n) -{ - int i; - - if (n == NULL) - return (-1); - - switch (n->af) { - case AF_INET: - n->v4.s_addr = ~n->v4.s_addr; - return (0); - case AF_INET6: - for (i = 0; i < 4; i++) - n->addr32[i] = ~n->addr32[i]; - return (0); - default: - return (-1); - } -} - -/* - * Calculate a netmask of length 'l' for address family 'af' and - * store it in 'n'. - * Returns 0 on success, -1 on failure. - */ -static int -addr_hostmask(int af, u_int l, struct xaddr *n) -{ - if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1) - return (-1); - return (0); -} - -/* - * Test whether address 'a' is all zeros (i.e. 0.0.0.0 or ::) - * Returns 0 on if address is all-zeros, -1 if not all zeros or on failure. - */ -static int -addr_is_all0s(const struct xaddr *a) -{ - int i; - - switch (a->af) { - case AF_INET: - return (a->v4.s_addr == 0 ? 0 : -1); - case AF_INET6:; - for (i = 0; i < 4; i++) - if (a->addr32[i] != 0) - return (-1); - return (0); - default: - return (-1); - } -} - -/* - * Test whether host portion of address 'a', as determined by 'masklen' - * is all zeros. - * Returns 0 on if host portion of address is all-zeros, - * -1 if not all zeros or on failure. - */ -static int -addr_host_is_all0s(const struct xaddr *a, u_int masklen) -{ - struct xaddr tmp_addr, tmp_mask, tmp_result; - - memcpy(&tmp_addr, a, sizeof(tmp_addr)); - if (addr_hostmask(a->af, masklen, &tmp_mask) == -1) - return (-1); - if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1) - return (-1); - return (addr_is_all0s(&tmp_result)); -} - -/* - * Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z). - * Return -1 on parse error, -2 on inconsistency or 0 on success. - */ -static int -addr_pton_cidr(const char *p, struct xaddr *n, u_int *l) -{ - struct xaddr tmp; - long unsigned int masklen = 999; - char addrbuf[64], *mp, *cp; - - /* Don't modify argument */ - if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf)) - return -1; - - if ((mp = strchr(addrbuf, '/')) != NULL) { - *mp = '\0'; - mp++; - masklen = strtoul(mp, &cp, 10); - if (*mp == '\0' || *cp != '\0' || masklen > 128) - return -1; - } - - if (addr_pton(addrbuf, &tmp) == -1) - return -1; - - if (mp == NULL) - masklen = addr_unicast_masklen(tmp.af); - if (masklen_valid(tmp.af, masklen) == -1) - return -2; - if (addr_host_is_all0s(&tmp, masklen) != 0) - return -2; - - if (n != NULL) - memcpy(n, &tmp, sizeof(*n)); - if (l != NULL) - *l = masklen; - - return 0; -} - -static int -addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen) -{ - struct xaddr tmp_mask, tmp_result; - - if (host->af != net->af) - return -1; - - if (addr_netmask(host->af, masklen, &tmp_mask) == -1) - return -1; - if (addr_and(&tmp_result, host, &tmp_mask) == -1) - return -1; - return addr_cmp(&tmp_result, net); -} - -/* - * Match "addr" against list pattern list "_list", which may contain a - * mix of CIDR addresses and old-school wildcards. - * - * If addr is NULL, then no matching is performed, but _list is parsed - * and checked for well-formedness. - * - * Returns 1 on match found (never returned when addr == NULL). - * Returns 0 on if no match found, or no errors found when addr == NULL. - * Returns -1 on negated match found (never returned when addr == NULL). - * Returns -2 on invalid list entry. - */ -int -addr_match_list(const char *addr, const char *_list) -{ - char *list, *cp, *o; - struct xaddr try_addr, match_addr; - u_int masklen, neg; - int ret = 0, r; - - if (addr != NULL && addr_pton(addr, &try_addr) != 0) { - debug2("%s: couldn't parse address %.100s", __func__, addr); - return 0; - } - if ((o = list = strdup(_list)) == NULL) - return -1; - while ((cp = strsep(&list, ",")) != NULL) { - neg = *cp == '!'; - if (neg) - cp++; - if (*cp == '\0') { - ret = -2; - break; - } - /* Prefer CIDR address matching */ - r = addr_pton_cidr(cp, &match_addr, &masklen); - if (r == -2) { - debug2("%s: inconsistent mask length for " - "match network \"%.100s\"", __func__, cp); - ret = -2; - break; - } else if (r == 0) { - if (addr != NULL && addr_netmatch(&try_addr, - &match_addr, masklen) == 0) { - foundit: - if (neg) { - ret = -1; - break; - } - ret = 1; - } - continue; - } else { - /* If CIDR parse failed, try wildcard string match */ - if (addr != NULL && match_pattern(addr, cp) == 1) - goto foundit; - } - } - free(o); - - return ret; -} - -/* - * Match "addr" against list CIDR list "_list". Lexical wildcards and - * negation are not supported. If "addr" == NULL, will verify structure - * of "_list". - * - * Returns 1 on match found (never returned when addr == NULL). - * Returns 0 on if no match found, or no errors found when addr == NULL. - * Returns -1 on error - */ -int -addr_match_cidr_list(const char *addr, const char *_list) -{ - char *list, *cp, *o; - struct xaddr try_addr, match_addr; - u_int masklen; - int ret = 0, r; - - if (addr != NULL && addr_pton(addr, &try_addr) != 0) { - debug2("%s: couldn't parse address %.100s", __func__, addr); - return 0; - } - if ((o = list = strdup(_list)) == NULL) - return -1; - while ((cp = strsep(&list, ",")) != NULL) { - if (*cp == '\0') { - error("%s: empty entry in list \"%.100s\"", - __func__, o); - ret = -1; - break; - } - - /* - * NB. This function is called in pre-auth with untrusted data, - * so be extra paranoid about junk reaching getaddrino (via - * addr_pton_cidr). - */ - - /* Stop junk from reaching getaddrinfo. +3 is for masklen */ - if (strlen(cp) > INET6_ADDRSTRLEN + 3) { - error("%s: list entry \"%.100s\" too long", - __func__, cp); - ret = -1; - break; - } -#define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/" - if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) { - error("%s: list entry \"%.100s\" contains invalid " - "characters", __func__, cp); - ret = -1; - } - - /* Prefer CIDR address matching */ - r = addr_pton_cidr(cp, &match_addr, &masklen); - if (r == -1) { - error("Invalid network entry \"%.100s\"", cp); - ret = -1; - break; - } else if (r == -2) { - error("Inconsistent mask length for " - "network \"%.100s\"", cp); - ret = -1; - break; - } else if (r == 0 && addr != NULL) { - if (addr_netmatch(&try_addr, &match_addr, - masklen) == 0) - ret = 1; - continue; - } - } - free(o); - - return ret; -} diff --git a/ssh_keygen_110/atomicio.c b/ssh_keygen_110/atomicio.c deleted file mode 100644 index f854a06f..00000000 --- a/ssh_keygen_110/atomicio.c +++ /dev/null @@ -1,170 +0,0 @@ -/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */ -/* - * Copyright (c) 2006 Damien Miller. All rights reserved. - * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. - * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include - -#include -#ifdef HAVE_POLL_H -#include -#else -# ifdef HAVE_SYS_POLL_H -# include -# endif -#endif -#include -#include -#include - -#include "atomicio.h" - -/* - * ensure all of data on socket comes through. f==read || f==vwrite - */ -size_t -atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, - int (*cb)(void *, size_t), void *cb_arg) -{ - char *s = _s; - size_t pos = 0; - ssize_t res; - struct pollfd pfd; - -#ifndef BROKEN_READ_COMPARISON - pfd.fd = fd; - pfd.events = f == read ? POLLIN : POLLOUT; -#endif - while (n > pos) { - res = (f) (fd, s + pos, n - pos); - switch (res) { - case -1: - if (errno == EINTR) - continue; - if (errno == EAGAIN || errno == EWOULDBLOCK) { -#ifndef BROKEN_READ_COMPARISON - (void)poll(&pfd, 1, -1); -#endif - continue; - } - return 0; - case 0: - errno = EPIPE; - return pos; - default: - pos += (size_t)res; - if (cb != NULL && cb(cb_arg, (size_t)res) == -1) { - errno = EINTR; - return pos; - } - } - } - return pos; -} - -size_t -atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n) -{ - return atomicio6(f, fd, _s, n, NULL, NULL); -} - -/* - * ensure all of data on socket comes through. f==readv || f==writev - */ -size_t -atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, - const struct iovec *_iov, int iovcnt, - int (*cb)(void *, size_t), void *cb_arg) -{ - size_t pos = 0, rem; - ssize_t res; - struct iovec iov_array[IOV_MAX], *iov = iov_array; - struct pollfd pfd; - - if (iovcnt < 0 || iovcnt > IOV_MAX) { - errno = EINVAL; - return 0; - } - /* Make a copy of the iov array because we may modify it below */ - memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov)); - -#ifndef BROKEN_READV_COMPARISON - pfd.fd = fd; - pfd.events = f == readv ? POLLIN : POLLOUT; -#endif - for (; iovcnt > 0 && iov[0].iov_len > 0;) { - res = (f) (fd, iov, iovcnt); - switch (res) { - case -1: - if (errno == EINTR) - continue; - if (errno == EAGAIN || errno == EWOULDBLOCK) { -#ifndef BROKEN_READV_COMPARISON - (void)poll(&pfd, 1, -1); -#endif - continue; - } - return 0; - case 0: - errno = EPIPE; - return pos; - default: - rem = (size_t)res; - pos += rem; - /* skip completed iov entries */ - while (iovcnt > 0 && rem >= iov[0].iov_len) { - rem -= iov[0].iov_len; - iov++; - iovcnt--; - } - /* This shouldn't happen... */ - if (rem > 0 && (iovcnt <= 0 || rem > iov[0].iov_len)) { - errno = EFAULT; - return 0; - } - if (iovcnt == 0) - break; - /* update pointer in partially complete iov */ - iov[0].iov_base = ((char *)iov[0].iov_base) + rem; - iov[0].iov_len -= rem; - } - if (cb != NULL && cb(cb_arg, (size_t)res) == -1) { - errno = EINTR; - return pos; - } - } - return pos; -} - -size_t -atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, - const struct iovec *_iov, int iovcnt) -{ - return atomiciov6(f, fd, _iov, iovcnt, NULL, NULL); -} diff --git a/ssh_keygen_110/atomicio.h b/ssh_keygen_110/atomicio.h deleted file mode 100644 index 0d728ac8..00000000 --- a/ssh_keygen_110/atomicio.h +++ /dev/null @@ -1,51 +0,0 @@ -/* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */ - -/* - * Copyright (c) 2006 Damien Miller. All rights reserved. - * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _ATOMICIO_H -#define _ATOMICIO_H - -/* - * Ensure all of data on socket comes through. f==read || f==vwrite - */ -size_t -atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, - int (*cb)(void *, size_t), void *); -size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); - -#define vwrite (ssize_t (*)(int, void *, size_t))write - -/* - * ensure all of data on socket comes through. f==readv || f==writev - */ -size_t -atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, - const struct iovec *_iov, int iovcnt, int (*cb)(void *, size_t), void *); -size_t atomiciov(ssize_t (*)(int, const struct iovec *, int), - int, const struct iovec *, int); - -#endif /* _ATOMICIO_H */ diff --git a/ssh_keygen_110/authfd.c b/ssh_keygen_110/authfd.c deleted file mode 100644 index ecdd869a..00000000 --- a/ssh_keygen_110/authfd.c +++ /dev/null @@ -1,580 +0,0 @@ -/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Functions for connecting the local authentication agent. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * SSH2 implementation, - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "ssh.h" -#include "sshbuf.h" -#include "sshkey.h" -#include "authfd.h" -#include "cipher.h" -#include "compat.h" -#include "log.h" -#include "atomicio.h" -#include "misc.h" -#include "ssherr.h" - -#define MAX_AGENT_IDENTITIES 2048 /* Max keys in agent reply */ -#define MAX_AGENT_REPLY_LEN (256 * 1024) /* Max bytes in agent reply */ - -/* macro to check for "agent failure" message */ -#define agent_failed(x) \ - ((x == SSH_AGENT_FAILURE) || \ - (x == SSH_COM_AGENT2_FAILURE) || \ - (x == SSH2_AGENT_FAILURE)) - -/* Convert success/failure response from agent to a err.h status */ -static int -decode_reply(u_char type) -{ - if (agent_failed(type)) - return SSH_ERR_AGENT_FAILURE; - else if (type == SSH_AGENT_SUCCESS) - return 0; - else - return SSH_ERR_INVALID_FORMAT; -} - -/* Returns the number of the authentication fd, or -1 if there is none. */ -int -ssh_get_authentication_socket(int *fdp) -{ - const char *authsocket; - int sock, oerrno; - struct sockaddr_un sunaddr; - - if (fdp != NULL) - *fdp = -1; - - authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); - if (!authsocket) - return SSH_ERR_AGENT_NOT_PRESENT; - - memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); - - if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) - return SSH_ERR_SYSTEM_ERROR; - - /* close on exec */ - if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 || - connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { - oerrno = errno; - close(sock); - errno = oerrno; - return SSH_ERR_SYSTEM_ERROR; - } - if (fdp != NULL) - *fdp = sock; - else - close(sock); - return 0; -} - -/* Communicate with agent: send request and read reply */ -static int -ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) -{ - int r; - size_t l, len; - char buf[1024]; - - /* Get the length of the message, and format it in the buffer. */ - len = sshbuf_len(request); - POKE_U32(buf, len); - - /* Send the length and then the packet to the agent. */ - if (atomicio(vwrite, sock, buf, 4) != 4 || - atomicio(vwrite, sock, sshbuf_mutable_ptr(request), - sshbuf_len(request)) != sshbuf_len(request)) - return SSH_ERR_AGENT_COMMUNICATION; - /* - * Wait for response from the agent. First read the length of the - * response packet. - */ - if (atomicio(read, sock, buf, 4) != 4) - return SSH_ERR_AGENT_COMMUNICATION; - - /* Extract the length, and check it for sanity. */ - len = PEEK_U32(buf); - if (len > MAX_AGENT_REPLY_LEN) - return SSH_ERR_INVALID_FORMAT; - - /* Read the rest of the response in to the buffer. */ - sshbuf_reset(reply); - while (len > 0) { - l = len; - if (l > sizeof(buf)) - l = sizeof(buf); - if (atomicio(read, sock, buf, l) != l) - return SSH_ERR_AGENT_COMMUNICATION; - if ((r = sshbuf_put(reply, buf, l)) != 0) - return r; - len -= l; - } - return 0; -} - -/* - * Closes the agent socket if it should be closed (depends on how it was - * obtained). The argument must have been returned by - * ssh_get_authentication_socket(). - */ -void -ssh_close_authentication_socket(int sock) -{ - if (getenv(SSH_AUTHSOCKET_ENV_NAME)) - close(sock); -} - -/* Lock/unlock agent */ -int -ssh_lock_agent(int sock, int lock, const char *password) -{ - int r; - u_char type = lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK; - struct sshbuf *msg; - - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_u8(msg, type)) != 0 || - (r = sshbuf_put_cstring(msg, password)) != 0) - goto out; - if ((r = ssh_request_reply(sock, msg, msg)) != 0) - goto out; - if ((r = sshbuf_get_u8(msg, &type)) != 0) - goto out; - r = decode_reply(type); - out: - sshbuf_free(msg); - return r; -} - - -static int -deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp) -{ - int r; - char *comment = NULL; - const u_char *blob; - size_t blen; - - if ((r = sshbuf_get_string_direct(ids, &blob, &blen)) != 0 || - (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0) - goto out; - if ((r = sshkey_from_blob(blob, blen, keyp)) != 0) - goto out; - if (commentp != NULL) { - *commentp = comment; - comment = NULL; - } - r = 0; - out: - free(comment); - return r; -} - -/* - * Fetch list of identities held by the agent. - */ -int -ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp) -{ - u_char type; - u_int32_t num, i; - struct sshbuf *msg; - struct ssh_identitylist *idl = NULL; - int r; - - /* - * Send a message to the agent requesting for a list of the - * identities it can represent. - */ - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_REQUEST_IDENTITIES)) != 0) - goto out; - - if ((r = ssh_request_reply(sock, msg, msg)) != 0) - goto out; - - /* Get message type, and verify that we got a proper answer. */ - if ((r = sshbuf_get_u8(msg, &type)) != 0) - goto out; - if (agent_failed(type)) { - r = SSH_ERR_AGENT_FAILURE; - goto out; - } else if (type != SSH2_AGENT_IDENTITIES_ANSWER) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - - /* Get the number of entries in the response and check it for sanity. */ - if ((r = sshbuf_get_u32(msg, &num)) != 0) - goto out; - if (num > MAX_AGENT_IDENTITIES) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (num == 0) { - r = SSH_ERR_AGENT_NO_IDENTITIES; - goto out; - } - - /* Deserialise the response into a list of keys/comments */ - if ((idl = calloc(1, sizeof(*idl))) == NULL || - (idl->keys = calloc(num, sizeof(*idl->keys))) == NULL || - (idl->comments = calloc(num, sizeof(*idl->comments))) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - for (i = 0; i < num;) { - if ((r = deserialise_identity2(msg, &(idl->keys[i]), - &(idl->comments[i]))) != 0) { - if (r == SSH_ERR_KEY_TYPE_UNKNOWN) { - /* Gracefully skip unknown key types */ - num--; - continue; - } else - goto out; - } - i++; - } - idl->nkeys = num; - *idlp = idl; - idl = NULL; - r = 0; - out: - sshbuf_free(msg); - if (idl != NULL) - ssh_free_identitylist(idl); - return r; -} - -void -ssh_free_identitylist(struct ssh_identitylist *idl) -{ - size_t i; - - if (idl == NULL) - return; - for (i = 0; i < idl->nkeys; i++) { - if (idl->keys != NULL) - sshkey_free(idl->keys[i]); - if (idl->comments != NULL) - free(idl->comments[i]); - } - free(idl); -} - -/* - * Sends a challenge (typically from a server via ssh(1)) to the agent, - * and waits for a response from the agent. - * Returns true (non-zero) if the agent gave the correct answer, zero - * otherwise. - */ - - -/* encode signature algorithm in flag bits, so we can keep the msg format */ -static u_int -agent_encode_alg(const struct sshkey *key, const char *alg) -{ - if (alg != NULL && key->type == KEY_RSA) { - if (strcmp(alg, "rsa-sha2-256") == 0) - return SSH_AGENT_RSA_SHA2_256; - else if (strcmp(alg, "rsa-sha2-512") == 0) - return SSH_AGENT_RSA_SHA2_512; - } - return 0; -} - -/* ask agent to sign data, returns err.h code on error, 0 on success */ -int -ssh_agent_sign(int sock, const struct sshkey *key, - u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *alg, u_int compat) -{ - struct sshbuf *msg; - u_char *sig = NULL, type = 0; - size_t len = 0; - u_int flags = 0; - int r = SSH_ERR_INTERNAL_ERROR; - - *sigp = NULL; - *lenp = 0; - - if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) - return SSH_ERR_INVALID_ARGUMENT; - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - flags |= agent_encode_alg(key, alg); - if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || - (r = sshkey_puts(key, msg)) != 0 || - (r = sshbuf_put_string(msg, data, datalen)) != 0 || - (r = sshbuf_put_u32(msg, flags)) != 0) - goto out; - if ((r = ssh_request_reply(sock, msg, msg)) != 0) - goto out; - if ((r = sshbuf_get_u8(msg, &type)) != 0) - goto out; - if (agent_failed(type)) { - r = SSH_ERR_AGENT_FAILURE; - goto out; - } else if (type != SSH2_AGENT_SIGN_RESPONSE) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((r = sshbuf_get_string(msg, &sig, &len)) != 0) - goto out; - /* Check what we actually got back from the agent. */ - if ((r = sshkey_check_sigtype(sig, len, alg)) != 0) - goto out; - /* success */ - *sigp = sig; - *lenp = len; - sig = NULL; - len = 0; - r = 0; - out: - freezero(sig, len); - sshbuf_free(msg); - return r; -} - -/* Encode key for a message to the agent. */ - - -static int -encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign) -{ - int r; - - if (life != 0) { - if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_LIFETIME)) != 0 || - (r = sshbuf_put_u32(m, life)) != 0) - goto out; - } - if (confirm != 0) { - if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_CONFIRM)) != 0) - goto out; - } - if (maxsign != 0) { - if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_MAXSIGN)) != 0 || - (r = sshbuf_put_u32(m, maxsign)) != 0) - goto out; - } - r = 0; - out: - return r; -} - -/* - * Adds an identity to the authentication server. - * This call is intended only for use by ssh-add(1) and like applications. - */ -int -ssh_add_identity_constrained(int sock, const struct sshkey *key, - const char *comment, u_int life, u_int confirm, u_int maxsign) -{ - struct sshbuf *msg; - int r, constrained = (life || confirm || maxsign); - u_char type; - - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - switch (key->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: - case KEY_DSA: - case KEY_DSA_CERT: - case KEY_ECDSA: - case KEY_ECDSA_CERT: -#endif - case KEY_ED25519: - case KEY_ED25519_CERT: - case KEY_XMSS: - case KEY_XMSS_CERT: - type = constrained ? - SSH2_AGENTC_ADD_ID_CONSTRAINED : - SSH2_AGENTC_ADD_IDENTITY; - if ((r = sshbuf_put_u8(msg, type)) != 0 || - (r = sshkey_private_serialize_maxsign(key, msg, maxsign, - NULL)) != 0 || - (r = sshbuf_put_cstring(msg, comment)) != 0) - goto out; - break; - default: - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if (constrained && - (r = encode_constraints(msg, life, confirm, maxsign)) != 0) - goto out; - if ((r = ssh_request_reply(sock, msg, msg)) != 0) - goto out; - if ((r = sshbuf_get_u8(msg, &type)) != 0) - goto out; - r = decode_reply(type); - out: - sshbuf_free(msg); - return r; -} - -/* - * Removes an identity from the authentication server. - * This call is intended only for use by ssh-add(1) and like applications. - */ -int -ssh_remove_identity(int sock, struct sshkey *key) -{ - struct sshbuf *msg; - int r; - u_char type, *blob = NULL; - size_t blen; - - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - if (key->type != KEY_UNSPEC) { - if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) - goto out; - if ((r = sshbuf_put_u8(msg, - SSH2_AGENTC_REMOVE_IDENTITY)) != 0 || - (r = sshbuf_put_string(msg, blob, blen)) != 0) - goto out; - } else { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = ssh_request_reply(sock, msg, msg)) != 0) - goto out; - if ((r = sshbuf_get_u8(msg, &type)) != 0) - goto out; - r = decode_reply(type); - out: - if (blob != NULL) { - explicit_bzero(blob, blen); - free(blob); - } - sshbuf_free(msg); - return r; -} - -/* - * Add/remove an token-based identity from the authentication server. - * This call is intended only for use by ssh-add(1) and like applications. - */ -int -ssh_update_card(int sock, int add, const char *reader_id, const char *pin, - u_int life, u_int confirm) -{ - struct sshbuf *msg; - int r, constrained = (life || confirm); - u_char type; - - if (add) { - type = constrained ? - SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED : - SSH_AGENTC_ADD_SMARTCARD_KEY; - } else - type = SSH_AGENTC_REMOVE_SMARTCARD_KEY; - - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_u8(msg, type)) != 0 || - (r = sshbuf_put_cstring(msg, reader_id)) != 0 || - (r = sshbuf_put_cstring(msg, pin)) != 0) - goto out; - if (constrained && - (r = encode_constraints(msg, life, confirm, 0)) != 0) - goto out; - if ((r = ssh_request_reply(sock, msg, msg)) != 0) - goto out; - if ((r = sshbuf_get_u8(msg, &type)) != 0) - goto out; - r = decode_reply(type); - out: - sshbuf_free(msg); - return r; -} - -/* - * Removes all identities from the agent. - * This call is intended only for use by ssh-add(1) and like applications. - * - * This supports the SSH protocol 1 message to because, when clearing all - * keys from an agent, we generally want to clear both protocol v1 and v2 - * keys. - */ -int -ssh_remove_all_identities(int sock, int version) -{ - struct sshbuf *msg; - u_char type = (version == 1) ? - SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES : - SSH2_AGENTC_REMOVE_ALL_IDENTITIES; - int r; - - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_u8(msg, type)) != 0) - goto out; - if ((r = ssh_request_reply(sock, msg, msg)) != 0) - goto out; - if ((r = sshbuf_get_u8(msg, &type)) != 0) - goto out; - r = decode_reply(type); - out: - sshbuf_free(msg); - return r; -} diff --git a/ssh_keygen_110/authfd.h b/ssh_keygen_110/authfd.h deleted file mode 100644 index a032fd54..00000000 --- a/ssh_keygen_110/authfd.h +++ /dev/null @@ -1,90 +0,0 @@ -/* $OpenBSD: authfd.h,v 1.44 2018/07/12 04:35:25 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Functions to interface with the SSH_AUTHENTICATION_FD socket. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef AUTHFD_H -#define AUTHFD_H - -/* List of identities returned by ssh_fetch_identitylist() */ -struct ssh_identitylist { - size_t nkeys; - struct sshkey **keys; - char **comments; -}; - -int ssh_get_authentication_socket(int *fdp); -void ssh_close_authentication_socket(int sock); - -int ssh_lock_agent(int sock, int lock, const char *password); -int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp); -void ssh_free_identitylist(struct ssh_identitylist *idl); -int ssh_add_identity_constrained(int sock, const struct sshkey *key, - const char *comment, u_int life, u_int confirm, u_int maxsign); -int ssh_remove_identity(int sock, struct sshkey *key); -int ssh_update_card(int sock, int add, const char *reader_id, - const char *pin, u_int life, u_int confirm); -int ssh_remove_all_identities(int sock, int version); - -int ssh_agent_sign(int sock, const struct sshkey *key, - u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *alg, u_int compat); - -/* Messages for the authentication agent connection. */ -#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 -#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2 -#define SSH_AGENTC_RSA_CHALLENGE 3 -#define SSH_AGENT_RSA_RESPONSE 4 -#define SSH_AGENT_FAILURE 5 -#define SSH_AGENT_SUCCESS 6 -#define SSH_AGENTC_ADD_RSA_IDENTITY 7 -#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 -#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 - -/* private OpenSSH extensions for SSH2 */ -#define SSH2_AGENTC_REQUEST_IDENTITIES 11 -#define SSH2_AGENT_IDENTITIES_ANSWER 12 -#define SSH2_AGENTC_SIGN_REQUEST 13 -#define SSH2_AGENT_SIGN_RESPONSE 14 -#define SSH2_AGENTC_ADD_IDENTITY 17 -#define SSH2_AGENTC_REMOVE_IDENTITY 18 -#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 - -/* smartcard */ -#define SSH_AGENTC_ADD_SMARTCARD_KEY 20 -#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 - -/* lock/unlock the agent */ -#define SSH_AGENTC_LOCK 22 -#define SSH_AGENTC_UNLOCK 23 - -/* add key with constraints */ -#define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 -#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 -#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 - -#define SSH_AGENT_CONSTRAIN_LIFETIME 1 -#define SSH_AGENT_CONSTRAIN_CONFIRM 2 -#define SSH_AGENT_CONSTRAIN_MAXSIGN 3 - -/* extended failure messages */ -#define SSH2_AGENT_FAILURE 30 - -/* additional error code for ssh.com's ssh-agent2 */ -#define SSH_COM_AGENT2_FAILURE 102 - -#define SSH_AGENT_OLD_SIGNATURE 0x01 -#define SSH_AGENT_RSA_SHA2_256 0x02 -#define SSH_AGENT_RSA_SHA2_512 0x04 - -#endif /* AUTHFD_H */ diff --git a/ssh_keygen_110/authfile.c b/ssh_keygen_110/authfile.c deleted file mode 100644 index b1c92f4a..00000000 --- a/ssh_keygen_110/authfile.c +++ /dev/null @@ -1,538 +0,0 @@ -/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */ -/* - * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "cipher.h" -#include "ssh.h" -#include "log.h" -#include "authfile.h" -#include "misc.h" -#include "atomicio.h" -#include "sshkey.h" -#include "sshbuf.h" -#include "ssherr.h" -#include "krl.h" - -#define MAX_KEY_FILE_SIZE (1024 * 1024) - -/* Save a key blob to a file */ -static int -sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) -{ - int fd, oerrno; - - if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) - return SSH_ERR_SYSTEM_ERROR; - if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), - sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { - oerrno = errno; - close(fd); - unlink(filename); - errno = oerrno; - return SSH_ERR_SYSTEM_ERROR; - } - close(fd); - return 0; -} - -int -sshkey_save_private(struct sshkey *key, const char *filename, - const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds) -{ - struct sshbuf *keyblob = NULL; - int r; - - if ((keyblob = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, - force_new_format, new_format_cipher, new_format_rounds)) != 0) - goto out; - if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) - goto out; - r = 0; - out: - sshbuf_free(keyblob); - return r; -} - -/* Load a key from a fd into a buffer */ -int -sshkey_load_file(int fd, struct sshbuf *blob) -{ - u_char buf[1024]; - size_t len; - struct stat st; - int r; - - if (fstat(fd, &st) < 0) - return SSH_ERR_SYSTEM_ERROR; - if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && - st.st_size > MAX_KEY_FILE_SIZE) - return SSH_ERR_INVALID_FORMAT; - for (;;) { - if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { - if (errno == EPIPE) - break; - r = SSH_ERR_SYSTEM_ERROR; - goto out; - } - if ((r = sshbuf_put(blob, buf, len)) != 0) - goto out; - if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && - st.st_size != (off_t)sshbuf_len(blob)) { - r = SSH_ERR_FILE_CHANGED; - goto out; - } - r = 0; - - out: - explicit_bzero(buf, sizeof(buf)); - if (r != 0) - sshbuf_reset(blob); - return r; -} - - -/* XXX remove error() calls from here? */ -int -sshkey_perm_ok(int fd, const char *filename) -{ - struct stat st; - - if (fstat(fd, &st) < 0) - return SSH_ERR_SYSTEM_ERROR; - /* - * if a key owned by the user is accessed, then we check the - * permissions of the file. if the key owned by a different user, - * then we don't care. - */ -#ifdef HAVE_CYGWIN - if (check_ntsec(filename)) -#endif - if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("Permissions 0%3.3o for '%s' are too open.", - (u_int)st.st_mode & 0777, filename); - error("It is required that your private key files are NOT accessible by others."); - error("This private key will be ignored."); - return SSH_ERR_KEY_BAD_PERMISSIONS; - } - return 0; -} - -/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ -int -sshkey_load_private_type(int type, const char *filename, const char *passphrase, - struct sshkey **keyp, char **commentp, int *perm_ok) -{ - int fd, r; - - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - if ((fd = open(filename, O_RDONLY)) < 0) { - if (perm_ok != NULL) - *perm_ok = 0; - return SSH_ERR_SYSTEM_ERROR; - } - if (sshkey_perm_ok(fd, filename) != 0) { - if (perm_ok != NULL) - *perm_ok = 0; - r = SSH_ERR_KEY_BAD_PERMISSIONS; - goto out; - } - if (perm_ok != NULL) - *perm_ok = 1; - - r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); - if (r == 0 && keyp && *keyp) - r = sshkey_set_filename(*keyp, filename); - out: - close(fd); - return r; -} - -int -sshkey_load_private_type_fd(int fd, int type, const char *passphrase, - struct sshkey **keyp, char **commentp) -{ - struct sshbuf *buffer = NULL; - int r; - - if (keyp != NULL) - *keyp = NULL; - if ((buffer = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshkey_load_file(fd, buffer)) != 0 || - (r = sshkey_parse_private_fileblob_type(buffer, type, - passphrase, keyp, commentp)) != 0) - goto out; - - /* success */ - r = 0; - out: - sshbuf_free(buffer); - return r; -} - -/* XXX this is almost identical to sshkey_load_private_type() */ -int -sshkey_load_private(const char *filename, const char *passphrase, - struct sshkey **keyp, char **commentp) -{ - struct sshbuf *buffer = NULL; - int r, fd; - - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - if ((fd = open(filename, O_RDONLY)) < 0) - return SSH_ERR_SYSTEM_ERROR; - if (sshkey_perm_ok(fd, filename) != 0) { - r = SSH_ERR_KEY_BAD_PERMISSIONS; - goto out; - } - - if ((buffer = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshkey_load_file(fd, buffer)) != 0 || - (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, - commentp)) != 0) - goto out; - if (keyp && *keyp && - (r = sshkey_set_filename(*keyp, filename)) != 0) - goto out; - r = 0; - out: - close(fd); - sshbuf_free(buffer); - return r; -} - -static int -sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) -{ - FILE *f; - char *line = NULL, *cp; - size_t linesize = 0; - int r; - - if (commentp != NULL) - *commentp = NULL; - if ((f = fopen(filename, "r")) == NULL) - return SSH_ERR_SYSTEM_ERROR; - while (getline(&line, &linesize, f) != -1) { - cp = line; - switch (*cp) { - case '#': - case '\n': - case '\0': - continue; - } - /* Abort loading if this looks like a private key */ - if (strncmp(cp, "-----BEGIN", 10) == 0 || - strcmp(cp, "SSH PRIVATE KEY FILE") == 0) - break; - /* Skip leading whitespace. */ - for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) - ; - if (*cp) { - if ((r = sshkey_read(k, &cp)) == 0) { - cp[strcspn(cp, "\r\n")] = '\0'; - if (commentp) { - *commentp = strdup(*cp ? - cp : filename); - if (*commentp == NULL) - r = SSH_ERR_ALLOC_FAIL; - } - free(line); - fclose(f); - return r; - } - } - } - free(line); - fclose(f); - return SSH_ERR_INVALID_FORMAT; -} - -/* load public key from any pubkey file */ -int -sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) -{ - struct sshkey *pub = NULL; - char *file = NULL; - int r; - - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { - if (keyp != NULL) { - *keyp = pub; - pub = NULL; - } - r = 0; - goto out; - } - sshkey_free(pub); - - /* try .pub suffix */ - if (asprintf(&file, "%s.pub", filename) == -1) - return SSH_ERR_ALLOC_FAIL; - if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) { - if (keyp != NULL) { - *keyp = pub; - pub = NULL; - } - r = 0; - } - out: - free(file); - sshkey_free(pub); - return r; -} - -/* Load the certificate associated with the named private key */ -int -sshkey_load_cert(const char *filename, struct sshkey **keyp) -{ - struct sshkey *pub = NULL; - char *file = NULL; - int r = SSH_ERR_INTERNAL_ERROR; - - if (keyp != NULL) - *keyp = NULL; - - if (asprintf(&file, "%s-cert.pub", filename) == -1) - return SSH_ERR_ALLOC_FAIL; - - if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { - goto out; - } - if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) - goto out; - /* success */ - if (keyp != NULL) { - *keyp = pub; - pub = NULL; - } - r = 0; - out: - free(file); - sshkey_free(pub); - return r; -} - -/* Load private key and certificate */ -int -sshkey_load_private_cert(int type, const char *filename, const char *passphrase, - struct sshkey **keyp, int *perm_ok) -{ - struct sshkey *key = NULL, *cert = NULL; - int r; - - if (keyp != NULL) - *keyp = NULL; - - switch (type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_DSA: - case KEY_ECDSA: -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_XMSS: - case KEY_UNSPEC: - break; - default: - return SSH_ERR_KEY_TYPE_UNKNOWN; - } - - if ((r = sshkey_load_private_type(type, filename, - passphrase, &key, NULL, perm_ok)) != 0 || - (r = sshkey_load_cert(filename, &cert)) != 0) - goto out; - - /* Make sure the private key matches the certificate */ - if (sshkey_equal_public(key, cert) == 0) { - r = SSH_ERR_KEY_CERT_MISMATCH; - goto out; - } - - if ((r = sshkey_to_certified(key)) != 0 || - (r = sshkey_cert_copy(cert, key)) != 0) - goto out; - r = 0; - if (keyp != NULL) { - *keyp = key; - key = NULL; - } - out: - sshkey_free(key); - sshkey_free(cert); - return r; -} - -/* - * Returns success if the specified "key" is listed in the file "filename", - * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. - * If "strict_type" is set then the key type must match exactly, - * otherwise a comparison that ignores certficiate data is performed. - * If "check_ca" is set and "key" is a certificate, then its CA key is - * also checked and sshkey_in_file() will return success if either is found. - */ -int -sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, - int check_ca) -{ - FILE *f; - char *line = NULL, *cp; - size_t linesize = 0; - int r = 0; - struct sshkey *pub = NULL; - - int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = - strict_type ? sshkey_equal : sshkey_equal_public; - - if ((f = fopen(filename, "r")) == NULL) - return SSH_ERR_SYSTEM_ERROR; - - while (getline(&line, &linesize, f) != -1) { - sshkey_free(pub); - pub = NULL; - cp = line; - - /* Skip leading whitespace. */ - for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) - ; - - /* Skip comments and empty lines */ - switch (*cp) { - case '#': - case '\n': - case '\0': - continue; - } - - if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - switch (r = sshkey_read(pub, &cp)) { - case 0: - break; - case SSH_ERR_KEY_LENGTH: - continue; - default: - goto out; - } - if (sshkey_compare(key, pub) || - (check_ca && sshkey_is_cert(key) && - sshkey_compare(key->cert->signature_key, pub))) { - r = 0; - goto out; - } - } - r = SSH_ERR_KEY_NOT_FOUND; - out: - free(line); - sshkey_free(pub); - fclose(f); - return r; -} - -/* - * Checks whether the specified key is revoked, returning 0 if not, - * SSH_ERR_KEY_REVOKED if it is or another error code if something - * unexpected happened. - * This will check both the key and, if it is a certificate, its CA key too. - * "revoked_keys_file" may be a KRL or a one-per-line list of public keys. - */ -int -sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) -{ - int r; - - r = ssh_krl_file_contains_key(revoked_keys_file, key); - /* If this was not a KRL to begin with then continue below */ - if (r != SSH_ERR_KRL_BAD_MAGIC) - return r; - - /* - * If the file is not a KRL or we can't handle KRLs then attempt to - * parse the file as a flat list of keys. - */ - switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) { - case 0: - /* Key found => revoked */ - return SSH_ERR_KEY_REVOKED; - case SSH_ERR_KEY_NOT_FOUND: - /* Key not found => not revoked */ - return 0; - default: - /* Some other error occurred */ - return r; - } -} - diff --git a/ssh_keygen_110/authfile.h b/ssh_keygen_110/authfile.h deleted file mode 100644 index 624d269f..00000000 --- a/ssh_keygen_110/authfile.h +++ /dev/null @@ -1,52 +0,0 @@ -/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */ - -/* - * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef AUTHFILE_H -#define AUTHFILE_H - -struct sshbuf; -struct sshkey; - -/* XXX document these */ -/* XXX some of these could probably be merged/retired */ - -int sshkey_save_private(struct sshkey *, const char *, - const char *, const char *, int, const char *, int); -int sshkey_load_file(int, struct sshbuf *); -int sshkey_load_cert(const char *, struct sshkey **); -int sshkey_load_public(const char *, struct sshkey **, char **); -int sshkey_load_private(const char *, const char *, struct sshkey **, char **); -int sshkey_load_private_cert(int, const char *, const char *, - struct sshkey **, int *); -int sshkey_load_private_type(int, const char *, const char *, - struct sshkey **, char **, int *); -int sshkey_load_private_type_fd(int fd, int type, const char *passphrase, - struct sshkey **keyp, char **commentp); -int sshkey_perm_ok(int, const char *); -int sshkey_in_file(struct sshkey *, const char *, int, int); -int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file); - -#endif diff --git a/ssh_keygen_110/bitmap.c b/ssh_keygen_110/bitmap.c deleted file mode 100644 index 5ecfe68b..00000000 --- a/ssh_keygen_110/bitmap.c +++ /dev/null @@ -1,214 +0,0 @@ -/* $OpenBSD: bitmap.c,v 1.9 2017/10/20 01:56:39 djm Exp $ */ -/* - * Copyright (c) 2015 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include -#include - -#include "bitmap.h" - -#define BITMAP_WTYPE u_int -#define BITMAP_MAX (1<<24) -#define BITMAP_BYTES (sizeof(BITMAP_WTYPE)) -#define BITMAP_BITS (sizeof(BITMAP_WTYPE) * 8) -#define BITMAP_WMASK ((BITMAP_WTYPE)BITMAP_BITS - 1) -struct bitmap { - BITMAP_WTYPE *d; - size_t len; /* number of words allocated */ - size_t top; /* index of top word allocated */ -}; - -struct bitmap * -bitmap_new(void) -{ - struct bitmap *ret; - - if ((ret = calloc(1, sizeof(*ret))) == NULL) - return NULL; - if ((ret->d = calloc(1, BITMAP_BYTES)) == NULL) { - free(ret); - return NULL; - } - ret->len = 1; - ret->top = 0; - return ret; -} - -void -bitmap_free(struct bitmap *b) -{ - if (b != NULL && b->d != NULL) { - bitmap_zero(b); - free(b->d); - b->d = NULL; - } - free(b); -} - -void -bitmap_zero(struct bitmap *b) -{ - memset(b->d, 0, b->len * BITMAP_BYTES); - b->top = 0; -} - -int -bitmap_test_bit(struct bitmap *b, u_int n) -{ - if (b->top >= b->len) - return 0; /* invalid */ - if (b->len == 0 || (n / BITMAP_BITS) > b->top) - return 0; - return (b->d[n / BITMAP_BITS] >> (n & BITMAP_WMASK)) & 1; -} - -static int -reserve(struct bitmap *b, u_int n) -{ - BITMAP_WTYPE *tmp; - size_t nlen; - - if (b->top >= b->len || n > BITMAP_MAX) - return -1; /* invalid */ - nlen = (n / BITMAP_BITS) + 1; - if (b->len < nlen) { - if ((tmp = recallocarray(b->d, b->len, - nlen, BITMAP_BYTES)) == NULL) - return -1; - b->d = tmp; - b->len = nlen; - } - return 0; -} - -int -bitmap_set_bit(struct bitmap *b, u_int n) -{ - int r; - size_t offset; - - if ((r = reserve(b, n)) != 0) - return r; - offset = n / BITMAP_BITS; - if (offset > b->top) - b->top = offset; - b->d[offset] |= (BITMAP_WTYPE)1 << (n & BITMAP_WMASK); - return 0; -} - -/* Resets b->top to point to the most significant bit set in b->d */ -static void -retop(struct bitmap *b) -{ - if (b->top >= b->len) - return; - while (b->top > 0 && b->d[b->top] == 0) - b->top--; -} - -void -bitmap_clear_bit(struct bitmap *b, u_int n) -{ - size_t offset; - - if (b->top >= b->len || n > BITMAP_MAX) - return; /* invalid */ - offset = n / BITMAP_BITS; - if (offset > b->top) - return; - b->d[offset] &= ~((BITMAP_WTYPE)1 << (n & BITMAP_WMASK)); - /* The top may have changed as a result of the clear */ - retop(b); -} - -size_t -bitmap_nbits(struct bitmap *b) -{ - size_t bits; - BITMAP_WTYPE w; - - retop(b); - if (b->top >= b->len) - return 0; /* invalid */ - if (b->len == 0 || (b->top == 0 && b->d[0] == 0)) - return 0; - /* Find MSB set */ - w = b->d[b->top]; - bits = (b->top + 1) * BITMAP_BITS; - while (!(w & ((BITMAP_WTYPE)1 << (BITMAP_BITS - 1)))) { - w <<= 1; - bits--; - } - return bits; -} - -size_t -bitmap_nbytes(struct bitmap *b) -{ - return (bitmap_nbits(b) + 7) / 8; -} - -int -bitmap_to_string(struct bitmap *b, void *p, size_t l) -{ - u_char *s = (u_char *)p; - size_t i, j, k, need = bitmap_nbytes(b); - - if (l < need || b->top >= b->len) - return -1; - if (l > need) - l = need; - /* Put the bytes from LSB backwards */ - for (i = k = 0; i < b->top + 1; i++) { - for (j = 0; j < BITMAP_BYTES; j++) { - if (k >= l) - break; - s[need - 1 - k++] = (b->d[i] >> (j * 8)) & 0xff; - } - } - return 0; -} - -int -bitmap_from_string(struct bitmap *b, const void *p, size_t l) -{ - int r; - size_t i, offset, shift; - const u_char *s = (const u_char *)p; - - if (l > BITMAP_MAX / 8) - return -1; - if ((r = reserve(b, l * 8)) != 0) - return r; - bitmap_zero(b); - if (l == 0) - return 0; - b->top = offset = ((l + (BITMAP_BYTES - 1)) / BITMAP_BYTES) - 1; - shift = ((l + (BITMAP_BYTES - 1)) % BITMAP_BYTES) * 8; - for (i = 0; i < l; i++) { - b->d[offset] |= (BITMAP_WTYPE)s[i] << shift; - if (shift == 0) { - offset--; - shift = BITMAP_BITS - 8; - } else - shift -= 8; - } - retop(b); - return 0; -} diff --git a/ssh_keygen_110/bitmap.h b/ssh_keygen_110/bitmap.h deleted file mode 100644 index 336e90b0..00000000 --- a/ssh_keygen_110/bitmap.h +++ /dev/null @@ -1,57 +0,0 @@ -/* $OpenBSD: bitmap.h,v 1.2 2017/10/20 01:56:39 djm Exp $ */ -/* - * Copyright (c) 2015 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _BITMAP_H -#define _BITMAP_H - -#include - -/* Simple bit vector routines */ - -struct bitmap; - -/* Allocate a new bitmap. Returns NULL on allocation failure. */ -struct bitmap *bitmap_new(void); - -/* Free a bitmap */ -void bitmap_free(struct bitmap *b); - -/* Zero an existing bitmap */ -void bitmap_zero(struct bitmap *b); - -/* Test whether a bit is set in a bitmap. */ -int bitmap_test_bit(struct bitmap *b, u_int n); - -/* Set a bit in a bitmap. Returns 0 on success or -1 on error */ -int bitmap_set_bit(struct bitmap *b, u_int n); - -/* Clear a bit in a bitmap */ -void bitmap_clear_bit(struct bitmap *b, u_int n); - -/* Return the number of bits in a bitmap (i.e. the position of the MSB) */ -size_t bitmap_nbits(struct bitmap *b); - -/* Return the number of bytes needed to represent a bitmap */ -size_t bitmap_nbytes(struct bitmap *b); - -/* Convert a bitmap to a big endian byte string */ -int bitmap_to_string(struct bitmap *b, void *p, size_t l); - -/* Convert a big endian byte string to a bitmap */ -int bitmap_from_string(struct bitmap *b, const void *p, size_t l); - -#endif /* _BITMAP_H */ diff --git a/ssh_keygen_110/chacha.c b/ssh_keygen_110/chacha.c deleted file mode 100644 index a84c25ea..00000000 --- a/ssh_keygen_110/chacha.c +++ /dev/null @@ -1,219 +0,0 @@ -/* -chacha-merged.c version 20080118 -D. J. Bernstein -Public domain. -*/ - -#include "includes.h" - -#include "chacha.h" - -/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */ - -typedef unsigned char u8; -typedef unsigned int u32; - -typedef struct chacha_ctx chacha_ctx; - -#define U8C(v) (v##U) -#define U32C(v) (v##U) - -#define U8V(v) ((u8)(v) & U8C(0xFF)) -#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) - -#define ROTL32(v, n) \ - (U32V((v) << (n)) | ((v) >> (32 - (n)))) - -#define U8TO32_LITTLE(p) \ - (((u32)((p)[0]) ) | \ - ((u32)((p)[1]) << 8) | \ - ((u32)((p)[2]) << 16) | \ - ((u32)((p)[3]) << 24)) - -#define U32TO8_LITTLE(p, v) \ - do { \ - (p)[0] = U8V((v) ); \ - (p)[1] = U8V((v) >> 8); \ - (p)[2] = U8V((v) >> 16); \ - (p)[3] = U8V((v) >> 24); \ - } while (0) - -#define ROTATE(v,c) (ROTL32(v,c)) -#define XOR(v,w) ((v) ^ (w)) -#define PLUS(v,w) (U32V((v) + (w))) -#define PLUSONE(v) (PLUS((v),1)) - -#define QUARTERROUND(a,b,c,d) \ - a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ - c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ - a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ - c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); - -static const char sigma[16] = "expand 32-byte k"; -static const char tau[16] = "expand 16-byte k"; - -void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) -{ - const char *constants; - - x->input[4] = U8TO32_LITTLE(k + 0); - x->input[5] = U8TO32_LITTLE(k + 4); - x->input[6] = U8TO32_LITTLE(k + 8); - x->input[7] = U8TO32_LITTLE(k + 12); - if (kbits == 256) { /* recommended */ - k += 16; - constants = sigma; - } else { /* kbits == 128 */ - constants = tau; - } - x->input[8] = U8TO32_LITTLE(k + 0); - x->input[9] = U8TO32_LITTLE(k + 4); - x->input[10] = U8TO32_LITTLE(k + 8); - x->input[11] = U8TO32_LITTLE(k + 12); - x->input[0] = U8TO32_LITTLE(constants + 0); - x->input[1] = U8TO32_LITTLE(constants + 4); - x->input[2] = U8TO32_LITTLE(constants + 8); - x->input[3] = U8TO32_LITTLE(constants + 12); -} - -void -chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter) -{ - x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0); - x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4); - x->input[14] = U8TO32_LITTLE(iv + 0); - x->input[15] = U8TO32_LITTLE(iv + 4); -} - -void -chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) -{ - u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; - u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; - u8 *ctarget = NULL; - u8 tmp[64]; - u_int i; - - if (!bytes) return; - - j0 = x->input[0]; - j1 = x->input[1]; - j2 = x->input[2]; - j3 = x->input[3]; - j4 = x->input[4]; - j5 = x->input[5]; - j6 = x->input[6]; - j7 = x->input[7]; - j8 = x->input[8]; - j9 = x->input[9]; - j10 = x->input[10]; - j11 = x->input[11]; - j12 = x->input[12]; - j13 = x->input[13]; - j14 = x->input[14]; - j15 = x->input[15]; - - for (;;) { - if (bytes < 64) { - for (i = 0;i < bytes;++i) tmp[i] = m[i]; - m = tmp; - ctarget = c; - c = tmp; - } - x0 = j0; - x1 = j1; - x2 = j2; - x3 = j3; - x4 = j4; - x5 = j5; - x6 = j6; - x7 = j7; - x8 = j8; - x9 = j9; - x10 = j10; - x11 = j11; - x12 = j12; - x13 = j13; - x14 = j14; - x15 = j15; - for (i = 20;i > 0;i -= 2) { - QUARTERROUND( x0, x4, x8,x12) - QUARTERROUND( x1, x5, x9,x13) - QUARTERROUND( x2, x6,x10,x14) - QUARTERROUND( x3, x7,x11,x15) - QUARTERROUND( x0, x5,x10,x15) - QUARTERROUND( x1, x6,x11,x12) - QUARTERROUND( x2, x7, x8,x13) - QUARTERROUND( x3, x4, x9,x14) - } - x0 = PLUS(x0,j0); - x1 = PLUS(x1,j1); - x2 = PLUS(x2,j2); - x3 = PLUS(x3,j3); - x4 = PLUS(x4,j4); - x5 = PLUS(x5,j5); - x6 = PLUS(x6,j6); - x7 = PLUS(x7,j7); - x8 = PLUS(x8,j8); - x9 = PLUS(x9,j9); - x10 = PLUS(x10,j10); - x11 = PLUS(x11,j11); - x12 = PLUS(x12,j12); - x13 = PLUS(x13,j13); - x14 = PLUS(x14,j14); - x15 = PLUS(x15,j15); - - x0 = XOR(x0,U8TO32_LITTLE(m + 0)); - x1 = XOR(x1,U8TO32_LITTLE(m + 4)); - x2 = XOR(x2,U8TO32_LITTLE(m + 8)); - x3 = XOR(x3,U8TO32_LITTLE(m + 12)); - x4 = XOR(x4,U8TO32_LITTLE(m + 16)); - x5 = XOR(x5,U8TO32_LITTLE(m + 20)); - x6 = XOR(x6,U8TO32_LITTLE(m + 24)); - x7 = XOR(x7,U8TO32_LITTLE(m + 28)); - x8 = XOR(x8,U8TO32_LITTLE(m + 32)); - x9 = XOR(x9,U8TO32_LITTLE(m + 36)); - x10 = XOR(x10,U8TO32_LITTLE(m + 40)); - x11 = XOR(x11,U8TO32_LITTLE(m + 44)); - x12 = XOR(x12,U8TO32_LITTLE(m + 48)); - x13 = XOR(x13,U8TO32_LITTLE(m + 52)); - x14 = XOR(x14,U8TO32_LITTLE(m + 56)); - x15 = XOR(x15,U8TO32_LITTLE(m + 60)); - - j12 = PLUSONE(j12); - if (!j12) { - j13 = PLUSONE(j13); - /* stopping at 2^70 bytes per nonce is user's responsibility */ - } - - U32TO8_LITTLE(c + 0,x0); - U32TO8_LITTLE(c + 4,x1); - U32TO8_LITTLE(c + 8,x2); - U32TO8_LITTLE(c + 12,x3); - U32TO8_LITTLE(c + 16,x4); - U32TO8_LITTLE(c + 20,x5); - U32TO8_LITTLE(c + 24,x6); - U32TO8_LITTLE(c + 28,x7); - U32TO8_LITTLE(c + 32,x8); - U32TO8_LITTLE(c + 36,x9); - U32TO8_LITTLE(c + 40,x10); - U32TO8_LITTLE(c + 44,x11); - U32TO8_LITTLE(c + 48,x12); - U32TO8_LITTLE(c + 52,x13); - U32TO8_LITTLE(c + 56,x14); - U32TO8_LITTLE(c + 60,x15); - - if (bytes <= 64) { - if (bytes < 64) { - for (i = 0;i < bytes;++i) ctarget[i] = c[i]; - } - x->input[12] = j12; - x->input[13] = j13; - return; - } - bytes -= 64; - c += 64; - m += 64; - } -} diff --git a/ssh_keygen_110/chacha.h b/ssh_keygen_110/chacha.h deleted file mode 100644 index 76205256..00000000 --- a/ssh_keygen_110/chacha.h +++ /dev/null @@ -1,36 +0,0 @@ -/* $OpenBSD: chacha.h,v 1.4 2016/08/27 04:04:56 guenther Exp $ */ - -/* -chacha-merged.c version 20080118 -D. J. Bernstein -Public domain. -*/ - -#ifndef CHACHA_H -#define CHACHA_H - -#include -#include - -struct chacha_ctx { - u_int input[16]; -}; - -#define CHACHA_MINKEYLEN 16 -#define CHACHA_NONCELEN 8 -#define CHACHA_CTRLEN 8 -#define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) -#define CHACHA_BLOCKLEN 64 - -void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits) - __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); -void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr) - __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) - __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); -void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, - u_char *c, u_int bytes) - __attribute__((__bounded__(__buffer__, 2, 4))) - __attribute__((__bounded__(__buffer__, 3, 4))); - -#endif /* CHACHA_H */ - diff --git a/ssh_keygen_110/cipher-aesctr.h b/ssh_keygen_110/cipher-aesctr.h deleted file mode 100644 index 85d55bba..00000000 --- a/ssh_keygen_110/cipher-aesctr.h +++ /dev/null @@ -1,35 +0,0 @@ -/* $OpenBSD: cipher-aesctr.h,v 1.1 2014/04/29 15:39:33 markus Exp $ */ -/* - * Copyright (c) 2014 Markus Friedl - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef OPENSSH_AESCTR_H -#define OPENSSH_AESCTR_H - -#include "rijndael.h" - -#define AES_BLOCK_SIZE 16 - -typedef struct aesctr_ctx { - int rounds; /* keylen-dependent #rounds */ - u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ - u8 ctr[AES_BLOCK_SIZE]; /* counter */ -} aesctr_ctx; - -void aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits); -void aesctr_ivsetup(aesctr_ctx *x,const u8 *iv); -void aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes); - -#endif diff --git a/ssh_keygen_110/cipher-chachapoly.c b/ssh_keygen_110/cipher-chachapoly.c deleted file mode 100644 index 0899c5ad..00000000 --- a/ssh_keygen_110/cipher-chachapoly.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2013 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $OpenBSD: cipher-chachapoly.c,v 1.8 2016/08/03 05:41:57 djm Exp $ */ - -#include "includes.h" - -#include -#include /* needed for log.h */ -#include -#include /* needed for misc.h */ - -#include "log.h" -#include "sshbuf.h" -#include "ssherr.h" -#include "cipher-chachapoly.h" - -int -chachapoly_init(struct chachapoly_ctx *ctx, - const u_char *key, u_int keylen) -{ - if (keylen != (32 + 32)) /* 2 x 256 bit keys */ - return SSH_ERR_INVALID_ARGUMENT; - chacha_keysetup(&ctx->main_ctx, key, 256); - chacha_keysetup(&ctx->header_ctx, key + 32, 256); - return 0; -} - -/* - * chachapoly_crypt() operates as following: - * En/decrypt with header key 'aadlen' bytes from 'src', storing result - * to 'dest'. The ciphertext here is treated as additional authenticated - * data for MAC calculation. - * En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use - * POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication - * tag. This tag is written on encryption and verified on decryption. - */ -int -chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, - const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) -{ - u_char seqbuf[8]; - const u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB little-endian */ - u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; - int r = SSH_ERR_INTERNAL_ERROR; - - /* - * Run ChaCha20 once to generate the Poly1305 key. The IV is the - * packet sequence number. - */ - memset(poly_key, 0, sizeof(poly_key)); - POKE_U64(seqbuf, seqnr); - chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL); - chacha_encrypt_bytes(&ctx->main_ctx, - poly_key, poly_key, sizeof(poly_key)); - - /* If decrypting, check tag before anything else */ - if (!do_encrypt) { - const u_char *tag = src + aadlen + len; - - poly1305_auth(expected_tag, src, aadlen + len, poly_key); - if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) { - r = SSH_ERR_MAC_INVALID; - goto out; - } - } - - /* Crypt additional data */ - if (aadlen) { - chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); - chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen); - } - - /* Set Chacha's block counter to 1 */ - chacha_ivsetup(&ctx->main_ctx, seqbuf, one); - chacha_encrypt_bytes(&ctx->main_ctx, src + aadlen, - dest + aadlen, len); - - /* If encrypting, calculate and append tag */ - if (do_encrypt) { - poly1305_auth(dest + aadlen + len, dest, aadlen + len, - poly_key); - } - r = 0; - out: - explicit_bzero(expected_tag, sizeof(expected_tag)); - explicit_bzero(seqbuf, sizeof(seqbuf)); - explicit_bzero(poly_key, sizeof(poly_key)); - return r; -} - -/* Decrypt and extract the encrypted packet length */ -int -chachapoly_get_length(struct chachapoly_ctx *ctx, - u_int *plenp, u_int seqnr, const u_char *cp, u_int len) -{ - u_char buf[4], seqbuf[8]; - - if (len < 4) - return SSH_ERR_MESSAGE_INCOMPLETE; - POKE_U64(seqbuf, seqnr); - chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); - chacha_encrypt_bytes(&ctx->header_ctx, cp, buf, 4); - *plenp = PEEK_U32(buf); - return 0; -} diff --git a/ssh_keygen_110/cipher-chachapoly.h b/ssh_keygen_110/cipher-chachapoly.h deleted file mode 100644 index b7072be7..00000000 --- a/ssh_keygen_110/cipher-chachapoly.h +++ /dev/null @@ -1,41 +0,0 @@ -/* $OpenBSD: cipher-chachapoly.h,v 1.4 2014/06/24 01:13:21 djm Exp $ */ - -/* - * Copyright (c) Damien Miller 2013 - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#ifndef CHACHA_POLY_AEAD_H -#define CHACHA_POLY_AEAD_H - -#include -#include "chacha.h" -#include "poly1305.h" - -#define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */ - -struct chachapoly_ctx { - struct chacha_ctx main_ctx, header_ctx; -}; - -int chachapoly_init(struct chachapoly_ctx *cpctx, - const u_char *key, u_int keylen) - __attribute__((__bounded__(__buffer__, 2, 3))); -int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr, - u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen, - int do_encrypt); -int chachapoly_get_length(struct chachapoly_ctx *cpctx, - u_int *plenp, u_int seqnr, const u_char *cp, u_int len) - __attribute__((__bounded__(__buffer__, 4, 5))); - -#endif /* CHACHA_POLY_AEAD_H */ diff --git a/ssh_keygen_110/cipher.c b/ssh_keygen_110/cipher.c deleted file mode 100644 index 12c59888..00000000 --- a/ssh_keygen_110/cipher.c +++ /dev/null @@ -1,527 +0,0 @@ -/* $OpenBSD: cipher.c,v 1.111 2018/02/23 15:58:37 markus Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * Copyright (c) 1999 Niels Provos. All rights reserved. - * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include - -#include -#include -#include - -#include "cipher.h" -#include "misc.h" -#include "sshbuf.h" -#include "ssherr.h" -#include "digest.h" - -#include "openbsd-compat/openssl-compat.h" - - -struct sshcipher_ctx { - int plaintext; - int encrypt; - EVP_CIPHER_CTX *evp; - struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ - struct aesctr_ctx ac_ctx; /* XXX union with evp? */ - const struct sshcipher *cipher; -}; - -struct sshcipher { - char *name; - u_int block_size; - u_int key_len; - u_int iv_len; /* defaults to block_size */ - u_int auth_len; - u_int flags; -#define CFLAG_CBC (1<<0) -#define CFLAG_CHACHAPOLY (1<<1) -#define CFLAG_AESCTR (1<<2) -#define CFLAG_NONE (1<<3) -#define CFLAG_INTERNAL CFLAG_NONE /* Don't use "none" for packets */ -#ifdef WITH_OPENSSL - const EVP_CIPHER *(*evptype)(void); -#else - void *ignored; -#endif -}; - -static const struct sshcipher ciphers[] = { -#ifdef WITH_OPENSSL -#ifndef OPENSSL_NO_DES - { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, -#endif - { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, - { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, - { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, - { "rijndael-cbc@lysator.liu.se", - 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, - { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr }, - { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr }, - { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr }, -# ifdef OPENSSL_HAVE_EVPGCM - { "aes128-gcm@openssh.com", - 16, 16, 12, 16, 0, EVP_aes_128_gcm }, - { "aes256-gcm@openssh.com", - 16, 32, 12, 16, 0, EVP_aes_256_gcm }, -# endif /* OPENSSL_HAVE_EVPGCM */ -#else - { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL }, - { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL }, - { "aes256-ctr", 16, 32, 0, 0, CFLAG_AESCTR, NULL }, -#endif - { "chacha20-poly1305@openssh.com", - 8, 64, 0, 16, CFLAG_CHACHAPOLY, NULL }, - { "none", 8, 0, 0, 0, CFLAG_NONE, NULL }, - - { NULL, 0, 0, 0, 0, 0, NULL } -}; - -/*--*/ - -/* Returns a comma-separated list of supported ciphers. */ -char * -cipher_alg_list(char sep, int auth_only) -{ - char *tmp, *ret = NULL; - size_t nlen, rlen = 0; - const struct sshcipher *c; - - for (c = ciphers; c->name != NULL; c++) { - if ((c->flags & CFLAG_INTERNAL) != 0) - continue; - if (auth_only && c->auth_len == 0) - continue; - if (ret != NULL) - ret[rlen++] = sep; - nlen = strlen(c->name); - if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { - free(ret); - return NULL; - } - ret = tmp; - memcpy(ret + rlen, c->name, nlen + 1); - rlen += nlen; - } - return ret; -} - -u_int -cipher_blocksize(const struct sshcipher *c) -{ - return (c->block_size); -} - -u_int -cipher_keylen(const struct sshcipher *c) -{ - return (c->key_len); -} - -u_int -cipher_seclen(const struct sshcipher *c) -{ - if (strcmp("3des-cbc", c->name) == 0) - return 14; - return cipher_keylen(c); -} - -u_int -cipher_authlen(const struct sshcipher *c) -{ - return (c->auth_len); -} - -u_int -cipher_ivlen(const struct sshcipher *c) -{ - /* - * Default is cipher block size, except for chacha20+poly1305 that - * needs no IV. XXX make iv_len == -1 default? - */ - return (c->iv_len != 0 || (c->flags & CFLAG_CHACHAPOLY) != 0) ? - c->iv_len : c->block_size; -} - -u_int -cipher_is_cbc(const struct sshcipher *c) -{ - return (c->flags & CFLAG_CBC) != 0; -} - -u_int -cipher_ctx_is_plaintext(struct sshcipher_ctx *cc) -{ - return cc->plaintext; -} - -const struct sshcipher * -cipher_by_name(const char *name) -{ - const struct sshcipher *c; - for (c = ciphers; c->name != NULL; c++) - if (strcmp(c->name, name) == 0) - return c; - return NULL; -} - -#define CIPHER_SEP "," -int -ciphers_valid(const char *names) -{ - const struct sshcipher *c; - char *cipher_list, *cp; - char *p; - - if (names == NULL || strcmp(names, "") == 0) - return 0; - if ((cipher_list = cp = strdup(names)) == NULL) - return 0; - for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; - (p = strsep(&cp, CIPHER_SEP))) { - c = cipher_by_name(p); - if (c == NULL || (c->flags & CFLAG_INTERNAL) != 0) { - free(cipher_list); - return 0; - } - } - free(cipher_list); - return 1; -} - -const char * -cipher_warning_message(const struct sshcipher_ctx *cc) -{ - if (cc == NULL || cc->cipher == NULL) - return NULL; - /* XXX repurpose for CBC warning */ - return NULL; -} - -int -cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, - const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, - int do_encrypt) -{ - struct sshcipher_ctx *cc = NULL; - int ret = SSH_ERR_INTERNAL_ERROR; -#ifdef WITH_OPENSSL - const EVP_CIPHER *type; - int klen; -#endif - - *ccp = NULL; - if ((cc = calloc(sizeof(*cc), 1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - - cc->plaintext = (cipher->flags & CFLAG_NONE) != 0; - cc->encrypt = do_encrypt; - - if (keylen < cipher->key_len || - (iv != NULL && ivlen < cipher_ivlen(cipher))) { - ret = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - - cc->cipher = cipher; - if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { - ret = chachapoly_init(&cc->cp_ctx, key, keylen); - goto out; - } - if ((cc->cipher->flags & CFLAG_NONE) != 0) { - ret = 0; - goto out; - } -#ifndef WITH_OPENSSL - if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { - aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); - aesctr_ivsetup(&cc->ac_ctx, iv); - ret = 0; - goto out; - } - ret = SSH_ERR_INVALID_ARGUMENT; - goto out; -#else /* WITH_OPENSSL */ - type = (*cipher->evptype)(); - if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv, - (do_encrypt == CIPHER_ENCRYPT)) == 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (cipher_authlen(cipher) && - !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, - -1, (u_char *)iv)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - klen = EVP_CIPHER_CTX_key_length(cc->evp); - if (klen > 0 && keylen != (u_int)klen) { - if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - } - if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - ret = 0; -#endif /* WITH_OPENSSL */ - out: - if (ret == 0) { - /* success */ - *ccp = cc; - } else { - if (cc != NULL) { -#ifdef WITH_OPENSSL - EVP_CIPHER_CTX_free(cc->evp); -#endif /* WITH_OPENSSL */ - explicit_bzero(cc, sizeof(*cc)); - free(cc); - } - } - return ret; -} - -/* - * cipher_crypt() operates as following: - * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. - * Theses bytes are treated as additional authenticated data for - * authenticated encryption modes. - * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. - * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. - * This tag is written on encryption and verified on decryption. - * Both 'aadlen' and 'authlen' can be set to 0. - */ -int -cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, - const u_char *src, u_int len, u_int aadlen, u_int authlen) -{ - if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { - return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, - len, aadlen, authlen, cc->encrypt); - } - if ((cc->cipher->flags & CFLAG_NONE) != 0) { - memcpy(dest, src, aadlen + len); - return 0; - } -#ifndef WITH_OPENSSL - if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { - if (aadlen) - memcpy(dest, src, aadlen); - aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen, - dest + aadlen, len); - return 0; - } - return SSH_ERR_INVALID_ARGUMENT; -#else - if (authlen) { - u_char lastiv[1]; - - if (authlen != cipher_authlen(cc->cipher)) - return SSH_ERR_INVALID_ARGUMENT; - /* increment IV */ - if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, - 1, lastiv)) - return SSH_ERR_LIBCRYPTO_ERROR; - /* set tag on decyption */ - if (!cc->encrypt && - !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG, - authlen, (u_char *)src + aadlen + len)) - return SSH_ERR_LIBCRYPTO_ERROR; - } - if (aadlen) { - if (authlen && - EVP_Cipher(cc->evp, NULL, (u_char *)src, aadlen) < 0) - return SSH_ERR_LIBCRYPTO_ERROR; - memcpy(dest, src, aadlen); - } - if (len % cc->cipher->block_size) - return SSH_ERR_INVALID_ARGUMENT; - if (EVP_Cipher(cc->evp, dest + aadlen, (u_char *)src + aadlen, - len) < 0) - return SSH_ERR_LIBCRYPTO_ERROR; - if (authlen) { - /* compute tag (on encrypt) or verify tag (on decrypt) */ - if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0) - return cc->encrypt ? - SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID; - if (cc->encrypt && - !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG, - authlen, dest + aadlen + len)) - return SSH_ERR_LIBCRYPTO_ERROR; - } - return 0; -#endif -} - -/* Extract the packet length, including any decryption necessary beforehand */ -int -cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr, - const u_char *cp, u_int len) -{ - if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) - return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr, - cp, len); - if (len < 4) - return SSH_ERR_MESSAGE_INCOMPLETE; - *plenp = PEEK_U32(cp); - return 0; -} - -void -cipher_free(struct sshcipher_ctx *cc) -{ - if (cc == NULL) - return; - if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) - explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); - else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) - explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); -#ifdef WITH_OPENSSL - EVP_CIPHER_CTX_free(cc->evp); - cc->evp = NULL; -#endif - explicit_bzero(cc, sizeof(*cc)); - free(cc); -} - -/* - * Exports an IV from the sshcipher_ctx required to export the key - * state back from the unprivileged child to the privileged parent - * process. - */ -int -cipher_get_keyiv_len(const struct sshcipher_ctx *cc) -{ - const struct sshcipher *c = cc->cipher; - - if ((c->flags & CFLAG_CHACHAPOLY) != 0) - return 0; - else if ((c->flags & CFLAG_AESCTR) != 0) - return sizeof(cc->ac_ctx.ctr); -#ifdef WITH_OPENSSL - return EVP_CIPHER_CTX_iv_length(cc->evp); -#else - return 0; -#endif -} - -int -cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len) -{ -#ifdef WITH_OPENSSL - const struct sshcipher *c = cc->cipher; - int evplen; -#endif - - if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { - if (len != 0) - return SSH_ERR_INVALID_ARGUMENT; - return 0; - } - if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { - if (len != sizeof(cc->ac_ctx.ctr)) - return SSH_ERR_INVALID_ARGUMENT; - memcpy(iv, cc->ac_ctx.ctr, len); - return 0; - } - if ((cc->cipher->flags & CFLAG_NONE) != 0) - return 0; - -#ifdef WITH_OPENSSL - evplen = EVP_CIPHER_CTX_iv_length(cc->evp); - if (evplen == 0) - return 0; - else if (evplen < 0) - return SSH_ERR_LIBCRYPTO_ERROR; - if ((size_t)evplen != len) - return SSH_ERR_INVALID_ARGUMENT; -#ifndef OPENSSL_HAVE_EVPCTR - if (c->evptype == evp_aes_128_ctr) - ssh_aes_ctr_iv(cc->evp, 0, iv, len); - else -#endif - if (cipher_authlen(c)) { - if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, - len, iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len)) - return SSH_ERR_LIBCRYPTO_ERROR; -#endif - return 0; -} - -int -cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len) -{ -#ifdef WITH_OPENSSL - const struct sshcipher *c = cc->cipher; - int evplen = 0; -#endif - - if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) - return 0; - if ((cc->cipher->flags & CFLAG_NONE) != 0) - return 0; - -#ifdef WITH_OPENSSL - evplen = EVP_CIPHER_CTX_iv_length(cc->evp); - if (evplen <= 0) - return SSH_ERR_LIBCRYPTO_ERROR; - if ((size_t)evplen != len) - return SSH_ERR_INVALID_ARGUMENT; -#ifndef OPENSSL_HAVE_EVPCTR - /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ - if (c->evptype == evp_aes_128_ctr) - ssh_aes_ctr_iv(cc->evp, 1, (u_char *)iv, evplen); - else -#endif - if (cipher_authlen(c)) { - /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ - if (!EVP_CIPHER_CTX_ctrl(cc->evp, - EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen)) - return SSH_ERR_LIBCRYPTO_ERROR; -#endif - return 0; -} diff --git a/ssh_keygen_110/cipher.h b/ssh_keygen_110/cipher.h deleted file mode 100644 index dc1571d2..00000000 --- a/ssh_keygen_110/cipher.h +++ /dev/null @@ -1,75 +0,0 @@ -/* $OpenBSD: cipher.h,v 1.52 2017/05/07 23:12:57 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef CIPHER_H -#define CIPHER_H - -#include -#include -#include "cipher-chachapoly.h" -#include "cipher-aesctr.h" - -#define CIPHER_ENCRYPT 1 -#define CIPHER_DECRYPT 0 - -struct sshcipher; -struct sshcipher_ctx; - -const struct sshcipher *cipher_by_name(const char *); -const char *cipher_warning_message(const struct sshcipher_ctx *); -int ciphers_valid(const char *); -char *cipher_alg_list(char, int); -int cipher_init(struct sshcipher_ctx **, const struct sshcipher *, - const u_char *, u_int, const u_char *, u_int, int); -int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *, - u_int, u_int, u_int); -int cipher_get_length(struct sshcipher_ctx *, u_int *, u_int, - const u_char *, u_int); -void cipher_free(struct sshcipher_ctx *); -u_int cipher_blocksize(const struct sshcipher *); -u_int cipher_keylen(const struct sshcipher *); -u_int cipher_seclen(const struct sshcipher *); -u_int cipher_authlen(const struct sshcipher *); -u_int cipher_ivlen(const struct sshcipher *); -u_int cipher_is_cbc(const struct sshcipher *); - -u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *); - -int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, size_t); -int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *, size_t); -int cipher_get_keyiv_len(const struct sshcipher_ctx *); - -#endif /* CIPHER_H */ diff --git a/ssh_keygen_110/cleanup.c b/ssh_keygen_110/cleanup.c deleted file mode 100644 index 238f965e..00000000 --- a/ssh_keygen_110/cleanup.c +++ /dev/null @@ -1,32 +0,0 @@ -/* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ -/* - * Copyright (c) 2003 Markus Friedl - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include -#include - -#include "log.h" - -/* default implementation */ -void -cleanup_exit(int i) -{ - _exit(i); -} diff --git a/ssh_keygen_110/compat.h b/ssh_keygen_110/compat.h deleted file mode 100644 index d611d33e..00000000 --- a/ssh_keygen_110/compat.h +++ /dev/null @@ -1,73 +0,0 @@ -/* $OpenBSD: compat.h,v 1.54 2018/08/13 02:41:05 djm Exp $ */ - -/* - * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef COMPAT_H -#define COMPAT_H - -#define SSH_PROTO_UNKNOWN 0x00 -#define SSH_PROTO_1 0x01 -#define SSH_PROTO_1_PREFERRED 0x02 -#define SSH_PROTO_2 0x04 - -#define SSH_BUG_UTF8TTYMODE 0x00000001 -#define SSH_BUG_SIGTYPE 0x00000002 -/* #define unused 0x00000004 */ -/* #define unused 0x00000008 */ -#define SSH_OLD_SESSIONID 0x00000010 -/* #define unused 0x00000020 */ -#define SSH_BUG_DEBUG 0x00000040 -/* #define unused 0x00000080 */ -#define SSH_BUG_IGNOREMSG 0x00000100 -/* #define unused 0x00000200 */ -#define SSH_BUG_PASSWORDPAD 0x00000400 -#define SSH_BUG_SCANNER 0x00000800 -#define SSH_BUG_BIGENDIANAES 0x00001000 -#define SSH_BUG_RSASIGMD5 0x00002000 -#define SSH_OLD_DHGEX 0x00004000 -#define SSH_BUG_NOREKEY 0x00008000 -/* #define unused 0x00010000 */ -/* #define unused 0x00020000 */ -/* #define unused 0x00040000 */ -/* #define unused 0x00100000 */ -#define SSH_BUG_EXTEOF 0x00200000 -#define SSH_BUG_PROBE 0x00400000 -/* #define unused 0x00800000 */ -#define SSH_OLD_FORWARD_ADDR 0x01000000 -/* #define unused 0x02000000 */ -#define SSH_NEW_OPENSSH 0x04000000 -#define SSH_BUG_DYNAMIC_RPORT 0x08000000 -#define SSH_BUG_CURVE25519PAD 0x10000000 -#define SSH_BUG_HOSTKEYS 0x20000000 -#define SSH_BUG_DHGEX_LARGE 0x40000000 - -u_int compat_datafellows(const char *); -int proto_spec(const char *); -char *compat_cipher_proposal(char *); -char *compat_pkalg_proposal(char *); -char *compat_kex_proposal(char *); - -extern int datafellows; -#endif diff --git a/ssh_keygen_110/config.h b/ssh_keygen_110/config.h deleted file mode 100644 index 9ce64ed2..00000000 --- a/ssh_keygen_110/config.h +++ /dev/null @@ -1,1867 +0,0 @@ -/* config.h. Generated from config.h.in by configure. */ -/* config.h.in. Generated from configure.ac by autoheader. */ - -/* Define if building universal (internal helper macro) */ -/* #undef AC_APPLE_UNIVERSAL_BUILD */ - -/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address - */ -/* #undef AIX_GETNAMEINFO_HACK */ - -/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ -/* #undef AIX_LOGINFAILED_4ARG */ - -/* System only supports IPv4 audit records */ -#define AU_IPv4 0 - -/* Define if your resolver libs need this for getrrsetbyname */ -#define BIND_8_COMPAT 1 - -/* The system has incomplete BSM API */ -/* #undef BROKEN_BSM_API */ - -/* Define if cmsg_type is not passed correctly */ -/* #undef BROKEN_CMSG_TYPE */ - -/* getaddrinfo is broken (if present) */ -/* #undef BROKEN_GETADDRINFO */ - -/* getgroups(0,NULL) will return -1 */ -/* #undef BROKEN_GETGROUPS */ - -/* FreeBSD glob does not do what we need */ -#define BROKEN_GLOB 1 - -/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ -/* #undef BROKEN_INET_NTOA */ - -/* ia_uinfo routines not supported by OS yet */ -/* #undef BROKEN_LIBIAF */ - -/* Define if your struct dirent expects you to allocate extra space for d_name - */ -/* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */ - -/* Can't do comparisons on readv */ -/* #undef BROKEN_READV_COMPARISON */ - -/* NetBSD read function is sometimes redirected, breaking atomicio comparisons - against it */ -/* #undef BROKEN_READ_COMPARISON */ - -/* realpath does not work with nonexistent files */ -#define BROKEN_REALPATH 1 - -/* Needed for NeXT */ -/* #undef BROKEN_SAVED_UIDS */ - -/* Define if your setregid() is broken */ -#define BROKEN_SETREGID 1 - -/* Define if your setresgid() is broken */ -/* #undef BROKEN_SETRESGID */ - -/* Define if your setresuid() is broken */ -/* #undef BROKEN_SETRESUID */ - -/* Define if your setreuid() is broken */ -#define BROKEN_SETREUID 1 - -/* LynxOS has broken setvbuf() implementation */ -/* #undef BROKEN_SETVBUF */ - -/* QNX shadow support is broken */ -/* #undef BROKEN_SHADOW_EXPIRE */ - -/* Define if your snprintf is busted */ -/* #undef BROKEN_SNPRINTF */ - -/* strnvis detected broken */ -#define BROKEN_STRNVIS 1 - -/* tcgetattr with ICANON may hang */ -/* #undef BROKEN_TCGETATTR_ICANON */ - -/* updwtmpx is broken (if present) */ -/* #undef BROKEN_UPDWTMPX */ - -/* Define if you have BSD auth support */ -/* #undef BSD_AUTH */ - -/* Define if you want to specify the path to your lastlog file */ -/* #undef CONF_LASTLOG_FILE */ - -/* Define if you want to specify the path to your utmp file */ -/* #undef CONF_UTMP_FILE */ - -/* Define if you want to specify the path to your wtmpx file */ -/* #undef CONF_WTMPX_FILE */ - -/* Define if you want to specify the path to your wtmp file */ -/* #undef CONF_WTMP_FILE */ - -/* Define if your platform needs to skip post auth file descriptor passing */ -/* #undef DISABLE_FD_PASSING */ - -/* Define if you don't want to use lastlog */ -/* #undef DISABLE_LASTLOG */ - -/* Define if you don't want to use your system's login() call */ -#define DISABLE_LOGIN 1 - -/* Define if you don't want to use pututline() etc. to write [uw]tmp */ -#define DISABLE_PUTUTLINE 1 - -/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ -/* #undef DISABLE_PUTUTXLINE */ - -/* Define if you want to disable shadow passwords */ -/* #undef DISABLE_SHADOW */ - -/* Define if you don't want to use utmp */ -#define DISABLE_UTMP 1 - -/* Define if you don't want to use utmpx */ -/* #undef DISABLE_UTMPX */ - -/* Define if you don't want to use wtmp */ -#define DISABLE_WTMP 1 - -/* Define if you don't want to use wtmpx */ -#define DISABLE_WTMPX 1 - -/* Enable for PKCS#11 support */ -#define ENABLE_PKCS11 /**/ - -/* File names may not contain backslash characters */ -/* #undef FILESYSTEM_NO_BACKSLASH */ - -/* fsid_t has member val */ -/* #undef FSID_HAS_VAL */ - -/* fsid_t has member __val */ -/* #undef FSID_HAS___VAL */ - -/* Define to 1 if the `getpgrp' function requires zero arguments. */ -#define GETPGRP_VOID 1 - -/* Conflicting defs for getspnam */ -/* #undef GETSPNAM_CONFLICTING_DEFS */ - -/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ -#define GLOB_HAS_ALTDIRFUNC 1 - -/* Define if your system glob() function has gl_matchc options in glob_t */ -#define GLOB_HAS_GL_MATCHC 1 - -/* Define if your system glob() function has gl_statv options in glob_t */ -/* #undef GLOB_HAS_GL_STATV */ - -/* Define this if you want GSSAPI support in the version 2 protocol */ -#define GSSAPI 1 - -/* Define if you want to use shadow password expire field */ -/* #undef HAS_SHADOW_EXPIRE */ - -/* Define if your system uses access rights style file descriptor passing */ -/* #undef HAVE_ACCRIGHTS_IN_MSGHDR */ - -/* Define if you have ut_addr in utmp.h */ -/* #undef HAVE_ADDR_IN_UTMP */ - -/* Define if you have ut_addr in utmpx.h */ -/* #undef HAVE_ADDR_IN_UTMPX */ - -/* Define if you have ut_addr_v6 in utmp.h */ -/* #undef HAVE_ADDR_V6_IN_UTMP */ - -/* Define if you have ut_addr_v6 in utmpx.h */ -/* #undef HAVE_ADDR_V6_IN_UTMPX */ - -/* Define to 1 if you have the `arc4random' function. */ -#define HAVE_ARC4RANDOM 1 - -/* Define to 1 if you have the `arc4random_buf' function. */ -#define HAVE_ARC4RANDOM_BUF 1 - -/* Define to 1 if you have the `arc4random_stir' function. */ -#define HAVE_ARC4RANDOM_STIR 1 - -/* Define to 1 if you have the `arc4random_uniform' function. */ -#define HAVE_ARC4RANDOM_UNIFORM 1 - -/* Define to 1 if you have the `asprintf' function. */ -#define HAVE_ASPRINTF 1 - -/* OpenBSD's gcc has bounded */ -/* #undef HAVE_ATTRIBUTE__BOUNDED__ */ - -/* Have attribute nonnull */ -#define HAVE_ATTRIBUTE__NONNULL__ 1 - -/* OpenBSD's gcc has sentinel */ -/* #undef HAVE_ATTRIBUTE__SENTINEL__ */ - -/* Define to 1 if you have the `aug_get_machine' function. */ -/* #undef HAVE_AUG_GET_MACHINE */ - -/* Define to 1 if you have the `b64_ntop' function. */ -/* #undef HAVE_B64_NTOP */ - -/* Define to 1 if you have the `b64_pton' function. */ -/* #undef HAVE_B64_PTON */ - -/* Define if you have the basename function. */ -#define HAVE_BASENAME 1 - -/* Define to 1 if you have the `bcopy' function. */ -#define HAVE_BCOPY 1 - -/* Define to 1 if you have the `bcrypt_pbkdf' function. */ -/* #undef HAVE_BCRYPT_PBKDF */ - -/* Define to 1 if you have the `bindresvport_sa' function. */ -#define HAVE_BINDRESVPORT_SA 1 - -/* Define to 1 if you have the `blf_enc' function. */ -/* #undef HAVE_BLF_ENC */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_BLF_H */ - -/* Define to 1 if you have the `Blowfish_expand0state' function. */ -/* #undef HAVE_BLOWFISH_EXPAND0STATE */ - -/* Define to 1 if you have the `Blowfish_expandstate' function. */ -/* #undef HAVE_BLOWFISH_EXPANDSTATE */ - -/* Define to 1 if you have the `Blowfish_initstate' function. */ -/* #undef HAVE_BLOWFISH_INITSTATE */ - -/* Define to 1 if you have the `Blowfish_stream2word' function. */ -/* #undef HAVE_BLOWFISH_STREAM2WORD */ - -/* Define to 1 if you have the `BN_is_prime_ex' function. */ -#define HAVE_BN_IS_PRIME_EX 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_BSD_LIBUTIL_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_BSM_AUDIT_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_BSTRING_H */ - -/* Define to 1 if you have the `cap_rights_limit' function. */ -/* #undef HAVE_CAP_RIGHTS_LIMIT */ - -/* Define to 1 if you have the `clock' function. */ -#define HAVE_CLOCK 1 - -/* Have clock_gettime */ -#define HAVE_CLOCK_GETTIME 1 - -/* define if you have clock_t data type */ -#define HAVE_CLOCK_T 1 - -/* Define to 1 if you have the `closefrom' function. */ -/* #undef HAVE_CLOSEFROM */ - -/* Define if gai_strerror() returns const char * */ -#define HAVE_CONST_GAI_STRERROR_PROTO 1 - -/* Define if your system uses ancillary data style file descriptor passing */ -#define HAVE_CONTROL_IN_MSGHDR 1 - -/* Define to 1 if you have the `crypt' function. */ -#define HAVE_CRYPT 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_CRYPTO_SHA2_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_CRYPT_H */ - -/* Define if you are on Cygwin */ -/* #undef HAVE_CYGWIN */ - -/* Define if your libraries define daemon() */ -#define HAVE_DAEMON 1 - -/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if - you don't. */ -#define HAVE_DECL_AI_NUMERICSERV 1 - -/* Define to 1 if you have the declaration of `authenticate', and to 0 if you - don't. */ -/* #undef HAVE_DECL_AUTHENTICATE */ - -/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you - don't. */ -#define HAVE_DECL_GLOB_NOMATCH 1 - -/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE', - and to 0 if you don't. */ -#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1 - -/* Define to 1 if you have the declaration of `howmany', and to 0 if you - don't. */ -#define HAVE_DECL_HOWMANY 1 - -/* Define to 1 if you have the declaration of `h_errno', and to 0 if you - don't. */ -#define HAVE_DECL_H_ERRNO 1 - -/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you - don't. */ -/* #undef HAVE_DECL_LOGINFAILED */ - -/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if - you don't. */ -/* #undef HAVE_DECL_LOGINRESTRICTIONS */ - -/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you - don't. */ -/* #undef HAVE_DECL_LOGINSUCCESS */ - -/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you - don't. */ -#define HAVE_DECL_MAXSYMLINKS 1 - -/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you - don't. */ -#define HAVE_DECL_NFDBITS 1 - -/* Define to 1 if you have the declaration of `offsetof', and to 0 if you - don't. */ -#define HAVE_DECL_OFFSETOF 1 - -/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you - don't. */ -#define HAVE_DECL_O_NONBLOCK 1 - -/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you - don't. */ -/* #undef HAVE_DECL_PASSWDEXPIRED */ - -/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you - don't. */ -/* #undef HAVE_DECL_SETAUTHDB */ - -/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you - don't. */ -#define HAVE_DECL_SHUT_RD 1 - -/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. - */ -#define HAVE_DECL_WRITEV 1 - -/* Define to 1 if you have the declaration of `_getlong', and to 0 if you - don't. */ -#define HAVE_DECL__GETLONG 0 - -/* Define to 1 if you have the declaration of `_getshort', and to 0 if you - don't. */ -#define HAVE_DECL__GETSHORT 0 - -/* Define to 1 if you have the `DES_crypt' function. */ -#define HAVE_DES_CRYPT 1 - -/* Define if you have /dev/ptmx */ -#define HAVE_DEV_PTMX 1 - -/* Define if you have /dev/ptc */ -/* #undef HAVE_DEV_PTS_AND_PTC */ - -/* Define if libcrypto has DH_get0_key */ -#define HAVE_DH_GET0_KEY 1 - -/* Define if libcrypto has DH_get0_pqg */ -#define HAVE_DH_GET0_PQG 1 - -/* Define if libcrypto has DH_set0_key */ -#define HAVE_DH_SET0_KEY 1 - -/* Define if libcrypto has DH_set0_pqg */ -#define HAVE_DH_SET0_PQG 1 - -/* Define if libcrypto has DH_set_length */ -#define HAVE_DH_SET_LENGTH 1 - - -/* Define to 1 if you have the header file. */ -#define HAVE_DIRENT_H 1 - -/* Define to 1 if you have the `dirfd' function. */ -#define HAVE_DIRFD 1 - -/* Define to 1 if you have the `dirname' function. */ -#define HAVE_DIRNAME 1 - -/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ -#undef HAVE_DSA_GENERATE_PARAMETERS_EX - -/* Define if libcrypto has DSA_get0_key */ -#define HAVE_DSA_GET0_KEY 1 - -/* Define if libcrypto has DSA_get0_pqg */ -#define HAVE_DSA_GET0_PQG 1 - -/* Define if libcrypto has DSA_set0_key */ -#define HAVE_DSA_SET0_KEY 1 - -/* Define if libcrypto has DSA_set0_pqg */ -#define HAVE_DSA_SET0_PQG 1 - -/* Define if libcrypto has DSA_SIG_get0 */ -#define HAVE_DSA_SIG_GET0 1 - -/* Define if libcrypto has DSA_SIG_set0 */ -#define HAVE_DSA_SIG_SET0 1 - -/* Define if libcrypto has ECDSA_SIG_get0 */ -#define HAVE_ECDSA_SIG_GET0 1 - -/* Define if libcrypto has ECDSA_SIG_set0 */ -#define HAVE_ECDSA_SIG_SET0 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_ELF_H */ - -/* Define to 1 if you have the `endgrent' function. */ -#define HAVE_ENDGRENT 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_ENDIAN_H */ - -/* Define to 1 if you have the `endutent' function. */ -/* #undef HAVE_ENDUTENT */ - -/* Define to 1 if you have the `endutxent' function. */ -#define HAVE_ENDUTXENT 1 - -/* Define to 1 if you have the `err' function. */ -#define HAVE_ERR 1 - -/* Define to 1 if you have the `errx' function. */ -#define HAVE_ERRX 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_ERR_H 1 - -/* Define if your system has /etc/default/login */ -/* #undef HAVE_ETC_DEFAULT_LOGIN */ - -/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */ -#define HAVE_EVP_CIPHER_CTX_CTRL 1 -/* Define if libcrypto has EVP_CIPHER_CTX_iv */ -#define HAVE_EVP_CIPHER_CTX_IV 1 - -/* Define if libcrypto has EVP_CIPHER_CTX_iv_noconst */ -#define HAVE_EVP_CIPHER_CTX_IV_NOCONST 1 - -/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ -#define HAVE_EVP_DIGESTFINAL_EX 1 - -/* Define to 1 if you have the `EVP_DigestInit_ex' function. */ -#define HAVE_EVP_DIGESTINIT_EX 1 - -/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */ -#define HAVE_EVP_MD_CTX_CLEANUP 1 - -/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ -#define HAVE_EVP_MD_CTX_COPY_EX 1 -/* Define if libcrypto has EVP_MD_CTX_free */ -#define HAVE_EVP_MD_CTX_FREE 1 - -/* Define to 1 if you have the `EVP_MD_CTX_init' function. */ -#define HAVE_EVP_MD_CTX_INIT 1 - -/* Define if libcrypto has EVP_MD_CTX_new */ -#define HAVE_EVP_MD_CTX_NEW 1 - -/* Define if libcrypto has EVP_PKEY_get0_RSA */ -#define HAVE_EVP_PKEY_GET0_RSA 1 - - -/* Define to 1 if you have the `EVP_ripemd160' function. */ -#define HAVE_EVP_RIPEMD160 1 - -/* Define to 1 if you have the `EVP_sha256' function. */ -#define HAVE_EVP_SHA256 1 - -/* Define if you have ut_exit in utmp.h */ -/* #undef HAVE_EXIT_IN_UTMP */ - -/* Define to 1 if you have the `explicit_bzero' function. */ -/* #undef HAVE_EXPLICIT_BZERO */ - -/* Define to 1 if you have the `fchmod' function. */ -#define HAVE_FCHMOD 1 - -/* Define to 1 if you have the `fchown' function. */ -#define HAVE_FCHOWN 1 - -/* Use F_CLOSEM fcntl for closefrom */ -/* #undef HAVE_FCNTL_CLOSEM */ - -/* Define to 1 if you have the header file. */ -#define HAVE_FCNTL_H 1 - -/* Define to 1 if the system has the type `fd_mask'. */ -#define HAVE_FD_MASK 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_FEATURES_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_FLOATINGPOINT_H */ - -/* Define to 1 if you have the `fmt_scaled' function. */ -/* #undef HAVE_FMT_SCALED */ - -/* Define to 1 if you have the `freeaddrinfo' function. */ -#define HAVE_FREEADDRINFO 1 - -/* Define to 1 if the system has the type `fsblkcnt_t'. */ -#define HAVE_FSBLKCNT_T 1 - -/* Define to 1 if the system has the type `fsfilcnt_t'. */ -#define HAVE_FSFILCNT_T 1 - -/* Define to 1 if you have the `fstatfs' function. */ -#define HAVE_FSTATFS 1 - -/* Define to 1 if you have the `fstatvfs' function. */ -#define HAVE_FSTATVFS 1 - -/* Define to 1 if you have the `futimes' function. */ -#define HAVE_FUTIMES 1 - -/* Define to 1 if you have the `gai_strerror' function. */ -#define HAVE_GAI_STRERROR 1 - -/* Define to 1 if you have the `getaddrinfo' function. */ -#define HAVE_GETADDRINFO 1 - -/* Define to 1 if you have the `getaudit' function. */ -#define HAVE_GETAUDIT 1 - -/* Define to 1 if you have the `getaudit_addr' function. */ -#define HAVE_GETAUDIT_ADDR 1 - -/* Define to 1 if you have the `getcwd' function. */ -#define HAVE_GETCWD 1 - -/* Define to 1 if you have the `getgrouplist' function. */ -#define HAVE_GETGROUPLIST 1 - -/* Define to 1 if you have the `getgrset' function. */ -/* #undef HAVE_GETGRSET */ - -/* Define to 1 if you have the `getlastlogxbyname' function. */ -#define HAVE_GETLASTLOGXBYNAME 1 - -/* Define to 1 if you have the `getluid' function. */ -/* #undef HAVE_GETLUID */ - -/* Define to 1 if you have the `getnameinfo' function. */ -#define HAVE_GETNAMEINFO 1 - -/* Define to 1 if you have the `getopt' function. */ -#define HAVE_GETOPT 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_GETOPT_H 1 - -/* Define if your getopt(3) defines and uses optreset */ -#define HAVE_GETOPT_OPTRESET 1 - -/* Define if your libraries define getpagesize() */ -#define HAVE_GETPAGESIZE 1 - -/* Define to 1 if you have the `getpeereid' function. */ -#define HAVE_GETPEEREID 1 - -/* Define to 1 if you have the `getpeerucred' function. */ -/* #undef HAVE_GETPEERUCRED */ - -/* Define to 1 if you have the `getpgid' function. */ -#define HAVE_GETPGID 1 - -/* Define to 1 if you have the `getpgrp' function. */ -#define HAVE_GETPGRP 1 - -/* Define to 1 if you have the `getpwanam' function. */ -/* #undef HAVE_GETPWANAM */ - -/* Define to 1 if you have the `getrlimit' function. */ -#define HAVE_GETRLIMIT 1 - -/* Define if getrrsetbyname() exists */ -/* #undef HAVE_GETRRSETBYNAME */ - -/* Define to 1 if you have the `getrusage' function. */ -#define HAVE_GETRUSAGE 1 - -/* Define to 1 if you have the `getseuserbyname' function. */ -/* #undef HAVE_GETSEUSERBYNAME */ - -/* Define to 1 if you have the `gettimeofday' function. */ -#define HAVE_GETTIMEOFDAY 1 - -/* Define to 1 if you have the `getttyent' function. */ -#define HAVE_GETTTYENT 1 - -/* Define to 1 if you have the `getutent' function. */ -/* #undef HAVE_GETUTENT */ - -/* Define to 1 if you have the `getutid' function. */ -/* #undef HAVE_GETUTID */ - -/* Define to 1 if you have the `getutline' function. */ -/* #undef HAVE_GETUTLINE */ - -/* Define to 1 if you have the `getutxent' function. */ -#define HAVE_GETUTXENT 1 - -/* Define to 1 if you have the `getutxid' function. */ -#define HAVE_GETUTXID 1 - -/* Define to 1 if you have the `getutxline' function. */ -#define HAVE_GETUTXLINE 1 - -/* Define to 1 if you have the `getutxuser' function. */ -/* #undef HAVE_GETUTXUSER */ - -/* Define to 1 if you have the `get_default_context_with_level' function. */ -/* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */ - -/* Define to 1 if you have the `glob' function. */ -#define HAVE_GLOB 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_GLOB_H 1 - -/* Define to 1 if you have the `group_from_gid' function. */ -#define HAVE_GROUP_FROM_GID 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_GSSAPI_GENERIC_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_GSSAPI_GSSAPI_GENERIC_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_GSSAPI_GSSAPI_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_GSSAPI_GSSAPI_KRB5_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_GSSAPI_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_GSSAPI_KRB5_H */ - -/* Define if HEADER.ad exists in arpa/nameser.h */ -#define HAVE_HEADER_AD 1 - -/* Define to 1 if you have the `HMAC_CTX_init' function. */ -#define HAVE_HMAC_CTX_INIT 1 - -/* Define if you have ut_host in utmp.h */ -#define HAVE_HOST_IN_UTMP 1 - -/* Define if you have ut_host in utmpx.h */ -#define HAVE_HOST_IN_UTMPX 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_IAF_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_IA_H */ - -/* Define if you have ut_id in utmp.h */ -/* #undef HAVE_ID_IN_UTMP */ - -/* Define if you have ut_id in utmpx.h */ -#define HAVE_ID_IN_UTMPX 1 - -/* Define to 1 if you have the `inet_aton' function. */ -#define HAVE_INET_ATON 1 - -/* Define to 1 if you have the `inet_ntoa' function. */ -#define HAVE_INET_NTOA 1 - -/* Define to 1 if you have the `inet_ntop' function. */ -#define HAVE_INET_NTOP 1 - -/* Define to 1 if you have the `innetgr' function. */ -#define HAVE_INNETGR 1 - -/* define if you have int64_t data type */ -#define HAVE_INT64_T 1 - -/* Define to 1 if the system has the type `intmax_t'. */ -#define HAVE_INTMAX_T 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_INTTYPES_H 1 - -/* define if you have intxx_t data type */ -#define HAVE_INTXX_T 1 - -/* Define to 1 if the system has the type `in_addr_t'. */ -#define HAVE_IN_ADDR_T 1 - -/* Define to 1 if the system has the type `in_port_t'. */ -#define HAVE_IN_PORT_T 1 - -/* Define if you have isblank(3C). */ -#define HAVE_ISBLANK 1 - -/* Define to 1 if you have the `krb5_cc_new_unique' function. */ -#define HAVE_KRB5_CC_NEW_UNIQUE 1 - -/* Define to 1 if you have the `krb5_free_error_message' function. */ -#define HAVE_KRB5_FREE_ERROR_MESSAGE 1 - -/* Define to 1 if you have the `krb5_get_error_message' function. */ -#define HAVE_KRB5_GET_ERROR_MESSAGE 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_LANGINFO_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LASTLOG_H */ - -/* Define if you want ldns support */ -/* #undef HAVE_LDNS */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LIBAUDIT_H */ - -/* Define to 1 if you have the `bsm' library (-lbsm). */ -#define HAVE_LIBBSM 1 - -/* Define to 1 if you have the `crypt' library (-lcrypt). */ -/* #undef HAVE_LIBCRYPT */ - -/* Define to 1 if you have the `dl' library (-ldl). */ -#define HAVE_LIBDL 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_LIBGEN_H 1 - -/* Define if system has libiaf that supports set_id */ -/* #undef HAVE_LIBIAF */ - -/* Define to 1 if you have the `network' library (-lnetwork). */ -/* #undef HAVE_LIBNETWORK */ - -/* Define to 1 if you have the `pam' library (-lpam). */ -#define HAVE_LIBPAM 1 - -/* Define to 1 if you have the `socket' library (-lsocket). */ -/* #undef HAVE_LIBSOCKET */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LIBUTIL_H */ - -/* Define to 1 if you have the `xnet' library (-lxnet). */ -/* #undef HAVE_LIBXNET */ - -/* Define to 1 if you have the `z' library (-lz). */ -#define HAVE_LIBZ 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_LIMITS_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LINUX_AUDIT_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LINUX_FILTER_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LINUX_IF_TUN_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LINUX_SECCOMP_H */ - -/* Define to 1 if you have the `llabs' function. */ -#define HAVE_LLABS 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_LOCALE_H 1 - -/* Define to 1 if you have the `login' function. */ -#define HAVE_LOGIN 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LOGIN_CAP_H */ - -/* Define to 1 if you have the `login_getcapbool' function. */ -/* #undef HAVE_LOGIN_GETCAPBOOL */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_LOGIN_H */ - -/* Define to 1 if you have the `logout' function. */ -#define HAVE_LOGOUT 1 - -/* Define to 1 if you have the `logwtmp' function. */ -#define HAVE_LOGWTMP 1 - -/* Define to 1 if the system has the type `long double'. */ -#define HAVE_LONG_DOUBLE 1 - -/* Define to 1 if the system has the type `long long'. */ -#define HAVE_LONG_LONG 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_MAILLOCK_H */ - -/* Define to 1 if you have the `mblen' function. */ -#define HAVE_MBLEN 1 - -/* Define to 1 if you have the `mbtowc' function. */ -#define HAVE_MBTOWC 1 - -/* Define to 1 if you have the `md5_crypt' function. */ -/* #undef HAVE_MD5_CRYPT */ - -/* Define if you want to allow MD5 passwords */ -/* #undef HAVE_MD5_PASSWORDS */ - -/* Define to 1 if you have the `memmove' function. */ -#define HAVE_MEMMOVE 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the `memset_s' function. */ -#define HAVE_MEMSET_S 1 - -/* Define to 1 if you have the `mkdtemp' function. */ -#define HAVE_MKDTEMP 1 - -/* define if you have mode_t data type */ -#define HAVE_MODE_T 1 - -/* Some systems put nanosleep outside of libc */ -#define HAVE_NANOSLEEP 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NDIR_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_NETDB_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETGROUP_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NET_IF_TUN_H */ - -/* Define if you are on NeXT */ -/* #undef HAVE_NEXT */ - -/* Define to 1 if you have the `ngetaddrinfo' function. */ -/* #undef HAVE_NGETADDRINFO */ - -/* Define to 1 if you have the `nl_langinfo' function. */ -#define HAVE_NL_LANGINFO 1 - -/* Define to 1 if you have the `nsleep' function. */ -/* #undef HAVE_NSLEEP */ - -/* Define to 1 if you have the `ogetaddrinfo' function. */ -/* #undef HAVE_OGETADDRINFO */ - -/* Define if you have an old version of PAM which takes only one argument to - pam_strerror */ -/* #undef HAVE_OLD_PAM */ - -/* Define to 1 if you have the `openlog_r' function. */ -/* #undef HAVE_OPENLOG_R */ - -/* Define to 1 if you have the `openpty' function. */ -#define HAVE_OPENPTY 1 - -/* Define if your ssl headers are included with #include */ -#define HAVE_OPENSSL 1 - -/* Define if you have Digital Unix Security Integration Architecture */ -/* #undef HAVE_OSF_SIA */ - -/* Define to 1 if you have the `pam_getenvlist' function. */ -#define HAVE_PAM_GETENVLIST 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_PAM_PAM_APPL_H */ - -/* Define to 1 if you have the `pam_putenv' function. */ -#define HAVE_PAM_PUTENV 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_PATHS_H 1 - -/* Define if you have ut_pid in utmp.h */ -/* #undef HAVE_PID_IN_UTMP */ - -/* define if you have pid_t data type */ -#define HAVE_PID_T 1 - -/* Define to 1 if you have the `pledge' function. */ -/* #undef HAVE_PLEDGE */ - -/* Define to 1 if you have the `poll' function. */ -#define HAVE_POLL 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_POLL_H 1 - -/* Define to 1 if you have the `prctl' function. */ -/* #undef HAVE_PRCTL */ - -/* Define to 1 if you have the `priv_basicset' function. */ -/* #undef HAVE_PRIV_BASICSET */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_PRIV_H */ - -/* Define if you have /proc/$pid/fd */ -/* #undef HAVE_PROC_PID */ - -/* Define to 1 if you have the `pstat' function. */ -/* #undef HAVE_PSTAT */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_PTY_H */ - -/* Define to 1 if you have the `pututline' function. */ -/* #undef HAVE_PUTUTLINE */ - -/* Define to 1 if you have the `pututxline' function. */ -#define HAVE_PUTUTXLINE 1 - -/* Define to 1 if you have the `readpassphrase' function. */ -// iOS: we have it, but it's useless -// #define HAVE_READPASSPHRASE 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_READPASSPHRASE_H 1 - -/* Define to 1 if you have the `reallocarray' function. */ -/* #undef HAVE_REALLOCARRAY */ - -/* Define to 1 if you have the `realpath' function. */ -#define HAVE_REALPATH 1 - -/* Define to 1 if you have the `recvmsg' function. */ -#define HAVE_RECVMSG 1 - -/* sys/resource.h has RLIMIT_NPROC */ -#define HAVE_RLIMIT_NPROC /**/ - -/* Define to 1 if you have the header file. */ -#define HAVE_RPC_TYPES_H 1 - -/* Define to 1 if you have the `rresvport_af' function. */ -#define HAVE_RRESVPORT_AF 1 - -/* Define to 1 if you have the `RSA_generate_key_ex' function. */ -#define HAVE_RSA_GENERATE_KEY_EX 1 - -/* Define if libcrypto has RSA_get0_crt_params */ -#define HAVE_RSA_GET0_CRT_PARAMS 1 - -/* Define if libcrypto has RSA_get0_factors */ -#define HAVE_RSA_GET0_FACTORS 1 - -/* Define if libcrypto has RSA_get0_key */ -#define HAVE_RSA_GET0_KEY 1 - -/* Define to 1 if you have the `RSA_get_default_method' function. */ -#define HAVE_RSA_GET_DEFAULT_METHOD 1 - -/* Define if libcrypto has RSA_meth_dup */ -#define HAVE_RSA_METH_DUP 1 - -/* Define if libcrypto has RSA_meth_free */ -#define HAVE_RSA_METH_FREE 1 - -/* Define if libcrypto has RSA_meth_get_finish */ -#define HAVE_RSA_METH_GET_FINISH 1 - -/* Define if libcrypto has RSA_meth_set1_name */ -#define HAVE_RSA_METH_SET1_NAME 1 - -/* Define if libcrypto has RSA_meth_set_finish */ -#define HAVE_RSA_METH_SET_FINISH 1 - -/* Define if libcrypto has RSA_meth_set_priv_dec */ -#define HAVE_RSA_METH_SET_PRIV_DEC 1 - -/* Define if libcrypto has RSA_meth_set_priv_enc */ -#define HAVE_RSA_METH_SET_PRIV_ENC 1 - -/* Define if libcrypto has RSA_get0_srt_params */ -#define HAVE_RSA_SET0_CRT_PARAMS 1 - -/* Define if libcrypto has RSA_set0_factors */ -#define HAVE_RSA_SET0_FACTORS 1 - -/* Define if libcrypto has RSA_set0_key */ -#define HAVE_RSA_SET0_KEY 1 - - -/* Define to 1 if you have the header file. */ -#define HAVE_SANDBOX_H 1 - -/* Define to 1 if you have the `sandbox_init' function. */ -#define HAVE_SANDBOX_INIT 1 - -/* define if you have sa_family_t data type */ -#define HAVE_SA_FAMILY_T 1 - -/* Define to 1 if you have the `scan_scaled' function. */ -/* #undef HAVE_SCAN_SCALED */ - -/* Define if you have SecureWare-based protected password database */ -/* #undef HAVE_SECUREWARE */ - -/* Define to 1 if you have the header file. */ -// #define HAVE_SECURITY_PAM_APPL_H 1 - -/* Define to 1 if you have the `sendmsg' function. */ -#define HAVE_SENDMSG 1 - -/* Define to 1 if you have the `setauthdb' function. */ -/* #undef HAVE_SETAUTHDB */ - -/* Define to 1 if you have the `setdtablesize' function. */ -/* #undef HAVE_SETDTABLESIZE */ - -/* Define to 1 if you have the `setegid' function. */ -#define HAVE_SETEGID 1 - -/* Define to 1 if you have the `setenv' function. */ -#define HAVE_SETENV 1 - -/* Define to 1 if you have the `seteuid' function. */ -#define HAVE_SETEUID 1 - -/* Define to 1 if you have the `setgroupent' function. */ -#define HAVE_SETGROUPENT 1 - -/* Define to 1 if you have the `setgroups' function. */ -#define HAVE_SETGROUPS 1 - -/* Define to 1 if you have the `setlinebuf' function. */ -#define HAVE_SETLINEBUF 1 - -/* Define to 1 if you have the `setlogin' function. */ -#define HAVE_SETLOGIN 1 - -/* Define to 1 if you have the `setluid' function. */ -/* #undef HAVE_SETLUID */ - -/* Define to 1 if you have the `setpassent' function. */ -#define HAVE_SETPASSENT 1 - -/* Define to 1 if you have the `setpcred' function. */ -/* #undef HAVE_SETPCRED */ - -/* Define to 1 if you have the `setpflags' function. */ -/* #undef HAVE_SETPFLAGS */ - -/* Define to 1 if you have the `setppriv' function. */ -/* #undef HAVE_SETPPRIV */ - -/* Define to 1 if you have the `setproctitle' function. */ -/* #undef HAVE_SETPROCTITLE */ - -/* Define to 1 if you have the `setregid' function. */ -#define HAVE_SETREGID 1 - -/* Define to 1 if you have the `setresgid' function. */ -#undef HAVE_SETRESGID - -/* Define to 1 if you have the `setresuid' function. */ -/* #undef HAVE_SETRESUID */ - -/* Define to 1 if you have the `setreuid' function. */ -#define HAVE_SETREUID 1 - -/* Define to 1 if you have the `setrlimit' function. */ -#define HAVE_SETRLIMIT 1 - -/* Define to 1 if you have the `setsid' function. */ -#define HAVE_SETSID 1 - -/* Define to 1 if you have the `setutent' function. */ -/* #undef HAVE_SETUTENT */ - -/* Define to 1 if you have the `setutxdb' function. */ -/* #undef HAVE_SETUTXDB */ - -/* Define to 1 if you have the `setutxent' function. */ -#define HAVE_SETUTXENT 1 - -/* Define to 1 if you have the `setvbuf' function. */ -#define HAVE_SETVBUF 1 - -/* Define to 1 if you have the `set_id' function. */ -/* #undef HAVE_SET_ID */ - -/* Define to 1 if you have the `SHA256_Update' function. */ -#define HAVE_SHA256_UPDATE 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SHA2_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SHADOW_H */ - -/* Define to 1 if you have the `sigaction' function. */ -#define HAVE_SIGACTION 1 - -/* Define to 1 if you have the `sigvec' function. */ -#define HAVE_SIGVEC 1 - -/* Define to 1 if the system has the type `sig_atomic_t'. */ -#define HAVE_SIG_ATOMIC_T 1 - -/* define if you have size_t data type */ -#define HAVE_SIZE_T 1 - -/* Define to 1 if you have the `snprintf' function. */ -#define HAVE_SNPRINTF 1 - -/* Define to 1 if you have the `socketpair' function. */ -#define HAVE_SOCKETPAIR 1 - -/* Have PEERCRED socket option */ -/* #undef HAVE_SO_PEERCRED */ - -/* define if you have ssize_t data type */ -#define HAVE_SSIZE_T 1 - -/* Fields in struct sockaddr_storage */ -#define HAVE_SS_FAMILY_IN_SS 1 - -/* Define to 1 if you have the `statfs' function. */ -#define HAVE_STATFS 1 - -/* Define to 1 if you have the `statvfs' function. */ -#define HAVE_STATVFS 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STDDEF_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STDINT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the `strcasestr' function. */ -#define HAVE_STRCASESTR 1 - -/* Define to 1 if you have the `strdup' function. */ -#define HAVE_STRDUP 1 - -/* Define to 1 if you have the `strerror' function. */ -#define HAVE_STRERROR 1 - -/* Define to 1 if you have the `strftime' function. */ -#define HAVE_STRFTIME 1 - -/* Silly mkstemp() */ -/* #undef HAVE_STRICT_MKSTEMP */ - -/* Define to 1 if you have the header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the `strlcat' function. */ -#define HAVE_STRLCAT 1 - -/* Define to 1 if you have the `strlcpy' function. */ -#define HAVE_STRLCPY 1 - -/* Define to 1 if you have the `strmode' function. */ -#define HAVE_STRMODE 1 - -/* Define to 1 if you have the `strnlen' function. */ -#define HAVE_STRNLEN 1 - -/* Define to 1 if you have the `strnvis' function. */ -#define HAVE_STRNVIS 1 - -/* Define to 1 if you have the `strptime' function. */ -#define HAVE_STRPTIME 1 - -/* Define to 1 if you have the `strsep' function. */ -#define HAVE_STRSEP 1 - -/* Define to 1 if you have the `strtoll' function. */ -#define HAVE_STRTOLL 1 - -/* Define to 1 if you have the `strtonum' function. */ -/* #undef HAVE_STRTONUM */ - -/* Define to 1 if you have the `strtoul' function. */ -#define HAVE_STRTOUL 1 - -/* Define to 1 if you have the `strtoull' function. */ -#define HAVE_STRTOULL 1 - -/* define if you have struct addrinfo data type */ -#define HAVE_STRUCT_ADDRINFO 1 - -/* define if you have struct in6_addr data type */ -#define HAVE_STRUCT_IN6_ADDR 1 - -/* Define to 1 if `pw_change' is a member of `struct passwd'. */ -#define HAVE_STRUCT_PASSWD_PW_CHANGE 1 - -/* Define to 1 if `pw_class' is a member of `struct passwd'. */ -#define HAVE_STRUCT_PASSWD_PW_CLASS 1 - -/* Define to 1 if `pw_expire' is a member of `struct passwd'. */ -#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1 - -/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */ -#define HAVE_STRUCT_PASSWD_PW_GECOS 1 - -/* define if you have struct sockaddr_in6 data type */ -#define HAVE_STRUCT_SOCKADDR_IN6 1 - -/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ -#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 - -/* define if you have struct sockaddr_storage data type */ -#define HAVE_STRUCT_SOCKADDR_STORAGE 1 - -/* Define to 1 if `st_blksize' is a member of `struct stat'. */ -#define HAVE_STRUCT_STAT_ST_BLKSIZE 1 - -/* Define to 1 if the system has the type `struct timespec'. */ -#define HAVE_STRUCT_TIMESPEC 1 - -/* define if you have struct timeval */ -#define HAVE_STRUCT_TIMEVAL 1 - -/* Define to 1 if you have the `swap32' function. */ -/* #undef HAVE_SWAP32 */ - -/* Define to 1 if you have the `sysconf' function. */ -#define HAVE_SYSCONF 1 - -/* Define if you have syslen in utmpx.h */ -/* #undef HAVE_SYSLEN_IN_UTMPX */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_AUDIT_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_BITYPES_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_BSDTTY_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_CAPABILITY_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_CDEFS_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_DIR_H 1 - -/* Define if your system defines sys_errlist[] */ -#define HAVE_SYS_ERRLIST 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_MMAN_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_MOUNT_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_NDIR_H */ - -/* Define if your system defines sys_nerr */ -#define HAVE_SYS_NERR 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_POLL_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_PRCTL_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_PSTAT_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_PTMS_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_PTRACE_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_SELECT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_STATVFS_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_STAT_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_STREAM_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_STROPTS_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_STRTIO_H */ - -/* Force use of sys/syslog.h on Ultrix */ -/* #undef HAVE_SYS_SYSLOG_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_SYSMACROS_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_TIMERS_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_TIME_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_UN_H 1 - -/* Define to 1 if you have the `tcgetpgrp' function. */ -#define HAVE_TCGETPGRP 1 - -/* Define to 1 if you have the `tcsendbreak' function. */ -#define HAVE_TCSENDBREAK 1 - -/* Define to 1 if you have the `time' function. */ -#define HAVE_TIME 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_TIME_H 1 - -/* Define if you have ut_time in utmp.h */ -#define HAVE_TIME_IN_UTMP 1 - -/* Define if you have ut_time in utmpx.h */ -/* #undef HAVE_TIME_IN_UTMPX */ - -/* Define to 1 if you have the `timingsafe_bcmp' function. */ -#define HAVE_TIMINGSAFE_BCMP 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_TMPDIR_H */ - -/* Define to 1 if you have the `truncate' function. */ -#define HAVE_TRUNCATE 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_TTYENT_H 1 - -/* Define if you have ut_tv in utmp.h */ -/* #undef HAVE_TV_IN_UTMP */ - -/* Define if you have ut_tv in utmpx.h */ -#define HAVE_TV_IN_UTMPX 1 - -/* Define if you have ut_type in utmp.h */ -/* #undef HAVE_TYPE_IN_UTMP */ - -/* Define if you have ut_type in utmpx.h */ -#define HAVE_TYPE_IN_UTMPX 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_UCRED_H */ - -/* Define to 1 if the system has the type `uintmax_t'. */ -#define HAVE_UINTMAX_T 1 - -/* define if you have uintxx_t data type */ -#define HAVE_UINTXX_T 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_UNISTD_H 1 - -/* Define to 1 if you have the `unsetenv' function. */ -#define HAVE_UNSETENV 1 - -/* Define to 1 if the system has the type `unsigned long long'. */ -#define HAVE_UNSIGNED_LONG_LONG 1 - -/* Define to 1 if you have the `updwtmp' function. */ -/* #undef HAVE_UPDWTMP */ - -/* Define to 1 if you have the `updwtmpx' function. */ -/* #undef HAVE_UPDWTMPX */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_USERSEC_H */ - -/* Define to 1 if you have the `user_from_uid' function. */ -#define HAVE_USER_FROM_UID 1 - -/* Define to 1 if you have the `usleep' function. */ -#define HAVE_USLEEP 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_UTIL_H 1 - -/* Define to 1 if you have the `utimes' function. */ -#define HAVE_UTIMES 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_UTIME_H 1 - -/* Define to 1 if you have the `utmpname' function. */ -/* #undef HAVE_UTMPNAME */ - -/* Define to 1 if you have the `utmpxname' function. */ -#define HAVE_UTMPXNAME 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_UTMPX_H 1 - -/* Define to 1 if you have the header file. */ -// #define HAVE_UTMP_H 1 - -/* define if you have u_char data type */ -#define HAVE_U_CHAR 1 - -/* define if you have u_int data type */ -#define HAVE_U_INT 1 - -/* define if you have u_int64_t data type */ -#define HAVE_U_INT64_T 1 - -/* define if you have u_intxx_t data type */ -#define HAVE_U_INTXX_T 1 - -/* Define to 1 if you have the `vasprintf' function. */ -#define HAVE_VASPRINTF 1 - -/* Define if va_copy exists */ -#define HAVE_VA_COPY 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_VIS_H 1 - -/* Define to 1 if you have the `vsnprintf' function. */ -#define HAVE_VSNPRINTF 1 - -/* Define to 1 if you have the `waitpid' function. */ -#define HAVE_WAITPID 1 - -/* Define to 1 if you have the `warn' function. */ -#define HAVE_WARN 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_WCHAR_H 1 - -/* Define to 1 if you have the `wcwidth' function. */ -#define HAVE_WCWIDTH 1 - -/* Define to 1 if you have the `_getlong' function. */ -#define HAVE__GETLONG 1 - -/* Define to 1 if you have the `_getpty' function. */ -/* #undef HAVE__GETPTY */ - -/* Define to 1 if you have the `_getshort' function. */ -#define HAVE__GETSHORT 1 - -/* Define if you have struct __res_state _res as an extern */ -#define HAVE__RES_EXTERN 1 - -/* Define to 1 if you have the `__b64_ntop' function. */ -/* #undef HAVE___B64_NTOP */ - -/* Define to 1 if you have the `__b64_pton' function. */ -/* #undef HAVE___B64_PTON */ - -/* Define if compiler implements __FUNCTION__ */ -#define HAVE___FUNCTION__ 1 - -/* Define if libc defines __progname */ -// #define HAVE___PROGNAME 1 -#undef HAVE___PROGNAME - -/* Fields in struct sockaddr_storage */ -/* #undef HAVE___SS_FAMILY_IN_SS */ - -/* Define if __va_copy exists */ -#define HAVE___VA_COPY 1 - -/* Define if compiler implements __func__ */ -#define HAVE___func__ 1 - -/* Define this if you are using the Heimdal version of Kerberos V5 */ -/* #undef HEIMDAL */ - -/* Define if you need to use IP address instead of hostname in $DISPLAY */ -/* #undef IPADDR_IN_DISPLAY */ - -/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ -/* #undef IPV4_IN_IPV6 */ - -/* Define if your system choked on IP TOS setting */ -/* #undef IP_TOS_IS_BROKEN */ - -/* Define if you want Kerberos 5 support */ -#define KRB5 1 - -/* Define if pututxline updates lastlog too */ -#define LASTLOG_WRITE_PUTUTXLINE 1 - -/* Define to whatever link() returns for "not supported" if it doesn't return - EOPNOTSUPP. */ -/* #undef LINK_OPNOTSUPP_ERRNO */ - -/* Adjust Linux out-of-memory killer */ -/* #undef LINUX_OOM_ADJUST */ - -/* max value of long long calculated by configure */ -/* #undef LLONG_MAX */ - -/* min value of long long calculated by configure */ -/* #undef LLONG_MIN */ - -/* Account locked with pw(1) */ -/* #undef LOCKED_PASSWD_PREFIX */ - -/* String used in /etc/passwd to denote locked account */ -/* #undef LOCKED_PASSWD_STRING */ - -/* String used in /etc/passwd to denote locked account */ -/* #undef LOCKED_PASSWD_SUBSTR */ - -/* Some systems need a utmpx entry for /bin/login to work */ -/* #undef LOGIN_NEEDS_UTMPX */ - -/* Set this to your mail directory if you do not have _PATH_MAILDIR */ -/* #undef MAIL_DIRECTORY */ - -/* Need setpgrp to acquire controlling tty */ -/* #undef NEED_SETPGRP */ - -/* compiler does not accept __attribute__ on return types */ -/* #undef NO_ATTRIBUTE_ON_RETURN_TYPE */ - -/* Define if you don't want to use lastlog in session.c */ -/* #undef NO_SSH_LASTLOG */ - -/* Define to disable UID restoration test */ -/* #undef NO_UID_RESTORATION_TEST */ - -/* Define if X11 doesn't support AF_UNIX sockets on that system */ -/* #undef NO_X11_UNIX_SOCKETS */ - -/* Define if EVP_DigestUpdate returns void */ -/* #undef OPENSSL_EVP_DIGESTUPDATE_VOID */ - -/* OpenSSL has ECC */ -#define OPENSSL_HAS_ECC 1 - -/* libcrypto has NID_X9_62_prime256v1 */ -#define OPENSSL_HAS_NISTP256 1 - -/* libcrypto has NID_secp384r1 */ -#define OPENSSL_HAS_NISTP384 1 - -/* libcrypto has NID_secp521r1 */ -#define OPENSSL_HAS_NISTP521 1 - -/* libcrypto has EVP AES CTR */ -#define OPENSSL_HAVE_EVPCTR 1 - -/* libcrypto has EVP AES GCM */ -#define OPENSSL_HAVE_EVPGCM 1 - -/* libcrypto is missing AES 192 and 256 bit functions */ -/* #undef OPENSSL_LOBOTOMISED_AES */ - -/* Define if you want the OpenSSL internally seeded PRNG only */ -#define OPENSSL_PRNG_ONLY 1 - -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org" - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "OpenSSH" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "OpenSSH Portable" - -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "openssh" - -/* Define to the home page for this package. */ -#define PACKAGE_URL "" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "Portable" - -/* Define if you are using Solaris-derived PAM which passes pam_messages to - the conversation function with an extra level of indirection */ -/* #undef PAM_SUN_CODEBASE */ - -/* Work around problematic Linux PAM modules handling of PAM_TTY */ -/* #undef PAM_TTY_KLUDGE */ - -/* must supply username to passwd */ -/* #undef PASSWD_NEEDS_USERNAME */ - -/* System dirs owned by bin (uid 2) */ -/* #undef PLATFORM_SYS_DIR_UID */ - -/* Port number of PRNGD/EGD random number socket */ -/* #undef PRNGD_PORT */ - -/* Location of PRNGD/EGD random number socket */ -/* #undef PRNGD_SOCKET */ - -/* read(1) can return 0 for a non-closed fd */ -/* #undef PTY_ZEROREAD */ - -/* Sandbox using capsicum */ -/* #undef SANDBOX_CAPSICUM */ - -/* Sandbox using Darwin sandbox_init(3) */ -#define SANDBOX_DARWIN 1 - -/* no privsep sandboxing */ -/* #undef SANDBOX_NULL */ - -/* Sandbox using pledge(2) */ -/* #undef SANDBOX_PLEDGE */ - -/* Sandbox using setrlimit(2) */ -/* #undef SANDBOX_RLIMIT */ - -/* Sandbox using seccomp filter */ -/* #undef SANDBOX_SECCOMP_FILTER */ - -/* setrlimit RLIMIT_FSIZE works */ -/* #undef SANDBOX_SKIP_RLIMIT_FSIZE */ - -/* define if setrlimit RLIMIT_NOFILE breaks things */ -/* #undef SANDBOX_SKIP_RLIMIT_NOFILE */ - -/* Sandbox using Solaris/Illumos privileges */ -/* #undef SANDBOX_SOLARIS */ - -/* Sandbox using systrace(4) */ -/* #undef SANDBOX_SYSTRACE */ - -/* Specify the system call convention in use */ -/* #undef SECCOMP_AUDIT_ARCH */ - -/* Define if your platform breaks doing a seteuid before a setuid */ -#define SETEUID_BREAKS_SETUID 1 - -/* The size of `int', as computed by sizeof. */ -#define SIZEOF_INT 4 - -/* The size of `long int', as computed by sizeof. */ -#define SIZEOF_LONG_INT 8 - -/* The size of `long long int', as computed by sizeof. */ -#define SIZEOF_LONG_LONG_INT 8 - -/* The size of `short int', as computed by sizeof. */ -#define SIZEOF_SHORT_INT 2 - -/* Define if you want S/Key support */ -/* #undef SKEY */ - -/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ -/* #undef SKEYCHALLENGE_4ARG */ - -/* Define as const if snprintf() can declare const char *fmt */ -#define SNPRINTF_CONST /* not const */ - -/* Define to a Set Process Title type if your system is supported by - bsd-setproctitle.c */ -#define SPT_TYPE SPT_REUSEARGV - -/* Define if sshd somehow reacquires a controlling TTY after setsid() */ -/* #undef SSHD_ACQUIRES_CTTY */ - -/* sshd PAM service name */ -/* #undef SSHD_PAM_SERVICE */ - -/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ -/* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */ - -/* Use audit debugging module */ -/* #undef SSH_AUDIT_EVENTS */ - -/* Windows is sensitive to read buffer size */ -/* #undef SSH_IOBUFSZ */ - -/* non-privileged user for privilege separation */ -#define SSH_PRIVSEP_USER "sshd" - -/* Use tunnel device compatibility to OpenBSD */ -#define SSH_TUN_COMPAT_AF 1 - -/* Open tunnel devices the FreeBSD way */ -#define SSH_TUN_FREEBSD 1 - -/* Open tunnel devices the Linux tun/tap way */ -/* #undef SSH_TUN_LINUX */ - -/* No layer 2 tunnel support */ -/* #undef SSH_TUN_NO_L2 */ - -/* Open tunnel devices the OpenBSD way */ -/* #undef SSH_TUN_OPENBSD */ - -/* Prepend the address family to IP tunnel traffic */ -#define SSH_TUN_PREPEND_AF 1 - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Define if you want a different $PATH for the superuser */ -/* #undef SUPERUSER_PATH */ - -/* syslog_r function is safe to use in in a signal handler */ -/* #undef SYSLOG_R_SAFE_IN_SIGHAND */ - -/* Support passwords > 8 chars */ -/* #undef UNIXWARE_LONG_PASSWORDS */ - -/* Specify default $PATH */ -#define USER_PATH "/usr/bin:/bin:/usr/sbin:/sbin" - -/* Define this if you want to use libkafs' AFS support */ -/* #undef USE_AFS */ - -/* Use BSM audit module */ -#define USE_BSM_AUDIT 1 - -/* Use btmp to log bad logins */ -/* #undef USE_BTMP */ - -/* Use libedit for sftp */ -/* #undef USE_LIBEDIT */ - -/* Use Linux audit module */ -/* #undef USE_LINUX_AUDIT */ - -/* Enable OpenSSL engine support */ -/* #undef USE_OPENSSL_ENGINE */ - -/* Define if you want to enable PAM support */ -#define USE_PAM 1 - -/* Use PIPES instead of a socketpair() */ -/* #undef USE_PIPES */ - -/* Define if you have Solaris privileges */ -/* #undef USE_SOLARIS_PRIVS */ - -/* Define if you have Solaris process contracts */ -/* #undef USE_SOLARIS_PROCESS_CONTRACTS */ - -/* Define if you have Solaris projects */ -/* #undef USE_SOLARIS_PROJECTS */ - -/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ -/* #undef WITH_ABBREV_NO_TTY */ - -/* Define if you want to enable AIX4's authenticate function */ -/* #undef WITH_AIXAUTHENTICATE */ - -/* Define if you have/want arrays (cluster-wide session managment, not C - arrays) */ -/* #undef WITH_IRIX_ARRAY */ - -/* Define if you want IRIX audit trails */ -/* #undef WITH_IRIX_AUDIT */ - -/* Define if you want IRIX kernel jobs */ -/* #undef WITH_IRIX_JOBS */ - -/* Define if you want IRIX project management */ -/* #undef WITH_IRIX_PROJECT */ - -/* use libcrypto for cryptography */ -#define WITH_OPENSSL 1 - -/* Define if you want SELinux support. */ -/* #undef WITH_SELINUX */ - -/* include SSH protocol version 1 support */ -/* #undef WITH_SSH1 */ - -/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most - significant byte first (like Motorola and SPARC, unlike Intel). */ -#if defined AC_APPLE_UNIVERSAL_BUILD -# if defined __BIG_ENDIAN__ -# define WORDS_BIGENDIAN 1 -# endif -#else -# ifndef WORDS_BIGENDIAN -/* # undef WORDS_BIGENDIAN */ -# endif -#endif - -/* Define if xauth is found in your path */ -#define XAUTH_PATH "xauth" - -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - -/* Number of bits in a file offset, on hosts where this is settable. */ -/* #undef _FILE_OFFSET_BITS */ - -/* Define for large files, on AIX-style hosts. */ -/* #undef _LARGE_FILES */ - -/* log for bad login attempts */ -/* #undef _PATH_BTMP */ - -/* Full path of your "passwd" program */ -#define _PATH_PASSWD_PROG "/usr/bin/passwd" - -/* Specify location of ssh.pid */ -#define _PATH_SSH_PIDDIR "/var/run" - -/* Define if we don't have struct __res_state in resolv.h */ -/* #undef __res_state */ - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -/* #undef inline */ -#endif - -/* type to use in place of socklen_t if not defined */ -/* #undef socklen_t */ diff --git a/ssh_keygen_110/crypto_api.h b/ssh_keygen_110/crypto_api.h deleted file mode 100644 index 7f45bbd6..00000000 --- a/ssh_keygen_110/crypto_api.h +++ /dev/null @@ -1,40 +0,0 @@ -/* $OpenBSD: crypto_api.h,v 1.4 2017/12/14 21:07:39 naddy Exp $ */ - -/* - * Assembled from generated headers and source files by Markus Friedl. - * Placed in the public domain. - */ - -#ifndef crypto_api_h -#define crypto_api_h - -#include "includes.h" - -#ifdef HAVE_STDINT_H -# include -#endif -#include - -typedef int32_t crypto_int32; -typedef uint32_t crypto_uint32; - -#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len)) - -#define crypto_hash_sha512_BYTES 64U - -int crypto_hash_sha512(unsigned char *, const unsigned char *, - unsigned long long); - -int crypto_verify_32(const unsigned char *, const unsigned char *); - -#define crypto_sign_ed25519_SECRETKEYBYTES 64U -#define crypto_sign_ed25519_PUBLICKEYBYTES 32U -#define crypto_sign_ed25519_BYTES 64U - -int crypto_sign_ed25519(unsigned char *, unsigned long long *, - const unsigned char *, unsigned long long, const unsigned char *); -int crypto_sign_ed25519_open(unsigned char *, unsigned long long *, - const unsigned char *, unsigned long long, const unsigned char *); -int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *); - -#endif /* crypto_api_h */ diff --git a/ssh_keygen_110/defines.h b/ssh_keygen_110/defines.h deleted file mode 100644 index 8f421306..00000000 --- a/ssh_keygen_110/defines.h +++ /dev/null @@ -1,876 +0,0 @@ -/* - * Copyright (c) 1999-2003 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _DEFINES_H -#define _DEFINES_H - -/* Constants */ - -#if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0 -enum -{ - SHUT_RD = 0, /* No more receptions. */ - SHUT_WR, /* No more transmissions. */ - SHUT_RDWR /* No more receptions or transmissions. */ -}; -# define SHUT_RD SHUT_RD -# define SHUT_WR SHUT_WR -# define SHUT_RDWR SHUT_RDWR -#endif - -/* - * Cygwin doesn't really have a notion of reserved ports. It is still - * is useful on the client side so for compatibility it defines as 1024 via - * netinet/in.h inside an enum. We * don't actually want that restriction - * so we want to set that to zero, but we can't do it direct in config.h - * because it'll cause a conflicting definition the first time we include - * netinet/in.h. - */ - -#ifdef HAVE_CYGWIN -#define IPPORT_RESERVED 0 -#endif - -/* - * Definitions for IP type of service (ip_tos) - */ -#include -#include -#ifndef IPTOS_LOWDELAY -# define IPTOS_LOWDELAY 0x10 -# define IPTOS_THROUGHPUT 0x08 -# define IPTOS_RELIABILITY 0x04 -# define IPTOS_LOWCOST 0x02 -# define IPTOS_MINCOST IPTOS_LOWCOST -#endif /* IPTOS_LOWDELAY */ - -/* - * Definitions for DiffServ Codepoints as per RFC2474 - */ -#ifndef IPTOS_DSCP_AF11 -# define IPTOS_DSCP_AF11 0x28 -# define IPTOS_DSCP_AF12 0x30 -# define IPTOS_DSCP_AF13 0x38 -# define IPTOS_DSCP_AF21 0x48 -# define IPTOS_DSCP_AF22 0x50 -# define IPTOS_DSCP_AF23 0x58 -# define IPTOS_DSCP_AF31 0x68 -# define IPTOS_DSCP_AF32 0x70 -# define IPTOS_DSCP_AF33 0x78 -# define IPTOS_DSCP_AF41 0x88 -# define IPTOS_DSCP_AF42 0x90 -# define IPTOS_DSCP_AF43 0x98 -# define IPTOS_DSCP_EF 0xb8 -#endif /* IPTOS_DSCP_AF11 */ -#ifndef IPTOS_DSCP_CS0 -# define IPTOS_DSCP_CS0 0x00 -# define IPTOS_DSCP_CS1 0x20 -# define IPTOS_DSCP_CS2 0x40 -# define IPTOS_DSCP_CS3 0x60 -# define IPTOS_DSCP_CS4 0x80 -# define IPTOS_DSCP_CS5 0xa0 -# define IPTOS_DSCP_CS6 0xc0 -# define IPTOS_DSCP_CS7 0xe0 -#endif /* IPTOS_DSCP_CS0 */ -#ifndef IPTOS_DSCP_EF -# define IPTOS_DSCP_EF 0xb8 -#endif /* IPTOS_DSCP_EF */ - -#ifndef PATH_MAX -# ifdef _POSIX_PATH_MAX -# define PATH_MAX _POSIX_PATH_MAX -# endif -#endif - -#ifndef MAXPATHLEN -# ifdef PATH_MAX -# define MAXPATHLEN PATH_MAX -# else /* PATH_MAX */ -# define MAXPATHLEN 64 -/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */ -# ifndef BROKEN_REALPATH -# define BROKEN_REALPATH 1 -# endif /* BROKEN_REALPATH */ -# endif /* PATH_MAX */ -#endif /* MAXPATHLEN */ - -#ifndef HOST_NAME_MAX -# include "netdb.h" /* for MAXHOSTNAMELEN */ -# if defined(_POSIX_HOST_NAME_MAX) -# define HOST_NAME_MAX _POSIX_HOST_NAME_MAX -# elif defined(MAXHOSTNAMELEN) -# define HOST_NAME_MAX MAXHOSTNAMELEN -# else -# define HOST_NAME_MAX 255 -# endif -#endif /* HOST_NAME_MAX */ - -#if defined(HAVE_DECL_MAXSYMLINKS) && HAVE_DECL_MAXSYMLINKS == 0 -# define MAXSYMLINKS 5 -#endif - -#ifndef STDIN_FILENO -# define STDIN_FILENO 0 -#endif -#ifndef STDOUT_FILENO -# define STDOUT_FILENO 1 -#endif -#ifndef STDERR_FILENO -# define STDERR_FILENO 2 -#endif - -#ifndef NGROUPS_MAX /* Disable groupaccess if NGROUP_MAX is not set */ -#ifdef NGROUPS -#define NGROUPS_MAX NGROUPS -#else -#define NGROUPS_MAX 0 -#endif -#endif - -#if defined(HAVE_DECL_O_NONBLOCK) && HAVE_DECL_O_NONBLOCK == 0 -# define O_NONBLOCK 00004 /* Non Blocking Open */ -#endif - -#ifndef S_IFSOCK -# define S_IFSOCK 0 -#endif /* S_IFSOCK */ - -#ifndef S_ISDIR -# define S_ISDIR(mode) (((mode) & (_S_IFMT)) == (_S_IFDIR)) -#endif /* S_ISDIR */ - -#ifndef S_ISREG -# define S_ISREG(mode) (((mode) & (_S_IFMT)) == (_S_IFREG)) -#endif /* S_ISREG */ - -#ifndef S_ISLNK -# define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) -#endif /* S_ISLNK */ - -#ifndef S_IXUSR -# define S_IXUSR 0000100 /* execute/search permission, */ -# define S_IXGRP 0000010 /* execute/search permission, */ -# define S_IXOTH 0000001 /* execute/search permission, */ -# define _S_IWUSR 0000200 /* write permission, */ -# define S_IWUSR _S_IWUSR /* write permission, owner */ -# define S_IWGRP 0000020 /* write permission, group */ -# define S_IWOTH 0000002 /* write permission, other */ -# define S_IRUSR 0000400 /* read permission, owner */ -# define S_IRGRP 0000040 /* read permission, group */ -# define S_IROTH 0000004 /* read permission, other */ -# define S_IRWXU 0000700 /* read, write, execute */ -# define S_IRWXG 0000070 /* read, write, execute */ -# define S_IRWXO 0000007 /* read, write, execute */ -#endif /* S_IXUSR */ - -#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) -#define MAP_ANON MAP_ANONYMOUS -#endif - -#ifndef MAP_FAILED -# define MAP_FAILED ((void *)-1) -#endif - -/* -SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but -including rpc/rpc.h breaks Solaris 6 -*/ -#ifndef INADDR_LOOPBACK -#define INADDR_LOOPBACK ((u_long)0x7f000001) -#endif - -/* Types */ - -/* If sys/types.h does not supply intXX_t, supply them ourselves */ -/* (or die trying) */ - -#ifndef HAVE_U_INT -typedef unsigned int u_int; -#endif - -#ifndef HAVE_INTXX_T -typedef signed char int8_t; -# if (SIZEOF_SHORT_INT == 2) -typedef short int int16_t; -# else -# error "16 bit int type not found." -# endif -# if (SIZEOF_INT == 4) -typedef int int32_t; -# else -# error "32 bit int type not found." -# endif -#endif - -/* If sys/types.h does not supply u_intXX_t, supply them ourselves */ -#ifndef HAVE_U_INTXX_T -# ifdef HAVE_UINTXX_T -typedef uint8_t u_int8_t; -typedef uint16_t u_int16_t; -typedef uint32_t u_int32_t; -# define HAVE_U_INTXX_T 1 -# else -typedef unsigned char u_int8_t; -# if (SIZEOF_SHORT_INT == 2) -typedef unsigned short int u_int16_t; -# else -# error "16 bit int type not found." -# endif -# if (SIZEOF_INT == 4) -typedef unsigned int u_int32_t; -# else -# error "32 bit int type not found." -# endif -# endif -#define __BIT_TYPES_DEFINED__ -#endif - -/* 64-bit types */ -#ifndef HAVE_INT64_T -# if (SIZEOF_LONG_INT == 8) -typedef long int int64_t; -# else -# if (SIZEOF_LONG_LONG_INT == 8) -typedef long long int int64_t; -# endif -# endif -#endif -#ifndef HAVE_U_INT64_T -# if (SIZEOF_LONG_INT == 8) -typedef unsigned long int u_int64_t; -# else -# if (SIZEOF_LONG_LONG_INT == 8) -typedef unsigned long long int u_int64_t; -# endif -# endif -#endif - -#ifndef HAVE_UINTXX_T -typedef u_int8_t uint8_t; -typedef u_int16_t uint16_t; -typedef u_int32_t uint32_t; -typedef u_int64_t uint64_t; -#endif - -#ifndef HAVE_INTMAX_T -typedef long long intmax_t; -#endif - -#ifndef HAVE_UINTMAX_T -typedef unsigned long long uintmax_t; -#endif - -#ifndef HAVE_U_CHAR -typedef unsigned char u_char; -# define HAVE_U_CHAR -#endif /* HAVE_U_CHAR */ - -#ifndef ULLONG_MAX -# define ULLONG_MAX ((unsigned long long)-1) -#endif - -#ifndef SIZE_T_MAX -#define SIZE_T_MAX ULONG_MAX -#endif /* SIZE_T_MAX */ - -#ifndef HAVE_SIZE_T -typedef unsigned int size_t; -# define HAVE_SIZE_T -# define SIZE_T_MAX UINT_MAX -#endif /* HAVE_SIZE_T */ - -#ifndef SIZE_MAX -#define SIZE_MAX SIZE_T_MAX -#endif - -#ifndef INT32_MAX -# if (SIZEOF_INT == 4) -# define INT32_MAX INT_MAX -# elif (SIZEOF_LONG == 4) -# define INT32_MAX LONG_MAX -# else -# error "need INT32_MAX" -# endif -#endif - -#ifndef INT64_MAX -# if (SIZEOF_INT == 8) -# define INT64_MAX INT_MAX -# elif (SIZEOF_LONG == 8) -# define INT64_MAX LONG_MAX -# elif (SIZEOF_LONG_LONG_INT == 8) -# define INT64_MAX LLONG_MAX -# else -# error "need INT64_MAX" -# endif -#endif - -#ifndef HAVE_SSIZE_T -typedef int ssize_t; -# define HAVE_SSIZE_T -#endif /* HAVE_SSIZE_T */ - -#ifndef HAVE_CLOCK_T -typedef long clock_t; -# define HAVE_CLOCK_T -#endif /* HAVE_CLOCK_T */ - -#ifndef HAVE_SA_FAMILY_T -typedef int sa_family_t; -# define HAVE_SA_FAMILY_T -#endif /* HAVE_SA_FAMILY_T */ - -#ifndef HAVE_PID_T -typedef int pid_t; -# define HAVE_PID_T -#endif /* HAVE_PID_T */ - -#ifndef HAVE_SIG_ATOMIC_T -typedef int sig_atomic_t; -# define HAVE_SIG_ATOMIC_T -#endif /* HAVE_SIG_ATOMIC_T */ - -#ifndef HAVE_MODE_T -typedef int mode_t; -# define HAVE_MODE_T -#endif /* HAVE_MODE_T */ - -#if !defined(HAVE_SS_FAMILY_IN_SS) && defined(HAVE___SS_FAMILY_IN_SS) -# define ss_family __ss_family -#endif /* !defined(HAVE_SS_FAMILY_IN_SS) && defined(HAVE_SA_FAMILY_IN_SS) */ - -#ifndef HAVE_SYS_UN_H -struct sockaddr_un { - short sun_family; /* AF_UNIX */ - char sun_path[108]; /* path name (gag) */ -}; -#endif /* HAVE_SYS_UN_H */ - -#ifndef HAVE_IN_ADDR_T -typedef u_int32_t in_addr_t; -#endif -#ifndef HAVE_IN_PORT_T -typedef u_int16_t in_port_t; -#endif - -#if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) -#define _STRUCT_WINSIZE -struct winsize { - unsigned short ws_row; /* rows, in characters */ - unsigned short ws_col; /* columns, in character */ - unsigned short ws_xpixel; /* horizontal size, pixels */ - unsigned short ws_ypixel; /* vertical size, pixels */ -}; -#endif - -/* bits needed for select that may not be in the system headers */ -#ifndef HAVE_FD_MASK - typedef unsigned long int fd_mask; -#endif - -#if defined(HAVE_DECL_NFDBITS) && HAVE_DECL_NFDBITS == 0 -# define NFDBITS (8 * sizeof(unsigned long)) -#endif - -#if defined(HAVE_DECL_HOWMANY) && HAVE_DECL_HOWMANY == 0 -# define howmany(x,y) (((x)+((y)-1))/(y)) -#endif - -/* Paths */ - -#ifndef _PATH_BSHELL -# define _PATH_BSHELL "/bin/sh" -#endif - -#ifdef USER_PATH -# ifdef _PATH_STDPATH -# undef _PATH_STDPATH -# endif -# define _PATH_STDPATH USER_PATH -#endif - -#ifndef _PATH_STDPATH -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" -#endif - -#ifndef SUPERUSER_PATH -# define SUPERUSER_PATH _PATH_STDPATH -#endif - -#ifndef _PATH_DEVNULL -# define _PATH_DEVNULL "/dev/null" -#endif - -/* user may have set a different path */ -#if defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) -# undef _PATH_MAILDIR -#endif /* defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) */ - -#ifdef MAIL_DIRECTORY -# define _PATH_MAILDIR MAIL_DIRECTORY -#endif - -#ifndef _PATH_NOLOGIN -# define _PATH_NOLOGIN "/etc/nologin" -#endif - -/* Define this to be the path of the xauth program. */ -#ifdef XAUTH_PATH -#define _PATH_XAUTH XAUTH_PATH -#endif /* XAUTH_PATH */ - -/* derived from XF4/xc/lib/dps/Xlibnet.h */ -#ifndef X_UNIX_PATH -# ifdef __hpux -# define X_UNIX_PATH "/var/spool/sockets/X11/%u" -# else -# define X_UNIX_PATH "/tmp/.X11-unix/X%u" -# endif -#endif /* X_UNIX_PATH */ -#define _PATH_UNIX_X X_UNIX_PATH - -#ifndef _PATH_TTY -# define _PATH_TTY "/dev/tty" -#endif - -/* Macros */ - -#if defined(HAVE_LOGIN_GETCAPBOOL) && defined(HAVE_LOGIN_CAP_H) -# define HAVE_LOGIN_CAP -#endif - -#ifndef MAX -# define MAX(a,b) (((a)>(b))?(a):(b)) -# define MIN(a,b) (((a)<(b))?(a):(b)) -#endif - -#ifndef roundup -# define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) -#endif - -#ifndef timersub -#define timersub(a, b, result) \ - do { \ - (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \ - (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \ - if ((result)->tv_usec < 0) { \ - --(result)->tv_sec; \ - (result)->tv_usec += 1000000; \ - } \ - } while (0) -#endif - -#ifndef TIMEVAL_TO_TIMESPEC -#define TIMEVAL_TO_TIMESPEC(tv, ts) { \ - (ts)->tv_sec = (tv)->tv_sec; \ - (ts)->tv_nsec = (tv)->tv_usec * 1000; \ -} -#endif - -#ifndef TIMESPEC_TO_TIMEVAL -#define TIMESPEC_TO_TIMEVAL(tv, ts) { \ - (tv)->tv_sec = (ts)->tv_sec; \ - (tv)->tv_usec = (ts)->tv_nsec / 1000; \ -} -#endif - -#ifndef timespeccmp -#define timespeccmp(tsp, usp, cmp) \ - (((tsp)->tv_sec == (usp)->tv_sec) ? \ - ((tsp)->tv_nsec cmp (usp)->tv_nsec) : \ - ((tsp)->tv_sec cmp (usp)->tv_sec)) -#endif - -#ifndef __P -# define __P(x) x -#endif - -#if !defined(IN6_IS_ADDR_V4MAPPED) -# define IN6_IS_ADDR_V4MAPPED(a) \ - ((((u_int32_t *) (a))[0] == 0) && (((u_int32_t *) (a))[1] == 0) && \ - (((u_int32_t *) (a))[2] == htonl (0xffff))) -#endif /* !defined(IN6_IS_ADDR_V4MAPPED) */ - -#if !defined(__GNUC__) || (__GNUC__ < 2) -# define __attribute__(x) -#endif /* !defined(__GNUC__) || (__GNUC__ < 2) */ - -#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__) -# define __sentinel__ -#endif - -#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__) -# define __bounded__(x, y, z) -#endif - -#if !defined(HAVE_ATTRIBUTE__NONNULL__) && !defined(__nonnull__) -# define __nonnull__(x) -#endif - -#ifndef OSSH_ALIGNBYTES -#define OSSH_ALIGNBYTES (sizeof(int) - 1) -#endif -#ifndef __CMSG_ALIGN -#define __CMSG_ALIGN(p) (((u_int)(p) + OSSH_ALIGNBYTES) &~ OSSH_ALIGNBYTES) -#endif - -/* Length of the contents of a control message of length len */ -#ifndef CMSG_LEN -#define CMSG_LEN(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + (len)) -#endif - -/* Length of the space taken up by a padded control message of length len */ -#ifndef CMSG_SPACE -#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len)) -#endif - -/* given pointer to struct cmsghdr, return pointer to data */ -#ifndef CMSG_DATA -#define CMSG_DATA(cmsg) ((u_char *)(cmsg) + __CMSG_ALIGN(sizeof(struct cmsghdr))) -#endif /* CMSG_DATA */ - -/* - * RFC 2292 requires to check msg_controllen, in case that the kernel returns - * an empty list for some reasons. - */ -#ifndef CMSG_FIRSTHDR -#define CMSG_FIRSTHDR(mhdr) \ - ((mhdr)->msg_controllen >= sizeof(struct cmsghdr) ? \ - (struct cmsghdr *)(mhdr)->msg_control : \ - (struct cmsghdr *)NULL) -#endif /* CMSG_FIRSTHDR */ - -#if defined(HAVE_DECL_OFFSETOF) && HAVE_DECL_OFFSETOF == 0 -# define offsetof(type, member) ((size_t) &((type *)0)->member) -#endif - -/* Set up BSD-style BYTE_ORDER definition if it isn't there already */ -/* XXX: doesn't try to cope with strange byte orders (PDP_ENDIAN) */ -#ifndef BYTE_ORDER -# ifndef LITTLE_ENDIAN -# define LITTLE_ENDIAN 1234 -# endif /* LITTLE_ENDIAN */ -# ifndef BIG_ENDIAN -# define BIG_ENDIAN 4321 -# endif /* BIG_ENDIAN */ -# ifdef WORDS_BIGENDIAN -# define BYTE_ORDER BIG_ENDIAN -# else /* WORDS_BIGENDIAN */ -# define BYTE_ORDER LITTLE_ENDIAN -# endif /* WORDS_BIGENDIAN */ -#endif /* BYTE_ORDER */ - -/* Function replacement / compatibility hacks */ - -#if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO)) -# define HAVE_GETADDRINFO -#endif - -#ifndef HAVE_GETOPT_OPTRESET -# undef getopt -# undef opterr -# undef optind -# undef optopt -# undef optreset -# undef optarg -# define getopt(ac, av, o) BSDgetopt(ac, av, o) -# define opterr BSDopterr -# define optind BSDoptind -# define optopt BSDoptopt -# define optreset BSDoptreset -# define optarg BSDoptarg -#endif - -#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) -# undef HAVE_GETADDRINFO -#endif -#if defined(BROKEN_GETADDRINFO) && defined(HAVE_FREEADDRINFO) -# undef HAVE_FREEADDRINFO -#endif -#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GAI_STRERROR) -# undef HAVE_GAI_STRERROR -#endif - -#if defined(HAVE_GETADDRINFO) -# if defined(HAVE_DECL_AI_NUMERICSERV) && HAVE_DECL_AI_NUMERICSERV == 0 -# define AI_NUMERICSERV 0 -# endif -#endif - -#if defined(BROKEN_UPDWTMPX) && defined(HAVE_UPDWTMPX) -# undef HAVE_UPDWTMPX -#endif - -#if defined(BROKEN_SHADOW_EXPIRE) && defined(HAS_SHADOW_EXPIRE) -# undef HAS_SHADOW_EXPIRE -#endif - -#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \ - defined(SYSLOG_R_SAFE_IN_SIGHAND) -# define DO_LOG_SAFE_IN_SIGHAND -#endif - -#if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) -# define memmove(s1, s2, n) bcopy((s2), (s1), (n)) -#endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */ - -#ifndef GETPGRP_VOID -# include -# define getpgrp() getpgrp(0) -#endif - -#ifdef USE_BSM_AUDIT -# define SSH_AUDIT_EVENTS -# define CUSTOM_SSH_AUDIT_EVENTS -#endif - -#ifdef USE_LINUX_AUDIT -# define SSH_AUDIT_EVENTS -# define CUSTOM_SSH_AUDIT_EVENTS -#endif - -#if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) -# define __func__ __FUNCTION__ -#elif !defined(HAVE___func__) -# define __func__ "" -#endif - -#if defined(KRB5) && !defined(HEIMDAL) -# define krb5_get_err_text(context,code) error_message(code) -#endif - -/* Maximum number of file descriptors available */ -#ifdef HAVE_SYSCONF -# define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX) -#else -# define SSH_SYSFDMAX 10000 -#endif - -#ifdef FSID_HAS_VAL -/* encode f_fsid into a 64 bit value */ -#define FSID_TO_ULONG(f) \ - ((((u_int64_t)(f).val[0] & 0xffffffffUL) << 32) | \ - ((f).val[1] & 0xffffffffUL)) -#elif defined(FSID_HAS___VAL) -#define FSID_TO_ULONG(f) \ - ((((u_int64_t)(f).__val[0] & 0xffffffffUL) << 32) | \ - ((f).__val[1] & 0xffffffffUL)) -#else -# define FSID_TO_ULONG(f) ((f)) -#endif - -#if defined(__Lynx__) - /* - * LynxOS defines these in param.h which we do not want to include since - * it will also pull in a bunch of kernel definitions. - */ -# define ALIGNBYTES (sizeof(int) - 1) -# define ALIGN(p) (((unsigned)p + ALIGNBYTES) & ~ALIGNBYTES) - /* Missing prototypes on LynxOS */ - int snprintf (char *, size_t, const char *, ...); - int mkstemp (char *); - char *crypt (const char *, const char *); - int seteuid (uid_t); - int setegid (gid_t); - char *mkdtemp (char *); - int rresvport_af (int *, sa_family_t); - int innetgr (const char *, const char *, const char *, const char *); -#endif - -/* - * Define this to use pipes instead of socketpairs for communicating with the - * client program. Socketpairs do not seem to work on all systems. - * - * configure.ac sets this for a few OS's which are known to have problems - * but you may need to set it yourself - */ -/* #define USE_PIPES 1 */ - -/** - ** login recorder definitions - **/ - -/* FIXME: put default paths back in */ -#ifndef UTMP_FILE -# ifdef _PATH_UTMP -# define UTMP_FILE _PATH_UTMP -# else -# ifdef CONF_UTMP_FILE -# define UTMP_FILE CONF_UTMP_FILE -# endif -# endif -#endif -#ifndef WTMP_FILE -# ifdef _PATH_WTMP -# define WTMP_FILE _PATH_WTMP -# else -# ifdef CONF_WTMP_FILE -# define WTMP_FILE CONF_WTMP_FILE -# endif -# endif -#endif -/* pick up the user's location for lastlog if given */ -#ifndef LASTLOG_FILE -# ifdef _PATH_LASTLOG -# define LASTLOG_FILE _PATH_LASTLOG -# else -# ifdef CONF_LASTLOG_FILE -# define LASTLOG_FILE CONF_LASTLOG_FILE -# endif -# endif -#endif - -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) -# define USE_SHADOW -#endif - -/* The login() library function in libutil is first choice */ -#if defined(HAVE_LOGIN) && !defined(DISABLE_LOGIN) -# define USE_LOGIN - -#else -/* Simply select your favourite login types. */ -/* Can't do if-else because some systems use several... */ -# if !defined(DISABLE_UTMPX) -# define USE_UTMPX -# endif -# if defined(UTMP_FILE) && !defined(DISABLE_UTMP) -# define USE_UTMP -# endif -# if defined(WTMPX_FILE) && !defined(DISABLE_WTMPX) -# define USE_WTMPX -# endif -# if defined(WTMP_FILE) && !defined(DISABLE_WTMP) -# define USE_WTMP -# endif - -#endif - -#ifndef UT_LINESIZE -# define UT_LINESIZE 8 -#endif - -/* I hope that the presence of LASTLOG_FILE is enough to detect this */ -#if defined(LASTLOG_FILE) && !defined(DISABLE_LASTLOG) -# define USE_LASTLOG -#endif - -#ifdef HAVE_OSF_SIA -# ifdef USE_SHADOW -# undef USE_SHADOW -# endif -# define CUSTOM_SYS_AUTH_PASSWD 1 -#endif - -#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(HAVE_SECUREWARE) -# define CUSTOM_SYS_AUTH_PASSWD 1 -#endif -#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(BROKEN_LIBIAF) -# define USE_LIBIAF -#endif - -/* HP-UX 11.11 */ -#ifdef BTMP_FILE -# define _PATH_BTMP BTMP_FILE -#endif - -#if defined(USE_BTMP) && defined(_PATH_BTMP) -# define CUSTOM_FAILED_LOGIN -#endif - -/** end of login recorder definitions */ - -#ifdef BROKEN_GETGROUPS -# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b))) -#endif - -#if defined(HAVE_MMAP) && defined(BROKEN_MMAP) -# undef HAVE_MMAP -#endif - -#ifndef IOV_MAX -# if defined(_XOPEN_IOV_MAX) -# define IOV_MAX _XOPEN_IOV_MAX -# elif defined(DEF_IOV_MAX) -# define IOV_MAX DEF_IOV_MAX -# else -# define IOV_MAX 16 -# endif -#endif - -#ifndef EWOULDBLOCK -# define EWOULDBLOCK EAGAIN -#endif - -#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */ -#define INET6_ADDRSTRLEN 46 -#endif - -#ifndef SSH_IOBUFSZ -# define SSH_IOBUFSZ 8192 -#endif - -/* - * We want functions in openbsd-compat, if enabled, to override system ones. - * We no-op out the weak symbol definition rather than remove it to reduce - * future sync problems. - */ -#define DEF_WEAK(x) - -/* - * Platforms that have arc4random_uniform() and not arc4random_stir() - * shouldn't need the latter. - */ -#if defined(HAVE_ARC4RANDOM) && defined(HAVE_ARC4RANDOM_UNIFORM) && \ - !defined(HAVE_ARC4RANDOM_STIR) -# define arc4random_stir() -#endif - -#ifndef HAVE_VA_COPY -# ifdef HAVE___VA_COPY -# define va_copy(dest, src) __va_copy(dest, src) -# else -# define va_copy(dest, src) (dest) = (src) -# endif -#endif - -#ifndef __predict_true -# if defined(__GNUC__) && \ - ((__GNUC__ > (2)) || (__GNUC__ == (2) && __GNUC_MINOR__ >= (96))) -# define __predict_true(exp) __builtin_expect(((exp) != 0), 1) -# define __predict_false(exp) __builtin_expect(((exp) != 0), 0) -# else -# define __predict_true(exp) ((exp) != 0) -# define __predict_false(exp) ((exp) != 0) -# endif /* gcc version */ -#endif /* __predict_true */ - -#if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ - defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \ - defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \ - !defined(BROKEN_GLOB) -# define USE_SYSTEM_GLOB -#endif - -#endif /* _DEFINES_H */ diff --git a/ssh_keygen_110/dh.h b/ssh_keygen_110/dh.h deleted file mode 100644 index 344b29e3..00000000 --- a/ssh_keygen_110/dh.h +++ /dev/null @@ -1,80 +0,0 @@ -/* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */ - -/* - * Copyright (c) 2000 Niels Provos. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef DH_H -#define DH_H - -struct dhgroup { - int size; - BIGNUM *g; - BIGNUM *p; -}; - -DH *choose_dh(int, int, int); -DH *dh_new_group_asc(const char *, const char *); -DH *dh_new_group(BIGNUM *, BIGNUM *); -DH *dh_new_group1(void); -DH *dh_new_group14(void); -DH *dh_new_group16(void); -DH *dh_new_group18(void); -DH *dh_new_group_fallback(int); - -int dh_gen_key(DH *, int); -int dh_pub_is_valid(const DH *, const BIGNUM *); - -u_int dh_estimate(int); - -/* - * Max value from RFC4419. - * Miniumum increased in light of DH precomputation attacks. - */ -#define DH_GRP_MIN 2048 -#define DH_GRP_MAX 8192 - -/* - * Values for "type" field of moduli(5) - * Specifies the internal structure of the prime modulus. - */ -#define MODULI_TYPE_UNKNOWN (0) -#define MODULI_TYPE_UNSTRUCTURED (1) -#define MODULI_TYPE_SAFE (2) -#define MODULI_TYPE_SCHNORR (3) -#define MODULI_TYPE_SOPHIE_GERMAIN (4) -#define MODULI_TYPE_STRONG (5) - -/* - * Values for "tests" field of moduli(5) - * Specifies the methods used in checking for primality. - * Usually, more than one test is used. - */ -#define MODULI_TESTS_UNTESTED (0x00) -#define MODULI_TESTS_COMPOSITE (0x01) -#define MODULI_TESTS_SIEVE (0x02) -#define MODULI_TESTS_MILLER_RABIN (0x04) -#define MODULI_TESTS_JACOBI (0x08) -#define MODULI_TESTS_ELLIPTIC (0x10) - - -#endif diff --git a/ssh_keygen_110/digest-openssl.c b/ssh_keygen_110/digest-openssl.c deleted file mode 100644 index da7ed72b..00000000 --- a/ssh_keygen_110/digest-openssl.c +++ /dev/null @@ -1,206 +0,0 @@ -/* $OpenBSD: digest-openssl.c,v 1.7 2017/05/08 22:57:38 djm Exp $ */ -/* - * Copyright (c) 2013 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include -#include -#include -#include - -#include - -#include "openbsd-compat/openssl-compat.h" - -#include "sshbuf.h" -#include "digest.h" -#include "ssherr.h" - -#ifndef HAVE_EVP_RIPEMD160 -# define EVP_ripemd160 NULL -#endif /* HAVE_EVP_RIPEMD160 */ -#ifndef HAVE_EVP_SHA256 -# define EVP_sha256 NULL -# define EVP_sha384 NULL -# define EVP_sha512 NULL -#endif /* HAVE_EVP_SHA256 */ - -struct ssh_digest_ctx { - int alg; - EVP_MD_CTX *mdctx; -}; - -struct ssh_digest { - int id; - const char *name; - size_t digest_len; - const EVP_MD *(*mdfunc)(void); -}; - -/* NB. Indexed directly by algorithm number */ -const struct ssh_digest digests[] = { - { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, - { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, - { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, - { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 }, - { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, - { -1, NULL, 0, NULL }, -}; - -static const struct ssh_digest * -ssh_digest_by_alg(int alg) -{ - if (alg < 0 || alg >= SSH_DIGEST_MAX) - return NULL; - if (digests[alg].id != alg) /* sanity */ - return NULL; - if (digests[alg].mdfunc == NULL) - return NULL; - return &(digests[alg]); -} - -int -ssh_digest_alg_by_name(const char *name) -{ - int alg; - - for (alg = 0; digests[alg].id != -1; alg++) { - if (strcasecmp(name, digests[alg].name) == 0) - return digests[alg].id; - } - return -1; -} - -const char * -ssh_digest_alg_name(int alg) -{ - const struct ssh_digest *digest = ssh_digest_by_alg(alg); - - return digest == NULL ? NULL : digest->name; -} - -size_t -ssh_digest_bytes(int alg) -{ - const struct ssh_digest *digest = ssh_digest_by_alg(alg); - - return digest == NULL ? 0 : digest->digest_len; -} - -size_t -ssh_digest_blocksize(struct ssh_digest_ctx *ctx) -{ - return EVP_MD_CTX_block_size(ctx->mdctx); -} - -struct ssh_digest_ctx * -ssh_digest_start(int alg) -{ - const struct ssh_digest *digest = ssh_digest_by_alg(alg); - struct ssh_digest_ctx *ret; - - if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) - return NULL; - ret->alg = alg; - if ((ret->mdctx = EVP_MD_CTX_new()) == NULL) { - free(ret); - return NULL; - } - if (EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { - ssh_digest_free(ret); - return NULL; - } - return ret; -} - -int -ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) -{ - if (from->alg != to->alg) - return SSH_ERR_INVALID_ARGUMENT; - /* we have bcopy-style order while openssl has memcpy-style */ - if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; -} - -int -ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) -{ - if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; -} - -int -ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b) -{ - return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b)); -} - -int -ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) -{ - const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); - u_int l = dlen; - - if (digest == NULL || dlen > UINT_MAX) - return SSH_ERR_INVALID_ARGUMENT; - if (dlen < digest->digest_len) /* No truncation allowed */ - return SSH_ERR_INVALID_ARGUMENT; - if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - if (l != digest->digest_len) /* sanity */ - return SSH_ERR_INTERNAL_ERROR; - return 0; -} - -void -ssh_digest_free(struct ssh_digest_ctx *ctx) -{ - if (ctx == NULL) - return; - EVP_MD_CTX_free(ctx->mdctx); - freezero(ctx, sizeof(*ctx)); -} - -int -ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) -{ - const struct ssh_digest *digest = ssh_digest_by_alg(alg); - u_int mdlen; - - if (digest == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (dlen > UINT_MAX) - return SSH_ERR_INVALID_ARGUMENT; - if (dlen < digest->digest_len) - return SSH_ERR_INVALID_ARGUMENT; - mdlen = dlen; - if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL)) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; -} - -int -ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) -{ - return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); -} -#endif /* WITH_OPENSSL */ diff --git a/ssh_keygen_110/digest.h b/ssh_keygen_110/digest.h deleted file mode 100644 index 274574d0..00000000 --- a/ssh_keygen_110/digest.h +++ /dev/null @@ -1,70 +0,0 @@ -/* $OpenBSD: digest.h,v 1.8 2017/05/08 22:57:38 djm Exp $ */ -/* - * Copyright (c) 2013 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _DIGEST_H -#define _DIGEST_H - -/* Maximum digest output length */ -#define SSH_DIGEST_MAX_LENGTH 64 - -/* Digest algorithms */ -#define SSH_DIGEST_MD5 0 -#define SSH_DIGEST_SHA1 1 -#define SSH_DIGEST_SHA256 2 -#define SSH_DIGEST_SHA384 3 -#define SSH_DIGEST_SHA512 4 -#define SSH_DIGEST_MAX 5 - -struct sshbuf; -struct ssh_digest_ctx; - -/* Looks up a digest algorithm by name */ -int ssh_digest_alg_by_name(const char *name); - -/* Returns the algorithm name for a digest identifier */ -const char *ssh_digest_alg_name(int alg); - -/* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */ -size_t ssh_digest_bytes(int alg); - -/* Returns the block size of the digest, e.g. for implementing HMAC */ -size_t ssh_digest_blocksize(struct ssh_digest_ctx *ctx); - -/* Copies internal state of digest of 'from' to 'to' */ -int ssh_digest_copy_state(struct ssh_digest_ctx *from, - struct ssh_digest_ctx *to); - -/* One-shot API */ -int ssh_digest_memory(int alg, const void *m, size_t mlen, - u_char *d, size_t dlen) - __attribute__((__bounded__(__buffer__, 2, 3))) - __attribute__((__bounded__(__buffer__, 4, 5))); -int ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) - __attribute__((__bounded__(__buffer__, 3, 4))); - -/* Update API */ -struct ssh_digest_ctx *ssh_digest_start(int alg); -int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) - __attribute__((__bounded__(__buffer__, 2, 3))); -int ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, - const struct sshbuf *b); -int ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) - __attribute__((__bounded__(__buffer__, 2, 3))); -void ssh_digest_free(struct ssh_digest_ctx *ctx); - -#endif /* _DIGEST_H */ - diff --git a/ssh_keygen_110/dns.c b/ssh_keygen_110/dns.c deleted file mode 100644 index ff1a2c41..00000000 --- a/ssh_keygen_110/dns.c +++ /dev/null @@ -1,356 +0,0 @@ -/* $OpenBSD: dns.c,v 1.38 2018/02/23 15:58:37 markus Exp $ */ - -/* - * Copyright (c) 2003 Wesley Griffin. All rights reserved. - * Copyright (c) 2003 Jakob Schlyter. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "sshkey.h" -#include "ssherr.h" -#include "dns.h" -#include "log.h" -#include "digest.h" - -static const char *errset_text[] = { - "success", /* 0 ERRSET_SUCCESS */ - "out of memory", /* 1 ERRSET_NOMEMORY */ - "general failure", /* 2 ERRSET_FAIL */ - "invalid parameter", /* 3 ERRSET_INVAL */ - "name does not exist", /* 4 ERRSET_NONAME */ - "data does not exist", /* 5 ERRSET_NODATA */ -}; - -static const char * -dns_result_totext(unsigned int res) -{ - switch (res) { - case ERRSET_SUCCESS: - return errset_text[ERRSET_SUCCESS]; - case ERRSET_NOMEMORY: - return errset_text[ERRSET_NOMEMORY]; - case ERRSET_FAIL: - return errset_text[ERRSET_FAIL]; - case ERRSET_INVAL: - return errset_text[ERRSET_INVAL]; - case ERRSET_NONAME: - return errset_text[ERRSET_NONAME]; - case ERRSET_NODATA: - return errset_text[ERRSET_NODATA]; - default: - return "unknown error"; - } -} - -/* - * Read SSHFP parameters from key buffer. - */ -static int -dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, - u_char **digest, size_t *digest_len, struct sshkey *key) -{ - int r, success = 0; - int fp_alg = -1; - - switch (key->type) { - case KEY_RSA: - *algorithm = SSHFP_KEY_RSA; - if (!*digest_type) - *digest_type = SSHFP_HASH_SHA1; - break; - case KEY_DSA: - *algorithm = SSHFP_KEY_DSA; - if (!*digest_type) - *digest_type = SSHFP_HASH_SHA1; - break; - case KEY_ECDSA: - *algorithm = SSHFP_KEY_ECDSA; - if (!*digest_type) - *digest_type = SSHFP_HASH_SHA256; - break; - case KEY_ED25519: - *algorithm = SSHFP_KEY_ED25519; - if (!*digest_type) - *digest_type = SSHFP_HASH_SHA256; - break; - case KEY_XMSS: - *algorithm = SSHFP_KEY_XMSS; - if (!*digest_type) - *digest_type = SSHFP_HASH_SHA256; - break; - default: - *algorithm = SSHFP_KEY_RESERVED; /* 0 */ - *digest_type = SSHFP_HASH_RESERVED; /* 0 */ - } - - switch (*digest_type) { - case SSHFP_HASH_SHA1: - fp_alg = SSH_DIGEST_SHA1; - break; - case SSHFP_HASH_SHA256: - fp_alg = SSH_DIGEST_SHA256; - break; - default: - *digest_type = SSHFP_HASH_RESERVED; /* 0 */ - } - - if (*algorithm && *digest_type) { - if ((r = sshkey_fingerprint_raw(key, fp_alg, digest, - digest_len)) != 0) - fatal("%s: sshkey_fingerprint_raw: %s", __func__, - ssh_err(r)); - success = 1; - } else { - *digest = NULL; - *digest_len = 0; - success = 0; - } - - return success; -} - -/* - * Read SSHFP parameters from rdata buffer. - */ -static int -dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, - u_char **digest, size_t *digest_len, u_char *rdata, int rdata_len) -{ - int success = 0; - - *algorithm = SSHFP_KEY_RESERVED; - *digest_type = SSHFP_HASH_RESERVED; - - if (rdata_len >= 2) { - *algorithm = rdata[0]; - *digest_type = rdata[1]; - *digest_len = rdata_len - 2; - - if (*digest_len > 0) { - *digest = xmalloc(*digest_len); - memcpy(*digest, rdata + 2, *digest_len); - } else { - *digest = (u_char *)xstrdup(""); - } - - success = 1; - } - - return success; -} - -/* - * Check if hostname is numerical. - * Returns -1 if hostname is numeric, 0 otherwise - */ -static int -is_numeric_hostname(const char *hostname) -{ - struct addrinfo hints, *ai; - - /* - * We shouldn't ever get a null host but if we do then log an error - * and return -1 which stops DNS key fingerprint processing. - */ - if (hostname == NULL) { - error("is_numeric_hostname called with NULL hostname"); - return -1; - } - - memset(&hints, 0, sizeof(hints)); - hints.ai_socktype = SOCK_DGRAM; - hints.ai_flags = AI_NUMERICHOST; - - if (getaddrinfo(hostname, NULL, &hints, &ai) == 0) { - freeaddrinfo(ai); - return -1; - } - - return 0; -} - -/* - * Verify the given hostname, address and host key using DNS. - * Returns 0 if lookup succeeds, -1 otherwise - */ -int -verify_host_key_dns(const char *hostname, struct sockaddr *address, - struct sshkey *hostkey, int *flags) -{ - u_int counter; - int result; - struct rrsetinfo *fingerprints = NULL; - - u_int8_t hostkey_algorithm; - u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; - u_char *hostkey_digest; - size_t hostkey_digest_len; - - u_int8_t dnskey_algorithm; - u_int8_t dnskey_digest_type; - u_char *dnskey_digest; - size_t dnskey_digest_len; - - *flags = 0; - - debug3("verify_host_key_dns"); - if (hostkey == NULL) - fatal("No key to look up!"); - - if (is_numeric_hostname(hostname)) { - debug("skipped DNS lookup for numerical hostname"); - return -1; - } - - result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, - DNS_RDATATYPE_SSHFP, 0, &fingerprints); - if (result) { - verbose("DNS lookup error: %s", dns_result_totext(result)); - return -1; - } - - if (fingerprints->rri_flags & RRSET_VALIDATED) { - *flags |= DNS_VERIFY_SECURE; - debug("found %d secure fingerprints in DNS", - fingerprints->rri_nrdatas); - } else { - debug("found %d insecure fingerprints in DNS", - fingerprints->rri_nrdatas); - } - - /* Initialize default host key parameters */ - if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, - &hostkey_digest, &hostkey_digest_len, hostkey)) { - error("Error calculating host key fingerprint."); - freerrset(fingerprints); - return -1; - } - - if (fingerprints->rri_nrdatas) - *flags |= DNS_VERIFY_FOUND; - - for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) { - /* - * Extract the key from the answer. Ignore any badly - * formatted fingerprints. - */ - if (!dns_read_rdata(&dnskey_algorithm, &dnskey_digest_type, - &dnskey_digest, &dnskey_digest_len, - fingerprints->rri_rdatas[counter].rdi_data, - fingerprints->rri_rdatas[counter].rdi_length)) { - verbose("Error parsing fingerprint from DNS."); - continue; - } - - if (hostkey_digest_type != dnskey_digest_type) { - hostkey_digest_type = dnskey_digest_type; - free(hostkey_digest); - - /* Initialize host key parameters */ - if (!dns_read_key(&hostkey_algorithm, - &hostkey_digest_type, &hostkey_digest, - &hostkey_digest_len, hostkey)) { - error("Error calculating key fingerprint."); - freerrset(fingerprints); - return -1; - } - } - - /* Check if the current key is the same as the given key */ - if (hostkey_algorithm == dnskey_algorithm && - hostkey_digest_type == dnskey_digest_type) { - if (hostkey_digest_len == dnskey_digest_len && - timingsafe_bcmp(hostkey_digest, dnskey_digest, - hostkey_digest_len) == 0) - *flags |= DNS_VERIFY_MATCH; - } - free(dnskey_digest); - } - - free(hostkey_digest); /* from sshkey_fingerprint_raw() */ - freerrset(fingerprints); - - if (*flags & DNS_VERIFY_FOUND) - if (*flags & DNS_VERIFY_MATCH) - debug("matching host key fingerprint found in DNS"); - else - debug("mismatching host key fingerprint found in DNS"); - else - debug("no host key fingerprint found in DNS"); - - return 0; -} - -/* - * Export the fingerprint of a key as a DNS resource record - */ -int -export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) -{ - u_int8_t rdata_pubkey_algorithm = 0; - u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; - u_int8_t dtype; - u_char *rdata_digest; - size_t i, rdata_digest_len; - int success = 0; - - for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { - rdata_digest_type = dtype; - if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, - &rdata_digest, &rdata_digest_len, key)) { - if (generic) { - fprintf(f, "%s IN TYPE%d \\# %zu %02x %02x ", - hostname, DNS_RDATATYPE_SSHFP, - 2 + rdata_digest_len, - rdata_pubkey_algorithm, rdata_digest_type); - } else { - fprintf(f, "%s IN SSHFP %d %d ", hostname, - rdata_pubkey_algorithm, rdata_digest_type); - } - for (i = 0; i < rdata_digest_len; i++) - fprintf(f, "%02x", rdata_digest[i]); - fprintf(f, "\n"); - free(rdata_digest); /* from sshkey_fingerprint_raw() */ - success = 1; - } - } - - /* No SSHFP record was generated at all */ - if (success == 0) { - error("%s: unsupported algorithm and/or digest_type", __func__); - } - - return success; -} diff --git a/ssh_keygen_110/dns.h b/ssh_keygen_110/dns.h deleted file mode 100644 index 91f3c632..00000000 --- a/ssh_keygen_110/dns.h +++ /dev/null @@ -1,58 +0,0 @@ -/* $OpenBSD: dns.h,v 1.18 2018/02/23 15:58:37 markus Exp $ */ - -/* - * Copyright (c) 2003 Wesley Griffin. All rights reserved. - * Copyright (c) 2003 Jakob Schlyter. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef DNS_H -#define DNS_H - -enum sshfp_types { - SSHFP_KEY_RESERVED = 0, - SSHFP_KEY_RSA = 1, - SSHFP_KEY_DSA = 2, - SSHFP_KEY_ECDSA = 3, - SSHFP_KEY_ED25519 = 4, - SSHFP_KEY_XMSS = 5 -}; - -enum sshfp_hashes { - SSHFP_HASH_RESERVED = 0, - SSHFP_HASH_SHA1 = 1, - SSHFP_HASH_SHA256 = 2, - SSHFP_HASH_MAX = 3 -}; - -#define DNS_RDATACLASS_IN 1 -#define DNS_RDATATYPE_SSHFP 44 - -#define DNS_VERIFY_FOUND 0x00000001 -#define DNS_VERIFY_MATCH 0x00000002 -#define DNS_VERIFY_SECURE 0x00000004 - -int verify_host_key_dns(const char *, struct sockaddr *, - struct sshkey *, int *); -int export_dns_rr(const char *, struct sshkey *, FILE *, int); - -#endif /* DNS_H */ diff --git a/ssh_keygen_110/ed25519.c b/ssh_keygen_110/ed25519.c deleted file mode 100644 index 767ec24d..00000000 --- a/ssh_keygen_110/ed25519.c +++ /dev/null @@ -1,144 +0,0 @@ -/* $OpenBSD: ed25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c - */ - -#include "includes.h" -#include "crypto_api.h" - -#include "ge25519.h" - -static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen) -{ - unsigned long long i; - - for (i = 0;i < 32;++i) playground[i] = sm[i]; - for (i = 32;i < 64;++i) playground[i] = pk[i-32]; - for (i = 64;i < smlen;++i) playground[i] = sm[i]; - - crypto_hash_sha512(hram,playground,smlen); -} - - -int crypto_sign_ed25519_keypair( - unsigned char *pk, - unsigned char *sk - ) -{ - sc25519 scsk; - ge25519 gepk; - unsigned char extsk[64]; - int i; - - randombytes(sk, 32); - crypto_hash_sha512(extsk, sk, 32); - extsk[0] &= 248; - extsk[31] &= 127; - extsk[31] |= 64; - - sc25519_from32bytes(&scsk,extsk); - - ge25519_scalarmult_base(&gepk, &scsk); - ge25519_pack(pk, &gepk); - for(i=0;i<32;i++) - sk[32 + i] = pk[i]; - return 0; -} - -int crypto_sign_ed25519( - unsigned char *sm,unsigned long long *smlen, - const unsigned char *m,unsigned long long mlen, - const unsigned char *sk - ) -{ - sc25519 sck, scs, scsk; - ge25519 ger; - unsigned char r[32]; - unsigned char s[32]; - unsigned char extsk[64]; - unsigned long long i; - unsigned char hmg[crypto_hash_sha512_BYTES]; - unsigned char hram[crypto_hash_sha512_BYTES]; - - crypto_hash_sha512(extsk, sk, 32); - extsk[0] &= 248; - extsk[31] &= 127; - extsk[31] |= 64; - - *smlen = mlen+64; - for(i=0;i -#include -#ifdef HAVE_SYS_UN_H -# include -#endif - -#include -#include - -#include -#include -#include -#include -#include /* for offsetof */ - -#include -#include -#include - -#include "openbsd-compat/openssl-compat.h" - -#include "ssh.h" -#include "misc.h" -#include "xmalloc.h" -#include "atomicio.h" -#include "pathnames.h" -#include "log.h" -#include "sshbuf.h" -#include "ssherr.h" - -/* - * Portable OpenSSH PRNG seeding: - * If OpenSSL has not "internally seeded" itself (e.g. pulled data from - * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from - * PRNGd. - */ -#ifndef OPENSSL_PRNG_ONLY - -#define RANDOM_SEED_SIZE 48 - -/* - * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon - * listening either on 'tcp_port', or via Unix domain socket at * - * 'socket_path'. - * Either a non-zero tcp_port or a non-null socket_path must be - * supplied. - * Returns 0 on success, -1 on error - */ -int -get_random_bytes_prngd(unsigned char *buf, int len, - unsigned short tcp_port, char *socket_path) -{ - int fd, addr_len, rval, errors; - u_char msg[2]; - struct sockaddr_storage addr; - struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; - struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; - mysig_t old_sigpipe; - - /* Sanity checks */ - if (socket_path == NULL && tcp_port == 0) - fatal("You must specify a port or a socket"); - if (socket_path != NULL && - strlen(socket_path) >= sizeof(addr_un->sun_path)) - fatal("Random pool path is too long"); - if (len <= 0 || len > 255) - fatal("Too many bytes (%d) to read from PRNGD", len); - - memset(&addr, '\0', sizeof(addr)); - - if (tcp_port != 0) { - addr_in->sin_family = AF_INET; - addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK); - addr_in->sin_port = htons(tcp_port); - addr_len = sizeof(*addr_in); - } else { - addr_un->sun_family = AF_UNIX; - strlcpy(addr_un->sun_path, socket_path, - sizeof(addr_un->sun_path)); - addr_len = offsetof(struct sockaddr_un, sun_path) + - strlen(socket_path) + 1; - } - - old_sigpipe = signal(SIGPIPE, SIG_IGN); - - errors = 0; - rval = -1; -reopen: - fd = socket(addr.ss_family, SOCK_STREAM, 0); - if (fd == -1) { - error("Couldn't create socket: %s", strerror(errno)); - goto done; - } - - if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { - if (tcp_port != 0) { - error("Couldn't connect to PRNGD port %d: %s", - tcp_port, strerror(errno)); - } else { - error("Couldn't connect to PRNGD socket \"%s\": %s", - addr_un->sun_path, strerror(errno)); - } - goto done; - } - - /* Send blocking read request to PRNGD */ - msg[0] = 0x02; - msg[1] = len; - - if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) { - if (errno == EPIPE && errors < 10) { - close(fd); - errors++; - goto reopen; - } - error("Couldn't write to PRNGD socket: %s", - strerror(errno)); - goto done; - } - - if (atomicio(read, fd, buf, len) != (size_t)len) { - if (errno == EPIPE && errors < 10) { - close(fd); - errors++; - goto reopen; - } - error("Couldn't read from PRNGD socket: %s", - strerror(errno)); - goto done; - } - - rval = 0; -done: - signal(SIGPIPE, old_sigpipe); - if (fd != -1) - close(fd); - return rval; -} - -static int -seed_from_prngd(unsigned char *buf, size_t bytes) -{ -#ifdef PRNGD_PORT - debug("trying egd/prngd port %d", PRNGD_PORT); - if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) - return 0; -#endif -#ifdef PRNGD_SOCKET - debug("trying egd/prngd socket %s", PRNGD_SOCKET); - if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) - return 0; -#endif - return -1; -} - -void -rexec_send_rng_seed(struct sshbuf *m) -{ - u_char buf[RANDOM_SEED_SIZE]; - size_t len = sizeof(buf); - int r; - - if (RAND_bytes(buf, sizeof(buf)) <= 0) { - error("Couldn't obtain random bytes (error %ld)", - ERR_get_error()); - len = 0; - } - if ((r = sshbuf_put_string(m, buf, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - explicit_bzero(buf, sizeof(buf)); -} - -void -rexec_recv_rng_seed(struct sshbuf *m) -{ - u_char *buf = NULL; - size_t len = 0; - int r; - - if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0 - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len); - RAND_add(buf, len, len); -} -#endif /* OPENSSL_PRNG_ONLY */ - -void -seed_rng(void) -{ -#ifndef OPENSSL_PRNG_ONLY - unsigned char buf[RANDOM_SEED_SIZE]; -#endif - if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay())) - fatal("OpenSSL version mismatch. Built against %lx, you " - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); - -#ifndef OPENSSL_PRNG_ONLY - if (RAND_status() == 1) { - debug3("RNG is ready, skipping seeding"); - return; - } - - if (seed_from_prngd(buf, sizeof(buf)) == -1) - fatal("Could not obtain seed from PRNGd"); - RAND_add(buf, sizeof(buf), sizeof(buf)); - memset(buf, '\0', sizeof(buf)); - -#endif /* OPENSSL_PRNG_ONLY */ - if (RAND_status() != 1) - fatal("PRNG is not seeded"); -} - -#else /* WITH_OPENSSL */ - -/* Handled in arc4random() */ -void -seed_rng(void) -{ -} - -#endif /* WITH_OPENSSL */ diff --git a/ssh_keygen_110/entropy.h b/ssh_keygen_110/entropy.h deleted file mode 100644 index 870164d3..00000000 --- a/ssh_keygen_110/entropy.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 1999-2000 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _RANDOMS_H -#define _RANDOMS_H - -struct sshbuf; - -void seed_rng(void); -void rexec_send_rng_seed(struct sshbuf *); -void rexec_recv_rng_seed(struct sshbuf *); - -#endif /* _RANDOMS_H */ diff --git a/ssh_keygen_110/fatal.c b/ssh_keygen_110/fatal.c deleted file mode 100644 index b44ae490..00000000 --- a/ssh_keygen_110/fatal.c +++ /dev/null @@ -1,46 +0,0 @@ -/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ -/* - * Copyright (c) 2002 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include - -#include - -#include "log.h" - -/* Fatal messages. This function never returns. */ - -void -fatal(const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_FATAL, fmt, args); - va_end(args); - sshkeygen_cleanup(); - cleanup_exit(255); -} diff --git a/ssh_keygen_110/fe25519.c b/ssh_keygen_110/fe25519.c deleted file mode 100644 index e54fd154..00000000 --- a/ssh_keygen_110/fe25519.c +++ /dev/null @@ -1,337 +0,0 @@ -/* $OpenBSD: fe25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c - */ - -#include "includes.h" - -#define WINDOWSIZE 1 /* Should be 1,2, or 4 */ -#define WINDOWMASK ((1<>= 31; /* 1: yes; 0: no */ - return x; -} - -static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ -{ - unsigned int x = a; - x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ - x >>= 31; /* 0: yes; 1: no */ - x ^= 1; /* 1: yes; 0: no */ - return x; -} - -static crypto_uint32 times19(crypto_uint32 a) -{ - return (a << 4) + (a << 1) + a; -} - -static crypto_uint32 times38(crypto_uint32 a) -{ - return (a << 5) + (a << 2) + (a << 1); -} - -static void reduce_add_sub(fe25519 *r) -{ - crypto_uint32 t; - int i,rep; - - for(rep=0;rep<4;rep++) - { - t = r->v[31] >> 7; - r->v[31] &= 127; - t = times19(t); - r->v[0] += t; - for(i=0;i<31;i++) - { - t = r->v[i] >> 8; - r->v[i+1] += t; - r->v[i] &= 255; - } - } -} - -static void reduce_mul(fe25519 *r) -{ - crypto_uint32 t; - int i,rep; - - for(rep=0;rep<2;rep++) - { - t = r->v[31] >> 7; - r->v[31] &= 127; - t = times19(t); - r->v[0] += t; - for(i=0;i<31;i++) - { - t = r->v[i] >> 8; - r->v[i+1] += t; - r->v[i] &= 255; - } - } -} - -/* reduction modulo 2^255-19 */ -void fe25519_freeze(fe25519 *r) -{ - int i; - crypto_uint32 m = equal(r->v[31],127); - for(i=30;i>0;i--) - m &= equal(r->v[i],255); - m &= ge(r->v[0],237); - - m = -m; - - r->v[31] -= m&127; - for(i=30;i>0;i--) - r->v[i] -= m&255; - r->v[0] -= m&237; -} - -void fe25519_unpack(fe25519 *r, const unsigned char x[32]) -{ - int i; - for(i=0;i<32;i++) r->v[i] = x[i]; - r->v[31] &= 127; -} - -/* Assumes input x being reduced below 2^255 */ -void fe25519_pack(unsigned char r[32], const fe25519 *x) -{ - int i; - fe25519 y = *x; - fe25519_freeze(&y); - for(i=0;i<32;i++) - r[i] = y.v[i]; -} - -int fe25519_iszero(const fe25519 *x) -{ - int i; - int r; - fe25519 t = *x; - fe25519_freeze(&t); - r = equal(t.v[0],0); - for(i=1;i<32;i++) - r &= equal(t.v[i],0); - return r; -} - -int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y) -{ - int i; - fe25519 t1 = *x; - fe25519 t2 = *y; - fe25519_freeze(&t1); - fe25519_freeze(&t2); - for(i=0;i<32;i++) - if(t1.v[i] != t2.v[i]) return 0; - return 1; -} - -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) -{ - int i; - crypto_uint32 mask = b; - mask = -mask; - for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]); -} - -unsigned char fe25519_getparity(const fe25519 *x) -{ - fe25519 t = *x; - fe25519_freeze(&t); - return t.v[0] & 1; -} - -void fe25519_setone(fe25519 *r) -{ - int i; - r->v[0] = 1; - for(i=1;i<32;i++) r->v[i]=0; -} - -void fe25519_setzero(fe25519 *r) -{ - int i; - for(i=0;i<32;i++) r->v[i]=0; -} - -void fe25519_neg(fe25519 *r, const fe25519 *x) -{ - fe25519 t; - int i; - for(i=0;i<32;i++) t.v[i]=x->v[i]; - fe25519_setzero(r); - fe25519_sub(r, r, &t); -} - -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i; - for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; - reduce_add_sub(r); -} - -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i; - crypto_uint32 t[32]; - t[0] = x->v[0] + 0x1da; - t[31] = x->v[31] + 0xfe; - for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; - for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; - reduce_add_sub(r); -} - -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i,j; - crypto_uint32 t[63]; - for(i=0;i<63;i++)t[i] = 0; - - for(i=0;i<32;i++) - for(j=0;j<32;j++) - t[i+j] += x->v[i] * y->v[j]; - - for(i=32;i<63;i++) - r->v[i-32] = t[i-32] + times38(t[i]); - r->v[31] = t[31]; /* result now in r[0]...r[31] */ - - reduce_mul(r); -} - -void fe25519_square(fe25519 *r, const fe25519 *x) -{ - fe25519_mul(r, x, x); -} - -void fe25519_invert(fe25519 *r, const fe25519 *x) -{ - fe25519 z2; - fe25519 z9; - fe25519 z11; - fe25519 z2_5_0; - fe25519 z2_10_0; - fe25519 z2_20_0; - fe25519 z2_50_0; - fe25519 z2_100_0; - fe25519 t0; - fe25519 t1; - int i; - - /* 2 */ fe25519_square(&z2,x); - /* 4 */ fe25519_square(&t1,&z2); - /* 8 */ fe25519_square(&t0,&t1); - /* 9 */ fe25519_mul(&z9,&t0,x); - /* 11 */ fe25519_mul(&z11,&z9,&z2); - /* 22 */ fe25519_square(&t0,&z11); - /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); - - /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); - /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); - /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); - /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); - /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); - - /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); - /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); - - /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); - /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); - - /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); - /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } - /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); - - /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); - /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); - - /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); - /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } - /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); - - /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); - /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); - - /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); - /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); - /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); - /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); - /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); -} - -void fe25519_pow2523(fe25519 *r, const fe25519 *x) -{ - fe25519 z2; - fe25519 z9; - fe25519 z11; - fe25519 z2_5_0; - fe25519 z2_10_0; - fe25519 z2_20_0; - fe25519 z2_50_0; - fe25519 z2_100_0; - fe25519 t; - int i; - - /* 2 */ fe25519_square(&z2,x); - /* 4 */ fe25519_square(&t,&z2); - /* 8 */ fe25519_square(&t,&t); - /* 9 */ fe25519_mul(&z9,&t,x); - /* 11 */ fe25519_mul(&z11,&z9,&z2); - /* 22 */ fe25519_square(&t,&z11); - /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9); - - /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0); - /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); } - /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0); - - /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0); - /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } - /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0); - - /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0); - /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); } - /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0); - - /* 2^41 - 2^1 */ fe25519_square(&t,&t); - /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } - /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0); - - /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0); - /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } - /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0); - - /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0); - /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); } - /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0); - - /* 2^201 - 2^1 */ fe25519_square(&t,&t); - /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } - /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0); - - /* 2^251 - 2^1 */ fe25519_square(&t,&t); - /* 2^252 - 2^2 */ fe25519_square(&t,&t); - /* 2^252 - 3 */ fe25519_mul(r,&t,x); -} diff --git a/ssh_keygen_110/fe25519.h b/ssh_keygen_110/fe25519.h deleted file mode 100644 index 41b3cbb4..00000000 --- a/ssh_keygen_110/fe25519.h +++ /dev/null @@ -1,70 +0,0 @@ -/* $OpenBSD: fe25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.h - */ - -#ifndef FE25519_H -#define FE25519_H - -#include "crypto_api.h" - -#define fe25519 crypto_sign_ed25519_ref_fe25519 -#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze -#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack -#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack -#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero -#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime -#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov -#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone -#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero -#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg -#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity -#define fe25519_add crypto_sign_ed25519_ref_fe25519_add -#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub -#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul -#define fe25519_square crypto_sign_ed25519_ref_fe25519_square -#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert -#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 - -typedef struct -{ - crypto_uint32 v[32]; -} -fe25519; - -void fe25519_freeze(fe25519 *r); - -void fe25519_unpack(fe25519 *r, const unsigned char x[32]); - -void fe25519_pack(unsigned char r[32], const fe25519 *x); - -int fe25519_iszero(const fe25519 *x); - -int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); - -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); - -void fe25519_setone(fe25519 *r); - -void fe25519_setzero(fe25519 *r); - -void fe25519_neg(fe25519 *r, const fe25519 *x); - -unsigned char fe25519_getparity(const fe25519 *x); - -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_square(fe25519 *r, const fe25519 *x); - -void fe25519_invert(fe25519 *r, const fe25519 *x); - -void fe25519_pow2523(fe25519 *r, const fe25519 *x); - -#endif diff --git a/ssh_keygen_110/ge25519.c b/ssh_keygen_110/ge25519.c deleted file mode 100644 index dfe3849b..00000000 --- a/ssh_keygen_110/ge25519.c +++ /dev/null @@ -1,321 +0,0 @@ -/* $OpenBSD: ge25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c - */ - -#include "includes.h" - -#include "fe25519.h" -#include "sc25519.h" -#include "ge25519.h" - -/* - * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 - * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 - * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); - */ - -/* d */ -static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, - 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}}; -/* 2*d */ -static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, - 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}}; -/* sqrt(-1) */ -static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, - 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}}; - -#define ge25519_p3 ge25519 - -typedef struct -{ - fe25519 x; - fe25519 z; - fe25519 y; - fe25519 t; -} ge25519_p1p1; - -typedef struct -{ - fe25519 x; - fe25519 y; - fe25519 z; -} ge25519_p2; - -typedef struct -{ - fe25519 x; - fe25519 y; -} ge25519_aff; - - -/* Packed coordinates of the base point */ -const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, - 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}}, - {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, - 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}}; - -/* Multiples of the base point in affine representation */ -static const ge25519_aff ge25519_base_multiples_affine[425] = { -#include "ge25519_base.data" -}; - -static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) -{ - fe25519_mul(&r->x, &p->x, &p->t); - fe25519_mul(&r->y, &p->y, &p->z); - fe25519_mul(&r->z, &p->z, &p->t); -} - -static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) -{ - p1p1_to_p2((ge25519_p2 *)r, p); - fe25519_mul(&r->t, &p->x, &p->y); -} - -static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q) -{ - fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; - fe25519_mul(&qt, &q->x, &q->y); - fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ - fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ - fe25519_sub(&t1, &q->y, &q->x); - fe25519_add(&t2, &q->y, &q->x); - fe25519_mul(&a, &a, &t1); - fe25519_mul(&b, &b, &t2); - fe25519_sub(&e, &b, &a); /* E = B-A */ - fe25519_add(&h, &b, &a); /* H = B+A */ - fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ - fe25519_mul(&c, &c, &ge25519_ec2d); - fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ - fe25519_sub(&f, &d, &c); /* F = D-C */ - fe25519_add(&g, &d, &c); /* G = D+C */ - fe25519_mul(&r->x, &e, &f); - fe25519_mul(&r->y, &h, &g); - fe25519_mul(&r->z, &g, &f); - fe25519_mul(&r->t, &e, &h); -} - -static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) -{ - fe25519 a, b, c, d, t; - - fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ - fe25519_sub(&t, &q->y, &q->x); - fe25519_mul(&a, &a, &t); - fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ - fe25519_add(&t, &q->x, &q->y); - fe25519_mul(&b, &b, &t); - fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ - fe25519_mul(&c, &c, &ge25519_ec2d); - fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ - fe25519_add(&d, &d, &d); - fe25519_sub(&r->x, &b, &a); /* E = B-A */ - fe25519_sub(&r->t, &d, &c); /* F = D-C */ - fe25519_add(&r->z, &d, &c); /* G = D+C */ - fe25519_add(&r->y, &b, &a); /* H = B+A */ -} - -/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ -static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) -{ - fe25519 a,b,c,d; - fe25519_square(&a, &p->x); - fe25519_square(&b, &p->y); - fe25519_square(&c, &p->z); - fe25519_add(&c, &c, &c); - fe25519_neg(&d, &a); - - fe25519_add(&r->x, &p->x, &p->y); - fe25519_square(&r->x, &r->x); - fe25519_sub(&r->x, &r->x, &a); - fe25519_sub(&r->x, &r->x, &b); - fe25519_add(&r->z, &d, &b); - fe25519_sub(&r->t, &r->z, &c); - fe25519_sub(&r->y, &d, &b); -} - -/* Constant-time version of: if(b) r = p */ -static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b) -{ - fe25519_cmov(&r->x, &p->x, b); - fe25519_cmov(&r->y, &p->y, b); -} - -static unsigned char equal(signed char b,signed char c) -{ - unsigned char ub = b; - unsigned char uc = c; - unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ - crypto_uint32 y = x; /* 0: yes; 1..255: no */ - y -= 1; /* 4294967295: yes; 0..254: no */ - y >>= 31; /* 1: yes; 0: no */ - return y; -} - -static unsigned char negative(signed char b) -{ - unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ - x >>= 63; /* 1: yes; 0: no */ - return x; -} - -static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b) -{ - /* constant time */ - fe25519 v; - *t = ge25519_base_multiples_affine[5*pos+0]; - cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); - cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); - cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); - cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); - fe25519_neg(&v, &t->x); - fe25519_cmov(&t->x, &v, negative(b)); -} - -static void setneutral(ge25519 *r) -{ - fe25519_setzero(&r->x); - fe25519_setone(&r->y); - fe25519_setone(&r->z); - fe25519_setzero(&r->t); -} - -/* ******************************************************************** - * EXPORTED FUNCTIONS - ******************************************************************** */ - -/* return 0 on success, -1 otherwise */ -int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32]) -{ - unsigned char par; - fe25519 t, chk, num, den, den2, den4, den6; - fe25519_setone(&r->z); - par = p[31] >> 7; - fe25519_unpack(&r->y, p); - fe25519_square(&num, &r->y); /* x = y^2 */ - fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */ - fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */ - fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */ - - /* Computation of sqrt(num/den) */ - /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ - fe25519_square(&den2, &den); - fe25519_square(&den4, &den2); - fe25519_mul(&den6, &den4, &den2); - fe25519_mul(&t, &den6, &num); - fe25519_mul(&t, &t, &den); - - fe25519_pow2523(&t, &t); - /* 2. computation of r->x = t * num * den^3 */ - fe25519_mul(&t, &t, &num); - fe25519_mul(&t, &t, &den); - fe25519_mul(&t, &t, &den); - fe25519_mul(&r->x, &t, &den); - - /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */ - fe25519_square(&chk, &r->x); - fe25519_mul(&chk, &chk, &den); - if (!fe25519_iseq_vartime(&chk, &num)) - fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1); - - /* 4. Now we have one of the two square roots, except if input was not a square */ - fe25519_square(&chk, &r->x); - fe25519_mul(&chk, &chk, &den); - if (!fe25519_iseq_vartime(&chk, &num)) - return -1; - - /* 5. Choose the desired square root according to parity: */ - if(fe25519_getparity(&r->x) != (1-par)) - fe25519_neg(&r->x, &r->x); - - fe25519_mul(&r->t, &r->x, &r->y); - return 0; -} - -void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) -{ - fe25519 tx, ty, zi; - fe25519_invert(&zi, &p->z); - fe25519_mul(&tx, &p->x, &zi); - fe25519_mul(&ty, &p->y, &zi); - fe25519_pack(r, &ty); - r[31] ^= fe25519_getparity(&tx) << 7; -} - -int ge25519_isneutral_vartime(const ge25519_p3 *p) -{ - int ret = 1; - if(!fe25519_iszero(&p->x)) ret = 0; - if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0; - return ret; -} - -/* computes [s1]p1 + [s2]p2 */ -void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2) -{ - ge25519_p1p1 tp1p1; - ge25519_p3 pre[16]; - unsigned char b[127]; - int i; - - /* precomputation s2 s1 */ - setneutral(pre); /* 00 00 */ - pre[1] = *p1; /* 00 01 */ - dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ - add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ - pre[4] = *p2; /* 01 00 */ - add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ - add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ - add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ - dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ - add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ - dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ - add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ - add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */ - add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */ - add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */ - add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */ - - sc25519_2interleave2(b,s1,s2); - - /* scalar multiplication */ - *r = pre[b[126]]; - for(i=125;i>=0;i--) - { - dbl_p1p1(&tp1p1, (ge25519_p2 *)r); - p1p1_to_p2((ge25519_p2 *) r, &tp1p1); - dbl_p1p1(&tp1p1, (ge25519_p2 *)r); - if(b[i]!=0) - { - p1p1_to_p3(r, &tp1p1); - add_p1p1(&tp1p1, r, &pre[b[i]]); - } - if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1); - else p1p1_to_p3(r, &tp1p1); - } -} - -void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) -{ - signed char b[85]; - int i; - ge25519_aff t; - sc25519_window3(b,s); - - choose_t((ge25519_aff *)r, 0, b[0]); - fe25519_setone(&r->z); - fe25519_mul(&r->t, &r->x, &r->y); - for(i=1;i<85;i++) - { - choose_t(&t, (unsigned long long) i, b[i]); - ge25519_mixadd2(r, &t); - } -} diff --git a/ssh_keygen_110/ge25519.h b/ssh_keygen_110/ge25519.h deleted file mode 100644 index a0976376..00000000 --- a/ssh_keygen_110/ge25519.h +++ /dev/null @@ -1,43 +0,0 @@ -/* $OpenBSD: ge25519.h,v 1.4 2015/02/16 18:26:26 miod Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h - */ - -#ifndef GE25519_H -#define GE25519_H - -#include "fe25519.h" -#include "sc25519.h" - -#define ge25519 crypto_sign_ed25519_ref_ge25519 -#define ge25519_base crypto_sign_ed25519_ref_ge25519_base -#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime -#define ge25519_pack crypto_sign_ed25519_ref_pack -#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime -#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime -#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base - -typedef struct -{ - fe25519 x; - fe25519 y; - fe25519 z; - fe25519 t; -} ge25519; - -extern const ge25519 ge25519_base; - -int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); - -void ge25519_pack(unsigned char r[32], const ge25519 *p); - -int ge25519_isneutral_vartime(const ge25519 *p); - -void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); - -void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); - -#endif diff --git a/ssh_keygen_110/ge25519_base.data b/ssh_keygen_110/ge25519_base.data deleted file mode 100644 index 66fb1b61..00000000 --- a/ssh_keygen_110/ge25519_base.data +++ /dev/null @@ -1,858 +0,0 @@ -/* $OpenBSD: ge25519_base.data,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519_base.data - */ - -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} , - {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}}, -{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} , - {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}}, -{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} , - {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}}, -{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} , - {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} , - {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}}, -{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} , - {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}}, -{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} , - {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}}, -{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} , - {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} , - {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}}, -{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} , - {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}}, -{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} , - {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}}, -{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} , - {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} , - {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}}, -{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} , - {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}}, -{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} , - {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}}, -{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} , - {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} , - {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}}, -{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} , - {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}}, -{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} , - {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}}, -{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} , - {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} , - {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}}, -{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} , - {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}}, -{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} , - {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}}, -{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} , - {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} , - {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}}, -{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} , - {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}}, -{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} , - {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}}, -{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} , - {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} , - {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}}, -{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} , - {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}}, -{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} , - {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}}, -{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} , - {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} , - {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}}, -{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} , - {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}}, -{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} , - {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}}, -{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} , - {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} , - {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}}, -{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} , - {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}}, -{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} , - {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}}, -{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} , - {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} , - {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}}, -{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} , - {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}}, -{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} , - {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}}, -{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} , - {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} , - {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}}, -{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} , - {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}}, -{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} , - {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}}, -{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} , - {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} , - {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}}, -{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} , - {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}}, -{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} , - {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}}, -{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} , - {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} , - {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}}, -{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} , - {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}}, -{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} , - {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}}, -{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} , - {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} , - {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}}, -{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} , - {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}}, -{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} , - {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}}, -{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} , - {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} , - {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}}, -{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} , - {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}}, -{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} , - {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}}, -{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} , - {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} , - {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}}, -{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} , - {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}}, -{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} , - {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}}, -{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} , - {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} , - {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}}, -{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} , - {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}}, -{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} , - {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}}, -{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} , - {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} , - {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}}, -{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} , - {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}}, -{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} , - {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}}, -{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} , - {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} , - {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}}, -{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} , - {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}}, -{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} , - {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}}, -{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} , - {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} , - {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}}, -{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} , - {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}}, -{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} , - {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}}, -{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} , - {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} , - {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}}, -{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} , - {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}}, -{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} , - {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}}, -{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} , - {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} , - {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}}, -{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} , - {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}}, -{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} , - {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}}, -{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} , - {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} , - {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}}, -{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} , - {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}}, -{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} , - {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}}, -{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} , - {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} , - {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}}, -{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} , - {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}}, -{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} , - {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}}, -{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} , - {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} , - {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}}, -{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} , - {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}}, -{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} , - {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}}, -{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} , - {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} , - {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}}, -{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} , - {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}}, -{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} , - {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}}, -{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} , - {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} , - {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}}, -{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} , - {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}}, -{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} , - {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}}, -{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} , - {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} , - {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}}, -{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} , - {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}}, -{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} , - {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}}, -{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} , - {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} , - {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}}, -{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} , - {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}}, -{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} , - {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}}, -{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} , - {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} , - {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}}, -{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} , - {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}}, -{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} , - {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}}, -{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} , - {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} , - {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}}, -{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} , - {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}}, -{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} , - {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}}, -{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} , - {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} , - {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}}, -{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} , - {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}}, -{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} , - {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}}, -{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} , - {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} , - {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}}, -{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} , - {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}}, -{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} , - {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}}, -{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} , - {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} , - {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}}, -{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} , - {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}}, -{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} , - {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}}, -{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} , - {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} , - {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}}, -{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} , - {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}}, -{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} , - {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}}, -{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} , - {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} , - {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}}, -{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} , - {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}}, -{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} , - {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}}, -{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} , - {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} , - {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}}, -{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} , - {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}}, -{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} , - {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}}, -{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} , - {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} , - {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}}, -{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} , - {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}}, -{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} , - {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}}, -{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} , - {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} , - {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}}, -{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} , - {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}}, -{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} , - {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}}, -{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} , - {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} , - {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}}, -{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} , - {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}}, -{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} , - {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}}, -{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} , - {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} , - {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}}, -{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} , - {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}}, -{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} , - {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}}, -{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} , - {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} , - {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}}, -{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} , - {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}}, -{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} , - {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}}, -{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} , - {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} , - {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}}, -{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} , - {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}}, -{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} , - {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}}, -{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} , - {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} , - {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}}, -{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} , - {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}}, -{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} , - {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}}, -{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} , - {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} , - {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}}, -{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} , - {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}}, -{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} , - {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}}, -{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} , - {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} , - {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}}, -{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} , - {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}}, -{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} , - {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}}, -{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} , - {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} , - {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}}, -{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} , - {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}}, -{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} , - {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}}, -{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} , - {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} , - {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}}, -{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} , - {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}}, -{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} , - {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}}, -{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} , - {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} , - {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}}, -{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} , - {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}}, -{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} , - {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}}, -{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} , - {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} , - {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}}, -{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} , - {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}}, -{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} , - {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}}, -{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} , - {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} , - {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}}, -{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} , - {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}}, -{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} , - {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}}, -{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} , - {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} , - {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}}, -{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} , - {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}}, -{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} , - {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}}, -{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} , - {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} , - {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}}, -{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} , - {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}}, -{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} , - {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}}, -{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} , - {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} , - {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}}, -{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} , - {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}}, -{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} , - {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}}, -{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} , - {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} , - {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}}, -{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} , - {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}}, -{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} , - {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}}, -{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} , - {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} , - {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}}, -{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} , - {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}}, -{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} , - {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}}, -{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} , - {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} , - {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}}, -{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} , - {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}}, -{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} , - {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}}, -{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} , - {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} , - {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}}, -{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} , - {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}}, -{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} , - {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}}, -{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} , - {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} , - {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}}, -{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} , - {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}}, -{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} , - {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}}, -{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} , - {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} , - {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}}, -{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} , - {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}}, -{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} , - {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}}, -{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} , - {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} , - {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}}, -{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} , - {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}}, -{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} , - {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}}, -{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} , - {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} , - {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}}, -{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} , - {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}}, -{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} , - {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}}, -{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} , - {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} , - {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}}, -{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} , - {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}}, -{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} , - {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}}, -{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} , - {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} , - {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}}, -{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} , - {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}}, -{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} , - {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}}, -{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} , - {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} , - {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}}, -{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} , - {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}}, -{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} , - {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}}, -{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} , - {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} , - {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}}, -{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} , - {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}}, -{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} , - {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}}, -{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} , - {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} , - {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}}, -{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} , - {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}}, -{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} , - {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}}, -{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} , - {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} , - {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}}, -{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} , - {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}}, -{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} , - {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}}, -{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} , - {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} , - {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}}, -{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} , - {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}}, -{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} , - {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}}, -{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} , - {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} , - {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}}, -{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} , - {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}}, -{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} , - {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}}, -{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} , - {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} , - {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}}, -{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} , - {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}}, -{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} , - {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}}, -{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} , - {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} , - {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}}, -{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} , - {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}}, -{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} , - {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}}, -{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} , - {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} , - {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}}, -{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} , - {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}}, -{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} , - {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}}, -{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} , - {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} , - {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}}, -{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} , - {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}}, -{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} , - {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}}, -{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} , - {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} , - {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}}, -{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} , - {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}}, -{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} , - {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}}, -{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} , - {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} , - {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}}, -{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} , - {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}}, -{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} , - {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}}, -{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} , - {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} , - {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}}, -{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} , - {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}}, -{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} , - {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}}, -{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} , - {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} , - {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}}, -{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} , - {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}}, -{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} , - {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}}, -{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} , - {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} , - {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}}, -{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} , - {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}}, -{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} , - {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}}, -{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} , - {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} , - {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}}, -{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} , - {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}}, -{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} , - {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}}, -{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} , - {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} , - {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}}, -{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} , - {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}}, -{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} , - {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}}, -{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} , - {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} , - {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}}, -{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} , - {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}}, -{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} , - {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}}, -{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} , - {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} , - {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}}, -{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} , - {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}}, -{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} , - {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}}, -{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} , - {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} , - {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}}, -{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} , - {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}}, -{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} , - {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}}, -{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} , - {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}} diff --git a/ssh_keygen_110/hash.c b/ssh_keygen_110/hash.c deleted file mode 100644 index 5875d41f..00000000 --- a/ssh_keygen_110/hash.c +++ /dev/null @@ -1,27 +0,0 @@ -/* $OpenBSD: hash.c,v 1.4 2017/12/14 21:07:39 naddy Exp $ */ - -/* $OpenBSD: hash.c,v 1.5 2018/01/13 00:24:09 naddy Exp $ */ -/* - * Public domain. Author: Christian Weisgerber - * API compatible reimplementation of function from nacl - */ - -#include "crypto_api.h" - -#include - -#include "digest.h" -#include "log.h" -#include "ssherr.h" - -int -crypto_hash_sha512(unsigned char *out, const unsigned char *in, - unsigned long long inlen) -{ - int r; - - if ((r = ssh_digest_memory(SSH_DIGEST_SHA512, in, inlen, out, - crypto_hash_sha512_BYTES)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - return 0; -} diff --git a/ssh_keygen_110/hmac.c b/ssh_keygen_110/hmac.c deleted file mode 100644 index 1c879640..00000000 --- a/ssh_keygen_110/hmac.c +++ /dev/null @@ -1,197 +0,0 @@ -/* $OpenBSD: hmac.c,v 1.12 2015/03/24 20:03:44 markus Exp $ */ -/* - * Copyright (c) 2014 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include - -#include "sshbuf.h" -#include "digest.h" -#include "hmac.h" - -struct ssh_hmac_ctx { - int alg; - struct ssh_digest_ctx *ictx; - struct ssh_digest_ctx *octx; - struct ssh_digest_ctx *digest; - u_char *buf; - size_t buf_len; -}; - -size_t -ssh_hmac_bytes(int alg) -{ - return ssh_digest_bytes(alg); -} - -struct ssh_hmac_ctx * -ssh_hmac_start(int alg) -{ - struct ssh_hmac_ctx *ret; - - if ((ret = calloc(1, sizeof(*ret))) == NULL) - return NULL; - ret->alg = alg; - if ((ret->ictx = ssh_digest_start(alg)) == NULL || - (ret->octx = ssh_digest_start(alg)) == NULL || - (ret->digest = ssh_digest_start(alg)) == NULL) - goto fail; - ret->buf_len = ssh_digest_blocksize(ret->ictx); - if ((ret->buf = calloc(1, ret->buf_len)) == NULL) - goto fail; - return ret; -fail: - ssh_hmac_free(ret); - return NULL; -} - -int -ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) -{ - size_t i; - - /* reset ictx and octx if no is key given */ - if (key != NULL) { - /* truncate long keys */ - if (klen <= ctx->buf_len) - memcpy(ctx->buf, key, klen); - else if (ssh_digest_memory(ctx->alg, key, klen, ctx->buf, - ctx->buf_len) < 0) - return -1; - for (i = 0; i < ctx->buf_len; i++) - ctx->buf[i] ^= 0x36; - if (ssh_digest_update(ctx->ictx, ctx->buf, ctx->buf_len) < 0) - return -1; - for (i = 0; i < ctx->buf_len; i++) - ctx->buf[i] ^= 0x36 ^ 0x5c; - if (ssh_digest_update(ctx->octx, ctx->buf, ctx->buf_len) < 0) - return -1; - explicit_bzero(ctx->buf, ctx->buf_len); - } - /* start with ictx */ - if (ssh_digest_copy_state(ctx->ictx, ctx->digest) < 0) - return -1; - return 0; -} - -int -ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) -{ - return ssh_digest_update(ctx->digest, m, mlen); -} - -int -ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const struct sshbuf *b) -{ - return ssh_digest_update_buffer(ctx->digest, b); -} - -int -ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) -{ - size_t len; - - len = ssh_digest_bytes(ctx->alg); - if (dlen < len || - ssh_digest_final(ctx->digest, ctx->buf, len)) - return -1; - /* switch to octx */ - if (ssh_digest_copy_state(ctx->octx, ctx->digest) < 0 || - ssh_digest_update(ctx->digest, ctx->buf, len) < 0 || - ssh_digest_final(ctx->digest, d, dlen) < 0) - return -1; - return 0; -} - -void -ssh_hmac_free(struct ssh_hmac_ctx *ctx) -{ - if (ctx != NULL) { - ssh_digest_free(ctx->ictx); - ssh_digest_free(ctx->octx); - ssh_digest_free(ctx->digest); - if (ctx->buf) { - explicit_bzero(ctx->buf, ctx->buf_len); - free(ctx->buf); - } - explicit_bzero(ctx, sizeof(*ctx)); - free(ctx); - } -} - -#ifdef TEST - -/* cc -DTEST hmac.c digest.c buffer.c cleanup.c fatal.c log.c xmalloc.c -lcrypto */ -static void -hmac_test(void *key, size_t klen, void *m, size_t mlen, u_char *e, size_t elen) -{ - struct ssh_hmac_ctx *ctx; - size_t i; - u_char digest[16]; - - if ((ctx = ssh_hmac_start(SSH_DIGEST_MD5)) == NULL) - printf("ssh_hmac_start failed"); - if (ssh_hmac_init(ctx, key, klen) < 0 || - ssh_hmac_update(ctx, m, mlen) < 0 || - ssh_hmac_final(ctx, digest, sizeof(digest)) < 0) - printf("ssh_hmac_xxx failed"); - ssh_hmac_free(ctx); - - if (memcmp(e, digest, elen)) { - for (i = 0; i < elen; i++) - printf("[%zu] %2.2x %2.2x\n", i, e[i], digest[i]); - printf("mismatch\n"); - } else - printf("ok\n"); -} - -int -main(int argc, char **argv) -{ - /* try test vectors from RFC 2104 */ - - u_char key1[16] = { - 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, - 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb }; - u_char *data1 = "Hi There"; - u_char dig1[16] = { - 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, - 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d }; - - u_char *key2 = "Jefe"; - u_char *data2 = "what do ya want for nothing?"; - u_char dig2[16] = { - 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03, - 0xea, 0xa8, 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 }; - - u_char key3[16]; - u_char data3[50]; - u_char dig3[16] = { - 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88, - 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 }; - memset(key3, 0xaa, sizeof(key3)); - memset(data3, 0xdd, sizeof(data3)); - - hmac_test(key1, sizeof(key1), data1, strlen(data1), dig1, sizeof(dig1)); - hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2)); - hmac_test(key3, sizeof(key3), data3, sizeof(data3), dig3, sizeof(dig3)); - - return 0; -} - -#endif diff --git a/ssh_keygen_110/hmac.h b/ssh_keygen_110/hmac.h deleted file mode 100644 index 42b33d00..00000000 --- a/ssh_keygen_110/hmac.h +++ /dev/null @@ -1,38 +0,0 @@ -/* $OpenBSD: hmac.h,v 1.9 2014/06/24 01:13:21 djm Exp $ */ -/* - * Copyright (c) 2014 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _HMAC_H -#define _HMAC_H - -/* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */ -size_t ssh_hmac_bytes(int alg); - -struct sshbuf; -struct ssh_hmac_ctx; -struct ssh_hmac_ctx *ssh_hmac_start(int alg); - -/* Sets the state of the HMAC or resets the state if key == NULL */ -int ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) - __attribute__((__bounded__(__buffer__, 2, 3))); -int ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) - __attribute__((__bounded__(__buffer__, 2, 3))); -int ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const struct sshbuf *b); -int ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) - __attribute__((__bounded__(__buffer__, 2, 3))); -void ssh_hmac_free(struct ssh_hmac_ctx *ctx); - -#endif /* _HMAC_H */ diff --git a/ssh_keygen_110/hostfile.c b/ssh_keygen_110/hostfile.c deleted file mode 100644 index e1f826bd..00000000 --- a/ssh_keygen_110/hostfile.c +++ /dev/null @@ -1,834 +0,0 @@ -/* $OpenBSD: hostfile.c,v 1.73 2018/07/16 03:09:13 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Functions for manipulating the known hosts files. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved. - * Copyright (c) 1999 Niels Provos. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "match.h" -#include "sshkey.h" -#include "hostfile.h" -#include "log.h" -#include "misc.h" -#include "ssherr.h" -#include "digest.h" -#include "hmac.h" - -struct hostkeys { - struct hostkey_entry *entries; - u_int num_entries; -}; - -/* XXX hmac is too easy to dictionary attack; use bcrypt? */ - -static int -extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len) -{ - char *p, *b64salt; - u_int b64len; - int ret; - - if (l < sizeof(HASH_MAGIC) - 1) { - debug2("extract_salt: string too short"); - return (-1); - } - if (strncmp(s, HASH_MAGIC, sizeof(HASH_MAGIC) - 1) != 0) { - debug2("extract_salt: invalid magic identifier"); - return (-1); - } - s += sizeof(HASH_MAGIC) - 1; - l -= sizeof(HASH_MAGIC) - 1; - if ((p = memchr(s, HASH_DELIM, l)) == NULL) { - debug2("extract_salt: missing salt termination character"); - return (-1); - } - - b64len = p - s; - /* Sanity check */ - if (b64len == 0 || b64len > 1024) { - debug2("extract_salt: bad encoded salt length %u", b64len); - return (-1); - } - b64salt = xmalloc(1 + b64len); - memcpy(b64salt, s, b64len); - b64salt[b64len] = '\0'; - - ret = __b64_pton(b64salt, salt, salt_len); - free(b64salt); - if (ret == -1) { - debug2("extract_salt: salt decode error"); - return (-1); - } - if (ret != (int)ssh_hmac_bytes(SSH_DIGEST_SHA1)) { - debug2("extract_salt: expected salt len %zd, got %d", - ssh_hmac_bytes(SSH_DIGEST_SHA1), ret); - return (-1); - } - - return (0); -} - -char * -host_hash(const char *host, const char *name_from_hostfile, u_int src_len) -{ - struct ssh_hmac_ctx *ctx; - u_char salt[256], result[256]; - char uu_salt[512], uu_result[512]; - static char encoded[1024]; - u_int len; - - len = ssh_digest_bytes(SSH_DIGEST_SHA1); - - if (name_from_hostfile == NULL) { - /* Create new salt */ - arc4random_buf(salt, len); - } else { - /* Extract salt from known host entry */ - if (extract_salt(name_from_hostfile, src_len, salt, - sizeof(salt)) == -1) - return (NULL); - } - - if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL || - ssh_hmac_init(ctx, salt, len) < 0 || - ssh_hmac_update(ctx, host, strlen(host)) < 0 || - ssh_hmac_final(ctx, result, sizeof(result))) - fatal("%s: ssh_hmac failed", __func__); - ssh_hmac_free(ctx); - - if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || - __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) - fatal("%s: __b64_ntop failed", __func__); - - snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, - HASH_DELIM, uu_result); - - return (encoded); -} - -/* - * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the - * pointer over the key. Skips any whitespace at the beginning and at end. - */ - -int -hostfile_read_key(char **cpp, u_int *bitsp, struct sshkey *ret) -{ - char *cp; - int r; - - /* Skip leading whitespace. */ - for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++) - ; - - if ((r = sshkey_read(ret, &cp)) != 0) - return 0; - - /* Skip trailing whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - - /* Return results. */ - *cpp = cp; - if (bitsp != NULL) - *bitsp = sshkey_size(ret); - return 1; -} - -static HostkeyMarker -check_markers(char **cpp) -{ - char marker[32], *sp, *cp = *cpp; - int ret = MRK_NONE; - - while (*cp == '@') { - /* Only one marker is allowed */ - if (ret != MRK_NONE) - return MRK_ERROR; - /* Markers are terminated by whitespace */ - if ((sp = strchr(cp, ' ')) == NULL && - (sp = strchr(cp, '\t')) == NULL) - return MRK_ERROR; - /* Extract marker for comparison */ - if (sp <= cp + 1 || sp >= cp + sizeof(marker)) - return MRK_ERROR; - memcpy(marker, cp, sp - cp); - marker[sp - cp] = '\0'; - if (strcmp(marker, CA_MARKER) == 0) - ret = MRK_CA; - else if (strcmp(marker, REVOKE_MARKER) == 0) - ret = MRK_REVOKE; - else - return MRK_ERROR; - - /* Skip past marker and any whitespace that follows it */ - cp = sp; - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - } - *cpp = cp; - return ret; -} - -struct hostkeys * -init_hostkeys(void) -{ - struct hostkeys *ret = xcalloc(1, sizeof(*ret)); - - ret->entries = NULL; - return ret; -} - -struct load_callback_ctx { - const char *host; - u_long num_loaded; - struct hostkeys *hostkeys; -}; - -static int -record_hostkey(struct hostkey_foreach_line *l, void *_ctx) -{ - struct load_callback_ctx *ctx = (struct load_callback_ctx *)_ctx; - struct hostkeys *hostkeys = ctx->hostkeys; - struct hostkey_entry *tmp; - - if (l->status == HKF_STATUS_INVALID) { - /* XXX make this verbose() in the future */ - debug("%s:%ld: parse error in hostkeys file", - l->path, l->linenum); - return 0; - } - - debug3("%s: found %skey type %s in file %s:%lu", __func__, - l->marker == MRK_NONE ? "" : - (l->marker == MRK_CA ? "ca " : "revoked "), - sshkey_type(l->key), l->path, l->linenum); - if ((tmp = recallocarray(hostkeys->entries, hostkeys->num_entries, - hostkeys->num_entries + 1, sizeof(*hostkeys->entries))) == NULL) - return SSH_ERR_ALLOC_FAIL; - hostkeys->entries = tmp; - hostkeys->entries[hostkeys->num_entries].host = xstrdup(ctx->host); - hostkeys->entries[hostkeys->num_entries].file = xstrdup(l->path); - hostkeys->entries[hostkeys->num_entries].line = l->linenum; - hostkeys->entries[hostkeys->num_entries].key = l->key; - l->key = NULL; /* steal it */ - hostkeys->entries[hostkeys->num_entries].marker = l->marker; - hostkeys->num_entries++; - ctx->num_loaded++; - - return 0; -} - -void -load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) -{ - int r; - struct load_callback_ctx ctx; - - ctx.host = host; - ctx.num_loaded = 0; - ctx.hostkeys = hostkeys; - - if ((r = hostkeys_foreach(path, record_hostkey, &ctx, host, NULL, - HKF_WANT_MATCH|HKF_WANT_PARSE_KEY)) != 0) { - if (r != SSH_ERR_SYSTEM_ERROR && errno != ENOENT) - debug("%s: hostkeys_foreach failed for %s: %s", - __func__, path, ssh_err(r)); - } - if (ctx.num_loaded != 0) - debug3("%s: loaded %lu keys from %s", __func__, - ctx.num_loaded, host); -} - -void -free_hostkeys(struct hostkeys *hostkeys) -{ - u_int i; - - for (i = 0; i < hostkeys->num_entries; i++) { - free(hostkeys->entries[i].host); - free(hostkeys->entries[i].file); - sshkey_free(hostkeys->entries[i].key); - explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); - } - free(hostkeys->entries); - explicit_bzero(hostkeys, sizeof(*hostkeys)); - free(hostkeys); -} - -static int -check_key_not_revoked(struct hostkeys *hostkeys, struct sshkey *k) -{ - int is_cert = sshkey_is_cert(k); - u_int i; - - for (i = 0; i < hostkeys->num_entries; i++) { - if (hostkeys->entries[i].marker != MRK_REVOKE) - continue; - if (sshkey_equal_public(k, hostkeys->entries[i].key)) - return -1; - if (is_cert && - sshkey_equal_public(k->cert->signature_key, - hostkeys->entries[i].key)) - return -1; - } - return 0; -} - -/* - * Match keys against a specified key, or look one up by key type. - * - * If looking for a keytype (key == NULL) and one is found then return - * HOST_FOUND, otherwise HOST_NEW. - * - * If looking for a key (key != NULL): - * 1. If the key is a cert and a matching CA is found, return HOST_OK - * 2. If the key is not a cert and a matching key is found, return HOST_OK - * 3. If no key matches but a key with a different type is found, then - * return HOST_CHANGED - * 4. If no matching keys are found, then return HOST_NEW. - * - * Finally, check any found key is not revoked. - */ -static HostStatus -check_hostkeys_by_key_or_type(struct hostkeys *hostkeys, - struct sshkey *k, int keytype, const struct hostkey_entry **found) -{ - u_int i; - HostStatus end_return = HOST_NEW; - int want_cert = sshkey_is_cert(k); - HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; - - if (found != NULL) - *found = NULL; - - for (i = 0; i < hostkeys->num_entries; i++) { - if (hostkeys->entries[i].marker != want_marker) - continue; - if (k == NULL) { - if (hostkeys->entries[i].key->type != keytype) - continue; - end_return = HOST_FOUND; - if (found != NULL) - *found = hostkeys->entries + i; - k = hostkeys->entries[i].key; - break; - } - if (want_cert) { - if (sshkey_equal_public(k->cert->signature_key, - hostkeys->entries[i].key)) { - /* A matching CA exists */ - end_return = HOST_OK; - if (found != NULL) - *found = hostkeys->entries + i; - break; - } - } else { - if (sshkey_equal(k, hostkeys->entries[i].key)) { - end_return = HOST_OK; - if (found != NULL) - *found = hostkeys->entries + i; - break; - } - /* A non-maching key exists */ - end_return = HOST_CHANGED; - if (found != NULL) - *found = hostkeys->entries + i; - } - } - if (check_key_not_revoked(hostkeys, k) != 0) { - end_return = HOST_REVOKED; - if (found != NULL) - *found = NULL; - } - return end_return; -} - -HostStatus -check_key_in_hostkeys(struct hostkeys *hostkeys, struct sshkey *key, - const struct hostkey_entry **found) -{ - if (key == NULL) - fatal("no key to look up"); - return check_hostkeys_by_key_or_type(hostkeys, key, 0, found); -} - -int -lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype, - const struct hostkey_entry **found) -{ - return (check_hostkeys_by_key_or_type(hostkeys, NULL, keytype, - found) == HOST_FOUND); -} - -static int -write_host_entry(FILE *f, const char *host, const char *ip, - const struct sshkey *key, int store_hash) -{ - int r, success = 0; - char *hashed_host = NULL, *lhost; - - lhost = xstrdup(host); - lowercase(lhost); - - if (store_hash) { - if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { - error("%s: host_hash failed", __func__); - free(lhost); - return 0; - } - fprintf(f, "%s ", hashed_host); - } else if (ip != NULL) - fprintf(f, "%s,%s ", lhost, ip); - else { - fprintf(f, "%s ", lhost); - } - free(lhost); - if ((r = sshkey_write(key, f)) == 0) - success = 1; - else - error("%s: sshkey_write failed: %s", __func__, ssh_err(r)); - fputc('\n', f); - return success; -} - -/* - * Appends an entry to the host file. Returns false if the entry could not - * be appended. - */ -int -add_host_to_hostfile(const char *filename, const char *host, - const struct sshkey *key, int store_hash) -{ - FILE *f; - int success; - - if (key == NULL) - return 1; /* XXX ? */ - f = fopen(filename, "a"); - if (!f) - return 0; - success = write_host_entry(f, host, NULL, key, store_hash); - fclose(f); - return success; -} - -struct host_delete_ctx { - FILE *out; - int quiet; - const char *host; - int *skip_keys; /* XXX split for host/ip? might want to ensure both */ - struct sshkey * const *keys; - size_t nkeys; - int modified; -}; - -static int -host_delete(struct hostkey_foreach_line *l, void *_ctx) -{ - struct host_delete_ctx *ctx = (struct host_delete_ctx *)_ctx; - int loglevel = ctx->quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE; - size_t i; - - if (l->status == HKF_STATUS_MATCHED) { - if (l->marker != MRK_NONE) { - /* Don't remove CA and revocation lines */ - fprintf(ctx->out, "%s\n", l->line); - return 0; - } - - /* - * If this line contains one of the keys that we will be - * adding later, then don't change it and mark the key for - * skipping. - */ - for (i = 0; i < ctx->nkeys; i++) { - if (sshkey_equal(ctx->keys[i], l->key)) { - ctx->skip_keys[i] = 1; - fprintf(ctx->out, "%s\n", l->line); - debug3("%s: %s key already at %s:%ld", __func__, - sshkey_type(l->key), l->path, l->linenum); - return 0; - } - } - - /* - * Hostname matches and has no CA/revoke marker, delete it - * by *not* writing the line to ctx->out. - */ - do_log2(loglevel, "%s%s%s:%ld: Removed %s key for host %s", - ctx->quiet ? __func__ : "", ctx->quiet ? ": " : "", - l->path, l->linenum, sshkey_type(l->key), ctx->host); - ctx->modified = 1; - return 0; - } - /* Retain non-matching hosts and invalid lines when deleting */ - if (l->status == HKF_STATUS_INVALID) { - do_log2(loglevel, "%s%s%s:%ld: invalid known_hosts entry", - ctx->quiet ? __func__ : "", ctx->quiet ? ": " : "", - l->path, l->linenum); - } - fprintf(ctx->out, "%s\n", l->line); - return 0; -} - -int -hostfile_replace_entries(const char *filename, const char *host, const char *ip, - struct sshkey **keys, size_t nkeys, int store_hash, int quiet, int hash_alg) -{ - int r, fd, oerrno = 0; - int loglevel = quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE; - struct host_delete_ctx ctx; - char *fp, *temp = NULL, *back = NULL; - mode_t omask; - size_t i; - - omask = umask(077); - - memset(&ctx, 0, sizeof(ctx)); - ctx.host = host; - ctx.quiet = quiet; - if ((ctx.skip_keys = calloc(nkeys, sizeof(*ctx.skip_keys))) == NULL) - return SSH_ERR_ALLOC_FAIL; - ctx.keys = keys; - ctx.nkeys = nkeys; - ctx.modified = 0; - - /* - * Prepare temporary file for in-place deletion. - */ - if ((r = asprintf(&temp, "%s.XXXXXXXXXXX", filename)) < 0 || - (r = asprintf(&back, "%s.old", filename)) < 0) { - r = SSH_ERR_ALLOC_FAIL; - goto fail; - } - - if ((fd = mkstemp(temp)) == -1) { - oerrno = errno; - error("%s: mkstemp: %s", __func__, strerror(oerrno)); - r = SSH_ERR_SYSTEM_ERROR; - goto fail; - } - if ((ctx.out = fdopen(fd, "w")) == NULL) { - oerrno = errno; - close(fd); - error("%s: fdopen: %s", __func__, strerror(oerrno)); - r = SSH_ERR_SYSTEM_ERROR; - goto fail; - } - - /* Remove all entries for the specified host from the file */ - if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip, - HKF_WANT_PARSE_KEY)) != 0) { - error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); - goto fail; - } - - /* Add the requested keys */ - for (i = 0; i < nkeys; i++) { - if (ctx.skip_keys[i]) - continue; - if ((fp = sshkey_fingerprint(keys[i], hash_alg, - SSH_FP_DEFAULT)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto fail; - } - do_log2(loglevel, "%s%sAdding new key for %s to %s: %s %s", - quiet ? __func__ : "", quiet ? ": " : "", host, filename, - sshkey_ssh_name(keys[i]), fp); - free(fp); - if (!write_host_entry(ctx.out, host, ip, keys[i], store_hash)) { - r = SSH_ERR_INTERNAL_ERROR; - goto fail; - } - ctx.modified = 1; - } - fclose(ctx.out); - ctx.out = NULL; - - if (ctx.modified) { - /* Backup the original file and replace it with the temporary */ - if (unlink(back) == -1 && errno != ENOENT) { - oerrno = errno; - error("%s: unlink %.100s: %s", __func__, - back, strerror(errno)); - r = SSH_ERR_SYSTEM_ERROR; - goto fail; - } - if (link(filename, back) == -1) { - oerrno = errno; - error("%s: link %.100s to %.100s: %s", __func__, - filename, back, strerror(errno)); - r = SSH_ERR_SYSTEM_ERROR; - goto fail; - } - if (rename(temp, filename) == -1) { - oerrno = errno; - error("%s: rename \"%s\" to \"%s\": %s", __func__, - temp, filename, strerror(errno)); - r = SSH_ERR_SYSTEM_ERROR; - goto fail; - } - } else { - /* No changes made; just delete the temporary file */ - if (unlink(temp) != 0) - error("%s: unlink \"%s\": %s", __func__, - temp, strerror(errno)); - } - - /* success */ - r = 0; - fail: - if (temp != NULL && r != 0) - unlink(temp); - free(temp); - free(back); - if (ctx.out != NULL) - fclose(ctx.out); - free(ctx.skip_keys); - umask(omask); - if (r == SSH_ERR_SYSTEM_ERROR) - errno = oerrno; - return r; -} - -static int -match_maybe_hashed(const char *host, const char *names, int *was_hashed) -{ - int hashed = *names == HASH_DELIM; - const char *hashed_host; - size_t nlen = strlen(names); - - if (was_hashed != NULL) - *was_hashed = hashed; - if (hashed) { - if ((hashed_host = host_hash(host, names, nlen)) == NULL) - return -1; - return nlen == strlen(hashed_host) && - strncmp(hashed_host, names, nlen) == 0; - } - return match_hostname(host, names) == 1; -} - -int -hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, - const char *host, const char *ip, u_int options) -{ - FILE *f; - char *line = NULL, ktype[128]; - u_long linenum = 0; - char *cp, *cp2; - u_int kbits; - int hashed; - int s, r = 0; - struct hostkey_foreach_line lineinfo; - size_t linesize = 0, l; - - memset(&lineinfo, 0, sizeof(lineinfo)); - if (host == NULL && (options & HKF_WANT_MATCH) != 0) - return SSH_ERR_INVALID_ARGUMENT; - if ((f = fopen(path, "r")) == NULL) - return SSH_ERR_SYSTEM_ERROR; - - debug3("%s: reading file \"%s\"", __func__, path); - while (getline(&line, &linesize, f) != -1) { - linenum++; - line[strcspn(line, "\n")] = '\0'; - - free(lineinfo.line); - sshkey_free(lineinfo.key); - memset(&lineinfo, 0, sizeof(lineinfo)); - lineinfo.path = path; - lineinfo.linenum = linenum; - lineinfo.line = xstrdup(line); - lineinfo.marker = MRK_NONE; - lineinfo.status = HKF_STATUS_OK; - lineinfo.keytype = KEY_UNSPEC; - - /* Skip any leading whitespace, comments and empty lines. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '#' || *cp == '\n') { - if ((options & HKF_WANT_MATCH) == 0) { - lineinfo.status = HKF_STATUS_COMMENT; - if ((r = callback(&lineinfo, ctx)) != 0) - break; - } - continue; - } - - if ((lineinfo.marker = check_markers(&cp)) == MRK_ERROR) { - verbose("%s: invalid marker at %s:%lu", - __func__, path, linenum); - if ((options & HKF_WANT_MATCH) == 0) - goto bad; - continue; - } - - /* Find the end of the host name portion. */ - for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++) - ; - lineinfo.hosts = cp; - *cp2++ = '\0'; - - /* Check if the host name matches. */ - if (host != NULL) { - if ((s = match_maybe_hashed(host, lineinfo.hosts, - &hashed)) == -1) { - debug2("%s: %s:%ld: bad host hash \"%.32s\"", - __func__, path, linenum, lineinfo.hosts); - goto bad; - } - if (s == 1) { - lineinfo.status = HKF_STATUS_MATCHED; - lineinfo.match |= HKF_MATCH_HOST | - (hashed ? HKF_MATCH_HOST_HASHED : 0); - } - /* Try matching IP address if supplied */ - if (ip != NULL) { - if ((s = match_maybe_hashed(ip, lineinfo.hosts, - &hashed)) == -1) { - debug2("%s: %s:%ld: bad ip hash " - "\"%.32s\"", __func__, path, - linenum, lineinfo.hosts); - goto bad; - } - if (s == 1) { - lineinfo.status = HKF_STATUS_MATCHED; - lineinfo.match |= HKF_MATCH_IP | - (hashed ? HKF_MATCH_IP_HASHED : 0); - } - } - /* - * Skip this line if host matching requested and - * neither host nor address matched. - */ - if ((options & HKF_WANT_MATCH) != 0 && - lineinfo.status != HKF_STATUS_MATCHED) - continue; - } - - /* Got a match. Skip host name and any following whitespace */ - for (; *cp2 == ' ' || *cp2 == '\t'; cp2++) - ; - if (*cp2 == '\0' || *cp2 == '#') { - debug2("%s:%ld: truncated before key type", - path, linenum); - goto bad; - } - lineinfo.rawkey = cp = cp2; - - if ((options & HKF_WANT_PARSE_KEY) != 0) { - /* - * Extract the key from the line. This will skip - * any leading whitespace. Ignore badly formatted - * lines. - */ - if ((lineinfo.key = sshkey_new(KEY_UNSPEC)) == NULL) { - error("%s: sshkey_new failed", __func__); - r = SSH_ERR_ALLOC_FAIL; - break; - } - if (!hostfile_read_key(&cp, &kbits, lineinfo.key)) { - goto bad; - } - lineinfo.keytype = lineinfo.key->type; - lineinfo.comment = cp; - } else { - /* Extract and parse key type */ - l = strcspn(lineinfo.rawkey, " \t"); - if (l <= 1 || l >= sizeof(ktype) || - lineinfo.rawkey[l] == '\0') - goto bad; - memcpy(ktype, lineinfo.rawkey, l); - ktype[l] = '\0'; - lineinfo.keytype = sshkey_type_from_name(ktype); - - /* - * Assume legacy RSA1 if the first component is a short - * decimal number. - */ - if (lineinfo.keytype == KEY_UNSPEC && l < 8 && - strspn(ktype, "0123456789") == l) - goto bad; - - /* - * Check that something other than whitespace follows - * the key type. This won't catch all corruption, but - * it does catch trivial truncation. - */ - cp2 += l; /* Skip past key type */ - for (; *cp2 == ' ' || *cp2 == '\t'; cp2++) - ; - if (*cp2 == '\0' || *cp2 == '#') { - debug2("%s:%ld: truncated after key type", - path, linenum); - lineinfo.keytype = KEY_UNSPEC; - } - if (lineinfo.keytype == KEY_UNSPEC) { - bad: - sshkey_free(lineinfo.key); - lineinfo.key = NULL; - lineinfo.status = HKF_STATUS_INVALID; - if ((r = callback(&lineinfo, ctx)) != 0) - break; - continue; - } - } - if ((r = callback(&lineinfo, ctx)) != 0) - break; - } - sshkey_free(lineinfo.key); - free(lineinfo.line); - free(line); - fclose(f); - return r; -} diff --git a/ssh_keygen_110/hostfile.h b/ssh_keygen_110/hostfile.h deleted file mode 100644 index bd210437..00000000 --- a/ssh_keygen_110/hostfile.h +++ /dev/null @@ -1,108 +0,0 @@ -/* $OpenBSD: hostfile.h,v 1.24 2015/02/16 22:08:57 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ -#ifndef HOSTFILE_H -#define HOSTFILE_H - -typedef enum { - HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND -} HostStatus; - -typedef enum { - MRK_ERROR, MRK_NONE, MRK_REVOKE, MRK_CA -} HostkeyMarker; - -struct hostkey_entry { - char *host; - char *file; - u_long line; - struct sshkey *key; - HostkeyMarker marker; -}; -struct hostkeys; - -struct hostkeys *init_hostkeys(void); -void load_hostkeys(struct hostkeys *, const char *, const char *); -void free_hostkeys(struct hostkeys *); - -HostStatus check_key_in_hostkeys(struct hostkeys *, struct sshkey *, - const struct hostkey_entry **); -int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, - const struct hostkey_entry **); - -int hostfile_read_key(char **, u_int *, struct sshkey *); -int add_host_to_hostfile(const char *, const char *, - const struct sshkey *, int); - -int hostfile_replace_entries(const char *filename, - const char *host, const char *ip, struct sshkey **keys, size_t nkeys, - int store_hash, int quiet, int hash_alg); - -#define HASH_MAGIC "|1|" -#define HASH_DELIM '|' - -#define CA_MARKER "@cert-authority" -#define REVOKE_MARKER "@revoked" - -char *host_hash(const char *, const char *, u_int); - -/* - * Iterate through a hostkeys file, optionally parsing keys and matching - * hostnames. Allows access to the raw keyfile lines to allow - * streaming edits to the file to take place. - */ -#define HKF_WANT_MATCH (1) /* return only matching hosts/addrs */ -#define HKF_WANT_PARSE_KEY (1<<1) /* need key parsed */ - -#define HKF_STATUS_OK 0 /* Line parsed, didn't match host */ -#define HKF_STATUS_INVALID 1 /* line had parse error */ -#define HKF_STATUS_COMMENT 2 /* valid line contained no key */ -#define HKF_STATUS_MATCHED 3 /* hostname or IP matched */ - -#define HKF_MATCH_HOST (1) /* hostname matched */ -#define HKF_MATCH_IP (1<<1) /* address matched */ -#define HKF_MATCH_HOST_HASHED (1<<2) /* hostname was hashed */ -#define HKF_MATCH_IP_HASHED (1<<3) /* address was hashed */ -/* XXX HKF_MATCH_KEY_TYPE? */ - -/* - * The callback function receives this as an argument for each matching - * hostkey line. The callback may "steal" the 'key' field by setting it to NULL. - * If a parse error occurred, then "hosts" and subsequent options may be NULL. - */ -struct hostkey_foreach_line { - const char *path; /* Path of file */ - u_long linenum; /* Line number */ - u_int status; /* One of HKF_STATUS_* */ - u_int match; /* Zero or more of HKF_MATCH_* OR'd together */ - char *line; /* Entire key line; mutable by callback */ - int marker; /* CA/revocation markers; indicated by MRK_* value */ - const char *hosts; /* Raw hosts text, may be hashed or list multiple */ - const char *rawkey; /* Text of key and any comment following it */ - int keytype; /* Type of key; KEY_UNSPEC for invalid/comment lines */ - struct sshkey *key; /* Key, if parsed ok and HKF_WANT_MATCH_HOST set */ - const char *comment; /* Any comment following the key */ -}; - -/* - * Callback fires for each line (or matching line if a HKF_WANT_* option - * is set). The foreach loop will terminate if the callback returns a non- - * zero exit status. - */ -typedef int hostkeys_foreach_fn(struct hostkey_foreach_line *l, void *ctx); - -/* Iterate over a hostkeys file */ -int hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, - const char *host, const char *ip, u_int options); - -#endif diff --git a/ssh_keygen_110/includes.h b/ssh_keygen_110/includes.h deleted file mode 100644 index 1a741851..00000000 --- a/ssh_keygen_110/includes.h +++ /dev/null @@ -1,183 +0,0 @@ -/* $OpenBSD: includes.h,v 1.54 2006/07/22 20:48:23 stevesk Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * This file includes most of the needed system headers. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef INCLUDES_H -#define INCLUDES_H - -#include "config.h" - -#ifndef _GNU_SOURCE -#define _GNU_SOURCE /* activate extra prototypes for glibc */ -#endif - -#include -#include -#include /* For CMSG_* */ - -#ifdef HAVE_LIMITS_H -# include /* For PATH_MAX, _POSIX_HOST_NAME_MAX */ -#endif -#ifdef HAVE_BSTRING_H -# include -#endif -#ifdef HAVE_ENDIAN_H -# include -#endif -#ifdef HAVE_TTYENT_H -# include -#endif -#ifdef HAVE_UTIME_H -# include -#endif -#ifdef HAVE_MAILLOCK_H -# include /* For _PATH_MAILDIR */ -#endif -#ifdef HAVE_NEXT -# include -#endif -#ifdef HAVE_PATHS_H -# include -#endif - -/* - *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively - */ -#ifdef HAVE_STRINGS_H -# include -#endif -#ifdef HAVE_LOGIN_H -# include -#endif - -#ifdef HAVE_UTMP_H -# include -#endif -#ifdef HAVE_UTMPX_H -# include -#endif -#ifdef HAVE_LASTLOG_H -# include -#endif - -#ifdef HAVE_SYS_SELECT_H -# include -#endif -#ifdef HAVE_SYS_BSDTTY_H -# include -#endif -#ifdef HAVE_STDINT_H -# include -#endif -#include -#ifdef HAVE_SYS_BITYPES_H -# include /* For u_intXX_t */ -#endif -#ifdef HAVE_SYS_CDEFS_H -# include /* For __P() */ -#endif -#ifdef HAVE_SYS_STAT_H -# include /* For S_* constants and macros */ -#endif -#ifdef HAVE_SYS_SYSMACROS_H -# include /* For MIN, MAX, etc */ -#endif -#ifdef HAVE_SYS_TIME_H -# include /* for timespeccmp if present */ -#endif -#ifdef HAVE_SYS_MMAN_H -#include /* for MAP_ANONYMOUS */ -#endif -#ifdef HAVE_SYS_STRTIO_H -#include /* for TIOCCBRK on HP-UX */ -#endif -#if defined(HAVE_SYS_PTMS_H) && defined(HAVE_DEV_PTMX) -# if defined(HAVE_SYS_STREAM_H) -# include /* reqd for queue_t on Solaris 2.5.1 */ -# endif -#include /* for grantpt() and friends */ -#endif - -#include -#include /* For typedefs */ -#ifdef HAVE_RPC_TYPES_H -# include /* For INADDR_LOOPBACK */ -#endif -#ifdef USE_PAM -#if defined(HAVE_SECURITY_PAM_APPL_H) -# include -#elif defined (HAVE_PAM_PAM_APPL_H) -# include -#endif -#endif -#ifdef HAVE_READPASSPHRASE_H -# include -#endif - -#ifdef HAVE_IA_H -# include -#endif - -#ifdef HAVE_IAF_H -# include -#endif - -#ifdef HAVE_TMPDIR_H -# include -#endif - -#if defined(HAVE_BSD_LIBUTIL_H) -# include -#elif defined(HAVE_LIBUTIL_H) -# include -#endif - -#if defined(KRB5) && defined(USE_AFS) -# include -# include -#endif - -#if defined(HAVE_SYS_SYSLOG_H) -# include -#endif - -#include - -/* - * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations - * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. - */ -#ifdef GETSPNAM_CONFLICTING_DEFS -# ifdef _INCLUDE__STDC__ -# undef _INCLUDE__STDC__ -# endif -#endif - -#ifdef WITH_OPENSSL -#include /* For OPENSSL_VERSION_NUMBER */ -#endif - -#include "defines.h" - -#include "platform.h" -#include "openbsd-compat/openbsd-compat.h" -#include "openbsd-compat/bsd-nextstep.h" - -#include "entropy.h" - -// iOS specific additions: -extern void sshkeygen_cleanup(void); -#include "ios_error.h" - -#endif /* INCLUDES_H */ diff --git a/ssh_keygen_110/krl.c b/ssh_keygen_110/krl.c deleted file mode 100644 index 8e2d5d5d..00000000 --- a/ssh_keygen_110/krl.c +++ /dev/null @@ -1,1366 +0,0 @@ -/* - * Copyright (c) 2012 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $OpenBSD: krl.c,v 1.42 2018/09/12 01:21:34 djm Exp $ */ - -#include "includes.h" - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "sshbuf.h" -#include "ssherr.h" -#include "sshkey.h" -#include "authfile.h" -#include "misc.h" -#include "log.h" -#include "digest.h" -#include "bitmap.h" - -#include "krl.h" - -/* #define DEBUG_KRL */ -#ifdef DEBUG_KRL -# define KRL_DBG(x) debug3 x -#else -# define KRL_DBG(x) -#endif - -/* - * Trees of revoked serial numbers, key IDs and keys. This allows - * quick searching, querying and producing lists in canonical order. - */ - -/* Tree of serial numbers. XXX make smarter: really need a real sparse bitmap */ -struct revoked_serial { - u_int64_t lo, hi; - RB_ENTRY(revoked_serial) tree_entry; -}; -static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b); -RB_HEAD(revoked_serial_tree, revoked_serial); -RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp); - -/* Tree of key IDs */ -struct revoked_key_id { - char *key_id; - RB_ENTRY(revoked_key_id) tree_entry; -}; -static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b); -RB_HEAD(revoked_key_id_tree, revoked_key_id); -RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp); - -/* Tree of blobs (used for keys and fingerprints) */ -struct revoked_blob { - u_char *blob; - size_t len; - RB_ENTRY(revoked_blob) tree_entry; -}; -static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b); -RB_HEAD(revoked_blob_tree, revoked_blob); -RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp); - -/* Tracks revoked certs for a single CA */ -struct revoked_certs { - struct sshkey *ca_key; - struct revoked_serial_tree revoked_serials; - struct revoked_key_id_tree revoked_key_ids; - TAILQ_ENTRY(revoked_certs) entry; -}; -TAILQ_HEAD(revoked_certs_list, revoked_certs); - -struct ssh_krl { - u_int64_t krl_version; - u_int64_t generated_date; - u_int64_t flags; - char *comment; - struct revoked_blob_tree revoked_keys; - struct revoked_blob_tree revoked_sha1s; - struct revoked_blob_tree revoked_sha256s; - struct revoked_certs_list revoked_certs; -}; - -/* Return equal if a and b overlap */ -static int -serial_cmp(struct revoked_serial *a, struct revoked_serial *b) -{ - if (a->hi >= b->lo && a->lo <= b->hi) - return 0; - return a->lo < b->lo ? -1 : 1; -} - -static int -key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b) -{ - return strcmp(a->key_id, b->key_id); -} - -static int -blob_cmp(struct revoked_blob *a, struct revoked_blob *b) -{ - int r; - - if (a->len != b->len) { - if ((r = memcmp(a->blob, b->blob, MINIMUM(a->len, b->len))) != 0) - return r; - return a->len > b->len ? 1 : -1; - } else - return memcmp(a->blob, b->blob, a->len); -} - -struct ssh_krl * -ssh_krl_init(void) -{ - struct ssh_krl *krl; - - if ((krl = calloc(1, sizeof(*krl))) == NULL) - return NULL; - RB_INIT(&krl->revoked_keys); - RB_INIT(&krl->revoked_sha1s); - RB_INIT(&krl->revoked_sha256s); - TAILQ_INIT(&krl->revoked_certs); - return krl; -} - -static void -revoked_certs_free(struct revoked_certs *rc) -{ - struct revoked_serial *rs, *trs; - struct revoked_key_id *rki, *trki; - - RB_FOREACH_SAFE(rs, revoked_serial_tree, &rc->revoked_serials, trs) { - RB_REMOVE(revoked_serial_tree, &rc->revoked_serials, rs); - free(rs); - } - RB_FOREACH_SAFE(rki, revoked_key_id_tree, &rc->revoked_key_ids, trki) { - RB_REMOVE(revoked_key_id_tree, &rc->revoked_key_ids, rki); - free(rki->key_id); - free(rki); - } - sshkey_free(rc->ca_key); -} - -void -ssh_krl_free(struct ssh_krl *krl) -{ - struct revoked_blob *rb, *trb; - struct revoked_certs *rc, *trc; - - if (krl == NULL) - return; - - free(krl->comment); - RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_keys, trb) { - RB_REMOVE(revoked_blob_tree, &krl->revoked_keys, rb); - free(rb->blob); - free(rb); - } - RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_sha1s, trb) { - RB_REMOVE(revoked_blob_tree, &krl->revoked_sha1s, rb); - free(rb->blob); - free(rb); - } - RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_sha256s, trb) { - RB_REMOVE(revoked_blob_tree, &krl->revoked_sha256s, rb); - free(rb->blob); - free(rb); - } - TAILQ_FOREACH_SAFE(rc, &krl->revoked_certs, entry, trc) { - TAILQ_REMOVE(&krl->revoked_certs, rc, entry); - revoked_certs_free(rc); - } -} - -void -ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version) -{ - krl->krl_version = version; -} - -int -ssh_krl_set_comment(struct ssh_krl *krl, const char *comment) -{ - free(krl->comment); - if ((krl->comment = strdup(comment)) == NULL) - return SSH_ERR_ALLOC_FAIL; - return 0; -} - -/* - * Find the revoked_certs struct for a CA key. If allow_create is set then - * create a new one in the tree if one did not exist already. - */ -static int -revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key, - struct revoked_certs **rcp, int allow_create) -{ - struct revoked_certs *rc; - int r; - - *rcp = NULL; - TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { - if ((ca_key == NULL && rc->ca_key == NULL) || - sshkey_equal(rc->ca_key, ca_key)) { - *rcp = rc; - return 0; - } - } - if (!allow_create) - return 0; - /* If this CA doesn't exist in the list then add it now */ - if ((rc = calloc(1, sizeof(*rc))) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (ca_key == NULL) - rc->ca_key = NULL; - else if ((r = sshkey_from_private(ca_key, &rc->ca_key)) != 0) { - free(rc); - return r; - } - RB_INIT(&rc->revoked_serials); - RB_INIT(&rc->revoked_key_ids); - TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry); - KRL_DBG(("%s: new CA %s", __func__, - ca_key == NULL ? "*" : sshkey_type(ca_key))); - *rcp = rc; - return 0; -} - -static int -insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) -{ - struct revoked_serial rs, *ers, *crs, *irs; - - KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); - memset(&rs, 0, sizeof(rs)); - rs.lo = lo; - rs.hi = hi; - ers = RB_NFIND(revoked_serial_tree, rt, &rs); - if (ers == NULL || serial_cmp(ers, &rs) != 0) { - /* No entry matches. Just insert */ - if ((irs = malloc(sizeof(rs))) == NULL) - return SSH_ERR_ALLOC_FAIL; - memcpy(irs, &rs, sizeof(*irs)); - ers = RB_INSERT(revoked_serial_tree, rt, irs); - if (ers != NULL) { - KRL_DBG(("%s: bad: ers != NULL", __func__)); - /* Shouldn't happen */ - free(irs); - return SSH_ERR_INTERNAL_ERROR; - } - ers = irs; - } else { - KRL_DBG(("%s: overlap found %llu:%llu", __func__, - ers->lo, ers->hi)); - /* - * The inserted entry overlaps an existing one. Grow the - * existing entry. - */ - if (ers->lo > lo) - ers->lo = lo; - if (ers->hi < hi) - ers->hi = hi; - } - - /* - * The inserted or revised range might overlap or abut adjacent ones; - * coalesce as necessary. - */ - - /* Check predecessors */ - while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) { - KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi)); - if (ers->lo != 0 && crs->hi < ers->lo - 1) - break; - /* This entry overlaps. */ - if (crs->lo < ers->lo) { - ers->lo = crs->lo; - KRL_DBG(("%s: pred extend %llu:%llu", __func__, - ers->lo, ers->hi)); - } - RB_REMOVE(revoked_serial_tree, rt, crs); - free(crs); - } - /* Check successors */ - while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) { - KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi)); - if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1) - break; - /* This entry overlaps. */ - if (crs->hi > ers->hi) { - ers->hi = crs->hi; - KRL_DBG(("%s: succ extend %llu:%llu", __func__, - ers->lo, ers->hi)); - } - RB_REMOVE(revoked_serial_tree, rt, crs); - free(crs); - } - KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi)); - return 0; -} - -int -ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const struct sshkey *ca_key, - u_int64_t serial) -{ - return ssh_krl_revoke_cert_by_serial_range(krl, ca_key, serial, serial); -} - -int -ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, - const struct sshkey *ca_key, u_int64_t lo, u_int64_t hi) -{ - struct revoked_certs *rc; - int r; - - if (lo > hi || lo == 0) - return SSH_ERR_INVALID_ARGUMENT; - if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0) - return r; - return insert_serial_range(&rc->revoked_serials, lo, hi); -} - -int -ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key, - const char *key_id) -{ - struct revoked_key_id *rki, *erki; - struct revoked_certs *rc; - int r; - - if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0) - return r; - - KRL_DBG(("%s: revoke %s", __func__, key_id)); - if ((rki = calloc(1, sizeof(*rki))) == NULL || - (rki->key_id = strdup(key_id)) == NULL) { - free(rki); - return SSH_ERR_ALLOC_FAIL; - } - erki = RB_INSERT(revoked_key_id_tree, &rc->revoked_key_ids, rki); - if (erki != NULL) { - free(rki->key_id); - free(rki); - } - return 0; -} - -/* Convert "key" to a public key blob without any certificate information */ -static int -plain_key_blob(const struct sshkey *key, u_char **blob, size_t *blen) -{ - struct sshkey *kcopy; - int r; - - if ((r = sshkey_from_private(key, &kcopy)) != 0) - return r; - if (sshkey_is_cert(kcopy)) { - if ((r = sshkey_drop_cert(kcopy)) != 0) { - sshkey_free(kcopy); - return r; - } - } - r = sshkey_to_blob(kcopy, blob, blen); - sshkey_free(kcopy); - return r; -} - -/* Revoke a key blob. Ownership of blob is transferred to the tree */ -static int -revoke_blob(struct revoked_blob_tree *rbt, u_char *blob, size_t len) -{ - struct revoked_blob *rb, *erb; - - if ((rb = calloc(1, sizeof(*rb))) == NULL) - return SSH_ERR_ALLOC_FAIL; - rb->blob = blob; - rb->len = len; - erb = RB_INSERT(revoked_blob_tree, rbt, rb); - if (erb != NULL) { - free(rb->blob); - free(rb); - } - return 0; -} - -int -ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key) -{ - u_char *blob; - size_t len; - int r; - - debug3("%s: revoke type %s", __func__, sshkey_type(key)); - if ((r = plain_key_blob(key, &blob, &len)) != 0) - return r; - return revoke_blob(&krl->revoked_keys, blob, len); -} - -static int -revoke_by_hash(struct revoked_blob_tree *target, const u_char *p, size_t len) -{ - u_char *blob; - int r; - - /* need to copy hash, as revoke_blob steals ownership */ - if ((blob = malloc(len)) == NULL) - return SSH_ERR_SYSTEM_ERROR; - memcpy(blob, p, len); - if ((r = revoke_blob(target, blob, len)) != 0) { - free(blob); - return r; - } - return 0; -} - -int -ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len) -{ - debug3("%s: revoke by sha1", __func__); - if (len != 20) - return SSH_ERR_INVALID_FORMAT; - return revoke_by_hash(&krl->revoked_sha1s, p, len); -} - -int -ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len) -{ - debug3("%s: revoke by sha256", __func__); - if (len != 32) - return SSH_ERR_INVALID_FORMAT; - return revoke_by_hash(&krl->revoked_sha256s, p, len); -} - -int -ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key) -{ - /* XXX replace with SHA256? */ - if (!sshkey_is_cert(key)) - return ssh_krl_revoke_key_explicit(krl, key); - - if (key->cert->serial == 0) { - return ssh_krl_revoke_cert_by_key_id(krl, - key->cert->signature_key, - key->cert->key_id); - } else { - return ssh_krl_revoke_cert_by_serial(krl, - key->cert->signature_key, - key->cert->serial); - } -} - -/* - * Select the most compact section type to emit next in a KRL based on - * the current section type, the run length of contiguous revoked serial - * numbers and the gaps from the last and to the next revoked serial. - * Applies a mostly-accurate bit cost model to select the section type - * that will minimise the size of the resultant KRL. - */ -static int -choose_next_state(int current_state, u_int64_t contig, int final, - u_int64_t last_gap, u_int64_t next_gap, int *force_new_section) -{ - int new_state; - u_int64_t cost, cost_list, cost_range, cost_bitmap, cost_bitmap_restart; - - /* - * Avoid unsigned overflows. - * The limits are high enough to avoid confusing the calculations. - */ - contig = MINIMUM(contig, 1ULL<<31); - last_gap = MINIMUM(last_gap, 1ULL<<31); - next_gap = MINIMUM(next_gap, 1ULL<<31); - - /* - * Calculate the cost to switch from the current state to candidates. - * NB. range sections only ever contain a single range, so their - * switching cost is independent of the current_state. - */ - cost_list = cost_bitmap = cost_bitmap_restart = 0; - cost_range = 8; - switch (current_state) { - case KRL_SECTION_CERT_SERIAL_LIST: - cost_bitmap_restart = cost_bitmap = 8 + 64; - break; - case KRL_SECTION_CERT_SERIAL_BITMAP: - cost_list = 8; - cost_bitmap_restart = 8 + 64; - break; - case KRL_SECTION_CERT_SERIAL_RANGE: - case 0: - cost_bitmap_restart = cost_bitmap = 8 + 64; - cost_list = 8; - } - - /* Estimate base cost in bits of each section type */ - cost_list += 64 * contig + (final ? 0 : 8+64); - cost_range += (2 * 64) + (final ? 0 : 8+64); - cost_bitmap += last_gap + contig + (final ? 0 : MINIMUM(next_gap, 8+64)); - cost_bitmap_restart += contig + (final ? 0 : MINIMUM(next_gap, 8+64)); - - /* Convert to byte costs for actual comparison */ - cost_list = (cost_list + 7) / 8; - cost_bitmap = (cost_bitmap + 7) / 8; - cost_bitmap_restart = (cost_bitmap_restart + 7) / 8; - cost_range = (cost_range + 7) / 8; - - /* Now pick the best choice */ - *force_new_section = 0; - new_state = KRL_SECTION_CERT_SERIAL_BITMAP; - cost = cost_bitmap; - if (cost_range < cost) { - new_state = KRL_SECTION_CERT_SERIAL_RANGE; - cost = cost_range; - } - if (cost_list < cost) { - new_state = KRL_SECTION_CERT_SERIAL_LIST; - cost = cost_list; - } - if (cost_bitmap_restart < cost) { - new_state = KRL_SECTION_CERT_SERIAL_BITMAP; - *force_new_section = 1; - cost = cost_bitmap_restart; - } - KRL_DBG(("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" - "list %llu range %llu bitmap %llu new bitmap %llu, " - "selected 0x%02x%s", __func__, (long long unsigned)contig, - (long long unsigned)last_gap, (long long unsigned)next_gap, final, - (long long unsigned)cost_list, (long long unsigned)cost_range, - (long long unsigned)cost_bitmap, - (long long unsigned)cost_bitmap_restart, new_state, - *force_new_section ? " restart" : "")); - return new_state; -} - -static int -put_bitmap(struct sshbuf *buf, struct bitmap *bitmap) -{ - size_t len; - u_char *blob; - int r; - - len = bitmap_nbytes(bitmap); - if ((blob = malloc(len)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (bitmap_to_string(bitmap, blob, len) != 0) { - free(blob); - return SSH_ERR_INTERNAL_ERROR; - } - r = sshbuf_put_bignum2_bytes(buf, blob, len); - free(blob); - return r; -} - -/* Generate a KRL_SECTION_CERTIFICATES KRL section */ -static int -revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) -{ - int final, force_new_sect, r = SSH_ERR_INTERNAL_ERROR; - u_int64_t i, contig, gap, last = 0, bitmap_start = 0; - struct revoked_serial *rs, *nrs; - struct revoked_key_id *rki; - int next_state, state = 0; - struct sshbuf *sect; - struct bitmap *bitmap = NULL; - - if ((sect = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - /* Store the header: optional CA scope key, reserved */ - if (rc->ca_key == NULL) { - if ((r = sshbuf_put_string(buf, NULL, 0)) != 0) - goto out; - } else { - if ((r = sshkey_puts(rc->ca_key, buf)) != 0) - goto out; - } - if ((r = sshbuf_put_string(buf, NULL, 0)) != 0) - goto out; - - /* Store the revoked serials. */ - for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials); - rs != NULL; - rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { - KRL_DBG(("%s: serial %llu:%llu state 0x%02x", __func__, - (long long unsigned)rs->lo, (long long unsigned)rs->hi, - state)); - - /* Check contiguous length and gap to next section (if any) */ - nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs); - final = nrs == NULL; - gap = nrs == NULL ? 0 : nrs->lo - rs->hi; - contig = 1 + (rs->hi - rs->lo); - - /* Choose next state based on these */ - next_state = choose_next_state(state, contig, final, - state == 0 ? 0 : rs->lo - last, gap, &force_new_sect); - - /* - * If the current section is a range section or has a different - * type to the next section, then finish it off now. - */ - if (state != 0 && (force_new_sect || next_state != state || - state == KRL_SECTION_CERT_SERIAL_RANGE)) { - KRL_DBG(("%s: finish state 0x%02x", __func__, state)); - switch (state) { - case KRL_SECTION_CERT_SERIAL_LIST: - case KRL_SECTION_CERT_SERIAL_RANGE: - break; - case KRL_SECTION_CERT_SERIAL_BITMAP: - if ((r = put_bitmap(sect, bitmap)) != 0) - goto out; - bitmap_free(bitmap); - bitmap = NULL; - break; - } - if ((r = sshbuf_put_u8(buf, state)) != 0 || - (r = sshbuf_put_stringb(buf, sect)) != 0) - goto out; - sshbuf_reset(sect); - } - - /* If we are starting a new section then prepare it now */ - if (next_state != state || force_new_sect) { - KRL_DBG(("%s: start state 0x%02x", __func__, - next_state)); - state = next_state; - sshbuf_reset(sect); - switch (state) { - case KRL_SECTION_CERT_SERIAL_LIST: - case KRL_SECTION_CERT_SERIAL_RANGE: - break; - case KRL_SECTION_CERT_SERIAL_BITMAP: - if ((bitmap = bitmap_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - bitmap_start = rs->lo; - if ((r = sshbuf_put_u64(sect, - bitmap_start)) != 0) - goto out; - break; - } - } - - /* Perform section-specific processing */ - switch (state) { - case KRL_SECTION_CERT_SERIAL_LIST: - for (i = 0; i < contig; i++) { - if ((r = sshbuf_put_u64(sect, rs->lo + i)) != 0) - goto out; - } - break; - case KRL_SECTION_CERT_SERIAL_RANGE: - if ((r = sshbuf_put_u64(sect, rs->lo)) != 0 || - (r = sshbuf_put_u64(sect, rs->hi)) != 0) - goto out; - break; - case KRL_SECTION_CERT_SERIAL_BITMAP: - if (rs->lo - bitmap_start > INT_MAX) { - error("%s: insane bitmap gap", __func__); - goto out; - } - for (i = 0; i < contig; i++) { - if (bitmap_set_bit(bitmap, - rs->lo + i - bitmap_start) != 0) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - } - break; - } - last = rs->hi; - } - /* Flush the remaining section, if any */ - if (state != 0) { - KRL_DBG(("%s: serial final flush for state 0x%02x", - __func__, state)); - switch (state) { - case KRL_SECTION_CERT_SERIAL_LIST: - case KRL_SECTION_CERT_SERIAL_RANGE: - break; - case KRL_SECTION_CERT_SERIAL_BITMAP: - if ((r = put_bitmap(sect, bitmap)) != 0) - goto out; - bitmap_free(bitmap); - bitmap = NULL; - break; - } - if ((r = sshbuf_put_u8(buf, state)) != 0 || - (r = sshbuf_put_stringb(buf, sect)) != 0) - goto out; - } - KRL_DBG(("%s: serial done ", __func__)); - - /* Now output a section for any revocations by key ID */ - sshbuf_reset(sect); - RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) { - KRL_DBG(("%s: key ID %s", __func__, rki->key_id)); - if ((r = sshbuf_put_cstring(sect, rki->key_id)) != 0) - goto out; - } - if (sshbuf_len(sect) != 0) { - if ((r = sshbuf_put_u8(buf, KRL_SECTION_CERT_KEY_ID)) != 0 || - (r = sshbuf_put_stringb(buf, sect)) != 0) - goto out; - } - r = 0; - out: - bitmap_free(bitmap); - sshbuf_free(sect); - return r; -} - -int -ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, - const struct sshkey **sign_keys, u_int nsign_keys) -{ - int r = SSH_ERR_INTERNAL_ERROR; - struct revoked_certs *rc; - struct revoked_blob *rb; - struct sshbuf *sect; - u_char *sblob = NULL; - size_t slen, i; - - if (krl->generated_date == 0) - krl->generated_date = time(NULL); - - if ((sect = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - /* Store the header */ - if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 || - (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 || - (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || - (r = sshbuf_put_u64(buf, krl->generated_date)) != 0 || - (r = sshbuf_put_u64(buf, krl->flags)) != 0 || - (r = sshbuf_put_string(buf, NULL, 0)) != 0 || - (r = sshbuf_put_cstring(buf, krl->comment)) != 0) - goto out; - - /* Store sections for revoked certificates */ - TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { - sshbuf_reset(sect); - if ((r = revoked_certs_generate(rc, sect)) != 0) - goto out; - if ((r = sshbuf_put_u8(buf, KRL_SECTION_CERTIFICATES)) != 0 || - (r = sshbuf_put_stringb(buf, sect)) != 0) - goto out; - } - - /* Finally, output sections for revocations by public key/hash */ - sshbuf_reset(sect); - RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) { - KRL_DBG(("%s: key len %zu ", __func__, rb->len)); - if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0) - goto out; - } - if (sshbuf_len(sect) != 0) { - if ((r = sshbuf_put_u8(buf, KRL_SECTION_EXPLICIT_KEY)) != 0 || - (r = sshbuf_put_stringb(buf, sect)) != 0) - goto out; - } - sshbuf_reset(sect); - RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) { - KRL_DBG(("%s: hash len %zu ", __func__, rb->len)); - if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0) - goto out; - } - if (sshbuf_len(sect) != 0) { - if ((r = sshbuf_put_u8(buf, - KRL_SECTION_FINGERPRINT_SHA1)) != 0 || - (r = sshbuf_put_stringb(buf, sect)) != 0) - goto out; - } - sshbuf_reset(sect); - RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha256s) { - KRL_DBG(("%s: hash len %zu ", __func__, rb->len)); - if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0) - goto out; - } - if (sshbuf_len(sect) != 0) { - if ((r = sshbuf_put_u8(buf, - KRL_SECTION_FINGERPRINT_SHA256)) != 0 || - (r = sshbuf_put_stringb(buf, sect)) != 0) - goto out; - } - - for (i = 0; i < nsign_keys; i++) { - KRL_DBG(("%s: signature key %s", __func__, - sshkey_ssh_name(sign_keys[i]))); - if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 || - (r = sshkey_puts(sign_keys[i], buf)) != 0) - goto out; - - if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, - sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0) - goto out; - KRL_DBG(("%s: signature sig len %zu", __func__, slen)); - if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) - goto out; - } - - r = 0; - out: - free(sblob); - sshbuf_free(sect); - return r; -} - -static void -format_timestamp(u_int64_t timestamp, char *ts, size_t nts) -{ - time_t t; - struct tm *tm; - - t = timestamp; - tm = localtime(&t); - if (tm == NULL) - strlcpy(ts, "", nts); - else { - *ts = '\0'; - strftime(ts, nts, "%Y%m%dT%H%M%S", tm); - } -} - -static int -parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) -{ - int r = SSH_ERR_INTERNAL_ERROR; - u_char type; - const u_char *blob; - size_t blen, nbits; - struct sshbuf *subsect = NULL; - u_int64_t serial, serial_lo, serial_hi; - struct bitmap *bitmap = NULL; - char *key_id = NULL; - struct sshkey *ca_key = NULL; - - if ((subsect = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - /* Header: key, reserved */ - if ((r = sshbuf_get_string_direct(buf, &blob, &blen)) != 0 || - (r = sshbuf_skip_string(buf)) != 0) - goto out; - if (blen != 0 && (r = sshkey_from_blob(blob, blen, &ca_key)) != 0) - goto out; - - while (sshbuf_len(buf) > 0) { - sshbuf_free(subsect); - subsect = NULL; - if ((r = sshbuf_get_u8(buf, &type)) != 0 || - (r = sshbuf_froms(buf, &subsect)) != 0) - goto out; - KRL_DBG(("%s: subsection type 0x%02x", __func__, type)); - /* sshbuf_dump(subsect, stderr); */ - - switch (type) { - case KRL_SECTION_CERT_SERIAL_LIST: - while (sshbuf_len(subsect) > 0) { - if ((r = sshbuf_get_u64(subsect, &serial)) != 0) - goto out; - if ((r = ssh_krl_revoke_cert_by_serial(krl, - ca_key, serial)) != 0) - goto out; - } - break; - case KRL_SECTION_CERT_SERIAL_RANGE: - if ((r = sshbuf_get_u64(subsect, &serial_lo)) != 0 || - (r = sshbuf_get_u64(subsect, &serial_hi)) != 0) - goto out; - if ((r = ssh_krl_revoke_cert_by_serial_range(krl, - ca_key, serial_lo, serial_hi)) != 0) - goto out; - break; - case KRL_SECTION_CERT_SERIAL_BITMAP: - if ((bitmap = bitmap_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_u64(subsect, &serial_lo)) != 0 || - (r = sshbuf_get_bignum2_bytes_direct(subsect, - &blob, &blen)) != 0) - goto out; - if (bitmap_from_string(bitmap, blob, blen) != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - nbits = bitmap_nbits(bitmap); - for (serial = 0; serial < (u_int64_t)nbits; serial++) { - if (serial > 0 && serial_lo + serial == 0) { - error("%s: bitmap wraps u64", __func__); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (!bitmap_test_bit(bitmap, serial)) - continue; - if ((r = ssh_krl_revoke_cert_by_serial(krl, - ca_key, serial_lo + serial)) != 0) - goto out; - } - bitmap_free(bitmap); - bitmap = NULL; - break; - case KRL_SECTION_CERT_KEY_ID: - while (sshbuf_len(subsect) > 0) { - if ((r = sshbuf_get_cstring(subsect, - &key_id, NULL)) != 0) - goto out; - if ((r = ssh_krl_revoke_cert_by_key_id(krl, - ca_key, key_id)) != 0) - goto out; - free(key_id); - key_id = NULL; - } - break; - default: - error("Unsupported KRL certificate section %u", type); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (sshbuf_len(subsect) > 0) { - error("KRL certificate section contains unparsed data"); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - - r = 0; - out: - if (bitmap != NULL) - bitmap_free(bitmap); - free(key_id); - sshkey_free(ca_key); - sshbuf_free(subsect); - return r; -} - -static int -blob_section(struct sshbuf *sect, struct revoked_blob_tree *target_tree, - size_t expected_len) -{ - u_char *rdata = NULL; - size_t rlen = 0; - int r; - - while (sshbuf_len(sect) > 0) { - if ((r = sshbuf_get_string(sect, &rdata, &rlen)) != 0) - return r; - if (expected_len != 0 && rlen != expected_len) { - error("%s: bad length", __func__); - free(rdata); - return SSH_ERR_INVALID_FORMAT; - } - if ((r = revoke_blob(target_tree, rdata, rlen)) != 0) { - free(rdata); - return r; - } - } - return 0; -} - -/* Attempt to parse a KRL, checking its signature (if any) with sign_ca_keys. */ -int -ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, - const struct sshkey **sign_ca_keys, size_t nsign_ca_keys) -{ - struct sshbuf *copy = NULL, *sect = NULL; - struct ssh_krl *krl = NULL; - char timestamp[64]; - int r = SSH_ERR_INTERNAL_ERROR, sig_seen; - struct sshkey *key = NULL, **ca_used = NULL, **tmp_ca_used; - u_char type; - const u_char *blob; - size_t i, j, sig_off, sects_off, blen, nca_used; - u_int format_version; - - nca_used = 0; - *krlp = NULL; - if (sshbuf_len(buf) < sizeof(KRL_MAGIC) - 1 || - memcmp(sshbuf_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { - debug3("%s: not a KRL", __func__); - return SSH_ERR_KRL_BAD_MAGIC; - } - - /* Take a copy of the KRL buffer so we can verify its signature later */ - if ((copy = sshbuf_fromb(buf)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_consume(copy, sizeof(KRL_MAGIC) - 1)) != 0) - goto out; - - if ((krl = ssh_krl_init()) == NULL) { - error("%s: alloc failed", __func__); - goto out; - } - - if ((r = sshbuf_get_u32(copy, &format_version)) != 0) - goto out; - if (format_version != KRL_FORMAT_VERSION) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((r = sshbuf_get_u64(copy, &krl->krl_version)) != 0 || - (r = sshbuf_get_u64(copy, &krl->generated_date)) != 0 || - (r = sshbuf_get_u64(copy, &krl->flags)) != 0 || - (r = sshbuf_skip_string(copy)) != 0 || - (r = sshbuf_get_cstring(copy, &krl->comment, NULL)) != 0) - goto out; - - format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); - debug("KRL version %llu generated at %s%s%s", - (long long unsigned)krl->krl_version, timestamp, - *krl->comment ? ": " : "", krl->comment); - - /* - * 1st pass: verify signatures, if any. This is done to avoid - * detailed parsing of data whose provenance is unverified. - */ - sig_seen = 0; - if (sshbuf_len(buf) < sshbuf_len(copy)) { - /* Shouldn't happen */ - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } - sects_off = sshbuf_len(buf) - sshbuf_len(copy); - while (sshbuf_len(copy) > 0) { - if ((r = sshbuf_get_u8(copy, &type)) != 0 || - (r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0) - goto out; - KRL_DBG(("%s: first pass, section 0x%02x", __func__, type)); - if (type != KRL_SECTION_SIGNATURE) { - if (sig_seen) { - error("KRL contains non-signature section " - "after signature"); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* Not interested for now. */ - continue; - } - sig_seen = 1; - /* First string component is the signing key */ - if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (sshbuf_len(buf) < sshbuf_len(copy)) { - /* Shouldn't happen */ - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } - sig_off = sshbuf_len(buf) - sshbuf_len(copy); - /* Second string component is the signature itself */ - if ((r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* Check signature over entire KRL up to this point */ - if ((r = sshkey_verify(key, blob, blen, - sshbuf_ptr(buf), sig_off, NULL, 0)) != 0) - goto out; - /* Check if this key has already signed this KRL */ - for (i = 0; i < nca_used; i++) { - if (sshkey_equal(ca_used[i], key)) { - error("KRL signed more than once with " - "the same key"); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - /* Record keys used to sign the KRL */ - tmp_ca_used = recallocarray(ca_used, nca_used, nca_used + 1, - sizeof(*ca_used)); - if (tmp_ca_used == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - ca_used = tmp_ca_used; - ca_used[nca_used++] = key; - key = NULL; - } - - if (sshbuf_len(copy) != 0) { - /* Shouldn't happen */ - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } - - /* - * 2nd pass: parse and load the KRL, skipping the header to the point - * where the section start. - */ - sshbuf_free(copy); - if ((copy = sshbuf_fromb(buf)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_consume(copy, sects_off)) != 0) - goto out; - while (sshbuf_len(copy) > 0) { - sshbuf_free(sect); - sect = NULL; - if ((r = sshbuf_get_u8(copy, &type)) != 0 || - (r = sshbuf_froms(copy, §)) != 0) - goto out; - KRL_DBG(("%s: second pass, section 0x%02x", __func__, type)); - - switch (type) { - case KRL_SECTION_CERTIFICATES: - if ((r = parse_revoked_certs(sect, krl)) != 0) - goto out; - break; - case KRL_SECTION_EXPLICIT_KEY: - if ((r = blob_section(sect, - &krl->revoked_keys, 0)) != 0) - goto out; - break; - case KRL_SECTION_FINGERPRINT_SHA1: - if ((r = blob_section(sect, - &krl->revoked_sha1s, 20)) != 0) - goto out; - break; - case KRL_SECTION_FINGERPRINT_SHA256: - if ((r = blob_section(sect, - &krl->revoked_sha256s, 32)) != 0) - goto out; - break; - case KRL_SECTION_SIGNATURE: - /* Handled above, but still need to stay in synch */ - sshbuf_free(sect); - sect = NULL; - if ((r = sshbuf_skip_string(copy)) != 0) - goto out; - break; - default: - error("Unsupported KRL section %u", type); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (sect != NULL && sshbuf_len(sect) > 0) { - error("KRL section contains unparsed data"); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - - /* Check that the key(s) used to sign the KRL weren't revoked */ - sig_seen = 0; - for (i = 0; i < nca_used; i++) { - if (ssh_krl_check_key(krl, ca_used[i]) == 0) - sig_seen = 1; - else { - sshkey_free(ca_used[i]); - ca_used[i] = NULL; - } - } - if (nca_used && !sig_seen) { - error("All keys used to sign KRL were revoked"); - r = SSH_ERR_KEY_REVOKED; - goto out; - } - - /* If we have CA keys, then verify that one was used to sign the KRL */ - if (sig_seen && nsign_ca_keys != 0) { - sig_seen = 0; - for (i = 0; !sig_seen && i < nsign_ca_keys; i++) { - for (j = 0; j < nca_used; j++) { - if (ca_used[j] == NULL) - continue; - if (sshkey_equal(ca_used[j], sign_ca_keys[i])) { - sig_seen = 1; - break; - } - } - } - if (!sig_seen) { - r = SSH_ERR_SIGNATURE_INVALID; - error("KRL not signed with any trusted key"); - goto out; - } - } - - *krlp = krl; - r = 0; - out: - if (r != 0) - ssh_krl_free(krl); - for (i = 0; i < nca_used; i++) - sshkey_free(ca_used[i]); - free(ca_used); - sshkey_free(key); - sshbuf_free(copy); - sshbuf_free(sect); - return r; -} - -/* Checks certificate serial number and key ID revocation */ -static int -is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc) -{ - struct revoked_serial rs, *ers; - struct revoked_key_id rki, *erki; - - /* Check revocation by cert key ID */ - memset(&rki, 0, sizeof(rki)); - rki.key_id = key->cert->key_id; - erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki); - if (erki != NULL) { - KRL_DBG(("%s: revoked by key ID", __func__)); - return SSH_ERR_KEY_REVOKED; - } - - /* - * Zero serials numbers are ignored (it's the default when the - * CA doesn't specify one). - */ - if (key->cert->serial == 0) - return 0; - - memset(&rs, 0, sizeof(rs)); - rs.lo = rs.hi = key->cert->serial; - ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs); - if (ers != NULL) { - KRL_DBG(("%s: revoked serial %llu matched %llu:%llu", __func__, - key->cert->serial, ers->lo, ers->hi)); - return SSH_ERR_KEY_REVOKED; - } - return 0; -} - -/* Checks whether a given key/cert is revoked. Does not check its CA */ -static int -is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) -{ - struct revoked_blob rb, *erb; - struct revoked_certs *rc; - int r; - - /* Check explicitly revoked hashes first */ - memset(&rb, 0, sizeof(rb)); - if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1, - &rb.blob, &rb.len)) != 0) - return r; - erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); - free(rb.blob); - if (erb != NULL) { - KRL_DBG(("%s: revoked by key SHA1", __func__)); - return SSH_ERR_KEY_REVOKED; - } - memset(&rb, 0, sizeof(rb)); - if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA256, - &rb.blob, &rb.len)) != 0) - return r; - erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha256s, &rb); - free(rb.blob); - if (erb != NULL) { - KRL_DBG(("%s: revoked by key SHA256", __func__)); - return SSH_ERR_KEY_REVOKED; - } - - /* Next, explicit keys */ - memset(&rb, 0, sizeof(rb)); - if ((r = plain_key_blob(key, &rb.blob, &rb.len)) != 0) - return r; - erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); - free(rb.blob); - if (erb != NULL) { - KRL_DBG(("%s: revoked by explicit key", __func__)); - return SSH_ERR_KEY_REVOKED; - } - - if (!sshkey_is_cert(key)) - return 0; - - /* Check cert revocation for the specified CA */ - if ((r = revoked_certs_for_ca_key(krl, key->cert->signature_key, - &rc, 0)) != 0) - return r; - if (rc != NULL) { - if ((r = is_cert_revoked(key, rc)) != 0) - return r; - } - /* Check cert revocation for the wildcard CA */ - if ((r = revoked_certs_for_ca_key(krl, NULL, &rc, 0)) != 0) - return r; - if (rc != NULL) { - if ((r = is_cert_revoked(key, rc)) != 0) - return r; - } - - KRL_DBG(("%s: %llu no match", __func__, key->cert->serial)); - return 0; -} - -int -ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key) -{ - int r; - - KRL_DBG(("%s: checking key", __func__)); - if ((r = is_key_revoked(krl, key)) != 0) - return r; - if (sshkey_is_cert(key)) { - debug2("%s: checking CA key", __func__); - if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0) - return r; - } - KRL_DBG(("%s: key okay", __func__)); - return 0; -} - -int -ssh_krl_file_contains_key(const char *path, const struct sshkey *key) -{ - struct sshbuf *krlbuf = NULL; - struct ssh_krl *krl = NULL; - int oerrno = 0, r, fd; - - if (path == NULL) - return 0; - - if ((krlbuf = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((fd = open(path, O_RDONLY)) == -1) { - r = SSH_ERR_SYSTEM_ERROR; - oerrno = errno; - goto out; - } - if ((r = sshkey_load_file(fd, krlbuf)) != 0) { - oerrno = errno; - goto out; - } - if ((r = ssh_krl_from_blob(krlbuf, &krl, NULL, 0)) != 0) - goto out; - debug2("%s: checking KRL %s", __func__, path); - r = ssh_krl_check_key(krl, key); - out: - if (fd != -1) - close(fd); - sshbuf_free(krlbuf); - ssh_krl_free(krl); - if (r != 0) - errno = oerrno; - return r; -} diff --git a/ssh_keygen_110/krl.h b/ssh_keygen_110/krl.h deleted file mode 100644 index 815a1df4..00000000 --- a/ssh_keygen_110/krl.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2012 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $OpenBSD: krl.h,v 1.6 2018/09/12 01:21:34 djm Exp $ */ - -#ifndef _KRL_H -#define _KRL_H - -/* Functions to manage key revocation lists */ - -#define KRL_MAGIC "SSHKRL\n\0" -#define KRL_FORMAT_VERSION 1 - -/* KRL section types */ -#define KRL_SECTION_CERTIFICATES 1 -#define KRL_SECTION_EXPLICIT_KEY 2 -#define KRL_SECTION_FINGERPRINT_SHA1 3 -#define KRL_SECTION_SIGNATURE 4 -#define KRL_SECTION_FINGERPRINT_SHA256 5 - -/* KRL_SECTION_CERTIFICATES subsection types */ -#define KRL_SECTION_CERT_SERIAL_LIST 0x20 -#define KRL_SECTION_CERT_SERIAL_RANGE 0x21 -#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 -#define KRL_SECTION_CERT_KEY_ID 0x23 - -struct sshkey; -struct sshbuf; -struct ssh_krl; - -struct ssh_krl *ssh_krl_init(void); -void ssh_krl_free(struct ssh_krl *krl); -void ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version); -int ssh_krl_set_comment(struct ssh_krl *krl, const char *comment); -int ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, - const struct sshkey *ca_key, u_int64_t serial); -int ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, - const struct sshkey *ca_key, u_int64_t lo, u_int64_t hi); -int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, - const struct sshkey *ca_key, const char *key_id); -int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key); -int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len); -int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len); -int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); -int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, - const struct sshkey **sign_keys, u_int nsign_keys); -int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, - const struct sshkey **sign_ca_keys, size_t nsign_ca_keys); -int ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key); -int ssh_krl_file_contains_key(const char *path, const struct sshkey *key); - -#endif /* _KRL_H */ - diff --git a/ssh_keygen_110/log.c b/ssh_keygen_110/log.c deleted file mode 100644 index 923aa60c..00000000 --- a/ssh_keygen_110/log.c +++ /dev/null @@ -1,485 +0,0 @@ -/* $OpenBSD: log.c,v 1.51 2018/07/27 12:03:17 markus Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) -# include -#endif - -#include "log.h" - -static LogLevel log_level = SYSLOG_LEVEL_INFO; -static int log_on_stderr = 1; -static int log_stderr_fd = STDERR_FILENO; -static int log_facility = LOG_AUTH; -static char *argv0; -static log_handler_fn *log_handler; -static void *log_handler_ctx; - -extern char *__progname; - -#define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL) -#define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL) - -/* textual representation of log-facilities/levels */ - -static struct { - const char *name; - SyslogFacility val; -} log_facilities[] = { - { "DAEMON", SYSLOG_FACILITY_DAEMON }, - { "USER", SYSLOG_FACILITY_USER }, - { "AUTH", SYSLOG_FACILITY_AUTH }, -#ifdef LOG_AUTHPRIV - { "AUTHPRIV", SYSLOG_FACILITY_AUTHPRIV }, -#endif - { "LOCAL0", SYSLOG_FACILITY_LOCAL0 }, - { "LOCAL1", SYSLOG_FACILITY_LOCAL1 }, - { "LOCAL2", SYSLOG_FACILITY_LOCAL2 }, - { "LOCAL3", SYSLOG_FACILITY_LOCAL3 }, - { "LOCAL4", SYSLOG_FACILITY_LOCAL4 }, - { "LOCAL5", SYSLOG_FACILITY_LOCAL5 }, - { "LOCAL6", SYSLOG_FACILITY_LOCAL6 }, - { "LOCAL7", SYSLOG_FACILITY_LOCAL7 }, - { NULL, SYSLOG_FACILITY_NOT_SET } -}; - -static struct { - const char *name; - LogLevel val; -} log_levels[] = -{ - { "QUIET", SYSLOG_LEVEL_QUIET }, - { "FATAL", SYSLOG_LEVEL_FATAL }, - { "ERROR", SYSLOG_LEVEL_ERROR }, - { "INFO", SYSLOG_LEVEL_INFO }, - { "VERBOSE", SYSLOG_LEVEL_VERBOSE }, - { "DEBUG", SYSLOG_LEVEL_DEBUG1 }, - { "DEBUG1", SYSLOG_LEVEL_DEBUG1 }, - { "DEBUG2", SYSLOG_LEVEL_DEBUG2 }, - { "DEBUG3", SYSLOG_LEVEL_DEBUG3 }, - { NULL, SYSLOG_LEVEL_NOT_SET } -}; - -LogLevel -log_level_get(void) -{ - return log_level; -} - -SyslogFacility -log_facility_number(char *name) -{ - int i; - - if (name != NULL) - for (i = 0; log_facilities[i].name; i++) - if (strcasecmp(log_facilities[i].name, name) == 0) - return log_facilities[i].val; - return SYSLOG_FACILITY_NOT_SET; -} - -const char * -log_facility_name(SyslogFacility facility) -{ - u_int i; - - for (i = 0; log_facilities[i].name; i++) - if (log_facilities[i].val == facility) - return log_facilities[i].name; - return NULL; -} - -LogLevel -log_level_number(char *name) -{ - int i; - - if (name != NULL) - for (i = 0; log_levels[i].name; i++) - if (strcasecmp(log_levels[i].name, name) == 0) - return log_levels[i].val; - return SYSLOG_LEVEL_NOT_SET; -} - -const char * -log_level_name(LogLevel level) -{ - u_int i; - - for (i = 0; log_levels[i].name != NULL; i++) - if (log_levels[i].val == level) - return log_levels[i].name; - return NULL; -} - -/* Error messages that should be logged. */ - -void -error(const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_ERROR, fmt, args); - va_end(args); -} - -void -sigdie(const char *fmt,...) -{ -#ifdef DO_LOG_SAFE_IN_SIGHAND - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_FATAL, fmt, args); - va_end(args); -#endif - sshkeygen_cleanup(); - _exit(1); -} - -void -logdie(const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_INFO, fmt, args); - va_end(args); - sshkeygen_cleanup(); - cleanup_exit(255); -} - -/* Log this message (information that usually should go to the log). */ - -void -logit(const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_INFO, fmt, args); - va_end(args); -} - -/* More detailed messages (information that does not need to go to the log). */ - -void -verbose(const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_VERBOSE, fmt, args); - va_end(args); -} - -/* Debugging messages that should not be logged during normal operation. */ - -void -debug(const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_DEBUG1, fmt, args); - va_end(args); -} - -void -debug2(const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_DEBUG2, fmt, args); - va_end(args); -} - -void -debug3(const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(SYSLOG_LEVEL_DEBUG3, fmt, args); - va_end(args); -} - -/* - * Initialize the log. - */ - -void -log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) -{ -#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) - struct syslog_data sdata = SYSLOG_DATA_INIT; -#endif - - argv0 = av0; - - if (log_change_level(level) != 0) { - fprintf(stderr, "Unrecognized internal syslog level code %d\n", - (int) level); - sshkeygen_cleanup(); - exit(1); - } - - log_handler = NULL; - log_handler_ctx = NULL; - - log_on_stderr = on_stderr; - if (on_stderr) - return; - - switch (facility) { - case SYSLOG_FACILITY_DAEMON: - log_facility = LOG_DAEMON; - break; - case SYSLOG_FACILITY_USER: - log_facility = LOG_USER; - break; - case SYSLOG_FACILITY_AUTH: - log_facility = LOG_AUTH; - break; -#ifdef LOG_AUTHPRIV - case SYSLOG_FACILITY_AUTHPRIV: - log_facility = LOG_AUTHPRIV; - break; -#endif - case SYSLOG_FACILITY_LOCAL0: - log_facility = LOG_LOCAL0; - break; - case SYSLOG_FACILITY_LOCAL1: - log_facility = LOG_LOCAL1; - break; - case SYSLOG_FACILITY_LOCAL2: - log_facility = LOG_LOCAL2; - break; - case SYSLOG_FACILITY_LOCAL3: - log_facility = LOG_LOCAL3; - break; - case SYSLOG_FACILITY_LOCAL4: - log_facility = LOG_LOCAL4; - break; - case SYSLOG_FACILITY_LOCAL5: - log_facility = LOG_LOCAL5; - break; - case SYSLOG_FACILITY_LOCAL6: - log_facility = LOG_LOCAL6; - break; - case SYSLOG_FACILITY_LOCAL7: - log_facility = LOG_LOCAL7; - break; - default: - fprintf(stderr, - "Unrecognized internal syslog facility code %d\n", - (int) facility); - sshkeygen_cleanup(); - exit(1); - } - - /* - * If an external library (eg libwrap) attempts to use syslog - * immediately after reexec, syslog may be pointing to the wrong - * facility, so we force an open/close of syslog here. - */ -#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) - openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); - closelog_r(&sdata); -#else - openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); - closelog(); -#endif -} - -int -log_change_level(LogLevel new_log_level) -{ - /* no-op if log_init has not been called */ - if (argv0 == NULL) - return 0; - - switch (new_log_level) { - case SYSLOG_LEVEL_QUIET: - case SYSLOG_LEVEL_FATAL: - case SYSLOG_LEVEL_ERROR: - case SYSLOG_LEVEL_INFO: - case SYSLOG_LEVEL_VERBOSE: - case SYSLOG_LEVEL_DEBUG1: - case SYSLOG_LEVEL_DEBUG2: - case SYSLOG_LEVEL_DEBUG3: - log_level = new_log_level; - return 0; - default: - return -1; - } -} - -int -log_is_on_stderr(void) -{ - return log_on_stderr && log_stderr_fd == STDERR_FILENO; -} - -/* redirect what would usually get written to stderr to specified file */ -void -log_redirect_stderr_to(const char *logfile) -{ - int fd; - - if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) { - fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile, - strerror(errno)); - sshkeygen_cleanup(); - exit(1); - } - log_stderr_fd = fd; -} - -#define MSGBUFSIZ 1024 - -void -set_log_handler(log_handler_fn *handler, void *ctx) -{ - log_handler = handler; - log_handler_ctx = ctx; -} - -void -do_log2(LogLevel level, const char *fmt,...) -{ - va_list args; - - va_start(args, fmt); - do_log(level, fmt, args); - va_end(args); -} - -void -do_log(LogLevel level, const char *fmt, va_list args) -{ -#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) - struct syslog_data sdata = SYSLOG_DATA_INIT; -#endif - char msgbuf[MSGBUFSIZ]; - char fmtbuf[MSGBUFSIZ]; - char *txt = NULL; - int pri = LOG_INFO; - int saved_errno = errno; - log_handler_fn *tmp_handler; - - if (level > log_level) - return; - - switch (level) { - case SYSLOG_LEVEL_FATAL: - if (!log_on_stderr) - txt = "fatal"; - pri = LOG_CRIT; - break; - case SYSLOG_LEVEL_ERROR: - if (!log_on_stderr) - txt = "error"; - pri = LOG_ERR; - break; - case SYSLOG_LEVEL_INFO: - pri = LOG_INFO; - break; - case SYSLOG_LEVEL_VERBOSE: - pri = LOG_INFO; - break; - case SYSLOG_LEVEL_DEBUG1: - txt = "debug1"; - pri = LOG_DEBUG; - break; - case SYSLOG_LEVEL_DEBUG2: - txt = "debug2"; - pri = LOG_DEBUG; - break; - case SYSLOG_LEVEL_DEBUG3: - txt = "debug3"; - pri = LOG_DEBUG; - break; - default: - txt = "internal error"; - pri = LOG_ERR; - break; - } - if (txt != NULL && log_handler == NULL) { - snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); - vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); - } else { - vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); - } - strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), - log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); - if (log_handler != NULL) { - /* Avoid recursion */ - tmp_handler = log_handler; - log_handler = NULL; - tmp_handler(level, fmtbuf, log_handler_ctx); - log_handler = tmp_handler; - } else if (log_on_stderr) { - snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n", - (int)sizeof msgbuf - 3, fmtbuf); - (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); - } else { -#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) - openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); - syslog_r(pri, &sdata, "%.500s", fmtbuf); - closelog_r(&sdata); -#else - openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); - syslog(pri, "%.500s", fmtbuf); - closelog(); -#endif - } - errno = saved_errno; -} diff --git a/ssh_keygen_110/log.h b/ssh_keygen_110/log.h deleted file mode 100644 index ef7bea7e..00000000 --- a/ssh_keygen_110/log.h +++ /dev/null @@ -1,81 +0,0 @@ -/* $OpenBSD: log.h,v 1.23 2018/07/27 12:03:17 markus Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef SSH_LOG_H -#define SSH_LOG_H - -/* Supported syslog facilities and levels. */ -typedef enum { - SYSLOG_FACILITY_DAEMON, - SYSLOG_FACILITY_USER, - SYSLOG_FACILITY_AUTH, -#ifdef LOG_AUTHPRIV - SYSLOG_FACILITY_AUTHPRIV, -#endif - SYSLOG_FACILITY_LOCAL0, - SYSLOG_FACILITY_LOCAL1, - SYSLOG_FACILITY_LOCAL2, - SYSLOG_FACILITY_LOCAL3, - SYSLOG_FACILITY_LOCAL4, - SYSLOG_FACILITY_LOCAL5, - SYSLOG_FACILITY_LOCAL6, - SYSLOG_FACILITY_LOCAL7, - SYSLOG_FACILITY_NOT_SET = -1 -} SyslogFacility; - -typedef enum { - SYSLOG_LEVEL_QUIET, - SYSLOG_LEVEL_FATAL, - SYSLOG_LEVEL_ERROR, - SYSLOG_LEVEL_INFO, - SYSLOG_LEVEL_VERBOSE, - SYSLOG_LEVEL_DEBUG1, - SYSLOG_LEVEL_DEBUG2, - SYSLOG_LEVEL_DEBUG3, - SYSLOG_LEVEL_NOT_SET = -1 -} LogLevel; - -typedef void (log_handler_fn)(LogLevel, const char *, void *); - -void log_init(char *, LogLevel, SyslogFacility, int); -LogLevel log_level_get(void); -int log_change_level(LogLevel); -int log_is_on_stderr(void); -void log_redirect_stderr_to(const char *); - -SyslogFacility log_facility_number(char *); -const char * log_facility_name(SyslogFacility); -LogLevel log_level_number(char *); -const char * log_level_name(LogLevel); - -void fatal(const char *, ...) __attribute__((noreturn)) - __attribute__((format(printf, 1, 2))); -void error(const char *, ...) __attribute__((format(printf, 1, 2))); -void sigdie(const char *, ...) __attribute__((noreturn)) - __attribute__((format(printf, 1, 2))); -void logdie(const char *, ...) __attribute__((noreturn)) - __attribute__((format(printf, 1, 2))); -void logit(const char *, ...) __attribute__((format(printf, 1, 2))); -void verbose(const char *, ...) __attribute__((format(printf, 1, 2))); -void debug(const char *, ...) __attribute__((format(printf, 1, 2))); -void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); -void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); - - -void set_log_handler(log_handler_fn *, void *); -void do_log2(LogLevel, const char *, ...) - __attribute__((format(printf, 2, 3))); -void do_log(LogLevel, const char *, va_list); -void cleanup_exit(int) __attribute__((noreturn)); -#endif diff --git a/ssh_keygen_110/match.c b/ssh_keygen_110/match.c deleted file mode 100644 index bb3e95f6..00000000 --- a/ssh_keygen_110/match.c +++ /dev/null @@ -1,350 +0,0 @@ -/* $OpenBSD: match.c,v 1.38 2018/07/04 13:49:31 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Simple pattern matching, with '*' and '?' as wildcards. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include - -#include -#include -#include -#include - -#include "xmalloc.h" -#include "match.h" -#include "misc.h" - -/* - * Returns true if the given string matches the pattern (which may contain ? - * and * as wildcards), and zero if it does not match. - */ - -int -match_pattern(const char *s, const char *pattern) -{ - for (;;) { - /* If at end of pattern, accept if also at end of string. */ - if (!*pattern) - return !*s; - - if (*pattern == '*') { - /* Skip the asterisk. */ - pattern++; - - /* If at end of pattern, accept immediately. */ - if (!*pattern) - return 1; - - /* If next character in pattern is known, optimize. */ - if (*pattern != '?' && *pattern != '*') { - /* - * Look instances of the next character in - * pattern, and try to match starting from - * those. - */ - for (; *s; s++) - if (*s == *pattern && - match_pattern(s + 1, pattern + 1)) - return 1; - /* Failed. */ - return 0; - } - /* - * Move ahead one character at a time and try to - * match at each position. - */ - for (; *s; s++) - if (match_pattern(s, pattern)) - return 1; - /* Failed. */ - return 0; - } - /* - * There must be at least one more character in the string. - * If we are at the end, fail. - */ - if (!*s) - return 0; - - /* Check if the next character of the string is acceptable. */ - if (*pattern != '?' && *pattern != *s) - return 0; - - /* Move to the next character, both in string and in pattern. */ - s++; - pattern++; - } - /* NOTREACHED */ -} - -/* - * Tries to match the string against the - * comma-separated sequence of subpatterns (each possibly preceded by ! to - * indicate negation). Returns -1 if negation matches, 1 if there is - * a positive match, 0 if there is no match at all. - */ -int -match_pattern_list(const char *string, const char *pattern, int dolower) -{ - char sub[1024]; - int negated; - int got_positive; - u_int i, subi, len = strlen(pattern); - - got_positive = 0; - for (i = 0; i < len;) { - /* Check if the subpattern is negated. */ - if (pattern[i] == '!') { - negated = 1; - i++; - } else - negated = 0; - - /* - * Extract the subpattern up to a comma or end. Convert the - * subpattern to lowercase. - */ - for (subi = 0; - i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; - subi++, i++) - sub[subi] = dolower && isupper((u_char)pattern[i]) ? - tolower((u_char)pattern[i]) : pattern[i]; - /* If subpattern too long, return failure (no match). */ - if (subi >= sizeof(sub) - 1) - return 0; - - /* If the subpattern was terminated by a comma, then skip it. */ - if (i < len && pattern[i] == ',') - i++; - - /* Null-terminate the subpattern. */ - sub[subi] = '\0'; - - /* Try to match the subpattern against the string. */ - if (match_pattern(string, sub)) { - if (negated) - return -1; /* Negative */ - else - got_positive = 1; /* Positive */ - } - } - - /* - * Return success if got a positive match. If there was a negative - * match, we have already returned -1 and never get here. - */ - return got_positive; -} - -/* - * Tries to match the host name (which must be in all lowercase) against the - * comma-separated sequence of subpatterns (each possibly preceded by ! to - * indicate negation). Returns -1 if negation matches, 1 if there is - * a positive match, 0 if there is no match at all. - */ -int -match_hostname(const char *host, const char *pattern) -{ - char *hostcopy = xstrdup(host); - int r; - - lowercase(hostcopy); - r = match_pattern_list(hostcopy, pattern, 1); - free(hostcopy); - return r; -} - -/* - * returns 0 if we get a negative match for the hostname or the ip - * or if we get no match at all. returns -1 on error, or 1 on - * successful match. - */ -int -match_host_and_ip(const char *host, const char *ipaddr, - const char *patterns) -{ - int mhost, mip; - - if ((mip = addr_match_list(ipaddr, patterns)) == -2) - return -1; /* error in ipaddr match */ - else if (host == NULL || ipaddr == NULL || mip == -1) - return 0; /* negative ip address match, or testing pattern */ - - /* negative hostname match */ - if ((mhost = match_hostname(host, patterns)) == -1) - return 0; - /* no match at all */ - if (mhost == 0 && mip == 0) - return 0; - return 1; -} - -/* - * Match user, user@host_or_ip, user@host_or_ip_list against pattern. - * If user, host and ipaddr are all NULL then validate pattern/ - * Returns -1 on invalid pattern, 0 on no match, 1 on match. - */ -int -match_user(const char *user, const char *host, const char *ipaddr, - const char *pattern) -{ - char *p, *pat; - int ret; - - /* test mode */ - if (user == NULL && host == NULL && ipaddr == NULL) { - if ((p = strchr(pattern, '@')) != NULL && - match_host_and_ip(NULL, NULL, p + 1) < 0) - return -1; - return 0; - } - - if ((p = strchr(pattern,'@')) == NULL) - return match_pattern(user, pattern); - - pat = xstrdup(pattern); - p = strchr(pat, '@'); - *p++ = '\0'; - - if ((ret = match_pattern(user, pat)) == 1) - ret = match_host_and_ip(host, ipaddr, p); - free(pat); - - return ret; -} - -/* - * Returns first item from client-list that is also supported by server-list, - * caller must free the returned string. - */ -#define MAX_PROP 40 -#define SEP "," -char * -match_list(const char *client, const char *server, u_int *next) -{ - char *sproposals[MAX_PROP]; - char *c, *s, *p, *ret, *cp, *sp; - int i, j, nproposals; - - c = cp = xstrdup(client); - s = sp = xstrdup(server); - - for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; - (p = strsep(&sp, SEP)), i++) { - if (i < MAX_PROP) - sproposals[i] = p; - else - break; - } - nproposals = i; - - for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; - (p = strsep(&cp, SEP)), i++) { - for (j = 0; j < nproposals; j++) { - if (strcmp(p, sproposals[j]) == 0) { - ret = xstrdup(p); - if (next != NULL) - *next = (cp == NULL) ? - strlen(c) : (u_int)(cp - c); - free(c); - free(s); - return ret; - } - } - } - if (next != NULL) - *next = strlen(c); - free(c); - free(s); - return NULL; -} - -/* - * Filter proposal using pattern-list filter. - * "blacklist" determines sense of filter: - * non-zero indicates that items matching filter should be excluded. - * zero indicates that only items matching filter should be included. - * returns NULL on allocation error, otherwise caller must free result. - */ -static char * -filter_list(const char *proposal, const char *filter, int blacklist) -{ - size_t len = strlen(proposal) + 1; - char *fix_prop = malloc(len); - char *orig_prop = strdup(proposal); - char *cp, *tmp; - int r; - - if (fix_prop == NULL || orig_prop == NULL) { - free(orig_prop); - free(fix_prop); - return NULL; - } - - tmp = orig_prop; - *fix_prop = '\0'; - while ((cp = strsep(&tmp, ",")) != NULL) { - r = match_pattern_list(cp, filter, 0); - if ((blacklist && r != 1) || (!blacklist && r == 1)) { - if (*fix_prop != '\0') - strlcat(fix_prop, ",", len); - strlcat(fix_prop, cp, len); - } - } - free(orig_prop); - return fix_prop; -} - -/* - * Filters a comma-separated list of strings, excluding any entry matching - * the 'filter' pattern list. Caller must free returned string. - */ -char * -match_filter_blacklist(const char *proposal, const char *filter) -{ - return filter_list(proposal, filter, 1); -} - -/* - * Filters a comma-separated list of strings, including only entries matching - * the 'filter' pattern list. Caller must free returned string. - */ -char * -match_filter_whitelist(const char *proposal, const char *filter) -{ - return filter_list(proposal, filter, 0); -} diff --git a/ssh_keygen_110/match.h b/ssh_keygen_110/match.h deleted file mode 100644 index 852b1a5c..00000000 --- a/ssh_keygen_110/match.h +++ /dev/null @@ -1,29 +0,0 @@ -/* $OpenBSD: match.h,v 1.18 2018/07/04 13:49:31 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ -#ifndef MATCH_H -#define MATCH_H - -int match_pattern(const char *, const char *); -int match_pattern_list(const char *, const char *, int); -int match_hostname(const char *, const char *); -int match_host_and_ip(const char *, const char *, const char *); -int match_user(const char *, const char *, const char *, const char *); -char *match_list(const char *, const char *, u_int *); -char *match_filter_blacklist(const char *, const char *); -char *match_filter_whitelist(const char *, const char *); - -/* addrmatch.c */ -int addr_match_list(const char *, const char *); -int addr_match_cidr_list(const char *, const char *); -#endif diff --git a/ssh_keygen_110/misc.c b/ssh_keygen_110/misc.c deleted file mode 100644 index cae14904..00000000 --- a/ssh_keygen_110/misc.c +++ /dev/null @@ -1,2044 +0,0 @@ -/* $OpenBSD: misc.c,v 1.133 2018/10/05 14:26:09 naddy Exp $ */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * Copyright (c) 2005,2006 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include -#include -#include -#include -#include - -#include -#ifdef HAVE_LIBGEN_H -# include -#endif -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#ifdef HAVE_PATHS_H -# include -#include -#endif -#ifdef SSH_TUN_OPENBSD -#include -#endif - -#include "xmalloc.h" -#include "misc.h" -#include "log.h" -#include "ssh.h" -#include "sshbuf.h" -#include "ssherr.h" -#include "platform.h" - -/* remove newline at end of string */ -char * -chop(char *s) -{ - char *t = s; - while (*t) { - if (*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; - -} - -/* set/unset filedescriptor to non-blocking */ -int -set_nonblock(int fd) -{ - int val; - - val = fcntl(fd, F_GETFL); - if (val < 0) { - error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); - return (-1); - } - if (val & O_NONBLOCK) { - debug3("fd %d is O_NONBLOCK", fd); - return (0); - } - debug2("fd %d setting O_NONBLOCK", fd); - val |= O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) { - debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, - strerror(errno)); - return (-1); - } - return (0); -} - -int -unset_nonblock(int fd) -{ - int val; - - val = fcntl(fd, F_GETFL); - if (val < 0) { - error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); - return (-1); - } - if (!(val & O_NONBLOCK)) { - debug3("fd %d is not O_NONBLOCK", fd); - return (0); - } - debug("fd %d clearing O_NONBLOCK", fd); - val &= ~O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) { - debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", - fd, strerror(errno)); - return (-1); - } - return (0); -} - -const char * -ssh_gai_strerror(int gaierr) -{ - if (gaierr == EAI_SYSTEM && errno != 0) - return strerror(errno); - return gai_strerror(gaierr); -} - -/* disable nagle on socket */ -void -set_nodelay(int fd) -{ - int opt; - socklen_t optlen; - - optlen = sizeof opt; - if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { - debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); - return; - } - if (opt == 1) { - debug2("fd %d is TCP_NODELAY", fd); - return; - } - opt = 1; - debug2("fd %d setting TCP_NODELAY", fd); - if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) - error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); -} - -/* Allow local port reuse in TIME_WAIT */ -int -set_reuseaddr(int fd) -{ - int on = 1; - - if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) { - error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); - return -1; - } - return 0; -} - -/* Get/set routing domain */ -char * -get_rdomain(int fd) -{ -#if defined(HAVE_SYS_GET_RDOMAIN) - return sys_get_rdomain(fd); -#elif defined(__OpenBSD__) - int rtable; - char *ret; - socklen_t len = sizeof(rtable); - - if (getsockopt(fd, SOL_SOCKET, SO_RTABLE, &rtable, &len) == -1) { - error("Failed to get routing domain for fd %d: %s", - fd, strerror(errno)); - return NULL; - } - xasprintf(&ret, "%d", rtable); - return ret; -#else /* defined(__OpenBSD__) */ - return NULL; -#endif -} - -int -set_rdomain(int fd, const char *name) -{ -#if defined(HAVE_SYS_SET_RDOMAIN) - return sys_set_rdomain(fd, name); -#elif defined(__OpenBSD__) - int rtable; - const char *errstr; - - if (name == NULL) - return 0; /* default table */ - - rtable = (int)strtonum(name, 0, 255, &errstr); - if (errstr != NULL) { - /* Shouldn't happen */ - error("Invalid routing domain \"%s\": %s", name, errstr); - return -1; - } - if (setsockopt(fd, SOL_SOCKET, SO_RTABLE, - &rtable, sizeof(rtable)) == -1) { - error("Failed to set routing domain %d on fd %d: %s", - rtable, fd, strerror(errno)); - return -1; - } - return 0; -#else /* defined(__OpenBSD__) */ - error("Setting routing domain is not supported on this platform"); - return -1; -#endif -} - -/* Characters considered whitespace in strsep calls. */ -#define WHITESPACE " \t\r\n" -#define QUOTE "\"" - -/* return next token in configuration line */ -static char * -strdelim_internal(char **s, int split_equals) -{ - char *old; - int wspace = 0; - - if (*s == NULL) - return NULL; - - old = *s; - - *s = strpbrk(*s, - split_equals ? WHITESPACE QUOTE "=" : WHITESPACE QUOTE); - if (*s == NULL) - return (old); - - if (*s[0] == '\"') { - memmove(*s, *s + 1, strlen(*s)); /* move nul too */ - /* Find matching quote */ - if ((*s = strpbrk(*s, QUOTE)) == NULL) { - return (NULL); /* no matching quote */ - } else { - *s[0] = '\0'; - *s += strspn(*s + 1, WHITESPACE) + 1; - return (old); - } - } - - /* Allow only one '=' to be skipped */ - if (split_equals && *s[0] == '=') - wspace = 1; - *s[0] = '\0'; - - /* Skip any extra whitespace after first token */ - *s += strspn(*s + 1, WHITESPACE) + 1; - if (split_equals && *s[0] == '=' && !wspace) - *s += strspn(*s + 1, WHITESPACE) + 1; - - return (old); -} - -/* - * Return next token in configuration line; splts on whitespace or a - * single '=' character. - */ -char * -strdelim(char **s) -{ - return strdelim_internal(s, 1); -} - -/* - * Return next token in configuration line; splts on whitespace only. - */ -char * -strdelimw(char **s) -{ - return strdelim_internal(s, 0); -} - -struct passwd * -pwcopy(struct passwd *pw) -{ - struct passwd *copy = xcalloc(1, sizeof(*copy)); - - copy->pw_name = xstrdup(pw->pw_name); - copy->pw_passwd = xstrdup(pw->pw_passwd); -#ifdef HAVE_STRUCT_PASSWD_PW_GECOS - copy->pw_gecos = xstrdup(pw->pw_gecos); -#endif - copy->pw_uid = pw->pw_uid; - copy->pw_gid = pw->pw_gid; -#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE - copy->pw_expire = pw->pw_expire; -#endif -#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE - copy->pw_change = pw->pw_change; -#endif -#ifdef HAVE_STRUCT_PASSWD_PW_CLASS - copy->pw_class = xstrdup(pw->pw_class); -#endif - copy->pw_dir = xstrdup(pw->pw_dir); - copy->pw_shell = xstrdup(pw->pw_shell); - return copy; -} - -/* - * Convert ASCII string to TCP/IP port number. - * Port must be >=0 and <=65535. - * Return -1 if invalid. - */ -int -a2port(const char *s) -{ - struct servent *se; - long long port; - const char *errstr; - - port = strtonum(s, 0, 65535, &errstr); - if (errstr == NULL) - return (int)port; - if ((se = getservbyname(s, "tcp")) != NULL) - return ntohs(se->s_port); - return -1; -} - -int -a2tun(const char *s, int *remote) -{ - const char *errstr = NULL; - char *sp, *ep; - int tun; - - if (remote != NULL) { - *remote = SSH_TUNID_ANY; - sp = xstrdup(s); - if ((ep = strchr(sp, ':')) == NULL) { - free(sp); - return (a2tun(s, NULL)); - } - ep[0] = '\0'; ep++; - *remote = a2tun(ep, NULL); - tun = a2tun(sp, NULL); - free(sp); - return (*remote == SSH_TUNID_ERR ? *remote : tun); - } - - if (strcasecmp(s, "any") == 0) - return (SSH_TUNID_ANY); - - tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr); - if (errstr != NULL) - return (SSH_TUNID_ERR); - - return (tun); -} - -#define SECONDS 1 -#define MINUTES (SECONDS * 60) -#define HOURS (MINUTES * 60) -#define DAYS (HOURS * 24) -#define WEEKS (DAYS * 7) - -/* - * Convert a time string into seconds; format is - * a sequence of: - * time[qualifier] - * - * Valid time qualifiers are: - * seconds - * s|S seconds - * m|M minutes - * h|H hours - * d|D days - * w|W weeks - * - * Examples: - * 90m 90 minutes - * 1h30m 90 minutes - * 2d 2 days - * 1w 1 week - * - * Return -1 if time string is invalid. - */ -long -convtime(const char *s) -{ - long total, secs, multiplier = 1; - const char *p; - char *endp; - - errno = 0; - total = 0; - p = s; - - if (p == NULL || *p == '\0') - return -1; - - while (*p) { - secs = strtol(p, &endp, 10); - if (p == endp || - (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) || - secs < 0) - return -1; - - switch (*endp++) { - case '\0': - endp--; - break; - case 's': - case 'S': - break; - case 'm': - case 'M': - multiplier = MINUTES; - break; - case 'h': - case 'H': - multiplier = HOURS; - break; - case 'd': - case 'D': - multiplier = DAYS; - break; - case 'w': - case 'W': - multiplier = WEEKS; - break; - default: - return -1; - } - if (secs >= LONG_MAX / multiplier) - return -1; - secs *= multiplier; - if (total >= LONG_MAX - secs) - return -1; - total += secs; - if (total < 0) - return -1; - p = endp; - } - - return total; -} - -/* - * Returns a standardized host+port identifier string. - * Caller must free returned string. - */ -char * -put_host_port(const char *host, u_short port) -{ - char *hoststr; - - if (port == 0 || port == SSH_DEFAULT_PORT) - return(xstrdup(host)); - if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) - fatal("put_host_port: asprintf: %s", strerror(errno)); - debug3("put_host_port: %s", hoststr); - return hoststr; -} - -/* - * Search for next delimiter between hostnames/addresses and ports. - * Argument may be modified (for termination). - * Returns *cp if parsing succeeds. - * *cp is set to the start of the next field, if one was found. - * The delimiter char, if present, is stored in delim. - * If this is the last field, *cp is set to NULL. - */ -static char * -hpdelim2(char **cp, char *delim) -{ - char *s, *old; - - if (cp == NULL || *cp == NULL) - return NULL; - - old = s = *cp; - if (*s == '[') { - if ((s = strchr(s, ']')) == NULL) - return NULL; - else - s++; - } else if ((s = strpbrk(s, ":/")) == NULL) - s = *cp + strlen(*cp); /* skip to end (see first case below) */ - - switch (*s) { - case '\0': - *cp = NULL; /* no more fields*/ - break; - - case ':': - case '/': - if (delim != NULL) - *delim = *s; - *s = '\0'; /* terminate */ - *cp = s + 1; - break; - - default: - return NULL; - } - - return old; -} - -char * -hpdelim(char **cp) -{ - return hpdelim2(cp, NULL); -} - -char * -cleanhostname(char *host) -{ - if (*host == '[' && host[strlen(host) - 1] == ']') { - host[strlen(host) - 1] = '\0'; - return (host + 1); - } else - return host; -} - -char * -colon(char *cp) -{ - int flag = 0; - - if (*cp == ':') /* Leading colon is part of file name. */ - return NULL; - if (*cp == '[') - flag = 1; - - for (; *cp; ++cp) { - if (*cp == '@' && *(cp+1) == '[') - flag = 1; - if (*cp == ']' && *(cp+1) == ':' && flag) - return (cp+1); - if (*cp == ':' && !flag) - return (cp); - if (*cp == '/') - return NULL; - } - return NULL; -} - -/* - * Parse a [user@]host:[path] string. - * Caller must free returned user, host and path. - * Any of the pointer return arguments may be NULL (useful for syntax checking). - * If user was not specified then *userp will be set to NULL. - * If host was not specified then *hostp will be set to NULL. - * If path was not specified then *pathp will be set to ".". - * Returns 0 on success, -1 on failure. - */ -int -parse_user_host_path(const char *s, char **userp, char **hostp, char **pathp) -{ - char *user = NULL, *host = NULL, *path = NULL; - char *sdup, *tmp; - int ret = -1; - - if (userp != NULL) - *userp = NULL; - if (hostp != NULL) - *hostp = NULL; - if (pathp != NULL) - *pathp = NULL; - - sdup = xstrdup(s); - - /* Check for remote syntax: [user@]host:[path] */ - if ((tmp = colon(sdup)) == NULL) - goto out; - - /* Extract optional path */ - *tmp++ = '\0'; - if (*tmp == '\0') - tmp = "."; - path = xstrdup(tmp); - - /* Extract optional user and mandatory host */ - tmp = strrchr(sdup, '@'); - if (tmp != NULL) { - *tmp++ = '\0'; - host = xstrdup(cleanhostname(tmp)); - if (*sdup != '\0') - user = xstrdup(sdup); - } else { - host = xstrdup(cleanhostname(sdup)); - user = NULL; - } - - /* Success */ - if (userp != NULL) { - *userp = user; - user = NULL; - } - if (hostp != NULL) { - *hostp = host; - host = NULL; - } - if (pathp != NULL) { - *pathp = path; - path = NULL; - } - ret = 0; -out: - free(sdup); - free(user); - free(host); - free(path); - return ret; -} - -/* - * Parse a [user@]host[:port] string. - * Caller must free returned user and host. - * Any of the pointer return arguments may be NULL (useful for syntax checking). - * If user was not specified then *userp will be set to NULL. - * If port was not specified then *portp will be -1. - * Returns 0 on success, -1 on failure. - */ -int -parse_user_host_port(const char *s, char **userp, char **hostp, int *portp) -{ - char *sdup, *cp, *tmp; - char *user = NULL, *host = NULL; - int port = -1, ret = -1; - - if (userp != NULL) - *userp = NULL; - if (hostp != NULL) - *hostp = NULL; - if (portp != NULL) - *portp = -1; - - if ((sdup = tmp = strdup(s)) == NULL) - return -1; - /* Extract optional username */ - if ((cp = strrchr(tmp, '@')) != NULL) { - *cp = '\0'; - if (*tmp == '\0') - goto out; - if ((user = strdup(tmp)) == NULL) - goto out; - tmp = cp + 1; - } - /* Extract mandatory hostname */ - if ((cp = hpdelim(&tmp)) == NULL || *cp == '\0') - goto out; - host = xstrdup(cleanhostname(cp)); - /* Convert and verify optional port */ - if (tmp != NULL && *tmp != '\0') { - if ((port = a2port(tmp)) <= 0) - goto out; - } - /* Success */ - if (userp != NULL) { - *userp = user; - user = NULL; - } - if (hostp != NULL) { - *hostp = host; - host = NULL; - } - if (portp != NULL) - *portp = port; - ret = 0; - out: - free(sdup); - free(user); - free(host); - return ret; -} - -/* - * Converts a two-byte hex string to decimal. - * Returns the decimal value or -1 for invalid input. - */ -static int -hexchar(const char *s) -{ - unsigned char result[2]; - int i; - - for (i = 0; i < 2; i++) { - if (s[i] >= '0' && s[i] <= '9') - result[i] = (unsigned char)(s[i] - '0'); - else if (s[i] >= 'a' && s[i] <= 'f') - result[i] = (unsigned char)(s[i] - 'a') + 10; - else if (s[i] >= 'A' && s[i] <= 'F') - result[i] = (unsigned char)(s[i] - 'A') + 10; - else - return -1; - } - return (result[0] << 4) | result[1]; -} - -/* - * Decode an url-encoded string. - * Returns a newly allocated string on success or NULL on failure. - */ -static char * -urldecode(const char *src) -{ - char *ret, *dst; - int ch; - - ret = xmalloc(strlen(src) + 1); - for (dst = ret; *src != '\0'; src++) { - switch (*src) { - case '+': - *dst++ = ' '; - break; - case '%': - if (!isxdigit((unsigned char)src[1]) || - !isxdigit((unsigned char)src[2]) || - (ch = hexchar(src + 1)) == -1) { - free(ret); - return NULL; - } - *dst++ = ch; - src += 2; - break; - default: - *dst++ = *src; - break; - } - } - *dst = '\0'; - - return ret; -} - -/* - * Parse an (scp|ssh|sftp)://[user@]host[:port][/path] URI. - * See https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04 - * Either user or path may be url-encoded (but not host or port). - * Caller must free returned user, host and path. - * Any of the pointer return arguments may be NULL (useful for syntax checking) - * but the scheme must always be specified. - * If user was not specified then *userp will be set to NULL. - * If port was not specified then *portp will be -1. - * If path was not specified then *pathp will be set to NULL. - * Returns 0 on success, 1 if non-uri/wrong scheme, -1 on error/invalid uri. - */ -int -parse_uri(const char *scheme, const char *uri, char **userp, char **hostp, - int *portp, char **pathp) -{ - char *uridup, *cp, *tmp, ch; - char *user = NULL, *host = NULL, *path = NULL; - int port = -1, ret = -1; - size_t len; - - len = strlen(scheme); - if (strncmp(uri, scheme, len) != 0 || strncmp(uri + len, "://", 3) != 0) - return 1; - uri += len + 3; - - if (userp != NULL) - *userp = NULL; - if (hostp != NULL) - *hostp = NULL; - if (portp != NULL) - *portp = -1; - if (pathp != NULL) - *pathp = NULL; - - uridup = tmp = xstrdup(uri); - - /* Extract optional ssh-info (username + connection params) */ - if ((cp = strchr(tmp, '@')) != NULL) { - char *delim; - - *cp = '\0'; - /* Extract username and connection params */ - if ((delim = strchr(tmp, ';')) != NULL) { - /* Just ignore connection params for now */ - *delim = '\0'; - } - if (*tmp == '\0') { - /* Empty username */ - goto out; - } - if ((user = urldecode(tmp)) == NULL) - goto out; - tmp = cp + 1; - } - - /* Extract mandatory hostname */ - if ((cp = hpdelim2(&tmp, &ch)) == NULL || *cp == '\0') - goto out; - host = xstrdup(cleanhostname(cp)); - if (!valid_domain(host, 0, NULL)) - goto out; - - if (tmp != NULL && *tmp != '\0') { - if (ch == ':') { - /* Convert and verify port. */ - if ((cp = strchr(tmp, '/')) != NULL) - *cp = '\0'; - if ((port = a2port(tmp)) <= 0) - goto out; - tmp = cp ? cp + 1 : NULL; - } - if (tmp != NULL && *tmp != '\0') { - /* Extract optional path */ - if ((path = urldecode(tmp)) == NULL) - goto out; - } - } - - /* Success */ - if (userp != NULL) { - *userp = user; - user = NULL; - } - if (hostp != NULL) { - *hostp = host; - host = NULL; - } - if (portp != NULL) - *portp = port; - if (pathp != NULL) { - *pathp = path; - path = NULL; - } - ret = 0; - out: - free(uridup); - free(user); - free(host); - free(path); - return ret; -} - -/* function to assist building execv() arguments */ -void -addargs(arglist *args, char *fmt, ...) -{ - va_list ap; - char *cp; - u_int nalloc; - int r; - - va_start(ap, fmt); - r = vasprintf(&cp, fmt, ap); - va_end(ap); - if (r == -1) - fatal("addargs: argument too long"); - - nalloc = args->nalloc; - if (args->list == NULL) { - nalloc = 32; - args->num = 0; - } else if (args->num+2 >= nalloc) - nalloc *= 2; - - args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *)); - args->nalloc = nalloc; - args->list[args->num++] = cp; - args->list[args->num] = NULL; -} - -void -replacearg(arglist *args, u_int which, char *fmt, ...) -{ - va_list ap; - char *cp; - int r; - - va_start(ap, fmt); - r = vasprintf(&cp, fmt, ap); - va_end(ap); - if (r == -1) - fatal("replacearg: argument too long"); - - if (which >= args->num) - fatal("replacearg: tried to replace invalid arg %d >= %d", - which, args->num); - free(args->list[which]); - args->list[which] = cp; -} - -void -freeargs(arglist *args) -{ - u_int i; - - if (args->list != NULL) { - for (i = 0; i < args->num; i++) - free(args->list[i]); - free(args->list); - args->nalloc = args->num = 0; - args->list = NULL; - } -} - -/* - * Expands tildes in the file name. Returns data allocated by xmalloc. - * Warning: this calls getpw*. - */ -char * -tilde_expand_filename(const char *filename, uid_t uid) -{ - const char *path, *sep; - char user[128], *ret; - struct passwd *pw; - u_int len, slash; - - if (*filename != '~') - return (xstrdup(filename)); - filename++; - - path = strchr(filename, '/'); - if (path != NULL && path > filename) { /* ~user/path */ - slash = path - filename; - if (slash > sizeof(user) - 1) - fatal("tilde_expand_filename: ~username too long"); - memcpy(user, filename, slash); - user[slash] = '\0'; - if ((pw = getpwnam(user)) == NULL) - fatal("tilde_expand_filename: No such user %s", user); - } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ - fatal("tilde_expand_filename: No such uid %ld", (long)uid); - - /* Make sure directory has a trailing '/' */ - len = strlen(pw->pw_dir); - if (len == 0 || pw->pw_dir[len - 1] != '/') - sep = "/"; - else - sep = ""; - - /* Skip leading '/' from specified path */ - if (path != NULL) - filename = path + 1; - - if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) - fatal("tilde_expand_filename: Path too long"); - - return (ret); -} - -/* - * Expand a string with a set of %[char] escapes. A number of escapes may be - * specified as (char *escape_chars, char *replacement) pairs. The list must - * be terminated by a NULL escape_char. Returns replaced string in memory - * allocated by xmalloc. - */ -char * -percent_expand(const char *string, ...) -{ -#define EXPAND_MAX_KEYS 16 - u_int num_keys, i, j; - struct { - const char *key; - const char *repl; - } keys[EXPAND_MAX_KEYS]; - char buf[4096]; - va_list ap; - - /* Gather keys */ - va_start(ap, string); - for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) { - keys[num_keys].key = va_arg(ap, char *); - if (keys[num_keys].key == NULL) - break; - keys[num_keys].repl = va_arg(ap, char *); - if (keys[num_keys].repl == NULL) - fatal("%s: NULL replacement", __func__); - } - if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL) - fatal("%s: too many keys", __func__); - va_end(ap); - - /* Expand string */ - *buf = '\0'; - for (i = 0; *string != '\0'; string++) { - if (*string != '%') { - append: - buf[i++] = *string; - if (i >= sizeof(buf)) - fatal("%s: string too long", __func__); - buf[i] = '\0'; - continue; - } - string++; - /* %% case */ - if (*string == '%') - goto append; - if (*string == '\0') - fatal("%s: invalid format", __func__); - for (j = 0; j < num_keys; j++) { - if (strchr(keys[j].key, *string) != NULL) { - i = strlcat(buf, keys[j].repl, sizeof(buf)); - if (i >= sizeof(buf)) - fatal("%s: string too long", __func__); - break; - } - } - if (j >= num_keys) - fatal("%s: unknown key %%%c", __func__, *string); - } - return (xstrdup(buf)); -#undef EXPAND_MAX_KEYS -} - -#define IOS_NOSAFEPATH -#ifndef IOS_NOSAFEPATH -int -tun_open(int tun, int mode, char **ifname) -{ -#if defined(CUSTOM_SYS_TUN_OPEN) - return (sys_tun_open(tun, mode, ifname)); -#elif defined(SSH_TUN_OPENBSD) - struct ifreq ifr; - char name[100]; - int fd = -1, sock; - const char *tunbase = "tun"; - - if (ifname != NULL) - *ifname = NULL; - - if (mode == SSH_TUNMODE_ETHERNET) - tunbase = "tap"; - - /* Open the tunnel device */ - if (tun <= SSH_TUNID_MAX) { - snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); - fd = open(name, O_RDWR); - } else if (tun == SSH_TUNID_ANY) { - for (tun = 100; tun >= 0; tun--) { - snprintf(name, sizeof(name), "/dev/%s%d", - tunbase, tun); - if ((fd = open(name, O_RDWR)) >= 0) - break; - } - } else { - debug("%s: invalid tunnel %u", __func__, tun); - return -1; - } - - if (fd < 0) { - debug("%s: %s open: %s", __func__, name, strerror(errno)); - return -1; - } - - debug("%s: %s mode %d fd %d", __func__, name, mode, fd); - - /* Bring interface up if it is not already */ - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); - if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) - goto failed; - - if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) { - debug("%s: get interface %s flags: %s", __func__, - ifr.ifr_name, strerror(errno)); - goto failed; - } - - if (!(ifr.ifr_flags & IFF_UP)) { - ifr.ifr_flags |= IFF_UP; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) { - debug("%s: activate interface %s: %s", __func__, - ifr.ifr_name, strerror(errno)); - goto failed; - } - } - - if (ifname != NULL) - *ifname = xstrdup(ifr.ifr_name); - - close(sock); - return fd; - - failed: - if (fd >= 0) - close(fd); - if (sock >= 0) - close(sock); - return -1; -#else - error("Tunnel interfaces are not supported on this platform"); - return (-1); -#endif -} -#endif - -void -sanitise_stdfd(void) -{ - int nullfd, dupfd; - - if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { - fprintf(stderr, "Couldn't open /dev/null: %s\n", - strerror(errno)); - exit(1); - } - while (++dupfd <= STDERR_FILENO) { - /* Only populate closed fds. */ - if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) { - if (dup2(nullfd, dupfd) == -1) { - fprintf(stderr, "dup2: %s\n", strerror(errno)); - exit(1); - } - } - } - if (nullfd > STDERR_FILENO) - close(nullfd); -} - -char * -tohex(const void *vp, size_t l) -{ - const u_char *p = (const u_char *)vp; - char b[3], *r; - size_t i, hl; - - if (l > 65536) - return xstrdup("tohex: length > 65536"); - - hl = l * 2 + 1; - r = xcalloc(1, hl); - for (i = 0; i < l; i++) { - snprintf(b, sizeof(b), "%02x", p[i]); - strlcat(r, b, hl); - } - return (r); -} - -u_int64_t -get_u64(const void *vp) -{ - const u_char *p = (const u_char *)vp; - u_int64_t v; - - v = (u_int64_t)p[0] << 56; - v |= (u_int64_t)p[1] << 48; - v |= (u_int64_t)p[2] << 40; - v |= (u_int64_t)p[3] << 32; - v |= (u_int64_t)p[4] << 24; - v |= (u_int64_t)p[5] << 16; - v |= (u_int64_t)p[6] << 8; - v |= (u_int64_t)p[7]; - - return (v); -} - -u_int32_t -get_u32(const void *vp) -{ - const u_char *p = (const u_char *)vp; - u_int32_t v; - - v = (u_int32_t)p[0] << 24; - v |= (u_int32_t)p[1] << 16; - v |= (u_int32_t)p[2] << 8; - v |= (u_int32_t)p[3]; - - return (v); -} - -u_int32_t -get_u32_le(const void *vp) -{ - const u_char *p = (const u_char *)vp; - u_int32_t v; - - v = (u_int32_t)p[0]; - v |= (u_int32_t)p[1] << 8; - v |= (u_int32_t)p[2] << 16; - v |= (u_int32_t)p[3] << 24; - - return (v); -} - -u_int16_t -get_u16(const void *vp) -{ - const u_char *p = (const u_char *)vp; - u_int16_t v; - - v = (u_int16_t)p[0] << 8; - v |= (u_int16_t)p[1]; - - return (v); -} - -void -put_u64(void *vp, u_int64_t v) -{ - u_char *p = (u_char *)vp; - - p[0] = (u_char)(v >> 56) & 0xff; - p[1] = (u_char)(v >> 48) & 0xff; - p[2] = (u_char)(v >> 40) & 0xff; - p[3] = (u_char)(v >> 32) & 0xff; - p[4] = (u_char)(v >> 24) & 0xff; - p[5] = (u_char)(v >> 16) & 0xff; - p[6] = (u_char)(v >> 8) & 0xff; - p[7] = (u_char)v & 0xff; -} - -void -put_u32(void *vp, u_int32_t v) -{ - u_char *p = (u_char *)vp; - - p[0] = (u_char)(v >> 24) & 0xff; - p[1] = (u_char)(v >> 16) & 0xff; - p[2] = (u_char)(v >> 8) & 0xff; - p[3] = (u_char)v & 0xff; -} - -void -put_u32_le(void *vp, u_int32_t v) -{ - u_char *p = (u_char *)vp; - - p[0] = (u_char)v & 0xff; - p[1] = (u_char)(v >> 8) & 0xff; - p[2] = (u_char)(v >> 16) & 0xff; - p[3] = (u_char)(v >> 24) & 0xff; -} - -void -put_u16(void *vp, u_int16_t v) -{ - u_char *p = (u_char *)vp; - - p[0] = (u_char)(v >> 8) & 0xff; - p[1] = (u_char)v & 0xff; -} - -void -ms_subtract_diff(struct timeval *start, int *ms) -{ - struct timeval diff, finish; - - monotime_tv(&finish); - timersub(&finish, start, &diff); - *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); -} - -void -ms_to_timeval(struct timeval *tv, int ms) -{ - if (ms < 0) - ms = 0; - tv->tv_sec = ms / 1000; - tv->tv_usec = (ms % 1000) * 1000; -} - -void -monotime_ts(struct timespec *ts) -{ - struct timeval tv; -#if defined(HAVE_CLOCK_GETTIME) && (defined(CLOCK_BOOTTIME) || \ - defined(CLOCK_MONOTONIC) || defined(CLOCK_REALTIME)) - static int gettime_failed = 0; - - if (!gettime_failed) { -# ifdef CLOCK_BOOTTIME - if (clock_gettime(CLOCK_BOOTTIME, ts) == 0) - return; -# endif /* CLOCK_BOOTTIME */ -# ifdef CLOCK_MONOTONIC - if (clock_gettime(CLOCK_MONOTONIC, ts) == 0) - return; -# endif /* CLOCK_MONOTONIC */ -# ifdef CLOCK_REALTIME - /* Not monotonic, but we're almost out of options here. */ - if (clock_gettime(CLOCK_REALTIME, ts) == 0) - return; -# endif /* CLOCK_REALTIME */ - debug3("clock_gettime: %s", strerror(errno)); - gettime_failed = 1; - } -#endif /* HAVE_CLOCK_GETTIME && (BOOTTIME || MONOTONIC || REALTIME) */ - gettimeofday(&tv, NULL); - ts->tv_sec = tv.tv_sec; - ts->tv_nsec = (long)tv.tv_usec * 1000; -} - -void -monotime_tv(struct timeval *tv) -{ - struct timespec ts; - - monotime_ts(&ts); - tv->tv_sec = ts.tv_sec; - tv->tv_usec = ts.tv_nsec / 1000; -} - -time_t -monotime(void) -{ - struct timespec ts; - - monotime_ts(&ts); - return ts.tv_sec; -} - -double -monotime_double(void) -{ - struct timespec ts; - - monotime_ts(&ts); - return ts.tv_sec + ((double)ts.tv_nsec / 1000000000); -} - -void -bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) -{ - bw->buflen = buflen; - bw->rate = kbps; - bw->thresh = bw->rate; - bw->lamt = 0; - timerclear(&bw->bwstart); - timerclear(&bw->bwend); -} - -/* Callback from read/write loop to insert bandwidth-limiting delays */ -void -bandwidth_limit(struct bwlimit *bw, size_t read_len) -{ - u_int64_t waitlen; - struct timespec ts, rm; - - if (!timerisset(&bw->bwstart)) { - monotime_tv(&bw->bwstart); - return; - } - - bw->lamt += read_len; - if (bw->lamt < bw->thresh) - return; - - monotime_tv(&bw->bwend); - timersub(&bw->bwend, &bw->bwstart, &bw->bwend); - if (!timerisset(&bw->bwend)) - return; - - bw->lamt *= 8; - waitlen = (double)1000000L * bw->lamt / bw->rate; - - bw->bwstart.tv_sec = waitlen / 1000000L; - bw->bwstart.tv_usec = waitlen % 1000000L; - - if (timercmp(&bw->bwstart, &bw->bwend, >)) { - timersub(&bw->bwstart, &bw->bwend, &bw->bwend); - - /* Adjust the wait time */ - if (bw->bwend.tv_sec) { - bw->thresh /= 2; - if (bw->thresh < bw->buflen / 4) - bw->thresh = bw->buflen / 4; - } else if (bw->bwend.tv_usec < 10000) { - bw->thresh *= 2; - if (bw->thresh > bw->buflen * 8) - bw->thresh = bw->buflen * 8; - } - - TIMEVAL_TO_TIMESPEC(&bw->bwend, &ts); - while (nanosleep(&ts, &rm) == -1) { - if (errno != EINTR) - break; - ts = rm; - } - } - - bw->lamt = 0; - monotime_tv(&bw->bwstart); -} - -/* Make a template filename for mk[sd]temp() */ -void -mktemp_proto(char *s, size_t len) -{ - const char *tmpdir; - int r; - - if ((tmpdir = getenv("TMPDIR")) != NULL) { - r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir); - if (r > 0 && (size_t)r < len) - return; - } - r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); - if (r < 0 || (size_t)r >= len) - fatal("%s: template string too short", __func__); -} - -static const struct { - const char *name; - int value; -} ipqos[] = { - { "none", INT_MAX }, /* can't use 0 here; that's CS0 */ - { "af11", IPTOS_DSCP_AF11 }, - { "af12", IPTOS_DSCP_AF12 }, - { "af13", IPTOS_DSCP_AF13 }, - { "af21", IPTOS_DSCP_AF21 }, - { "af22", IPTOS_DSCP_AF22 }, - { "af23", IPTOS_DSCP_AF23 }, - { "af31", IPTOS_DSCP_AF31 }, - { "af32", IPTOS_DSCP_AF32 }, - { "af33", IPTOS_DSCP_AF33 }, - { "af41", IPTOS_DSCP_AF41 }, - { "af42", IPTOS_DSCP_AF42 }, - { "af43", IPTOS_DSCP_AF43 }, - { "cs0", IPTOS_DSCP_CS0 }, - { "cs1", IPTOS_DSCP_CS1 }, - { "cs2", IPTOS_DSCP_CS2 }, - { "cs3", IPTOS_DSCP_CS3 }, - { "cs4", IPTOS_DSCP_CS4 }, - { "cs5", IPTOS_DSCP_CS5 }, - { "cs6", IPTOS_DSCP_CS6 }, - { "cs7", IPTOS_DSCP_CS7 }, - { "ef", IPTOS_DSCP_EF }, - { "lowdelay", IPTOS_LOWDELAY }, - { "throughput", IPTOS_THROUGHPUT }, - { "reliability", IPTOS_RELIABILITY }, - { NULL, -1 } -}; - -int -parse_ipqos(const char *cp) -{ - u_int i; - char *ep; - long val; - - if (cp == NULL) - return -1; - for (i = 0; ipqos[i].name != NULL; i++) { - if (strcasecmp(cp, ipqos[i].name) == 0) - return ipqos[i].value; - } - /* Try parsing as an integer */ - val = strtol(cp, &ep, 0); - if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) - return -1; - return val; -} - -const char * -iptos2str(int iptos) -{ - int i; - static char iptos_str[sizeof "0xff"]; - - for (i = 0; ipqos[i].name != NULL; i++) { - if (ipqos[i].value == iptos) - return ipqos[i].name; - } - snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos); - return iptos_str; -} - -void -lowercase(char *s) -{ - for (; *s; s++) - *s = tolower((u_char)*s); -} - -int -unix_listener(const char *path, int backlog, int unlink_first) -{ - struct sockaddr_un sunaddr; - int saved_errno, sock; - - memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - if (strlcpy(sunaddr.sun_path, path, - sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { - error("%s: path \"%s\" too long for Unix domain socket", - __func__, path); - errno = ENAMETOOLONG; - return -1; - } - - sock = socket(PF_UNIX, SOCK_STREAM, 0); - if (sock < 0) { - saved_errno = errno; - error("%s: socket: %.100s", __func__, strerror(errno)); - errno = saved_errno; - return -1; - } - if (unlink_first == 1) { - if (unlink(path) != 0 && errno != ENOENT) - error("unlink(%s): %.100s", path, strerror(errno)); - } - if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { - saved_errno = errno; - error("%s: cannot bind to path %s: %s", - __func__, path, strerror(errno)); - close(sock); - errno = saved_errno; - return -1; - } - if (listen(sock, backlog) < 0) { - saved_errno = errno; - error("%s: cannot listen on path %s: %s", - __func__, path, strerror(errno)); - close(sock); - unlink(path); - errno = saved_errno; - return -1; - } - return sock; -} - -void -sock_set_v6only(int s) -{ -#if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) - int on = 1; - - debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); - if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) - error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); -#endif -} - -/* - * Compares two strings that maybe be NULL. Returns non-zero if strings - * are both NULL or are identical, returns zero otherwise. - */ -static int -strcmp_maybe_null(const char *a, const char *b) -{ - if ((a == NULL && b != NULL) || (a != NULL && b == NULL)) - return 0; - if (a != NULL && strcmp(a, b) != 0) - return 0; - return 1; -} - -/* - * Compare two forwards, returning non-zero if they are identical or - * zero otherwise. - */ -int -forward_equals(const struct Forward *a, const struct Forward *b) -{ - if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0) - return 0; - if (a->listen_port != b->listen_port) - return 0; - if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0) - return 0; - if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0) - return 0; - if (a->connect_port != b->connect_port) - return 0; - if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0) - return 0; - /* allocated_port and handle are not checked */ - return 1; -} - -/* returns 1 if process is already daemonized, 0 otherwise */ -int -daemonized(void) -{ - int fd; - - if ((fd = open(_PATH_TTY, O_RDONLY | O_NOCTTY)) >= 0) { - close(fd); - return 0; /* have controlling terminal */ - } - if (getppid() != 1) - return 0; /* parent is not init */ - if (getsid(0) != getpid()) - return 0; /* not session leader */ - debug3("already daemonized"); - return 1; -} - - -/* - * Splits 's' into an argument vector. Handles quoted string and basic - * escape characters (\\, \", \'). Caller must free the argument vector - * and its members. - */ -int -argv_split(const char *s, int *argcp, char ***argvp) -{ - int r = SSH_ERR_INTERNAL_ERROR; - int argc = 0, quote, i, j; - char *arg, **argv = xcalloc(1, sizeof(*argv)); - - *argvp = NULL; - *argcp = 0; - - for (i = 0; s[i] != '\0'; i++) { - /* Skip leading whitespace */ - if (s[i] == ' ' || s[i] == '\t') - continue; - - /* Start of a token */ - quote = 0; - if (s[i] == '\\' && - (s[i + 1] == '\'' || s[i + 1] == '\"' || s[i + 1] == '\\')) - i++; - else if (s[i] == '\'' || s[i] == '"') - quote = s[i++]; - - argv = xreallocarray(argv, (argc + 2), sizeof(*argv)); - arg = argv[argc++] = xcalloc(1, strlen(s + i) + 1); - argv[argc] = NULL; - - /* Copy the token in, removing escapes */ - for (j = 0; s[i] != '\0'; i++) { - if (s[i] == '\\') { - if (s[i + 1] == '\'' || - s[i + 1] == '\"' || - s[i + 1] == '\\') { - i++; /* Skip '\' */ - arg[j++] = s[i]; - } else { - /* Unrecognised escape */ - arg[j++] = s[i]; - } - } else if (quote == 0 && (s[i] == ' ' || s[i] == '\t')) - break; /* done */ - else if (quote != 0 && s[i] == quote) - break; /* done */ - else - arg[j++] = s[i]; - } - if (s[i] == '\0') { - if (quote != 0) { - /* Ran out of string looking for close quote */ - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - break; - } - } - /* Success */ - *argcp = argc; - *argvp = argv; - argc = 0; - argv = NULL; - r = 0; - out: - if (argc != 0 && argv != NULL) { - for (i = 0; i < argc; i++) - free(argv[i]); - free(argv); - } - return r; -} - -/* - * Reassemble an argument vector into a string, quoting and escaping as - * necessary. Caller must free returned string. - */ -char * -argv_assemble(int argc, char **argv) -{ - int i, j, ws, r; - char c, *ret; - struct sshbuf *buf, *arg; - - if ((buf = sshbuf_new()) == NULL || (arg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - - for (i = 0; i < argc; i++) { - ws = 0; - sshbuf_reset(arg); - for (j = 0; argv[i][j] != '\0'; j++) { - r = 0; - c = argv[i][j]; - switch (c) { - case ' ': - case '\t': - ws = 1; - r = sshbuf_put_u8(arg, c); - break; - case '\\': - case '\'': - case '"': - if ((r = sshbuf_put_u8(arg, '\\')) != 0) - break; - /* FALLTHROUGH */ - default: - r = sshbuf_put_u8(arg, c); - break; - } - if (r != 0) - fatal("%s: sshbuf_put_u8: %s", - __func__, ssh_err(r)); - } - if ((i != 0 && (r = sshbuf_put_u8(buf, ' ')) != 0) || - (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0) || - (r = sshbuf_putb(buf, arg)) != 0 || - (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0)) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - } - if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL) - fatal("%s: malloc failed", __func__); - memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf)); - ret[sshbuf_len(buf)] = '\0'; - sshbuf_free(buf); - sshbuf_free(arg); - return ret; -} - -/* Returns 0 if pid exited cleanly, non-zero otherwise */ -int -exited_cleanly(pid_t pid, const char *tag, const char *cmd, int quiet) -{ - int status; - - while (waitpid(pid, &status, 0) == -1) { - if (errno != EINTR) { - error("%s: waitpid: %s", tag, strerror(errno)); - return -1; - } - } - if (WIFSIGNALED(status)) { - error("%s %s exited on signal %d", tag, cmd, WTERMSIG(status)); - return -1; - } else if (WEXITSTATUS(status) != 0) { - do_log2(quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_INFO, - "%s %s failed, status %d", tag, cmd, WEXITSTATUS(status)); - return -1; - } - return 0; -} - -/* - * Check a given path for security. This is defined as all components - * of the path to the file must be owned by either the owner of - * of the file or root and no directories must be group or world writable. - * - * XXX Should any specific check be done for sym links ? - * - * Takes a file name, its stat information (preferably from fstat() to - * avoid races), the uid of the expected owner, their home directory and an - * error buffer plus max size as arguments. - * - * Returns 0 on success and -1 on failure - */ -#ifndef IOS_NOSAFEPATH -int -safe_path(const char *name, struct stat *stp, const char *pw_dir, - uid_t uid, char *err, size_t errlen) -{ - char buf[PATH_MAX], homedir[PATH_MAX]; - char *cp; - int comparehome = 0; - struct stat st; - - if (realpath(name, buf) == NULL) { - snprintf(err, errlen, "realpath %s failed: %s", name, - strerror(errno)); - return -1; - } - if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL) - comparehome = 1; - - if (!S_ISREG(stp->st_mode)) { - snprintf(err, errlen, "%s is not a regular file", buf); - return -1; - } - if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || - (stp->st_mode & 022) != 0) { - snprintf(err, errlen, "bad ownership or modes for file %s", - buf); - return -1; - } - - /* for each component of the canonical path, walking upwards */ - for (;;) { - if ((cp = dirname(buf)) == NULL) { - snprintf(err, errlen, "dirname() failed"); - return -1; - } - strlcpy(buf, cp, sizeof(buf)); - - if (stat(buf, &st) < 0 || - (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || - (st.st_mode & 022) != 0) { - snprintf(err, errlen, - "bad ownership or modes for directory %s", buf); - return -1; - } - - /* If are past the homedir then we can stop */ - if (comparehome && strcmp(homedir, buf) == 0) - break; - - /* - * dirname should always complete with a "/" path, - * but we can be paranoid and check for "." too - */ - if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0)) - break; - } - return 0; -} - -/* - * Version of safe_path() that accepts an open file descriptor to - * avoid races. - * - * Returns 0 on success and -1 on failure - */ -int -safe_path_fd(int fd, const char *file, struct passwd *pw, - char *err, size_t errlen) -{ - struct stat st; - - /* check the open file to avoid races */ - if (fstat(fd, &st) < 0) { - snprintf(err, errlen, "cannot stat file %s: %s", - file, strerror(errno)); - return -1; - } - return safe_path(file, &st, pw->pw_dir, pw->pw_uid, err, errlen); -} -#endif - -/* - * Sets the value of the given variable in the environment. If the variable - * already exists, its value is overridden. - */ -void -child_set_env(char ***envp, u_int *envsizep, const char *name, - const char *value) -{ - char **env; - u_int envsize; - u_int i, namelen; - - if (strchr(name, '=') != NULL) { - error("Invalid environment variable \"%.100s\"", name); - return; - } - - /* - * If we're passed an uninitialized list, allocate a single null - * entry before continuing. - */ - if (*envp == NULL && *envsizep == 0) { - *envp = xmalloc(sizeof(char *)); - *envp[0] = NULL; - *envsizep = 1; - } - - /* - * Find the slot where the value should be stored. If the variable - * already exists, we reuse the slot; otherwise we append a new slot - * at the end of the array, expanding if necessary. - */ - env = *envp; - namelen = strlen(name); - for (i = 0; env[i]; i++) - if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=') - break; - if (env[i]) { - /* Reuse the slot. */ - free(env[i]); - } else { - /* New variable. Expand if necessary. */ - envsize = *envsizep; - if (i >= envsize - 1) { - if (envsize >= 1000) - fatal("child_set_env: too many env vars"); - envsize += 50; - env = (*envp) = xreallocarray(env, envsize, sizeof(char *)); - *envsizep = envsize; - } - /* Need to set the NULL pointer at end of array beyond the new slot. */ - env[i + 1] = NULL; - } - - /* Allocate space and format the variable in the appropriate slot. */ - /* XXX xasprintf */ - env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1); - snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); -} - -/* - * Check and optionally lowercase a domain name, also removes trailing '.' - * Returns 1 on success and 0 on failure, storing an error message in errstr. - */ -int -valid_domain(char *name, int makelower, const char **errstr) -{ - size_t i, l = strlen(name); - u_char c, last = '\0'; - static char errbuf[256]; - - if (l == 0) { - strlcpy(errbuf, "empty domain name", sizeof(errbuf)); - goto bad; - } - if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0])) { - snprintf(errbuf, sizeof(errbuf), "domain name \"%.100s\" " - "starts with invalid character", name); - goto bad; - } - for (i = 0; i < l; i++) { - c = tolower((u_char)name[i]); - if (makelower) - name[i] = (char)c; - if (last == '.' && c == '.') { - snprintf(errbuf, sizeof(errbuf), "domain name " - "\"%.100s\" contains consecutive separators", name); - goto bad; - } - if (c != '.' && c != '-' && !isalnum(c) && - c != '_') /* technically invalid, but common */ { - snprintf(errbuf, sizeof(errbuf), "domain name " - "\"%.100s\" contains invalid characters", name); - goto bad; - } - last = c; - } - if (name[l - 1] == '.') - name[l - 1] = '\0'; - if (errstr != NULL) - *errstr = NULL; - return 1; -bad: - if (errstr != NULL) - *errstr = errbuf; - return 0; -} - -/* - * Verify that a environment variable name (not including initial '$') is - * valid; consisting of one or more alphanumeric or underscore characters only. - * Returns 1 on valid, 0 otherwise. - */ -int -valid_env_name(const char *name) -{ - const char *cp; - - if (name[0] == '\0') - return 0; - for (cp = name; *cp != '\0'; cp++) { - if (!isalnum((u_char)*cp) && *cp != '_') - return 0; - } - return 1; -} - -const char * -atoi_err(const char *nptr, int *val) -{ - const char *errstr = NULL; - long long num; - - if (nptr == NULL || *nptr == '\0') - return "missing"; - num = strtonum(nptr, 0, INT_MAX, &errstr); - if (errstr == NULL) - *val = (int)num; - return errstr; -} - -int -parse_absolute_time(const char *s, uint64_t *tp) -{ - struct tm tm; - time_t tt; - char buf[32], *fmt; - - *tp = 0; - - /* - * POSIX strptime says "The application shall ensure that there - * is white-space or other non-alphanumeric characters between - * any two conversion specifications" so arrange things this way. - */ - switch (strlen(s)) { - case 8: /* YYYYMMDD */ - fmt = "%Y-%m-%d"; - snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); - break; - case 12: /* YYYYMMDDHHMM */ - fmt = "%Y-%m-%dT%H:%M"; - snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s", - s, s + 4, s + 6, s + 8, s + 10); - break; - case 14: /* YYYYMMDDHHMMSS */ - fmt = "%Y-%m-%dT%H:%M:%S"; - snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s", - s, s + 4, s + 6, s + 8, s + 10, s + 12); - break; - default: - return SSH_ERR_INVALID_FORMAT; - } - - memset(&tm, 0, sizeof(tm)); - if (strptime(buf, fmt, &tm) == NULL) - return SSH_ERR_INVALID_FORMAT; - if ((tt = mktime(&tm)) < 0) - return SSH_ERR_INVALID_FORMAT; - /* success */ - *tp = (uint64_t)tt; - return 0; -} - -void -format_absolute_time(uint64_t t, char *buf, size_t len) -{ - time_t tt = t > INT_MAX ? INT_MAX : t; /* XXX revisit in 2038 :P */ - struct tm tm; - - localtime_r(&tt, &tm); - strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm); -} diff --git a/ssh_keygen_110/misc.h b/ssh_keygen_110/misc.h deleted file mode 100644 index 8b7b2a14..00000000 --- a/ssh_keygen_110/misc.h +++ /dev/null @@ -1,176 +0,0 @@ -/* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef _MISC_H -#define _MISC_H - -#include -#include - -/* Data structure for representing a forwarding request. */ -struct Forward { - char *listen_host; /* Host (address) to listen on. */ - int listen_port; /* Port to forward. */ - char *listen_path; /* Path to bind domain socket. */ - char *connect_host; /* Host to connect. */ - int connect_port; /* Port to connect on connect_host. */ - char *connect_path; /* Path to connect domain socket. */ - int allocated_port; /* Dynamically allocated listen port */ - int handle; /* Handle for dynamic listen ports */ -}; - -int forward_equals(const struct Forward *, const struct Forward *); -int daemonized(void); - -/* Common server and client forwarding options. */ -struct ForwardOptions { - int gateway_ports; /* Allow remote connects to forwarded ports. */ - mode_t streamlocal_bind_mask; /* umask for streamlocal binds */ - int streamlocal_bind_unlink; /* unlink socket before bind */ -}; - -/* misc.c */ - -char *chop(char *); -char *strdelim(char **); -char *strdelimw(char **); -int set_nonblock(int); -int unset_nonblock(int); -void set_nodelay(int); -int set_reuseaddr(int); -char *get_rdomain(int); -int set_rdomain(int, const char *); -int a2port(const char *); -int a2tun(const char *, int *); -char *put_host_port(const char *, u_short); -char *hpdelim(char **); -char *cleanhostname(char *); -char *colon(char *); -int parse_user_host_path(const char *, char **, char **, char **); -int parse_user_host_port(const char *, char **, char **, int *); -int parse_uri(const char *, const char *, char **, char **, int *, char **); -long convtime(const char *); -char *tilde_expand_filename(const char *, uid_t); -char *percent_expand(const char *, ...) __attribute__((__sentinel__)); -char *tohex(const void *, size_t); -void sanitise_stdfd(void); -void ms_subtract_diff(struct timeval *, int *); -void ms_to_timeval(struct timeval *, int); -void monotime_ts(struct timespec *); -void monotime_tv(struct timeval *); -time_t monotime(void); -double monotime_double(void); -void lowercase(char *s); -int unix_listener(const char *, int, int); -int valid_domain(char *, int, const char **); -int valid_env_name(const char *); -const char *atoi_err(const char *, int *); -int parse_absolute_time(const char *, uint64_t *); -void format_absolute_time(uint64_t, char *, size_t); - -void sock_set_v6only(int); - -struct passwd *pwcopy(struct passwd *); -const char *ssh_gai_strerror(int); - -typedef struct arglist arglist; -struct arglist { - char **list; - u_int num; - u_int nalloc; -}; -void addargs(arglist *, char *, ...) - __attribute__((format(printf, 2, 3))); -void replacearg(arglist *, u_int, char *, ...) - __attribute__((format(printf, 3, 4))); -void freeargs(arglist *); - -int tun_open(int, int, char **); - -/* Common definitions for ssh tunnel device forwarding */ -#define SSH_TUNMODE_NO 0x00 -#define SSH_TUNMODE_POINTOPOINT 0x01 -#define SSH_TUNMODE_ETHERNET 0x02 -#define SSH_TUNMODE_DEFAULT SSH_TUNMODE_POINTOPOINT -#define SSH_TUNMODE_YES (SSH_TUNMODE_POINTOPOINT|SSH_TUNMODE_ETHERNET) - -#define SSH_TUNID_ANY 0x7fffffff -#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1) -#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2) - -/* Fake port to indicate that host field is really a path. */ -#define PORT_STREAMLOCAL -2 - -/* Functions to extract or store big-endian words of various sizes */ -u_int64_t get_u64(const void *) - __attribute__((__bounded__( __minbytes__, 1, 8))); -u_int32_t get_u32(const void *) - __attribute__((__bounded__( __minbytes__, 1, 4))); -u_int16_t get_u16(const void *) - __attribute__((__bounded__( __minbytes__, 1, 2))); -void put_u64(void *, u_int64_t) - __attribute__((__bounded__( __minbytes__, 1, 8))); -void put_u32(void *, u_int32_t) - __attribute__((__bounded__( __minbytes__, 1, 4))); -void put_u16(void *, u_int16_t) - __attribute__((__bounded__( __minbytes__, 1, 2))); - -/* Little-endian store/load, used by umac.c */ -u_int32_t get_u32_le(const void *) - __attribute__((__bounded__(__minbytes__, 1, 4))); -void put_u32_le(void *, u_int32_t) - __attribute__((__bounded__(__minbytes__, 1, 4))); - -struct bwlimit { - size_t buflen; - u_int64_t rate, thresh, lamt; - struct timeval bwstart, bwend; -}; - -void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); -void bandwidth_limit(struct bwlimit *, size_t); - -int parse_ipqos(const char *); -const char *iptos2str(int); -void mktemp_proto(char *, size_t); - -void child_set_env(char ***envp, u_int *envsizep, const char *name, - const char *value); - -int argv_split(const char *, int *, char ***); -char *argv_assemble(int, char **argv); -int exited_cleanly(pid_t, const char *, const char *, int); - -struct stat; -int safe_path(const char *, struct stat *, const char *, uid_t, - char *, size_t); -int safe_path_fd(int, const char *, struct passwd *, - char *err, size_t errlen); - -/* readpass.c */ - -#define RP_ECHO 0x0001 -#define RP_ALLOW_STDIN 0x0002 -#define RP_ALLOW_EOF 0x0004 -#define RP_USE_ASKPASS 0x0008 - -char *read_passphrase(const char *, int); -void systemAlert(const char*); -int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); - -#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) -#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) -#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) - -#endif /* _MISC_H */ diff --git a/ssh_keygen_110/moduli.c b/ssh_keygen_110/moduli.c deleted file mode 100644 index 233cba8e..00000000 --- a/ssh_keygen_110/moduli.c +++ /dev/null @@ -1,808 +0,0 @@ -/* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */ -/* - * Copyright 1994 Phil Karn - * Copyright 1996-1998, 2003 William Allen Simpson - * Copyright 2000 Niels Provos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Two-step process to generate safe primes for DHGEX - * - * Sieve candidates for "safe" primes, - * suitable for use as Diffie-Hellman moduli; - * that is, where q = (p-1)/2 is also prime. - * - * First step: generate candidate primes (memory intensive) - * Second step: test primes' safety (processor intensive) - */ - -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "dh.h" -#include "log.h" -#include "misc.h" - -#include "openbsd-compat/openssl-compat.h" - -/* - * File output defines - */ - -/* need line long enough for largest moduli plus headers */ -#define QLINESIZE (100+8192) - -/* - * Size: decimal. - * Specifies the number of the most significant bit (0 to M). - * WARNING: internally, usually 1 to N. - */ -#define QSIZE_MINIMUM (511) - -/* - * Prime sieving defines - */ - -/* Constant: assuming 8 bit bytes and 32 bit words */ -#define SHIFT_BIT (3) -#define SHIFT_BYTE (2) -#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) -#define SHIFT_MEGABYTE (20) -#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) - -/* - * Using virtual memory can cause thrashing. This should be the largest - * number that is supported without a large amount of disk activity -- - * that would increase the run time from hours to days or weeks! - */ -#define LARGE_MINIMUM (8UL) /* megabytes */ - -/* - * Do not increase this number beyond the unsigned integer bit size. - * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits). - */ -#define LARGE_MAXIMUM (127UL) /* megabytes */ - -/* - * Constant: when used with 32-bit integers, the largest sieve prime - * has to be less than 2**32. - */ -#define SMALL_MAXIMUM (0xffffffffUL) - -/* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */ -#define TINY_NUMBER (1UL<<16) - -/* Ensure enough bit space for testing 2*q. */ -#define TEST_MAXIMUM (1UL<<16) -#define TEST_MINIMUM (QSIZE_MINIMUM + 1) -/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */ -#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */ - -/* bit operations on 32-bit words */ -#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31))) -#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31))) -#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31))) - -/* - * Prime testing defines - */ - -/* Minimum number of primality tests to perform */ -#define TRIAL_MINIMUM (4) - -/* - * Sieving data (XXX - move to struct) - */ - -/* sieve 2**16 */ -static u_int32_t *TinySieve, tinybits; - -/* sieve 2**30 in 2**16 parts */ -static u_int32_t *SmallSieve, smallbits, smallbase; - -/* sieve relative to the initial value */ -static u_int32_t *LargeSieve, largewords, largetries, largenumbers; -static u_int32_t largebits, largememory; /* megabytes */ -static BIGNUM *largebase; - -int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, - unsigned long); - -/* - * print moduli out in consistent form, - */ -static int -qfileout(FILE * ofile, u_int32_t otype, u_int32_t otests, u_int32_t otries, - u_int32_t osize, u_int32_t ogenerator, BIGNUM * omodulus) -{ - struct tm *gtm; - time_t time_now; - int res; - - time(&time_now); - gtm = gmtime(&time_now); - - res = fprintf(ofile, "%04d%02d%02d%02d%02d%02d %u %u %u %u %x ", - gtm->tm_year + 1900, gtm->tm_mon + 1, gtm->tm_mday, - gtm->tm_hour, gtm->tm_min, gtm->tm_sec, - otype, otests, otries, osize, ogenerator); - - if (res < 0) - return (-1); - - if (BN_print_fp(ofile, omodulus) < 1) - return (-1); - - res = fprintf(ofile, "\n"); - fflush(ofile); - - return (res > 0 ? 0 : -1); -} - - -/* - ** Sieve p's and q's with small factors - */ -static void -sieve_large(u_int32_t s) -{ - u_int32_t r, u; - - debug3("sieve_large %u", s); - largetries++; - /* r = largebase mod s */ - r = BN_mod_word(largebase, s); - if (r == 0) - u = 0; /* s divides into largebase exactly */ - else - u = s - r; /* largebase+u is first entry divisible by s */ - - if (u < largebits * 2) { - /* - * The sieve omits p's and q's divisible by 2, so ensure that - * largebase+u is odd. Then, step through the sieve in - * increments of 2*s - */ - if (u & 0x1) - u += s; /* Make largebase+u odd, and u even */ - - /* Mark all multiples of 2*s */ - for (u /= 2; u < largebits; u += s) - BIT_SET(LargeSieve, u); - } - - /* r = p mod s */ - r = (2 * r + 1) % s; - if (r == 0) - u = 0; /* s divides p exactly */ - else - u = s - r; /* p+u is first entry divisible by s */ - - if (u < largebits * 4) { - /* - * The sieve omits p's divisible by 4, so ensure that - * largebase+u is not. Then, step through the sieve in - * increments of 4*s - */ - while (u & 0x3) { - if (SMALL_MAXIMUM - u < s) - return; - u += s; - } - - /* Mark all multiples of 4*s */ - for (u /= 4; u < largebits; u += s) - BIT_SET(LargeSieve, u); - } -} - -/* - * list candidates for Sophie-Germain primes (where q = (p-1)/2) - * to standard output. - * The list is checked against small known primes (less than 2**30). - */ -int -gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) -{ - BIGNUM *q; - u_int32_t j, r, s, t; - u_int32_t smallwords = TINY_NUMBER >> 6; - u_int32_t tinywords = TINY_NUMBER >> 6; - time_t time_start, time_stop; - u_int32_t i; - int ret = 0; - - largememory = memory; - - if (memory != 0 && - (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { - error("Invalid memory amount (min %ld, max %ld)", - LARGE_MINIMUM, LARGE_MAXIMUM); - return (-1); - } - - /* - * Set power to the length in bits of the prime to be generated. - * This is changed to 1 less than the desired safe prime moduli p. - */ - if (power > TEST_MAXIMUM) { - error("Too many bits: %u > %lu", power, TEST_MAXIMUM); - return (-1); - } else if (power < TEST_MINIMUM) { - error("Too few bits: %u < %u", power, TEST_MINIMUM); - return (-1); - } - power--; /* decrement before squaring */ - - /* - * The density of ordinary primes is on the order of 1/bits, so the - * density of safe primes should be about (1/bits)**2. Set test range - * to something well above bits**2 to be reasonably sure (but not - * guaranteed) of catching at least one safe prime. - */ - largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER)); - - /* - * Need idea of how much memory is available. We don't have to use all - * of it. - */ - if (largememory > LARGE_MAXIMUM) { - logit("Limited memory: %u MB; limit %lu MB", - largememory, LARGE_MAXIMUM); - largememory = LARGE_MAXIMUM; - } - - if (largewords <= (largememory << SHIFT_MEGAWORD)) { - logit("Increased memory: %u MB; need %u bytes", - largememory, (largewords << SHIFT_BYTE)); - largewords = (largememory << SHIFT_MEGAWORD); - } else if (largememory > 0) { - logit("Decreased memory: %u MB; want %u bytes", - largememory, (largewords << SHIFT_BYTE)); - largewords = (largememory << SHIFT_MEGAWORD); - } - - TinySieve = xcalloc(tinywords, sizeof(u_int32_t)); - tinybits = tinywords << SHIFT_WORD; - - SmallSieve = xcalloc(smallwords, sizeof(u_int32_t)); - smallbits = smallwords << SHIFT_WORD; - - /* - * dynamically determine available memory - */ - while ((LargeSieve = calloc(largewords, sizeof(u_int32_t))) == NULL) - largewords -= (1L << (SHIFT_MEGAWORD - 2)); /* 1/4 MB chunks */ - - largebits = largewords << SHIFT_WORD; - largenumbers = largebits * 2; /* even numbers excluded */ - - /* validation check: count the number of primes tried */ - largetries = 0; - if ((q = BN_new()) == NULL) - fatal("BN_new failed"); - - /* - * Generate random starting point for subprime search, or use - * specified parameter. - */ - if ((largebase = BN_new()) == NULL) - fatal("BN_new failed"); - if (start == NULL) { - if (BN_rand(largebase, power, 1, 1) == 0) - fatal("BN_rand failed"); - } else { - if (BN_copy(largebase, start) == NULL) - fatal("BN_copy: failed"); - } - - /* ensure odd */ - if (BN_set_bit(largebase, 0) == 0) - fatal("BN_set_bit: failed"); - - time(&time_start); - - logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start), - largenumbers, power); - debug2("start point: 0x%s", BN_bn2hex(largebase)); - - /* - * TinySieve - */ - for (i = 0; i < tinybits; i++) { - if (BIT_TEST(TinySieve, i)) - continue; /* 2*i+3 is composite */ - - /* The next tiny prime */ - t = 2 * i + 3; - - /* Mark all multiples of t */ - for (j = i + t; j < tinybits; j += t) - BIT_SET(TinySieve, j); - - sieve_large(t); - } - - /* - * Start the small block search at the next possible prime. To avoid - * fencepost errors, the last pass is skipped. - */ - for (smallbase = TINY_NUMBER + 3; - smallbase < (SMALL_MAXIMUM - TINY_NUMBER); - smallbase += TINY_NUMBER) { - for (i = 0; i < tinybits; i++) { - if (BIT_TEST(TinySieve, i)) - continue; /* 2*i+3 is composite */ - - /* The next tiny prime */ - t = 2 * i + 3; - r = smallbase % t; - - if (r == 0) { - s = 0; /* t divides into smallbase exactly */ - } else { - /* smallbase+s is first entry divisible by t */ - s = t - r; - } - - /* - * The sieve omits even numbers, so ensure that - * smallbase+s is odd. Then, step through the sieve - * in increments of 2*t - */ - if (s & 1) - s += t; /* Make smallbase+s odd, and s even */ - - /* Mark all multiples of 2*t */ - for (s /= 2; s < smallbits; s += t) - BIT_SET(SmallSieve, s); - } - - /* - * SmallSieve - */ - for (i = 0; i < smallbits; i++) { - if (BIT_TEST(SmallSieve, i)) - continue; /* 2*i+smallbase is composite */ - - /* The next small prime */ - sieve_large((2 * i) + smallbase); - } - - memset(SmallSieve, 0, smallwords << SHIFT_BYTE); - } - - time(&time_stop); - - logit("%.24s Sieved with %u small primes in %lld seconds", - ctime(&time_stop), largetries, (long long)(time_stop - time_start)); - - for (j = r = 0; j < largebits; j++) { - if (BIT_TEST(LargeSieve, j)) - continue; /* Definitely composite, skip */ - - debug2("test q = largebase+%u", 2 * j); - if (BN_set_word(q, 2 * j) == 0) - fatal("BN_set_word failed"); - if (BN_add(q, q, largebase) == 0) - fatal("BN_add failed"); - if (qfileout(out, MODULI_TYPE_SOPHIE_GERMAIN, - MODULI_TESTS_SIEVE, largetries, - (power - 1) /* MSB */, (0), q) == -1) { - ret = -1; - break; - } - - r++; /* count q */ - } - - time(&time_stop); - - free(LargeSieve); - free(SmallSieve); - free(TinySieve); - - logit("%.24s Found %u candidates", ctime(&time_stop), r); - - return (ret); -} - -static void -write_checkpoint(char *cpfile, u_int32_t lineno) -{ - FILE *fp; - char tmp[PATH_MAX]; - int r; - - r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile); - if (r == -1 || r >= PATH_MAX) { - logit("write_checkpoint: temp pathname too long"); - return; - } - if ((r = mkstemp(tmp)) == -1) { - logit("mkstemp(%s): %s", tmp, strerror(errno)); - return; - } - if ((fp = fdopen(r, "w")) == NULL) { - logit("write_checkpoint: fdopen: %s", strerror(errno)); - unlink(tmp); - close(r); - return; - } - if (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0 && fclose(fp) == 0 - && rename(tmp, cpfile) == 0) - debug3("wrote checkpoint line %lu to '%s'", - (unsigned long)lineno, cpfile); - else - logit("failed to write to checkpoint file '%s': %s", cpfile, - strerror(errno)); -} - -static unsigned long -read_checkpoint(char *cpfile) -{ - FILE *fp; - unsigned long lineno = 0; - - if ((fp = fopen(cpfile, "r")) == NULL) - return 0; - if (fscanf(fp, "%lu\n", &lineno) < 1) - logit("Failed to load checkpoint from '%s'", cpfile); - else - logit("Loaded checkpoint from '%s' line %lu", cpfile, lineno); - fclose(fp); - return lineno; -} - -static unsigned long -count_lines(FILE *f) -{ - unsigned long count = 0; - char lp[QLINESIZE + 1]; - - if (fseek(f, 0, SEEK_SET) != 0) { - debug("input file is not seekable"); - return ULONG_MAX; - } - while (fgets(lp, QLINESIZE + 1, f) != NULL) - count++; - rewind(f); - debug("input file has %lu lines", count); - return count; -} - -static char * -fmt_time(time_t seconds) -{ - int day, hr, min; - static char buf[128]; - - min = (seconds / 60) % 60; - hr = (seconds / 60 / 60) % 24; - day = seconds / 60 / 60 / 24; - if (day > 0) - snprintf(buf, sizeof buf, "%dd %d:%02d", day, hr, min); - else - snprintf(buf, sizeof buf, "%d:%02d", hr, min); - return buf; -} - -static void -print_progress(unsigned long start_lineno, unsigned long current_lineno, - unsigned long end_lineno) -{ - static time_t time_start, time_prev; - time_t time_now, elapsed; - unsigned long num_to_process, processed, remaining, percent, eta; - double time_per_line; - char *eta_str; - - time_now = monotime(); - if (time_start == 0) { - time_start = time_prev = time_now; - return; - } - /* print progress after 1m then once per 5m */ - if (time_now - time_prev < 5 * 60) - return; - time_prev = time_now; - elapsed = time_now - time_start; - processed = current_lineno - start_lineno; - remaining = end_lineno - current_lineno; - num_to_process = end_lineno - start_lineno; - time_per_line = (double)elapsed / processed; - /* if we don't know how many we're processing just report count+time */ - time(&time_now); - if (end_lineno == ULONG_MAX) { - logit("%.24s processed %lu in %s", ctime(&time_now), - processed, fmt_time(elapsed)); - return; - } - percent = 100 * processed / num_to_process; - eta = time_per_line * remaining; - eta_str = xstrdup(fmt_time(eta)); - logit("%.24s processed %lu of %lu (%lu%%) in %s, ETA %s", - ctime(&time_now), processed, num_to_process, percent, - fmt_time(elapsed), eta_str); - free(eta_str); -} - -/* - * perform a Miller-Rabin primality test - * on the list of candidates - * (checking both q and p) - * The result is a list of so-call "safe" primes - */ -int -prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, - char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines) -{ - BIGNUM *q, *p, *a; - BN_CTX *ctx; - char *cp, *lp; - u_int32_t count_in = 0, count_out = 0, count_possible = 0; - u_int32_t generator_known, in_tests, in_tries, in_type, in_size; - unsigned long last_processed = 0, end_lineno; - time_t time_start, time_stop; - int res; - - if (trials < TRIAL_MINIMUM) { - error("Minimum primality trials is %d", TRIAL_MINIMUM); - return (-1); - } - - if (num_lines == 0) - end_lineno = count_lines(in); - else - end_lineno = start_lineno + num_lines; - - time(&time_start); - - if ((p = BN_new()) == NULL) - fatal("BN_new failed"); - if ((q = BN_new()) == NULL) - fatal("BN_new failed"); - if ((ctx = BN_CTX_new()) == NULL) - fatal("BN_CTX_new failed"); - - debug2("%.24s Final %u Miller-Rabin trials (%x generator)", - ctime(&time_start), trials, generator_wanted); - - if (checkpoint_file != NULL) - last_processed = read_checkpoint(checkpoint_file); - last_processed = start_lineno = MAXIMUM(last_processed, start_lineno); - if (end_lineno == ULONG_MAX) - debug("process from line %lu from pipe", last_processed); - else - debug("process from line %lu to line %lu", last_processed, - end_lineno); - - res = 0; - lp = xmalloc(QLINESIZE + 1); - while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) { - count_in++; - if (count_in <= last_processed) { - debug3("skipping line %u, before checkpoint or " - "specified start line", count_in); - continue; - } - if (checkpoint_file != NULL) - write_checkpoint(checkpoint_file, count_in); - print_progress(start_lineno, count_in, end_lineno); - if (strlen(lp) < 14 || *lp == '!' || *lp == '#') { - debug2("%10u: comment or short line", count_in); - continue; - } - - /* XXX - fragile parser */ - /* time */ - cp = &lp[14]; /* (skip) */ - - /* type */ - in_type = strtoul(cp, &cp, 10); - - /* tests */ - in_tests = strtoul(cp, &cp, 10); - - if (in_tests & MODULI_TESTS_COMPOSITE) { - debug2("%10u: known composite", count_in); - continue; - } - - /* tries */ - in_tries = strtoul(cp, &cp, 10); - - /* size (most significant bit) */ - in_size = strtoul(cp, &cp, 10); - - /* generator (hex) */ - generator_known = strtoul(cp, &cp, 16); - - /* Skip white space */ - cp += strspn(cp, " "); - - /* modulus (hex) */ - switch (in_type) { - case MODULI_TYPE_SOPHIE_GERMAIN: - debug2("%10u: (%u) Sophie-Germain", count_in, in_type); - a = q; - if (BN_hex2bn(&a, cp) == 0) - fatal("BN_hex2bn failed"); - /* p = 2*q + 1 */ - if (BN_lshift(p, q, 1) == 0) - fatal("BN_lshift failed"); - if (BN_add_word(p, 1) == 0) - fatal("BN_add_word failed"); - in_size += 1; - generator_known = 0; - break; - case MODULI_TYPE_UNSTRUCTURED: - case MODULI_TYPE_SAFE: - case MODULI_TYPE_SCHNORR: - case MODULI_TYPE_STRONG: - case MODULI_TYPE_UNKNOWN: - debug2("%10u: (%u)", count_in, in_type); - a = p; - if (BN_hex2bn(&a, cp) == 0) - fatal("BN_hex2bn failed"); - /* q = (p-1) / 2 */ - if (BN_rshift(q, p, 1) == 0) - fatal("BN_rshift failed"); - break; - default: - debug2("Unknown prime type"); - break; - } - - /* - * due to earlier inconsistencies in interpretation, check - * the proposed bit size. - */ - if ((u_int32_t)BN_num_bits(p) != (in_size + 1)) { - debug2("%10u: bit size %u mismatch", count_in, in_size); - continue; - } - if (in_size < QSIZE_MINIMUM) { - debug2("%10u: bit size %u too short", count_in, in_size); - continue; - } - - if (in_tests & MODULI_TESTS_MILLER_RABIN) - in_tries += trials; - else - in_tries = trials; - - /* - * guess unknown generator - */ - if (generator_known == 0) { - if (BN_mod_word(p, 24) == 11) - generator_known = 2; - else if (BN_mod_word(p, 12) == 5) - generator_known = 3; - else { - u_int32_t r = BN_mod_word(p, 10); - - if (r == 3 || r == 7) - generator_known = 5; - } - } - /* - * skip tests when desired generator doesn't match - */ - if (generator_wanted > 0 && - generator_wanted != generator_known) { - debug2("%10u: generator %d != %d", - count_in, generator_known, generator_wanted); - continue; - } - - /* - * Primes with no known generator are useless for DH, so - * skip those. - */ - if (generator_known == 0) { - debug2("%10u: no known generator", count_in); - continue; - } - - count_possible++; - - /* - * The (1/4)^N performance bound on Miller-Rabin is - * extremely pessimistic, so don't spend a lot of time - * really verifying that q is prime until after we know - * that p is also prime. A single pass will weed out the - * vast majority of composite q's. - */ - if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) { - debug("%10u: q failed first possible prime test", - count_in); - continue; - } - - /* - * q is possibly prime, so go ahead and really make sure - * that p is prime. If it is, then we can go back and do - * the same for q. If p is composite, chances are that - * will show up on the first Rabin-Miller iteration so it - * doesn't hurt to specify a high iteration count. - */ - if (!BN_is_prime_ex(p, trials, ctx, NULL)) { - debug("%10u: p is not prime", count_in); - continue; - } - debug("%10u: p is almost certainly prime", count_in); - - /* recheck q more rigorously */ - if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) { - debug("%10u: q is not prime", count_in); - continue; - } - debug("%10u: q is almost certainly prime", count_in); - - if (qfileout(out, MODULI_TYPE_SAFE, - in_tests | MODULI_TESTS_MILLER_RABIN, - in_tries, in_size, generator_known, p)) { - res = -1; - break; - } - - count_out++; - } - - time(&time_stop); - free(lp); - BN_free(p); - BN_free(q); - BN_CTX_free(ctx); - - if (checkpoint_file != NULL) - unlink(checkpoint_file); - - logit("%.24s Found %u safe primes of %u candidates in %ld seconds", - ctime(&time_stop), count_out, count_possible, - (long) (time_stop - time_start)); - - return (res); -} - -#endif /* WITH_OPENSSL */ diff --git a/ssh_keygen_110/openbsd-compat/Makefile.in b/ssh_keygen_110/openbsd-compat/Makefile.in deleted file mode 100644 index c1e14cbd..00000000 --- a/ssh_keygen_110/openbsd-compat/Makefile.in +++ /dev/null @@ -1,115 +0,0 @@ -sysconfdir=@sysconfdir@ -piddir=@piddir@ -srcdir=@srcdir@ -top_srcdir=@top_srcdir@ - -VPATH=@srcdir@ -CC=@CC@ -LD=@LD@ -CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -LIBS=@LIBS@ -AR=@AR@ -RANLIB=@RANLIB@ -INSTALL=@INSTALL@ -LDFLAGS=-L. @LDFLAGS@ - -OPENBSD=base64.o \ - basename.o \ - bcrypt_pbkdf.o \ - bcrypt_pbkdf.o \ - bindresvport.o \ - blowfish.o \ - daemon.o \ - dirname.o \ - explicit_bzero.o \ - fmt_scaled.o \ - freezero.o \ - getcwd.o \ - getgrouplist.o \ - getopt_long.o \ - getrrsetbyname.o \ - glob.o \ - inet_aton.o \ - inet_ntoa.o \ - inet_ntop.o \ - md5.o \ - mktemp.o \ - pwcache.o \ - readpassphrase.o \ - reallocarray.o \ - realpath.o \ - recallocarray.o \ - rmd160.o \ - rresvport.o \ - setenv.o \ - setproctitle.o \ - sha1.o \ - sha2.o \ - sigact.o \ - strcasestr.o \ - strlcat.o \ - strlcpy.o \ - strmode.o \ - strndup.o \ - strnlen.o \ - strptime.o \ - strsep.o \ - strtoll.o \ - strtonum.o \ - strtoull.o \ - strtoul.o \ - timingsafe_bcmp.o \ - vis.o - -COMPAT= arc4random.o \ - bsd-asprintf.o \ - bsd-closefrom.o \ - bsd-cygwin_util.o \ - bsd-err.o \ - bsd-flock.o \ - bsd-getline.o \ - bsd-getpagesize.o \ - bsd-getpeereid.o \ - bsd-malloc.o \ - bsd-misc.o \ - bsd-nextstep.o \ - bsd-openpty.o \ - bsd-poll.o \ - bsd-setres_id.o \ - bsd-signal.o \ - bsd-snprintf.o \ - bsd-statvfs.o \ - bsd-waitpid.o \ - fake-rfc2553.o \ - getrrsetbyname-ldns.o \ - kludge-fd_set.o \ - openssl-compat.o \ - libressl-api-compat.o \ - xcrypt.o - -PORTS= port-aix.o \ - port-irix.o \ - port-linux.o \ - port-solaris.o \ - port-net.o \ - port-uw.o - -.c.o: - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< - -all: libopenbsd-compat.a - -$(COMPAT): ../config.h -$(OPENBSD): ../config.h -$(PORTS): ../config.h - -libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS) - $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) - $(RANLIB) $@ - -clean: - rm -f *.o *.a core - -distclean: clean - rm -f Makefile *~ diff --git a/ssh_keygen_110/openbsd-compat/arc4random.c b/ssh_keygen_110/openbsd-compat/arc4random.c deleted file mode 100644 index 578f69f4..00000000 --- a/ssh_keygen_110/openbsd-compat/arc4random.c +++ /dev/null @@ -1,338 +0,0 @@ -/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */ - -/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */ - -/* - * Copyright (c) 1996, David Mazieres - * Copyright (c) 2008, Damien Miller - * Copyright (c) 2013, Markus Friedl - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * ChaCha based random number generator for OpenBSD. - */ - -#include "includes.h" - -#include - -#include -#include -#include -#include - -#ifdef HAVE_SYS_RANDOM_H -# include -#endif - -#ifndef HAVE_ARC4RANDOM - -#ifdef WITH_OPENSSL -#include -#include -#endif - -#include "log.h" - -#define KEYSTREAM_ONLY -#include "chacha_private.h" - -#ifdef __GNUC__ -#define inline __inline -#else /* !__GNUC__ */ -#define inline -#endif /* !__GNUC__ */ - -/* OpenSSH isn't multithreaded */ -#define _ARC4_LOCK() -#define _ARC4_UNLOCK() - -#define KEYSZ 32 -#define IVSZ 8 -#define BLOCKSZ 64 -#define RSBUFSZ (16*BLOCKSZ) -static int rs_initialized; -static pid_t rs_stir_pid; -static chacha_ctx rs; /* chacha context for random keystream */ -static u_char rs_buf[RSBUFSZ]; /* keystream blocks */ -static size_t rs_have; /* valid bytes at end of rs_buf */ -static size_t rs_count; /* bytes till reseed */ - -static inline void _rs_rekey(u_char *dat, size_t datlen); - -static inline void -_rs_init(u_char *buf, size_t n) -{ - if (n < KEYSZ + IVSZ) - return; - chacha_keysetup(&rs, buf, KEYSZ * 8, 0); - chacha_ivsetup(&rs, buf + KEYSZ); -} - -#ifndef WITH_OPENSSL -# ifndef SSH_RANDOM_DEV -# define SSH_RANDOM_DEV "/dev/urandom" -# endif /* SSH_RANDOM_DEV */ -static void -getrnd(u_char *s, size_t len) -{ - int fd; - ssize_t r; - size_t o = 0; - -#ifdef HAVE_GETRANDOM - if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) - return; -#endif /* HAVE_GETRANDOM */ - - if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) - fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno)); - while (o < len) { - r = read(fd, s + o, len - o); - if (r < 0) { - if (errno == EAGAIN || errno == EINTR || - errno == EWOULDBLOCK) - continue; - fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); - } - o += r; - } - close(fd); -} -#endif /* WITH_OPENSSL */ - -static void -_rs_stir(void) -{ - u_char rnd[KEYSZ + IVSZ]; - -#ifdef WITH_OPENSSL - if (RAND_bytes(rnd, sizeof(rnd)) <= 0) - fatal("Couldn't obtain random bytes (error 0x%lx)", - (unsigned long)ERR_get_error()); -#else - getrnd(rnd, sizeof(rnd)); -#endif - - if (!rs_initialized) { - rs_initialized = 1; - _rs_init(rnd, sizeof(rnd)); - } else - _rs_rekey(rnd, sizeof(rnd)); - explicit_bzero(rnd, sizeof(rnd)); - - /* invalidate rs_buf */ - rs_have = 0; - memset(rs_buf, 0, RSBUFSZ); - - rs_count = 1600000; -} - -static inline void -_rs_stir_if_needed(size_t len) -{ - pid_t pid = getpid(); - - if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) { - rs_stir_pid = pid; - _rs_stir(); - } else - rs_count -= len; -} - -static inline void -_rs_rekey(u_char *dat, size_t datlen) -{ -#ifndef KEYSTREAM_ONLY - memset(rs_buf, 0,RSBUFSZ); -#endif - /* fill rs_buf with the keystream */ - chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ); - /* mix in optional user provided data */ - if (dat) { - size_t i, m; - - m = MIN(datlen, KEYSZ + IVSZ); - for (i = 0; i < m; i++) - rs_buf[i] ^= dat[i]; - } - /* immediately reinit for backtracking resistance */ - _rs_init(rs_buf, KEYSZ + IVSZ); - memset(rs_buf, 0, KEYSZ + IVSZ); - rs_have = RSBUFSZ - KEYSZ - IVSZ; -} - -static inline void -_rs_random_buf(void *_buf, size_t n) -{ - u_char *buf = (u_char *)_buf; - size_t m; - - _rs_stir_if_needed(n); - while (n > 0) { - if (rs_have > 0) { - m = MIN(n, rs_have); - memcpy(buf, rs_buf + RSBUFSZ - rs_have, m); - memset(rs_buf + RSBUFSZ - rs_have, 0, m); - buf += m; - n -= m; - rs_have -= m; - } - if (rs_have == 0) - _rs_rekey(NULL, 0); - } -} - -static inline void -_rs_random_u32(u_int32_t *val) -{ - _rs_stir_if_needed(sizeof(*val)); - if (rs_have < sizeof(*val)) - _rs_rekey(NULL, 0); - memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val)); - memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val)); - rs_have -= sizeof(*val); - return; -} - -void -arc4random_stir(void) -{ - _ARC4_LOCK(); - _rs_stir(); - _ARC4_UNLOCK(); -} - -void -arc4random_addrandom(u_char *dat, int datlen) -{ - int m; - - _ARC4_LOCK(); - if (!rs_initialized) - _rs_stir(); - while (datlen > 0) { - m = MIN(datlen, KEYSZ + IVSZ); - _rs_rekey(dat, m); - dat += m; - datlen -= m; - } - _ARC4_UNLOCK(); -} - -u_int32_t -arc4random(void) -{ - u_int32_t val; - - _ARC4_LOCK(); - _rs_random_u32(&val); - _ARC4_UNLOCK(); - return val; -} - -/* - * If we are providing arc4random, then we can provide a more efficient - * arc4random_buf(). - */ -# ifndef HAVE_ARC4RANDOM_BUF -void -arc4random_buf(void *buf, size_t n) -{ - _ARC4_LOCK(); - _rs_random_buf(buf, n); - _ARC4_UNLOCK(); -} -# endif /* !HAVE_ARC4RANDOM_BUF */ -#endif /* !HAVE_ARC4RANDOM */ - -/* arc4random_buf() that uses platform arc4random() */ -#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) -void -arc4random_buf(void *_buf, size_t n) -{ - size_t i; - u_int32_t r = 0; - char *buf = (char *)_buf; - - for (i = 0; i < n; i++) { - if (i % 4 == 0) - r = arc4random(); - buf[i] = r & 0xff; - r >>= 8; - } - explicit_bzero(&r, sizeof(r)); -} -#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */ - -#ifndef HAVE_ARC4RANDOM_UNIFORM -/* - * Calculate a uniformly distributed random number less than upper_bound - * avoiding "modulo bias". - * - * Uniformity is achieved by generating new random numbers until the one - * returned is outside the range [0, 2**32 % upper_bound). This - * guarantees the selected random number will be inside - * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) - * after reduction modulo upper_bound. - */ -u_int32_t -arc4random_uniform(u_int32_t upper_bound) -{ - u_int32_t r, min; - - if (upper_bound < 2) - return 0; - - /* 2**32 % x == (2**32 - x) % x */ - min = -upper_bound % upper_bound; - - /* - * This could theoretically loop forever but each retry has - * p > 0.5 (worst case, usually far better) of selecting a - * number inside the range we need, so it should rarely need - * to re-roll. - */ - for (;;) { - r = arc4random(); - if (r >= min) - break; - } - - return r % upper_bound; -} -#endif /* !HAVE_ARC4RANDOM_UNIFORM */ - -#if 0 -/*-------- Test code for i386 --------*/ -#include -#include -int -main(int argc, char **argv) -{ - const int iter = 1000000; - int i; - pctrval v; - - v = rdtsc(); - for (i = 0; i < iter; i++) - arc4random(); - v = rdtsc() - v; - v /= iter; - - printf("%qd cycles\n", v); - exit(0); -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/base64.c b/ssh_keygen_110/openbsd-compat/base64.c deleted file mode 100644 index 9e746671..00000000 --- a/ssh_keygen_110/openbsd-compat/base64.c +++ /dev/null @@ -1,315 +0,0 @@ -/* $OpenBSD: base64.c,v 1.5 2006/10/21 09:55:03 otto Exp $ */ - -/* - * Copyright (c) 1996 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -/* OPENBSD ORIGINAL: lib/libc/net/base64.c */ - -#include "includes.h" - -#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)) - -#include -#include -#include -#include -#include - -#include -#include - -#include -#include - -#include "base64.h" - -static const char Base64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static const char Pad64 = '='; - -/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) - The following encoding technique is taken from RFC 1521 by Borenstein - and Freed. It is reproduced here in a slightly edited form for - convenience. - - A 65-character subset of US-ASCII is used, enabling 6 bits to be - represented per printable character. (The extra 65th character, "=", - is used to signify a special processing function.) - - The encoding process represents 24-bit groups of input bits as output - strings of 4 encoded characters. Proceeding from left to right, a - 24-bit input group is formed by concatenating 3 8-bit input groups. - These 24 bits are then treated as 4 concatenated 6-bit groups, each - of which is translated into a single digit in the base64 alphabet. - - Each 6-bit group is used as an index into an array of 64 printable - characters. The character referenced by the index is placed in the - output string. - - Table 1: The Base64 Alphabet - - Value Encoding Value Encoding Value Encoding Value Encoding - 0 A 17 R 34 i 51 z - 1 B 18 S 35 j 52 0 - 2 C 19 T 36 k 53 1 - 3 D 20 U 37 l 54 2 - 4 E 21 V 38 m 55 3 - 5 F 22 W 39 n 56 4 - 6 G 23 X 40 o 57 5 - 7 H 24 Y 41 p 58 6 - 8 I 25 Z 42 q 59 7 - 9 J 26 a 43 r 60 8 - 10 K 27 b 44 s 61 9 - 11 L 28 c 45 t 62 + - 12 M 29 d 46 u 63 / - 13 N 30 e 47 v - 14 O 31 f 48 w (pad) = - 15 P 32 g 49 x - 16 Q 33 h 50 y - - Special processing is performed if fewer than 24 bits are available - at the end of the data being encoded. A full encoding quantum is - always completed at the end of a quantity. When fewer than 24 input - bits are available in an input group, zero bits are added (on the - right) to form an integral number of 6-bit groups. Padding at the - end of the data is performed using the '=' character. - - Since all base64 input is an integral number of octets, only the - ------------------------------------------------- - following cases can arise: - - (1) the final quantum of encoding input is an integral - multiple of 24 bits; here, the final unit of encoded - output will be an integral multiple of 4 characters - with no "=" padding, - (2) the final quantum of encoding input is exactly 8 bits; - here, the final unit of encoded output will be two - characters followed by two "=" padding characters, or - (3) the final quantum of encoding input is exactly 16 bits; - here, the final unit of encoded output will be three - characters followed by one "=" padding character. - */ - -#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) -int -b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) -{ - size_t datalength = 0; - u_char input[3]; - u_char output[4]; - u_int i; - - while (2 < srclength) { - input[0] = *src++; - input[1] = *src++; - input[2] = *src++; - srclength -= 3; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - output[3] = input[2] & 0x3f; - - if (datalength + 4 > targsize) - return (-1); - target[datalength++] = Base64[output[0]]; - target[datalength++] = Base64[output[1]]; - target[datalength++] = Base64[output[2]]; - target[datalength++] = Base64[output[3]]; - } - - /* Now we worry about padding. */ - if (0 != srclength) { - /* Get what's left. */ - input[0] = input[1] = input[2] = '\0'; - for (i = 0; i < srclength; i++) - input[i] = *src++; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - - if (datalength + 4 > targsize) - return (-1); - target[datalength++] = Base64[output[0]]; - target[datalength++] = Base64[output[1]]; - if (srclength == 1) - target[datalength++] = Pad64; - else - target[datalength++] = Base64[output[2]]; - target[datalength++] = Pad64; - } - if (datalength >= targsize) - return (-1); - target[datalength] = '\0'; /* Returned value doesn't count \0. */ - return (datalength); -} -#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ - -#if !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) - -/* skips all whitespace anywhere. - converts characters, four at a time, starting at (or after) - src from base - 64 numbers into three 8 bit bytes in the target area. - it returns the number of data bytes stored at the target, or -1 on error. - */ - -int -b64_pton(char const *src, u_char *target, size_t targsize) -{ - u_int tarindex, state; - int ch; - char *pos; - - state = 0; - tarindex = 0; - - while ((ch = *src++) != '\0') { - if (isspace(ch)) /* Skip whitespace anywhere. */ - continue; - - if (ch == Pad64) - break; - - pos = strchr(Base64, ch); - if (pos == 0) /* A non-base64 character. */ - return (-1); - - switch (state) { - case 0: - if (target) { - if (tarindex >= targsize) - return (-1); - target[tarindex] = (pos - Base64) << 2; - } - state = 1; - break; - case 1: - if (target) { - if (tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 4; - target[tarindex+1] = ((pos - Base64) & 0x0f) - << 4 ; - } - tarindex++; - state = 2; - break; - case 2: - if (target) { - if (tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 2; - target[tarindex+1] = ((pos - Base64) & 0x03) - << 6; - } - tarindex++; - state = 3; - break; - case 3: - if (target) { - if (tarindex >= targsize) - return (-1); - target[tarindex] |= (pos - Base64); - } - tarindex++; - state = 0; - break; - } - } - - /* - * We are done decoding Base-64 chars. Let's see if we ended - * on a byte boundary, and/or with erroneous trailing characters. - */ - - if (ch == Pad64) { /* We got a pad char. */ - ch = *src++; /* Skip it, get next. */ - switch (state) { - case 0: /* Invalid = in first position */ - case 1: /* Invalid = in second position */ - return (-1); - - case 2: /* Valid, means one byte of info */ - /* Skip any number of spaces. */ - for (; ch != '\0'; ch = *src++) - if (!isspace(ch)) - break; - /* Make sure there is another trailing = sign. */ - if (ch != Pad64) - return (-1); - ch = *src++; /* Skip the = */ - /* Fall through to "single trailing =" case. */ - /* FALLTHROUGH */ - - case 3: /* Valid, means two bytes of info */ - /* - * We know this char is an =. Is there anything but - * whitespace after it? - */ - for (; ch != '\0'; ch = *src++) - if (!isspace(ch)) - return (-1); - - /* - * Now make sure for cases 2 and 3 that the "extra" - * bits that slopped past the last full byte were - * zeros. If we don't check them, they become a - * subliminal channel. - */ - if (target && target[tarindex] != 0) - return (-1); - } - } else { - /* - * We ended by seeing the end of the string. Make sure we - * have no partial bytes lying around. - */ - if (state != 0) - return (-1); - } - - return (tarindex); -} - -#endif /* !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) */ -#endif diff --git a/ssh_keygen_110/openbsd-compat/base64.h b/ssh_keygen_110/openbsd-compat/base64.h deleted file mode 100644 index bd772931..00000000 --- a/ssh_keygen_110/openbsd-compat/base64.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 1996 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -#ifndef _BSD_BASE64_H -#define _BSD_BASE64_H - -#include "includes.h" - -#ifndef HAVE___B64_NTOP -# ifndef HAVE_B64_NTOP -int b64_ntop(u_char const *src, size_t srclength, char *target, - size_t targsize); -# endif /* !HAVE_B64_NTOP */ -# define __b64_ntop(a,b,c,d) b64_ntop(a,b,c,d) -#endif /* HAVE___B64_NTOP */ - -#ifndef HAVE___B64_PTON -# ifndef HAVE_B64_PTON -int b64_pton(char const *src, u_char *target, size_t targsize); -# endif /* !HAVE_B64_PTON */ -# define __b64_pton(a,b,c) b64_pton(a,b,c) -#endif /* HAVE___B64_PTON */ - -#endif /* _BSD_BASE64_H */ diff --git a/ssh_keygen_110/openbsd-compat/basename.c b/ssh_keygen_110/openbsd-compat/basename.c deleted file mode 100644 index ffa5c898..00000000 --- a/ssh_keygen_110/openbsd-compat/basename.c +++ /dev/null @@ -1,67 +0,0 @@ -/* $OpenBSD: basename.c,v 1.14 2005/08/08 08:05:33 espie Exp $ */ - -/* - * Copyright (c) 1997, 2004 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */ - -#include "includes.h" -#ifndef HAVE_BASENAME -#include -#include - -char * -basename(const char *path) -{ - static char bname[MAXPATHLEN]; - size_t len; - const char *endp, *startp; - - /* Empty or NULL string gets treated as "." */ - if (path == NULL || *path == '\0') { - bname[0] = '.'; - bname[1] = '\0'; - return (bname); - } - - /* Strip any trailing slashes */ - endp = path + strlen(path) - 1; - while (endp > path && *endp == '/') - endp--; - - /* All slashes becomes "/" */ - if (endp == path && *endp == '/') { - bname[0] = '/'; - bname[1] = '\0'; - return (bname); - } - - /* Find the start of the base */ - startp = endp; - while (startp > path && *(startp - 1) != '/') - startp--; - - len = endp - startp + 1; - if (len >= sizeof(bname)) { - errno = ENAMETOOLONG; - return (NULL); - } - memcpy(bname, startp, len); - bname[len] = '\0'; - return (bname); -} - -#endif /* !defined(HAVE_BASENAME) */ diff --git a/ssh_keygen_110/openbsd-compat/bcrypt_pbkdf.c b/ssh_keygen_110/openbsd-compat/bcrypt_pbkdf.c deleted file mode 100644 index 78523456..00000000 --- a/ssh_keygen_110/openbsd-compat/bcrypt_pbkdf.c +++ /dev/null @@ -1,179 +0,0 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */ -/* - * Copyright (c) 2013 Ted Unangst - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#ifndef HAVE_BCRYPT_PBKDF - -#include -#include - -#ifdef HAVE_STDLIB_H -# include -#endif -#include - -#ifdef HAVE_BLF_H -# include -#endif - -#include "crypto_api.h" -#ifdef SHA512_DIGEST_LENGTH -# undef SHA512_DIGEST_LENGTH -#endif -#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES - -#define MINIMUM(a,b) (((a) < (b)) ? (a) : (b)) - -/* - * pkcs #5 pbkdf2 implementation using the "bcrypt" hash - * - * The bcrypt hash function is derived from the bcrypt password hashing - * function with the following modifications: - * 1. The input password and salt are preprocessed with SHA512. - * 2. The output length is expanded to 256 bits. - * 3. Subsequently the magic string to be encrypted is lengthened and modified - * to "OxychromaticBlowfishSwatDynamite" - * 4. The hash function is defined to perform 64 rounds of initial state - * expansion. (More rounds are performed by iterating the hash.) - * - * Note that this implementation pulls the SHA512 operations into the caller - * as a performance optimization. - * - * One modification from official pbkdf2. Instead of outputting key material - * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to - * generate (e.g.) 512 bits of key material for use as two 256 bit keys, an - * attacker can merely run once through the outer loop, but the user - * always runs it twice. Shuffling output bytes requires computing the - * entirety of the key material to assemble any subkey. This is something a - * wise caller could do; we just do it for you. - */ - -#define BCRYPT_WORDS 8 -#define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) - -static void -bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out) -{ - blf_ctx state; - u_int8_t ciphertext[BCRYPT_HASHSIZE] = - "OxychromaticBlowfishSwatDynamite"; - uint32_t cdata[BCRYPT_WORDS]; - int i; - uint16_t j; - size_t shalen = SHA512_DIGEST_LENGTH; - - /* key expansion */ - Blowfish_initstate(&state); - Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); - for (i = 0; i < 64; i++) { - Blowfish_expand0state(&state, sha2salt, shalen); - Blowfish_expand0state(&state, sha2pass, shalen); - } - - /* encryption */ - j = 0; - for (i = 0; i < BCRYPT_WORDS; i++) - cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), - &j); - for (i = 0; i < 64; i++) - blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); - - /* copy out */ - for (i = 0; i < BCRYPT_WORDS; i++) { - out[4 * i + 3] = (cdata[i] >> 24) & 0xff; - out[4 * i + 2] = (cdata[i] >> 16) & 0xff; - out[4 * i + 1] = (cdata[i] >> 8) & 0xff; - out[4 * i + 0] = cdata[i] & 0xff; - } - - /* zap */ - explicit_bzero(ciphertext, sizeof(ciphertext)); - explicit_bzero(cdata, sizeof(cdata)); - explicit_bzero(&state, sizeof(state)); -} - -int -bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, - u_int8_t *key, size_t keylen, unsigned int rounds) -{ - u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; - u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; - u_int8_t out[BCRYPT_HASHSIZE]; - u_int8_t tmpout[BCRYPT_HASHSIZE]; - u_int8_t *countsalt; - size_t i, j, amt, stride; - uint32_t count; - size_t origkeylen = keylen; - - /* nothing crazy */ - if (rounds < 1) - return -1; - if (passlen == 0 || saltlen == 0 || keylen == 0 || - keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20) - return -1; - if ((countsalt = calloc(1, saltlen + 4)) == NULL) - return -1; - stride = (keylen + sizeof(out) - 1) / sizeof(out); - amt = (keylen + stride - 1) / stride; - - memcpy(countsalt, salt, saltlen); - - /* collapse password */ - crypto_hash_sha512(sha2pass, pass, passlen); - - /* generate key, sizeof(out) at a time */ - for (count = 1; keylen > 0; count++) { - countsalt[saltlen + 0] = (count >> 24) & 0xff; - countsalt[saltlen + 1] = (count >> 16) & 0xff; - countsalt[saltlen + 2] = (count >> 8) & 0xff; - countsalt[saltlen + 3] = count & 0xff; - - /* first round, salt is salt */ - crypto_hash_sha512(sha2salt, countsalt, saltlen + 4); - - bcrypt_hash(sha2pass, sha2salt, tmpout); - memcpy(out, tmpout, sizeof(out)); - - for (i = 1; i < rounds; i++) { - /* subsequent rounds, salt is previous output */ - crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout)); - bcrypt_hash(sha2pass, sha2salt, tmpout); - for (j = 0; j < sizeof(out); j++) - out[j] ^= tmpout[j]; - } - - /* - * pbkdf2 deviation: output the key material non-linearly. - */ - amt = MINIMUM(amt, keylen); - for (i = 0; i < amt; i++) { - size_t dest = i * stride + (count - 1); - if (dest >= origkeylen) - break; - key[dest] = out[i]; - } - keylen -= i; - } - - /* zap */ - explicit_bzero(out, sizeof(out)); - free(countsalt); - - return 0; -} -#endif /* HAVE_BCRYPT_PBKDF */ diff --git a/ssh_keygen_110/openbsd-compat/bindresvport.c b/ssh_keygen_110/openbsd-compat/bindresvport.c deleted file mode 100644 index eeb269d5..00000000 --- a/ssh_keygen_110/openbsd-compat/bindresvport.c +++ /dev/null @@ -1,119 +0,0 @@ -/* This file has be substantially modified from the original OpenBSD source */ - -/* $OpenBSD: bindresvport.c,v 1.17 2005/12/21 01:40:22 millert Exp $ */ - -/* - * Copyright 1996, Jason Downs. All rights reserved. - * Copyright 1998, Theo de Raadt. All rights reserved. - * Copyright 2000, Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/rpc/bindresvport.c */ - -#include "includes.h" - -#ifndef HAVE_BINDRESVPORT_SA -#include -#include - -#include -#include - -#include -#include - -#define STARTPORT 600 -#define ENDPORT (IPPORT_RESERVED - 1) -#define NPORTS (ENDPORT - STARTPORT + 1) - -/* - * Bind a socket to a privileged IP port - */ -int -bindresvport_sa(int sd, struct sockaddr *sa) -{ - int error, af; - struct sockaddr_storage myaddr; - struct sockaddr_in *in; - struct sockaddr_in6 *in6; - u_int16_t *portp; - u_int16_t port; - socklen_t salen; - int i; - - if (sa == NULL) { - memset(&myaddr, 0, sizeof(myaddr)); - sa = (struct sockaddr *)&myaddr; - salen = sizeof(myaddr); - - if (getsockname(sd, sa, &salen) == -1) - return -1; /* errno is correctly set */ - - af = sa->sa_family; - memset(&myaddr, 0, salen); - } else - af = sa->sa_family; - - if (af == AF_INET) { - in = (struct sockaddr_in *)sa; - salen = sizeof(struct sockaddr_in); - portp = &in->sin_port; - } else if (af == AF_INET6) { - in6 = (struct sockaddr_in6 *)sa; - salen = sizeof(struct sockaddr_in6); - portp = &in6->sin6_port; - } else { - errno = EPFNOSUPPORT; - return (-1); - } - sa->sa_family = af; - - port = ntohs(*portp); - if (port == 0) - port = arc4random_uniform(NPORTS) + STARTPORT; - - /* Avoid warning */ - error = -1; - - for(i = 0; i < NPORTS; i++) { - *portp = htons(port); - - error = bind(sd, sa, salen); - - /* Terminate on success */ - if (error == 0) - break; - - /* Terminate on errors, except "address already in use" */ - if ((error < 0) && !((errno == EADDRINUSE) || (errno == EINVAL))) - break; - - port++; - if (port > ENDPORT) - port = STARTPORT; - } - - return (error); -} - -#endif /* HAVE_BINDRESVPORT_SA */ diff --git a/ssh_keygen_110/openbsd-compat/blf.h b/ssh_keygen_110/openbsd-compat/blf.h deleted file mode 100644 index f1ac5a5c..00000000 --- a/ssh_keygen_110/openbsd-compat/blf.h +++ /dev/null @@ -1,88 +0,0 @@ -/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */ -/* - * Blowfish - a fast block cipher designed by Bruce Schneier - * - * Copyright 1997 Niels Provos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Niels Provos. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _BLF_H_ -#define _BLF_H_ - -#include "includes.h" - -#if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) - -/* Schneier specifies a maximum key length of 56 bytes. - * This ensures that every key bit affects every cipher - * bit. However, the subkeys can hold up to 72 bytes. - * Warning: For normal blowfish encryption only 56 bytes - * of the key affect all cipherbits. - */ - -#define BLF_N 16 /* Number of Subkeys */ -#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ -#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */ - -/* Blowfish context */ -typedef struct BlowfishContext { - u_int32_t S[4][256]; /* S-Boxes */ - u_int32_t P[BLF_N + 2]; /* Subkeys */ -} blf_ctx; - -/* Raw access to customized Blowfish - * blf_key is just: - * Blowfish_initstate( state ) - * Blowfish_expand0state( state, key, keylen ) - */ - -void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *); -void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *); -void Blowfish_initstate(blf_ctx *); -void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); -void Blowfish_expandstate -(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); - -/* Standard Blowfish */ - -void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); -void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); -void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); - -void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); -void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); - -void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); -void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); - -/* Converts u_int8_t to u_int32_t */ -u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *); - -#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */ -#endif /* _BLF_H */ - diff --git a/ssh_keygen_110/openbsd-compat/blowfish.c b/ssh_keygen_110/openbsd-compat/blowfish.c deleted file mode 100644 index e10f7e7d..00000000 --- a/ssh_keygen_110/openbsd-compat/blowfish.c +++ /dev/null @@ -1,696 +0,0 @@ -/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */ -/* - * Blowfish block cipher for OpenBSD - * Copyright 1997 Niels Provos - * All rights reserved. - * - * Implementation advice by David Mazieres . - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Niels Provos. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code is derived from section 14.3 and the given source - * in section V of Applied Cryptography, second edition. - * Blowfish is an unpatented fast block cipher designed by - * Bruce Schneier. - */ - -#include "includes.h" - -#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ - !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) - -#if 0 -#include /* used for debugging */ -#include -#endif - -#include -#ifdef HAVE_BLF_H -#include -#endif - -#undef inline -#ifdef __GNUC__ -#define inline __inline -#else /* !__GNUC__ */ -#define inline -#endif /* !__GNUC__ */ - -/* Function for Feistel Networks */ - -#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ - + (s)[0x100 + (((x)>>16)&0xFF)]) \ - ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ - + (s)[0x300 + ( (x) &0xFF)]) - -#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) - -void -Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) -{ - u_int32_t Xl; - u_int32_t Xr; - u_int32_t *s = c->S[0]; - u_int32_t *p = c->P; - - Xl = *xl; - Xr = *xr; - - Xl ^= p[0]; - BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); - BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); - BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); - BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); - BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); - BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); - BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); - BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); - - *xl = Xr ^ p[17]; - *xr = Xl; -} - -void -Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) -{ - u_int32_t Xl; - u_int32_t Xr; - u_int32_t *s = c->S[0]; - u_int32_t *p = c->P; - - Xl = *xl; - Xr = *xr; - - Xl ^= p[17]; - BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); - BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); - BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); - BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); - BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); - BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); - BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); - BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); - - *xl = Xr ^ p[0]; - *xr = Xl; -} - -void -Blowfish_initstate(blf_ctx *c) -{ - /* P-box and S-box tables initialized with digits of Pi */ - - static const blf_ctx initstate = - { { - { - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, - 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, - 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, - 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, - 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, - 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, - 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, - 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, - 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, - 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, - 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, - 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, - 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, - 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, - 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, - 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, - 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, - 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, - 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, - 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, - 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, - 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, - 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, - 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, - 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, - 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, - 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, - 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, - 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, - 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, - 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, - 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, - 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, - 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, - 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, - 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, - 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, - 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, - 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, - 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, - 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, - 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, - 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, - { - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, - 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, - 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, - 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, - 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, - 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, - 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, - 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, - 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, - 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, - 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, - 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, - 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, - 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, - 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, - 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, - 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, - 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, - 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, - 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, - 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, - 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, - 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, - 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, - 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, - 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, - 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, - 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, - 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, - 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, - 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, - 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, - 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, - 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, - 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, - 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, - 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, - 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, - 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, - 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, - 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, - 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, - 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, - { - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, - 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, - 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, - 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, - 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, - 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, - 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, - 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, - 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, - 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, - 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, - 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, - 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, - 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, - 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, - 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, - 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, - 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, - 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, - 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, - 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, - 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, - 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, - 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, - 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, - 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, - 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, - 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, - 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, - 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, - 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, - 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, - 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, - 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, - 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, - 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, - 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, - 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, - 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, - 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, - 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, - 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, - 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, - { - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, - 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, - 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, - 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, - 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, - 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, - 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, - 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, - 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, - 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, - 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, - 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, - 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, - 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, - 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, - 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, - 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, - 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, - 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, - 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, - 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, - 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, - 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, - 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, - 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, - 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, - 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, - 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, - 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, - 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, - 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, - 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, - 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, - 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, - 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, - 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, - 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, - 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, - 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, - 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, - 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, - 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, - 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} - }, - { - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, - 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, - 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, - 0x9216d5d9, 0x8979fb1b - } }; - - *c = initstate; -} - -u_int32_t -Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, - u_int16_t *current) -{ - u_int8_t i; - u_int16_t j; - u_int32_t temp; - - temp = 0x00000000; - j = *current; - - for (i = 0; i < 4; i++, j++) { - if (j >= databytes) - j = 0; - temp = (temp << 8) | data[j]; - } - - *current = j; - return temp; -} - -void -Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) -{ - u_int16_t i; - u_int16_t j; - u_int16_t k; - u_int32_t temp; - u_int32_t datal; - u_int32_t datar; - - j = 0; - for (i = 0; i < BLF_N + 2; i++) { - /* Extract 4 int8 to 1 int32 from keystream */ - temp = Blowfish_stream2word(key, keybytes, &j); - c->P[i] = c->P[i] ^ temp; - } - - j = 0; - datal = 0x00000000; - datar = 0x00000000; - for (i = 0; i < BLF_N + 2; i += 2) { - Blowfish_encipher(c, &datal, &datar); - - c->P[i] = datal; - c->P[i + 1] = datar; - } - - for (i = 0; i < 4; i++) { - for (k = 0; k < 256; k += 2) { - Blowfish_encipher(c, &datal, &datar); - - c->S[i][k] = datal; - c->S[i][k + 1] = datar; - } - } -} - - -void -Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, - const u_int8_t *key, u_int16_t keybytes) -{ - u_int16_t i; - u_int16_t j; - u_int16_t k; - u_int32_t temp; - u_int32_t datal; - u_int32_t datar; - - j = 0; - for (i = 0; i < BLF_N + 2; i++) { - /* Extract 4 int8 to 1 int32 from keystream */ - temp = Blowfish_stream2word(key, keybytes, &j); - c->P[i] = c->P[i] ^ temp; - } - - j = 0; - datal = 0x00000000; - datar = 0x00000000; - for (i = 0; i < BLF_N + 2; i += 2) { - datal ^= Blowfish_stream2word(data, databytes, &j); - datar ^= Blowfish_stream2word(data, databytes, &j); - Blowfish_encipher(c, &datal, &datar); - - c->P[i] = datal; - c->P[i + 1] = datar; - } - - for (i = 0; i < 4; i++) { - for (k = 0; k < 256; k += 2) { - datal ^= Blowfish_stream2word(data, databytes, &j); - datar ^= Blowfish_stream2word(data, databytes, &j); - Blowfish_encipher(c, &datal, &datar); - - c->S[i][k] = datal; - c->S[i][k + 1] = datar; - } - } - -} - -void -blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) -{ - /* Initialize S-boxes and subkeys with Pi */ - Blowfish_initstate(c); - - /* Transform S-boxes and subkeys with key */ - Blowfish_expand0state(c, k, len); -} - -void -blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) -{ - u_int32_t *d; - u_int16_t i; - - d = data; - for (i = 0; i < blocks; i++) { - Blowfish_encipher(c, d, d + 1); - d += 2; - } -} - -void -blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) -{ - u_int32_t *d; - u_int16_t i; - - d = data; - for (i = 0; i < blocks; i++) { - Blowfish_decipher(c, d, d + 1); - d += 2; - } -} - -void -blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r; - u_int32_t i; - - for (i = 0; i < len; i += 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_encipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - data += 8; - } -} - -void -blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r; - u_int32_t i; - - for (i = 0; i < len; i += 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_decipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - data += 8; - } -} - -void -blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r; - u_int32_t i, j; - - for (i = 0; i < len; i += 8) { - for (j = 0; j < 8; j++) - data[j] ^= iv[j]; - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_encipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - iv = data; - data += 8; - } -} - -void -blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r; - u_int8_t *iv; - u_int32_t i, j; - - iv = data + len - 16; - data = data + len - 8; - for (i = len - 8; i >= 8; i -= 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_decipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - for (j = 0; j < 8; j++) - data[j] ^= iv[j]; - iv -= 8; - data -= 8; - } - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_decipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - for (j = 0; j < 8; j++) - data[j] ^= iva[j]; -} - -#if 0 -void -report(u_int32_t data[], u_int16_t len) -{ - u_int16_t i; - for (i = 0; i < len; i += 2) - printf("Block %0hd: %08lx %08lx.\n", - i / 2, data[i], data[i + 1]); -} -void -main(void) -{ - - blf_ctx c; - char key[] = "AAAAA"; - char key2[] = "abcdefghijklmnopqrstuvwxyz"; - - u_int32_t data[10]; - u_int32_t data2[] = - {0x424c4f57l, 0x46495348l}; - - u_int16_t i; - - /* First test */ - for (i = 0; i < 10; i++) - data[i] = i; - - blf_key(&c, (u_int8_t *) key, 5); - blf_enc(&c, data, 5); - blf_dec(&c, data, 1); - blf_dec(&c, data + 2, 4); - printf("Should read as 0 - 9.\n"); - report(data, 10); - - /* Second test */ - blf_key(&c, (u_int8_t *) key2, strlen(key2)); - blf_enc(&c, data2, 1); - printf("\nShould read as: 0x324ed0fe 0xf413a203.\n"); - report(data2, 2); - blf_dec(&c, data2, 1); - report(data2, 2); -} -#endif - -#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ - !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */ - diff --git a/ssh_keygen_110/openbsd-compat/bsd-asprintf.c b/ssh_keygen_110/openbsd-compat/bsd-asprintf.c deleted file mode 100644 index 10927727..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-asprintf.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 2004 Darren Tucker. - * - * Based originally on asprintf.c from OpenBSD: - * Copyright (c) 1997 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -/* - * Don't let systems with broken printf(3) avoid our replacements - * via asprintf(3)/vasprintf(3) calling libc internally. - */ -#if defined(BROKEN_SNPRINTF) -# undef HAVE_VASPRINTF -# undef HAVE_ASPRINTF -#endif - -#ifndef HAVE_VASPRINTF - -#include -#include -#include - -#define INIT_SZ 128 - -int -vasprintf(char **str, const char *fmt, va_list ap) -{ - int ret = -1; - va_list ap2; - char *string, *newstr; - size_t len; - - VA_COPY(ap2, ap); - if ((string = malloc(INIT_SZ)) == NULL) - goto fail; - - ret = vsnprintf(string, INIT_SZ, fmt, ap2); - if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */ - *str = string; - } else if (ret == INT_MAX || ret < 0) { /* Bad length */ - free(string); - goto fail; - } else { /* bigger than initial, realloc allowing for nul */ - len = (size_t)ret + 1; - if ((newstr = realloc(string, len)) == NULL) { - free(string); - goto fail; - } else { - va_end(ap2); - VA_COPY(ap2, ap); - ret = vsnprintf(newstr, len, fmt, ap2); - if (ret >= 0 && (size_t)ret < len) { - *str = newstr; - } else { /* failed with realloc'ed string, give up */ - free(newstr); - goto fail; - } - } - } - va_end(ap2); - return (ret); - -fail: - *str = NULL; - errno = ENOMEM; - va_end(ap2); - return (-1); -} -#endif - -#ifndef HAVE_ASPRINTF -int asprintf(char **str, const char *fmt, ...) -{ - va_list ap; - int ret; - - *str = NULL; - va_start(ap, fmt); - ret = vasprintf(str, fmt, ap); - va_end(ap); - - return ret; -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/bsd-closefrom.c b/ssh_keygen_110/openbsd-compat/bsd-closefrom.c deleted file mode 100644 index b56476a2..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-closefrom.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2004-2005 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#ifndef HAVE_CLOSEFROM - -#include -#include -#include -#include -#ifdef HAVE_FCNTL_H -# include -#endif -#include -#include -#include -#include -#include -#ifdef HAVE_DIRENT_H -# include -# define NAMLEN(dirent) strlen((dirent)->d_name) -#else -# define dirent direct -# define NAMLEN(dirent) (dirent)->d_namlen -# ifdef HAVE_SYS_NDIR_H -# include -# endif -# ifdef HAVE_SYS_DIR_H -# include -# endif -# ifdef HAVE_NDIR_H -# include -# endif -#endif - -#ifndef OPEN_MAX -# define OPEN_MAX 256 -#endif - -#if 0 -__unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $"; -#endif /* lint */ - -/* - * Close all file descriptors greater than or equal to lowfd. - */ -#ifdef HAVE_FCNTL_CLOSEM -void -closefrom(int lowfd) -{ - (void) fcntl(lowfd, F_CLOSEM, 0); -} -#else -void -closefrom(int lowfd) -{ - long fd, maxfd; -#if defined(HAVE_DIRFD) && defined(HAVE_PROC_PID) - char fdpath[PATH_MAX], *endp; - struct dirent *dent; - DIR *dirp; - int len; - - /* Check for a /proc/$$/fd directory. */ - len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); - if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) { - while ((dent = readdir(dirp)) != NULL) { - fd = strtol(dent->d_name, &endp, 10); - if (dent->d_name != endp && *endp == '\0' && - fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp)) - (void) close((int) fd); - } - (void) closedir(dirp); - } else -#endif - { - /* - * Fall back on sysconf() or getdtablesize(). We avoid checking - * resource limits since it is possible to open a file descriptor - * and then drop the rlimit such that it is below the open fd. - */ -#ifdef HAVE_SYSCONF - maxfd = sysconf(_SC_OPEN_MAX); -#else - maxfd = getdtablesize(); -#endif /* HAVE_SYSCONF */ - if (maxfd < 0) - maxfd = OPEN_MAX; - - for (fd = lowfd; fd < maxfd; fd++) - (void) close((int) fd); - } -} -#endif /* !HAVE_FCNTL_CLOSEM */ -#endif /* HAVE_CLOSEFROM */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-cygwin_util.c b/ssh_keygen_110/openbsd-compat/bsd-cygwin_util.c deleted file mode 100644 index fb49e30f..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-cygwin_util.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Created: Sat Sep 02 12:17:00 2000 cv - * - * This file contains functions for forcing opened file descriptors to - * binary mode on Windows systems. - */ - -#define NO_BINARY_OPEN /* Avoid redefining open to binary_open for this file */ -#include "includes.h" - -#ifdef HAVE_CYGWIN - -#include -#include -#include -#include -#include - -#include "xmalloc.h" - -int -binary_open(const char *filename, int flags, ...) -{ - va_list ap; - mode_t mode; - - va_start(ap, flags); - mode = va_arg(ap, mode_t); - va_end(ap); - return (open(filename, flags | O_BINARY, mode)); -} - -int -check_ntsec(const char *filename) -{ - return (pathconf(filename, _PC_POSIX_PERMISSIONS)); -} - -const char * -cygwin_ssh_privsep_user() -{ - static char cyg_privsep_user[DNLEN + UNLEN + 2]; - - if (!cyg_privsep_user[0]) - { -#ifdef CW_CYGNAME_FROM_WINNAME - if (cygwin_internal (CW_CYGNAME_FROM_WINNAME, "sshd", cyg_privsep_user, - sizeof cyg_privsep_user) != 0) -#endif - strlcpy(cyg_privsep_user, "sshd", sizeof(cyg_privsep_user)); - } - return cyg_privsep_user; -} - -#define NL(x) x, (sizeof (x) - 1) -#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) - -static struct wenv { - const char *name; - size_t namelen; -} wenv_arr[] = { - { NL("ALLUSERSPROFILE=") }, - { NL("COMPUTERNAME=") }, - { NL("COMSPEC=") }, - { NL("CYGWIN=") }, - { NL("OS=") }, - { NL("PATH=") }, - { NL("PATHEXT=") }, - { NL("PROGRAMFILES=") }, - { NL("SYSTEMDRIVE=") }, - { NL("SYSTEMROOT=") }, - { NL("WINDIR=") } -}; - -char ** -fetch_windows_environment(void) -{ - char **e, **p; - unsigned int i, idx = 0; - - p = xcalloc(WENV_SIZ + 1, sizeof(char *)); - for (e = environ; *e != NULL; ++e) { - for (i = 0; i < WENV_SIZ; ++i) { - if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) - p[idx++] = *e; - } - } - p[idx] = NULL; - return p; -} - -void -free_windows_environment(char **p) -{ - free(p); -} - -#endif /* HAVE_CYGWIN */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-cygwin_util.h b/ssh_keygen_110/openbsd-compat/bsd-cygwin_util.h deleted file mode 100644 index 202c055d..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-cygwin_util.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Created: Sat Sep 02 12:17:00 2000 cv - * - * This file contains functions for forcing opened file descriptors to - * binary mode on Windows systems. - */ - -#ifndef _BSD_CYGWIN_UTIL_H -#define _BSD_CYGWIN_UTIL_H - -#ifdef HAVE_CYGWIN - -#undef ERROR - -/* Avoid including windows headers. */ -typedef void *HANDLE; -#define INVALID_HANDLE_VALUE ((HANDLE) -1) -#define DNLEN 16 -#define UNLEN 256 - -/* Cygwin functions for which declarations are only available when including - windows headers, so we have to define them here explicitly. */ -extern HANDLE cygwin_logon_user (const struct passwd *, const char *); -extern void cygwin_set_impersonation_token (const HANDLE); - -#include -#include - -#define CYGWIN_SSH_PRIVSEP_USER (cygwin_ssh_privsep_user()) -const char *cygwin_ssh_privsep_user(); - -int binary_open(const char *, int , ...); -int check_ntsec(const char *); -char **fetch_windows_environment(void); -void free_windows_environment(char **); - -#ifndef NO_BINARY_OPEN -#define open binary_open -#endif - -#endif /* HAVE_CYGWIN */ - -#endif /* _BSD_CYGWIN_UTIL_H */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-err.c b/ssh_keygen_110/openbsd-compat/bsd-err.c deleted file mode 100644 index e4ed22b8..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-err.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2015 Tim Rice - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include -#include -#include - -#ifndef HAVE_ERR -void -err(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", strerror(errno)); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} -#endif - -#ifndef HAVE_ERRX -void -errx(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} -#endif - -#ifndef HAVE_WARN -void -warn(const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", strerror(errno)); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/bsd-getpeereid.c b/ssh_keygen_110/openbsd-compat/bsd-getpeereid.c deleted file mode 100644 index 5f7e677e..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-getpeereid.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2002,2004 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#if !defined(HAVE_GETPEEREID) - -#include -#include - -#include - -#if defined(SO_PEERCRED) -int -getpeereid(int s, uid_t *euid, gid_t *gid) -{ - struct ucred cred; - socklen_t len = sizeof(cred); - - if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0) - return (-1); - *euid = cred.uid; - *gid = cred.gid; - - return (0); -} -#elif defined(HAVE_GETPEERUCRED) - -#ifdef HAVE_UCRED_H -# include -#endif - -int -getpeereid(int s, uid_t *euid, gid_t *gid) -{ - ucred_t *ucred = NULL; - - if (getpeerucred(s, &ucred) == -1) - return (-1); - if ((*euid = ucred_geteuid(ucred)) == -1) - return (-1); - if ((*gid = ucred_getrgid(ucred)) == -1) - return (-1); - - ucred_free(ucred); - - return (0); -} -#else -int -getpeereid(int s, uid_t *euid, gid_t *gid) -{ - *euid = geteuid(); - *gid = getgid(); - - return (0); -} -#endif /* defined(SO_PEERCRED) */ - -#endif /* !defined(HAVE_GETPEEREID) */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-misc.c b/ssh_keygen_110/openbsd-compat/bsd-misc.c deleted file mode 100644 index bb009507..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-misc.c +++ /dev/null @@ -1,329 +0,0 @@ - -/* - * Copyright (c) 1999-2004 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#ifdef HAVE_SYS_SELECT_H -# include -#endif -#ifdef HAVE_SYS_TIME_H -# include -#endif - -#include -#include -#include -#include -#include -#include - -#ifndef HAVE___PROGNAME -char *__progname; -#endif - -/* - * NB. duplicate __progname in case it is an alias for argv[0] - * Otherwise it may get clobbered by setproctitle() - */ -char *ssh_get_progname(char *argv0) -{ - char *p, *q; -#ifdef HAVE___PROGNAME - extern char *__progname; - - p = __progname; -#else - if (argv0 == NULL) - return ("unknown"); /* XXX */ - p = strrchr(argv0, '/'); - if (p == NULL) - p = argv0; - else - p++; -#endif - if ((q = strdup(p)) == NULL) { - perror("strdup"); - exit(1); - } - return q; -} - -#ifndef HAVE_SETLOGIN -int setlogin(const char *name) -{ - return (0); -} -#endif /* !HAVE_SETLOGIN */ - -#ifndef HAVE_INNETGR -int innetgr(const char *netgroup, const char *host, - const char *user, const char *domain) -{ - return (0); -} -#endif /* HAVE_INNETGR */ - -#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) -int seteuid(uid_t euid) -{ - return (setreuid(-1, euid)); -} -#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */ - -#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) -int setegid(uid_t egid) -{ - return(setresgid(-1, egid, -1)); -} -#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */ - -#if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR) -const char *strerror(int e) -{ - extern int sys_nerr; - extern char *sys_errlist[]; - - if ((e >= 0) && (e < sys_nerr)) - return (sys_errlist[e]); - - return ("unlisted error"); -} -#endif - -#ifndef HAVE_UTIMES -int utimes(char *filename, struct timeval *tvp) -{ - struct utimbuf ub; - - ub.actime = tvp[0].tv_sec; - ub.modtime = tvp[1].tv_sec; - - return (utime(filename, &ub)); -} -#endif - -#ifndef HAVE_TRUNCATE -int truncate(const char *path, off_t length) -{ - int fd, ret, saverrno; - - fd = open(path, O_WRONLY); - if (fd < 0) - return (-1); - - ret = ftruncate(fd, length); - saverrno = errno; - close(fd); - if (ret == -1) - errno = saverrno; - - return(ret); -} -#endif /* HAVE_TRUNCATE */ - -#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) -int nanosleep(const struct timespec *req, struct timespec *rem) -{ - int rc, saverrno; - extern int errno; - struct timeval tstart, tstop, tremain, time2wait; - - TIMESPEC_TO_TIMEVAL(&time2wait, req) - (void) gettimeofday(&tstart, NULL); - rc = select(0, NULL, NULL, NULL, &time2wait); - if (rc == -1) { - saverrno = errno; - (void) gettimeofday (&tstop, NULL); - errno = saverrno; - tremain.tv_sec = time2wait.tv_sec - - (tstop.tv_sec - tstart.tv_sec); - tremain.tv_usec = time2wait.tv_usec - - (tstop.tv_usec - tstart.tv_usec); - tremain.tv_sec += tremain.tv_usec / 1000000L; - tremain.tv_usec %= 1000000L; - } else { - tremain.tv_sec = 0; - tremain.tv_usec = 0; - } - if (rem != NULL) - TIMEVAL_TO_TIMESPEC(&tremain, rem) - - return(rc); -} -#endif - -#if !defined(HAVE_USLEEP) -int usleep(unsigned int useconds) -{ - struct timespec ts; - - ts.tv_sec = useconds / 1000000; - ts.tv_nsec = (useconds % 1000000) * 1000; - return nanosleep(&ts, NULL); -} -#endif - -#ifndef HAVE_TCGETPGRP -pid_t -tcgetpgrp(int fd) -{ - int ctty_pgrp; - - if (ioctl(fd, TIOCGPGRP, &ctty_pgrp) == -1) - return(-1); - else - return(ctty_pgrp); -} -#endif /* HAVE_TCGETPGRP */ - -#ifndef HAVE_TCSENDBREAK -int -tcsendbreak(int fd, int duration) -{ -# if defined(TIOCSBRK) && defined(TIOCCBRK) - struct timeval sleepytime; - - sleepytime.tv_sec = 0; - sleepytime.tv_usec = 400000; - if (ioctl(fd, TIOCSBRK, 0) == -1) - return (-1); - (void)select(0, 0, 0, 0, &sleepytime); - if (ioctl(fd, TIOCCBRK, 0) == -1) - return (-1); - return (0); -# else - return -1; -# endif -} -#endif /* HAVE_TCSENDBREAK */ - -#ifndef HAVE_STRDUP -char * -strdup(const char *str) -{ - size_t len; - char *cp; - - len = strlen(str) + 1; - cp = malloc(len); - if (cp != NULL) - return(memcpy(cp, str, len)); - return NULL; -} -#endif - -#ifndef HAVE_ISBLANK -int -isblank(int c) -{ - return (c == ' ' || c == '\t'); -} -#endif - -#ifndef HAVE_GETPGID -pid_t -getpgid(pid_t pid) -{ -#if defined(HAVE_GETPGRP) && !defined(GETPGRP_VOID) && GETPGRP_VOID == 0 - return getpgrp(pid); -#elif defined(HAVE_GETPGRP) - if (pid == 0) - return getpgrp(); -#endif - - errno = ESRCH; - return -1; -} -#endif - -#ifndef HAVE_PLEDGE -int -pledge(const char *promises, const char *paths[]) -{ - return 0; -} -#endif - -#ifndef HAVE_MBTOWC -/* a mbtowc that only supports ASCII */ -int -mbtowc(wchar_t *pwc, const char *s, size_t n) -{ - if (s == NULL || *s == '\0') - return 0; /* ASCII is not state-dependent */ - if (*s < 0 || *s > 0x7f || n < 1) { - errno = EOPNOTSUPP; - return -1; - } - if (pwc != NULL) - *pwc = *s; - return 1; -} -#endif - -#ifndef HAVE_LLABS -long long -llabs(long long j) -{ - return (j < 0 ? -j : j); -} -#endif - -#ifdef IOS_NOTNEEDED -#ifndef HAVE_BZERO -void -bzero(void *b, size_t n) -{ - (void)memset(b, 0, n); -} -#endif - -#ifndef HAVE_RAISE -int -raise(int sig) -{ - kill(getpid(), sig); -} -#endif - -#ifndef HAVE_GETSID -pid_t -getsid(pid_t pid) -{ - errno = ENOSYS; - return -1; -} -#endif - -#ifdef FFLUSH_NULL_BUG -#undef fflush -int _ssh_compat_fflush(FILE *f) -{ - int r1, r2; - - if (f == NULL) { - r1 = fflush(stdout); - r2 = fflush(stderr); - if (r1 == -1 || r2 == -1) - return -1; - return 0; - } - return fflush(f); -} -#endif -#endif // IOS_NOTNEEDED diff --git a/ssh_keygen_110/openbsd-compat/bsd-misc.h b/ssh_keygen_110/openbsd-compat/bsd-misc.h deleted file mode 100644 index 52ec5285..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-misc.h +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 1999-2004 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _BSD_MISC_H -#define _BSD_MISC_H - -#include "includes.h" - -char *ssh_get_progname(char *); - -#ifndef HAVE_SETSID -#define setsid() setpgrp(0, getpid()) -#endif /* !HAVE_SETSID */ - -#ifndef HAVE_SETENV -int setenv(const char *, const char *, int); -#endif /* !HAVE_SETENV */ - -#ifndef HAVE_SETLOGIN -int setlogin(const char *); -#endif /* !HAVE_SETLOGIN */ - -#ifndef HAVE_INNETGR -int innetgr(const char *, const char *, const char *, const char *); -#endif /* HAVE_INNETGR */ - -#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) -int seteuid(uid_t); -#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */ - -#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) -int setegid(uid_t); -#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */ - -#if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR) -const char *strerror(int); -#endif - -#if !defined(HAVE_SETLINEBUF) -#define setlinebuf(a) (setvbuf((a), NULL, _IOLBF, 0)) -#endif - -#ifndef HAVE_UTIMES -#ifndef HAVE_STRUCT_TIMEVAL -struct timeval { - long tv_sec; - long tv_usec; -} -#endif /* HAVE_STRUCT_TIMEVAL */ - -int utimes(char *, struct timeval *); -#endif /* HAVE_UTIMES */ - -#ifndef HAVE_TRUNCATE -int truncate (const char *, off_t); -#endif /* HAVE_TRUNCATE */ - -#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) -#ifndef HAVE_STRUCT_TIMESPEC -struct timespec { - time_t tv_sec; - long tv_nsec; -}; -#endif -int nanosleep(const struct timespec *, struct timespec *); -#endif - -#ifndef HAVE_USLEEP -int usleep(unsigned int useconds); -#endif - -#ifndef HAVE_TCGETPGRP -pid_t tcgetpgrp(int); -#endif - -#ifndef HAVE_TCSENDBREAK -int tcsendbreak(int, int); -#endif - -#ifndef HAVE_UNSETENV -int unsetenv(const char *); -#endif - -#ifndef HAVE_ISBLANK -int isblank(int); -#endif - -#ifndef HAVE_GETPGID -pid_t getpgid(pid_t); -#endif - -#ifndef HAVE_ENDGRENT -# define endgrent() do { } while(0) -#endif - -#ifndef HAVE_KRB5_GET_ERROR_MESSAGE -# define krb5_get_error_message krb5_get_err_text -#endif - -#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE -# define krb5_free_error_message(a,b) do { } while(0) -#endif - -#ifndef HAVE_PLEDGE -int pledge(const char *promises, const char *paths[]); -#endif - -/* bsd-err.h */ -#ifndef HAVE_ERR -void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); -#endif -#ifndef HAVE_ERRX -void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); -#endif -#ifndef HAVE_WARN -void warn(const char *, ...) __attribute__((format(printf, 1, 2))); -#endif - -#ifndef HAVE_LLABS -long long llabs(long long); -#endif - -#if defined(HAVE_DECL_BZERO) && HAVE_DECL_BZERO == 0 -void bzero(void *, size_t); -#endif - -#ifndef HAVE_RAISE -int raise(int); -#endif - -#ifndef HAVE_GETSID -pid_t getsid(pid_t); -#endif - -#ifndef HAVE_FLOCK -# define LOCK_SH 0x01 -# define LOCK_EX 0x02 -# define LOCK_NB 0x04 -# define LOCK_UN 0x08 -int flock(int, int); -#endif - -#ifdef FFLUSH_NULL_BUG -# define fflush(x) (_ssh_compat_fflush(x)) -#endif - -#endif /* _BSD_MISC_H */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-nextstep.c b/ssh_keygen_110/openbsd-compat/bsd-nextstep.c deleted file mode 100644 index d52443f6..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-nextstep.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (c) 2000,2001 Ben Lindstrom. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef HAVE_NEXT -#include -#include -#include "bsd-nextstep.h" - -pid_t -posix_wait(int *status) -{ - union wait statusp; - pid_t wait_pid; - - #undef wait /* Use NeXT's wait() function */ - wait_pid = wait(&statusp); - if (status) - *status = (int) statusp.w_status; - - return (wait_pid); -} - -int -tcgetattr(int fd, struct termios *t) -{ - return (ioctl(fd, TIOCGETA, t)); -} - -int -tcsetattr(int fd, int opt, const struct termios *t) -{ - struct termios localterm; - - if (opt & TCSASOFT) { - localterm = *t; - localterm.c_cflag |= CIGNORE; - t = &localterm; - } - switch (opt & ~TCSASOFT) { - case TCSANOW: - return (ioctl(fd, TIOCSETA, t)); - case TCSADRAIN: - return (ioctl(fd, TIOCSETAW, t)); - case TCSAFLUSH: - return (ioctl(fd, TIOCSETAF, t)); - default: - errno = EINVAL; - return (-1); - } -} - -int tcsetpgrp(int fd, pid_t pgrp) -{ - return (ioctl(fd, TIOCSPGRP, &pgrp)); -} - -speed_t cfgetospeed(const struct termios *t) -{ - return (t->c_ospeed); -} - -speed_t cfgetispeed(const struct termios *t) -{ - return (t->c_ispeed); -} - -int -cfsetospeed(struct termios *t,int speed) -{ - t->c_ospeed = speed; - return (0); -} - -int -cfsetispeed(struct termios *t, int speed) -{ - t->c_ispeed = speed; - return (0); -} -#endif /* HAVE_NEXT */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-nextstep.h b/ssh_keygen_110/openbsd-compat/bsd-nextstep.h deleted file mode 100644 index 4a45b15a..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-nextstep.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2000,2001 Ben Lindstrom. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _NEXT_POSIX_H -#define _NEXT_POSIX_H - -#ifdef HAVE_NEXT -#include - -/* NGROUPS_MAX is behind -lposix. Use the BSD version which is NGROUPS */ -#undef NGROUPS_MAX -#define NGROUPS_MAX NGROUPS - -/* NeXT's readdir() is BSD (struct direct) not POSIX (struct dirent) */ -#define dirent direct - -/* Swap out NeXT's BSD wait() for a more POSIX compliant one */ -pid_t posix_wait(int *); -#define wait(a) posix_wait(a) - -/* #ifdef wrapped functions that need defining for clean compiling */ -pid_t getppid(void); -void vhangup(void); -int innetgr(const char *, const char *, const char *, const char *); - -/* TERMCAP */ -int tcgetattr(int, struct termios *); -int tcsetattr(int, int, const struct termios *); -int tcsetpgrp(int, pid_t); -speed_t cfgetospeed(const struct termios *); -speed_t cfgetispeed(const struct termios *); -int cfsetospeed(struct termios *, int); -int cfsetispeed(struct termios *, int); -#endif /* HAVE_NEXT */ -#endif /* _NEXT_POSIX_H */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-openpty.c b/ssh_keygen_110/openbsd-compat/bsd-openpty.c deleted file mode 100644 index e8ad542f..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-openpty.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Please note: this implementation of openpty() is far from complete. - * it is just enough for portable OpenSSH's needs. - */ - -/* - * Copyright (c) 2004 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Allocating a pseudo-terminal, and making it the controlling tty. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" -#if !defined(HAVE_OPENPTY) - -#include - -#include - -#ifdef HAVE_SYS_STAT_H -# include -#endif -#ifdef HAVE_SYS_IOCTL_H -# include -#endif - -#ifdef HAVE_FCNTL_H -# include -#endif - -#ifdef HAVE_UTIL_H -# include -#endif /* HAVE_UTIL_H */ - -#ifdef HAVE_PTY_H -# include -#endif -#if defined(HAVE_DEV_PTMX) && defined(HAVE_SYS_STROPTS_H) -# include -#endif - -#include -#include -#include - -#ifndef O_NOCTTY -#define O_NOCTTY 0 -#endif - -int -openpty(int *amaster, int *aslave, char *name, struct termios *termp, - struct winsize *winp) -{ -#if defined(HAVE__GETPTY) - /* - * _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates more - * pty's automagically when needed - */ - char *slave; - - if ((slave = _getpty(amaster, O_RDWR, 0622, 0)) == NULL) - return (-1); - - /* Open the slave side. */ - if ((*aslave = open(slave, O_RDWR | O_NOCTTY)) == -1) { - close(*amaster); - return (-1); - } - return (0); - -#elif defined(HAVE_DEV_PTMX) - /* - * This code is used e.g. on Solaris 2.x. (Note that Solaris 2.3 - * also has bsd-style ptys, but they simply do not work.) - */ - int ptm; - char *pts; - mysig_t old_signal; - - if ((ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY)) == -1) - return (-1); - - /* XXX: need to close ptm on error? */ - old_signal = signal(SIGCHLD, SIG_DFL); - if (grantpt(ptm) < 0) - return (-1); - signal(SIGCHLD, old_signal); - - if (unlockpt(ptm) < 0) - return (-1); - - if ((pts = ptsname(ptm)) == NULL) - return (-1); - *amaster = ptm; - - /* Open the slave side. */ - if ((*aslave = open(pts, O_RDWR | O_NOCTTY)) == -1) { - close(*amaster); - return (-1); - } - - /* - * Try to push the appropriate streams modules, as described - * in Solaris pts(7). - */ - ioctl(*aslave, I_PUSH, "ptem"); - ioctl(*aslave, I_PUSH, "ldterm"); -# ifndef __hpux - ioctl(*aslave, I_PUSH, "ttcompat"); -# endif /* __hpux */ - - return (0); - -#elif defined(HAVE_DEV_PTS_AND_PTC) - /* AIX-style pty code. */ - const char *ttname; - - if ((*amaster = open("/dev/ptc", O_RDWR | O_NOCTTY)) == -1) - return (-1); - if ((ttname = ttyname(*amaster)) == NULL) - return (-1); - if ((*aslave = open(ttname, O_RDWR | O_NOCTTY)) == -1) { - close(*amaster); - return (-1); - } - return (0); - -#else - /* BSD-style pty code. */ - char ptbuf[64], ttbuf[64]; - int i; - const char *ptymajors = "pqrstuvwxyzabcdefghijklmno" - "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - const char *ptyminors = "0123456789abcdef"; - int num_minors = strlen(ptyminors); - int num_ptys = strlen(ptymajors) * num_minors; - struct termios tio; - - for (i = 0; i < num_ptys; i++) { - snprintf(ptbuf, sizeof(ptbuf), "/dev/pty%c%c", - ptymajors[i / num_minors], ptyminors[i % num_minors]); - snprintf(ttbuf, sizeof(ttbuf), "/dev/tty%c%c", - ptymajors[i / num_minors], ptyminors[i % num_minors]); - - if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1) { - /* Try SCO style naming */ - snprintf(ptbuf, sizeof(ptbuf), "/dev/ptyp%d", i); - snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%d", i); - if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1) - continue; - } - - /* Open the slave side. */ - if ((*aslave = open(ttbuf, O_RDWR | O_NOCTTY)) == -1) { - close(*amaster); - return (-1); - } - /* set tty modes to a sane state for broken clients */ - if (tcgetattr(*amaster, &tio) != -1) { - tio.c_lflag |= (ECHO | ISIG | ICANON); - tio.c_oflag |= (OPOST | ONLCR); - tio.c_iflag |= ICRNL; - tcsetattr(*amaster, TCSANOW, &tio); - } - - return (0); - } - return (-1); -#endif -} - -#endif /* !defined(HAVE_OPENPTY) */ - diff --git a/ssh_keygen_110/openbsd-compat/bsd-poll.c b/ssh_keygen_110/openbsd-compat/bsd-poll.c deleted file mode 100644 index c8e6222c..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-poll.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au). - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" -#if !defined(HAVE_POLL) - -#include -#include -#ifdef HAVE_SYS_SELECT_H -# include -#endif - -#include -#include -#include -#include "bsd-poll.h" - -/* - * A minimal implementation of poll(2), built on top of select(2). - * - * Only supports POLLIN and POLLOUT flags in pfd.events, and POLLIN, POLLOUT - * and POLLERR flags in revents. - * - * Supports pfd.fd = -1 meaning "unused" although it's not standard. - */ - -int -poll(struct pollfd *fds, nfds_t nfds, int timeout) -{ - nfds_t i; - int saved_errno, ret, fd, maxfd = 0; - fd_set *readfds = NULL, *writefds = NULL, *exceptfds = NULL; - size_t nmemb; - struct timeval tv, *tvp = NULL; - - for (i = 0; i < nfds; i++) { - fd = fds[i].fd; - if (fd >= FD_SETSIZE) { - errno = EINVAL; - return -1; - } - maxfd = MAX(maxfd, fd); - } - - nmemb = howmany(maxfd + 1 , NFDBITS); - if ((readfds = calloc(nmemb, sizeof(fd_mask))) == NULL || - (writefds = calloc(nmemb, sizeof(fd_mask))) == NULL || - (exceptfds = calloc(nmemb, sizeof(fd_mask))) == NULL) { - saved_errno = ENOMEM; - ret = -1; - goto out; - } - - /* populate event bit vectors for the events we're interested in */ - for (i = 0; i < nfds; i++) { - fd = fds[i].fd; - if (fd == -1) - continue; - if (fds[i].events & POLLIN) { - FD_SET(fd, readfds); - FD_SET(fd, exceptfds); - } - if (fds[i].events & POLLOUT) { - FD_SET(fd, writefds); - FD_SET(fd, exceptfds); - } - } - - /* poll timeout is msec, select is timeval (sec + usec) */ - if (timeout >= 0) { - tv.tv_sec = timeout / 1000; - tv.tv_usec = (timeout % 1000) * 1000; - tvp = &tv; - } - - ret = select(maxfd + 1, readfds, writefds, exceptfds, tvp); - saved_errno = errno; - - /* scan through select results and set poll() flags */ - for (i = 0; i < nfds; i++) { - fd = fds[i].fd; - fds[i].revents = 0; - if (fd == -1) - continue; - if (FD_ISSET(fd, readfds)) { - fds[i].revents |= POLLIN; - } - if (FD_ISSET(fd, writefds)) { - fds[i].revents |= POLLOUT; - } - if (FD_ISSET(fd, exceptfds)) { - fds[i].revents |= POLLERR; - } - } - -out: - free(readfds); - free(writefds); - free(exceptfds); - if (ret == -1) - errno = saved_errno; - return ret; -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/bsd-poll.h b/ssh_keygen_110/openbsd-compat/bsd-poll.h deleted file mode 100644 index 17945f5b..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-poll.h +++ /dev/null @@ -1,61 +0,0 @@ -/* $OpenBSD: poll.h,v 1.11 2003/12/10 23:10:08 millert Exp $ */ - -/* - * Copyright (c) 1996 Theo de Raadt - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: sys/sys/poll.h */ - -#if !defined(HAVE_POLL) && !defined(HAVE_POLL_H) -#ifndef _COMPAT_POLL_H_ -#define _COMPAT_POLL_H_ - -typedef struct pollfd { - int fd; - short events; - short revents; -} pollfd_t; - -typedef unsigned int nfds_t; - -#define POLLIN 0x0001 -#define POLLOUT 0x0004 -#define POLLERR 0x0008 -#define POLLHUP 0x0010 -#define POLLNVAL 0x0020 -#if 0 -/* the following are currently not implemented */ -#define POLLPRI 0x0002 -#define POLLRDNORM 0x0040 -#define POLLNORM POLLRDNORM -#define POLLWRNORM POLLOUT -#define POLLRDBAND 0x0080 -#define POLLWRBAND 0x0100 -#endif - -#define INFTIM (-1) /* not standard */ - -int poll(struct pollfd *, nfds_t, int); -#endif /* !_COMPAT_POLL_H_ */ -#endif /* !HAVE_POLL_H */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-setres_id.c b/ssh_keygen_110/openbsd-compat/bsd-setres_id.c deleted file mode 100644 index 696ae7b2..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-setres_id.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include -#include -#include - -#include "log.h" - -#if !defined(HAVE_SETRESGID) || defined(BROKEN_SETRESGID) -int -setresgid(gid_t rgid, gid_t egid, gid_t sgid) -{ - int ret = 0, saved_errno; - - if (rgid != sgid) { - errno = ENOSYS; - return -1; - } -#if defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID) - if (setregid(rgid, egid) < 0) { - saved_errno = errno; - error("setregid %u: %.100s", rgid, strerror(errno)); - errno = saved_errno; - ret = -1; - } -#else - if (setegid(egid) < 0) { - saved_errno = errno; - error("setegid %u: %.100s", (u_int)egid, strerror(errno)); - errno = saved_errno; - ret = -1; - } - if (setgid(rgid) < 0) { - saved_errno = errno; - error("setgid %u: %.100s", rgid, strerror(errno)); - errno = saved_errno; - ret = -1; - } -#endif - return ret; -} -#endif - -#if !defined(HAVE_SETRESUID) || defined(BROKEN_SETRESUID) -int -setresuid(uid_t ruid, uid_t euid, uid_t suid) -{ - int ret = 0, saved_errno; - - if (ruid != suid) { - errno = ENOSYS; - return -1; - } -#if defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID) - if (setreuid(ruid, euid) < 0) { - saved_errno = errno; - error("setreuid %u: %.100s", ruid, strerror(errno)); - errno = saved_errno; - ret = -1; - } -#else - -# ifndef SETEUID_BREAKS_SETUID - if (seteuid(euid) < 0) { - saved_errno = errno; - error("seteuid %u: %.100s", euid, strerror(errno)); - errno = saved_errno; - ret = -1; - } -# endif - if (setuid(ruid) < 0) { - saved_errno = errno; - error("setuid %u: %.100s", ruid, strerror(errno)); - errno = saved_errno; - ret = -1; - } -#endif - return ret; -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/bsd-setres_id.h b/ssh_keygen_110/openbsd-compat/bsd-setres_id.h deleted file mode 100644 index 0350a596..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-setres_id.h +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HAVE_SETRESGID -int setresgid(gid_t, gid_t, gid_t); -#endif -#ifndef HAVE_SETRESUID -int setresuid(uid_t, uid_t, uid_t); -#endif diff --git a/ssh_keygen_110/openbsd-compat/bsd-signal.h b/ssh_keygen_110/openbsd-compat/bsd-signal.h deleted file mode 100644 index 4cb8cb7a..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-signal.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 1999-2004 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _BSD_SIGNAL_H -#define _BSD_SIGNAL_H - -#include "includes.h" - -#ifndef _NSIG -# ifdef NSIG -# define _NSIG NSIG -# else -# define _NSIG 128 -# endif -#endif - -/* wrapper for signal interface */ -typedef void (*mysig_t)(int); -mysig_t mysignal(int sig, mysig_t act); -#define signal(a,b) mysignal(a,b) - -#if !defined(HAVE_STRSIGNAL) -char *strsignal(int); -#endif - -#endif /* _BSD_SIGNAL_H */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-snprintf.c b/ssh_keygen_110/openbsd-compat/bsd-snprintf.c deleted file mode 100644 index f27b9d80..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-snprintf.c +++ /dev/null @@ -1,880 +0,0 @@ -/* - * Copyright Patrick Powell 1995 - * This code is based on code written by Patrick Powell (papowell@astart.com) - * It may be used for any purpose as long as this notice remains intact - * on all source code distributions - */ - -/************************************************************** - * Original: - * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 - * A bombproof version of doprnt (dopr) included. - * Sigh. This sort of thing is always nasty do deal with. Note that - * the version here does not include floating point... - * - * snprintf() is used instead of sprintf() as it does limit checks - * for string length. This covers a nasty loophole. - * - * The other functions are there to prevent NULL pointers from - * causing nast effects. - * - * More Recently: - * Brandon Long 9/15/96 for mutt 0.43 - * This was ugly. It is still ugly. I opted out of floating point - * numbers, but the formatter understands just about everything - * from the normal C string format, at least as far as I can tell from - * the Solaris 2.5 printf(3S) man page. - * - * Brandon Long 10/22/97 for mutt 0.87.1 - * Ok, added some minimal floating point support, which means this - * probably requires libm on most operating systems. Don't yet - * support the exponent (e,E) and sigfig (g,G). Also, fmtint() - * was pretty badly broken, it just wasn't being exercised in ways - * which showed it, so that's been fixed. Also, formatted the code - * to mutt conventions, and removed dead code left over from the - * original. Also, there is now a builtin-test, just compile with: - * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm - * and run snprintf for results. - * - * Thomas Roessler 01/27/98 for mutt 0.89i - * The PGP code was using unsigned hexadecimal formats. - * Unfortunately, unsigned formats simply didn't work. - * - * Michael Elkins 03/05/98 for mutt 0.90.8 - * The original code assumed that both snprintf() and vsnprintf() were - * missing. Some systems only have snprintf() but not vsnprintf(), so - * the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF. - * - * Andrew Tridgell (tridge@samba.org) Oct 1998 - * fixed handling of %.0f - * added test for HAVE_LONG_DOUBLE - * - * tridge@samba.org, idra@samba.org, April 2001 - * got rid of fcvt code (twas buggy and made testing harder) - * added C99 semantics - * - * date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0 - * actually print args for %g and %e - * - * date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0 - * Since includes.h isn't included here, VA_COPY has to be defined here. I don't - * see any include file that is guaranteed to be here, so I'm defining it - * locally. Fixes AIX and Solaris builds. - * - * date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13 - * put the ifdef for HAVE_VA_COPY in one place rather than in lots of - * functions - * - * date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4 - * Fix usage of va_list passed as an arg. Use __va_copy before using it - * when it exists. - * - * date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14 - * Fix incorrect zpadlen handling in fmtfp. - * Thanks to Ollie Oldham for spotting it. - * few mods to make it easier to compile the tests. - * addedd the "Ollie" test to the floating point ones. - * - * Martin Pool (mbp@samba.org) April 2003 - * Remove NO_CONFIG_H so that the test case can be built within a source - * tree with less trouble. - * Remove unnecessary SAFE_FREE() definition. - * - * Martin Pool (mbp@samba.org) May 2003 - * Put in a prototype for dummy_snprintf() to quiet compiler warnings. - * - * Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even - * if the C library has some snprintf functions already. - * - * Damien Miller (djm@mindrot.org) Jan 2007 - * Fix integer overflows in return value. - * Make formatting quite a bit faster by inlining dopr_outch() - * - **************************************************************/ - -#include "includes.h" - -#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ -# undef HAVE_SNPRINTF -# undef HAVE_VSNPRINTF -#endif - -#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) - -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_LONG_DOUBLE -# define LDOUBLE long double -#else -# define LDOUBLE double -#endif - -#ifdef HAVE_LONG_LONG -# define LLONG long long -#else -# define LLONG long -#endif - -/* - * dopr(): poor man's version of doprintf - */ - -/* format read states */ -#define DP_S_DEFAULT 0 -#define DP_S_FLAGS 1 -#define DP_S_MIN 2 -#define DP_S_DOT 3 -#define DP_S_MAX 4 -#define DP_S_MOD 5 -#define DP_S_CONV 6 -#define DP_S_DONE 7 - -/* format flags - Bits */ -#define DP_F_MINUS (1 << 0) -#define DP_F_PLUS (1 << 1) -#define DP_F_SPACE (1 << 2) -#define DP_F_NUM (1 << 3) -#define DP_F_ZERO (1 << 4) -#define DP_F_UP (1 << 5) -#define DP_F_UNSIGNED (1 << 6) - -/* Conversion Flags */ -#define DP_C_SHORT 1 -#define DP_C_LONG 2 -#define DP_C_LDOUBLE 3 -#define DP_C_LLONG 4 -#define DP_C_SIZE 5 -#define DP_C_INTMAX 6 - -#define char_to_int(p) ((p)- '0') -#ifndef MAX -# define MAX(p,q) (((p) >= (q)) ? (p) : (q)) -#endif - -#define DOPR_OUTCH(buf, pos, buflen, thechar) \ - do { \ - if (pos + 1 >= INT_MAX) { \ - errno = ERANGE; \ - return -1; \ - } \ - if (pos < buflen) \ - buf[pos] = thechar; \ - (pos)++; \ - } while (0) - -static int dopr(char *buffer, size_t maxlen, const char *format, - va_list args_in); -static int fmtstr(char *buffer, size_t *currlen, size_t maxlen, - char *value, int flags, int min, int max); -static int fmtint(char *buffer, size_t *currlen, size_t maxlen, - intmax_t value, int base, int min, int max, int flags); -static int fmtfp(char *buffer, size_t *currlen, size_t maxlen, - LDOUBLE fvalue, int min, int max, int flags); - -static int -dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) -{ - char ch; - intmax_t value; - LDOUBLE fvalue; - char *strvalue; - int min; - int max; - int state; - int flags; - int cflags; - size_t currlen; - va_list args; - - VA_COPY(args, args_in); - - state = DP_S_DEFAULT; - currlen = flags = cflags = min = 0; - max = -1; - ch = *format++; - - while (state != DP_S_DONE) { - if (ch == '\0') - state = DP_S_DONE; - - switch(state) { - case DP_S_DEFAULT: - if (ch == '%') - state = DP_S_FLAGS; - else - DOPR_OUTCH(buffer, currlen, maxlen, ch); - ch = *format++; - break; - case DP_S_FLAGS: - switch (ch) { - case '-': - flags |= DP_F_MINUS; - ch = *format++; - break; - case '+': - flags |= DP_F_PLUS; - ch = *format++; - break; - case ' ': - flags |= DP_F_SPACE; - ch = *format++; - break; - case '#': - flags |= DP_F_NUM; - ch = *format++; - break; - case '0': - flags |= DP_F_ZERO; - ch = *format++; - break; - default: - state = DP_S_MIN; - break; - } - break; - case DP_S_MIN: - if (isdigit((unsigned char)ch)) { - min = 10*min + char_to_int (ch); - ch = *format++; - } else if (ch == '*') { - min = va_arg (args, int); - ch = *format++; - state = DP_S_DOT; - } else { - state = DP_S_DOT; - } - break; - case DP_S_DOT: - if (ch == '.') { - state = DP_S_MAX; - ch = *format++; - } else { - state = DP_S_MOD; - } - break; - case DP_S_MAX: - if (isdigit((unsigned char)ch)) { - if (max < 0) - max = 0; - max = 10*max + char_to_int (ch); - ch = *format++; - } else if (ch == '*') { - max = va_arg (args, int); - ch = *format++; - state = DP_S_MOD; - } else { - state = DP_S_MOD; - } - break; - case DP_S_MOD: - switch (ch) { - case 'h': - cflags = DP_C_SHORT; - ch = *format++; - break; - case 'j': - cflags = DP_C_INTMAX; - ch = *format++; - break; - case 'l': - cflags = DP_C_LONG; - ch = *format++; - if (ch == 'l') { /* It's a long long */ - cflags = DP_C_LLONG; - ch = *format++; - } - break; - case 'L': - cflags = DP_C_LDOUBLE; - ch = *format++; - break; - case 'z': - cflags = DP_C_SIZE; - ch = *format++; - break; - default: - break; - } - state = DP_S_CONV; - break; - case DP_S_CONV: - switch (ch) { - case 'd': - case 'i': - if (cflags == DP_C_SHORT) - value = va_arg (args, int); - else if (cflags == DP_C_LONG) - value = va_arg (args, long int); - else if (cflags == DP_C_LLONG) - value = va_arg (args, LLONG); - else if (cflags == DP_C_SIZE) - value = va_arg (args, ssize_t); - else if (cflags == DP_C_INTMAX) - value = va_arg (args, intmax_t); - else - value = va_arg (args, int); - if (fmtint(buffer, &currlen, maxlen, - value, 10, min, max, flags) == -1) - return -1; - break; - case 'o': - flags |= DP_F_UNSIGNED; - if (cflags == DP_C_SHORT) - value = va_arg (args, unsigned int); - else if (cflags == DP_C_LONG) - value = (long)va_arg (args, unsigned long int); - else if (cflags == DP_C_LLONG) - value = (long)va_arg (args, unsigned LLONG); - else if (cflags == DP_C_SIZE) - value = va_arg (args, size_t); -#ifdef notyet - else if (cflags == DP_C_INTMAX) - value = va_arg (args, uintmax_t); -#endif - else - value = (long)va_arg (args, unsigned int); - if (fmtint(buffer, &currlen, maxlen, value, - 8, min, max, flags) == -1) - return -1; - break; - case 'u': - flags |= DP_F_UNSIGNED; - if (cflags == DP_C_SHORT) - value = va_arg (args, unsigned int); - else if (cflags == DP_C_LONG) - value = (long)va_arg (args, unsigned long int); - else if (cflags == DP_C_LLONG) - value = (LLONG)va_arg (args, unsigned LLONG); - else if (cflags == DP_C_SIZE) - value = va_arg (args, size_t); -#ifdef notyet - else if (cflags == DP_C_INTMAX) - value = va_arg (args, uintmax_t); -#endif - else - value = (long)va_arg (args, unsigned int); - if (fmtint(buffer, &currlen, maxlen, value, - 10, min, max, flags) == -1) - return -1; - break; - case 'X': - flags |= DP_F_UP; - case 'x': - flags |= DP_F_UNSIGNED; - if (cflags == DP_C_SHORT) - value = va_arg (args, unsigned int); - else if (cflags == DP_C_LONG) - value = (long)va_arg (args, unsigned long int); - else if (cflags == DP_C_LLONG) - value = (LLONG)va_arg (args, unsigned LLONG); - else if (cflags == DP_C_SIZE) - value = va_arg (args, size_t); -#ifdef notyet - else if (cflags == DP_C_INTMAX) - value = va_arg (args, uintmax_t); -#endif - else - value = (long)va_arg (args, unsigned int); - if (fmtint(buffer, &currlen, maxlen, value, - 16, min, max, flags) == -1) - return -1; - break; - case 'f': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg (args, LDOUBLE); - else - fvalue = va_arg (args, double); - if (fmtfp(buffer, &currlen, maxlen, fvalue, - min, max, flags) == -1) - return -1; - break; - case 'E': - flags |= DP_F_UP; - case 'e': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg (args, LDOUBLE); - else - fvalue = va_arg (args, double); - if (fmtfp(buffer, &currlen, maxlen, fvalue, - min, max, flags) == -1) - return -1; - break; - case 'G': - flags |= DP_F_UP; - case 'g': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg (args, LDOUBLE); - else - fvalue = va_arg (args, double); - if (fmtfp(buffer, &currlen, maxlen, fvalue, - min, max, flags) == -1) - return -1; - break; - case 'c': - DOPR_OUTCH(buffer, currlen, maxlen, - va_arg (args, int)); - break; - case 's': - strvalue = va_arg (args, char *); - if (!strvalue) strvalue = "(NULL)"; - if (max == -1) { - max = strlen(strvalue); - } - if (min > 0 && max >= 0 && min > max) max = min; - if (fmtstr(buffer, &currlen, maxlen, - strvalue, flags, min, max) == -1) - return -1; - break; - case 'p': - strvalue = va_arg (args, void *); - if (fmtint(buffer, &currlen, maxlen, - (long) strvalue, 16, min, max, flags) == -1) - return -1; - break; -#if we_dont_want_this_in_openssh - case 'n': - if (cflags == DP_C_SHORT) { - short int *num; - num = va_arg (args, short int *); - *num = currlen; - } else if (cflags == DP_C_LONG) { - long int *num; - num = va_arg (args, long int *); - *num = (long int)currlen; - } else if (cflags == DP_C_LLONG) { - LLONG *num; - num = va_arg (args, LLONG *); - *num = (LLONG)currlen; - } else if (cflags == DP_C_SIZE) { - ssize_t *num; - num = va_arg (args, ssize_t *); - *num = (ssize_t)currlen; - } else if (cflags == DP_C_INTMAX) { - intmax_t *num; - num = va_arg (args, intmax_t *); - *num = (intmax_t)currlen; - } else { - int *num; - num = va_arg (args, int *); - *num = currlen; - } - break; -#endif - case '%': - DOPR_OUTCH(buffer, currlen, maxlen, ch); - break; - case 'w': - /* not supported yet, treat as next char */ - ch = *format++; - break; - default: - /* Unknown, skip */ - break; - } - ch = *format++; - state = DP_S_DEFAULT; - flags = cflags = min = 0; - max = -1; - break; - case DP_S_DONE: - break; - default: - /* hmm? */ - break; /* some picky compilers need this */ - } - } - if (maxlen != 0) { - if (currlen < maxlen - 1) - buffer[currlen] = '\0'; - else if (maxlen > 0) - buffer[maxlen - 1] = '\0'; - } - - return currlen < INT_MAX ? (int)currlen : -1; -} - -static int -fmtstr(char *buffer, size_t *currlen, size_t maxlen, - char *value, int flags, int min, int max) -{ - int padlen, strln; /* amount to pad */ - int cnt = 0; - -#ifdef DEBUG_SNPRINTF - printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value); -#endif - if (value == 0) { - value = ""; - } - - for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ - padlen = min - strln; - if (padlen < 0) - padlen = 0; - if (flags & DP_F_MINUS) - padlen = -padlen; /* Left Justify */ - - while ((padlen > 0) && (cnt < max)) { - DOPR_OUTCH(buffer, *currlen, maxlen, ' '); - --padlen; - ++cnt; - } - while (*value && (cnt < max)) { - DOPR_OUTCH(buffer, *currlen, maxlen, *value); - value++; - ++cnt; - } - while ((padlen < 0) && (cnt < max)) { - DOPR_OUTCH(buffer, *currlen, maxlen, ' '); - ++padlen; - ++cnt; - } - return 0; -} - -/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ - -static int -fmtint(char *buffer, size_t *currlen, size_t maxlen, - intmax_t value, int base, int min, int max, int flags) -{ - int signvalue = 0; - unsigned LLONG uvalue; - char convert[20]; - int place = 0; - int spadlen = 0; /* amount to space pad */ - int zpadlen = 0; /* amount to zero pad */ - int caps = 0; - - if (max < 0) - max = 0; - - uvalue = value; - - if(!(flags & DP_F_UNSIGNED)) { - if( value < 0 ) { - signvalue = '-'; - uvalue = -value; - } else { - if (flags & DP_F_PLUS) /* Do a sign (+/i) */ - signvalue = '+'; - else if (flags & DP_F_SPACE) - signvalue = ' '; - } - } - - if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ - - do { - convert[place++] = - (caps? "0123456789ABCDEF":"0123456789abcdef") - [uvalue % (unsigned)base ]; - uvalue = (uvalue / (unsigned)base ); - } while(uvalue && (place < 20)); - if (place == 20) place--; - convert[place] = 0; - - zpadlen = max - place; - spadlen = min - MAX (max, place) - (signvalue ? 1 : 0); - if (zpadlen < 0) zpadlen = 0; - if (spadlen < 0) spadlen = 0; - if (flags & DP_F_ZERO) { - zpadlen = MAX(zpadlen, spadlen); - spadlen = 0; - } - if (flags & DP_F_MINUS) - spadlen = -spadlen; /* Left Justifty */ - -#ifdef DEBUG_SNPRINTF - printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n", - zpadlen, spadlen, min, max, place); -#endif - - /* Spaces */ - while (spadlen > 0) { - DOPR_OUTCH(buffer, *currlen, maxlen, ' '); - --spadlen; - } - - /* Sign */ - if (signvalue) - DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); - - /* Zeros */ - if (zpadlen > 0) { - while (zpadlen > 0) { - DOPR_OUTCH(buffer, *currlen, maxlen, '0'); - --zpadlen; - } - } - - /* Digits */ - while (place > 0) { - --place; - DOPR_OUTCH(buffer, *currlen, maxlen, convert[place]); - } - - /* Left Justified spaces */ - while (spadlen < 0) { - DOPR_OUTCH(buffer, *currlen, maxlen, ' '); - ++spadlen; - } - return 0; -} - -static LDOUBLE abs_val(LDOUBLE value) -{ - LDOUBLE result = value; - - if (value < 0) - result = -value; - - return result; -} - -static LDOUBLE POW10(int val) -{ - LDOUBLE result = 1; - - while (val) { - result *= 10; - val--; - } - - return result; -} - -static LLONG ROUND(LDOUBLE value) -{ - LLONG intpart; - - intpart = (LLONG)value; - value = value - intpart; - if (value >= 0.5) intpart++; - - return intpart; -} - -/* a replacement for modf that doesn't need the math library. Should - be portable, but slow */ -static double my_modf(double x0, double *iptr) -{ - int i; - long l; - double x = x0; - double f = 1.0; - - for (i=0;i<100;i++) { - l = (long)x; - if (l <= (x+1) && l >= (x-1)) break; - x *= 0.1; - f *= 10.0; - } - - if (i == 100) { - /* - * yikes! the number is beyond what we can handle. - * What do we do? - */ - (*iptr) = 0; - return 0; - } - - if (i != 0) { - double i2; - double ret; - - ret = my_modf(x0-l*f, &i2); - (*iptr) = l*f + i2; - return ret; - } - - (*iptr) = l; - return x - (*iptr); -} - - -static int -fmtfp (char *buffer, size_t *currlen, size_t maxlen, - LDOUBLE fvalue, int min, int max, int flags) -{ - int signvalue = 0; - double ufvalue; - char iconvert[311]; - char fconvert[311]; - int iplace = 0; - int fplace = 0; - int padlen = 0; /* amount to pad */ - int zpadlen = 0; - int caps = 0; - int idx; - double intpart; - double fracpart; - double temp; - - /* - * AIX manpage says the default is 0, but Solaris says the default - * is 6, and sprintf on AIX defaults to 6 - */ - if (max < 0) - max = 6; - - ufvalue = abs_val (fvalue); - - if (fvalue < 0) { - signvalue = '-'; - } else { - if (flags & DP_F_PLUS) { /* Do a sign (+/i) */ - signvalue = '+'; - } else { - if (flags & DP_F_SPACE) - signvalue = ' '; - } - } - -#if 0 - if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ -#endif - -#if 0 - if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */ -#endif - - /* - * Sorry, we only support 16 digits past the decimal because of our - * conversion method - */ - if (max > 16) - max = 16; - - /* We "cheat" by converting the fractional part to integer by - * multiplying by a factor of 10 - */ - - temp = ufvalue; - my_modf(temp, &intpart); - - fracpart = ROUND((POW10(max)) * (ufvalue - intpart)); - - if (fracpart >= POW10(max)) { - intpart++; - fracpart -= POW10(max); - } - - /* Convert integer part */ - do { - temp = intpart*0.1; - my_modf(temp, &intpart); - idx = (int) ((temp -intpart +0.05)* 10.0); - /* idx = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */ - /* printf ("%llf, %f, %x\n", temp, intpart, idx); */ - iconvert[iplace++] = - (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; - } while (intpart && (iplace < 311)); - if (iplace == 311) iplace--; - iconvert[iplace] = 0; - - /* Convert fractional part */ - if (fracpart) - { - do { - temp = fracpart*0.1; - my_modf(temp, &fracpart); - idx = (int) ((temp -fracpart +0.05)* 10.0); - /* idx = (int) ((((temp/10) -fracpart) +0.05) *10); */ - /* printf ("%lf, %lf, %ld\n", temp, fracpart, idx ); */ - fconvert[fplace++] = - (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; - } while(fracpart && (fplace < 311)); - if (fplace == 311) fplace--; - } - fconvert[fplace] = 0; - - /* -1 for decimal point, another -1 if we are printing a sign */ - padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); - zpadlen = max - fplace; - if (zpadlen < 0) zpadlen = 0; - if (padlen < 0) - padlen = 0; - if (flags & DP_F_MINUS) - padlen = -padlen; /* Left Justifty */ - - if ((flags & DP_F_ZERO) && (padlen > 0)) { - if (signvalue) { - DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); - --padlen; - signvalue = 0; - } - while (padlen > 0) { - DOPR_OUTCH(buffer, *currlen, maxlen, '0'); - --padlen; - } - } - while (padlen > 0) { - DOPR_OUTCH(buffer, *currlen, maxlen, ' '); - --padlen; - } - if (signvalue) - DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); - - while (iplace > 0) { - --iplace; - DOPR_OUTCH(buffer, *currlen, maxlen, iconvert[iplace]); - } - -#ifdef DEBUG_SNPRINTF - printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen); -#endif - - /* - * Decimal point. This should probably use locale to find the correct - * char to print out. - */ - if (max > 0) { - DOPR_OUTCH(buffer, *currlen, maxlen, '.'); - - while (zpadlen > 0) { - DOPR_OUTCH(buffer, *currlen, maxlen, '0'); - --zpadlen; - } - - while (fplace > 0) { - --fplace; - DOPR_OUTCH(buffer, *currlen, maxlen, fconvert[fplace]); - } - } - - while (padlen < 0) { - DOPR_OUTCH(buffer, *currlen, maxlen, ' '); - ++padlen; - } - return 0; -} -#endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */ - -#if !defined(HAVE_VSNPRINTF) -int -vsnprintf (char *str, size_t count, const char *fmt, va_list args) -{ - return dopr(str, count, fmt, args); -} -#endif - -#if !defined(HAVE_SNPRINTF) -int -snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...) -{ - size_t ret; - va_list ap; - - va_start(ap, fmt); - ret = vsnprintf(str, count, fmt, ap); - va_end(ap); - return ret; -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/bsd-statvfs.c b/ssh_keygen_110/openbsd-compat/bsd-statvfs.c deleted file mode 100644 index e3bd87d9..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-statvfs.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2008,2014 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#if !defined(HAVE_STATVFS) || !defined(HAVE_FSTATVFS) - -#include -#ifdef HAVE_SYS_MOUNT_H -# include -#endif - -#include - -#ifndef MNAMELEN -# define MNAMELEN 32 -#endif - -static void -copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from) -{ - to->f_bsize = from->f_bsize; - to->f_frsize = from->f_bsize; /* no exact equivalent */ - to->f_blocks = from->f_blocks; - to->f_bfree = from->f_bfree; - to->f_bavail = from->f_bavail; - to->f_files = from->f_files; - to->f_ffree = from->f_ffree; - to->f_favail = from->f_ffree; /* no exact equivalent */ - to->f_fsid = 0; /* XXX fix me */ -#ifdef HAVE_STRUCT_STATFS_F_FLAGS - to->f_flag = from->f_flags; -#else - to->f_flag = 0; -#endif - to->f_namemax = MNAMELEN; -} - -# ifndef HAVE_STATVFS -int statvfs(const char *path, struct statvfs *buf) -{ -# ifdef HAVE_STATFS - struct statfs fs; - - memset(&fs, 0, sizeof(fs)); - if (statfs(path, &fs) == -1) - return -1; - copy_statfs_to_statvfs(buf, &fs); - return 0; -# else - errno = ENOSYS; - return -1; -# endif -} -# endif - -# ifndef HAVE_FSTATVFS -int fstatvfs(int fd, struct statvfs *buf) -{ -# ifdef HAVE_FSTATFS - struct statfs fs; - - memset(&fs, 0, sizeof(fs)); - if (fstatfs(fd, &fs) == -1) - return -1; - copy_statfs_to_statvfs(buf, &fs); - return 0; -# else - errno = ENOSYS; - return -1; -# endif -} -# endif - -#endif diff --git a/ssh_keygen_110/openbsd-compat/bsd-statvfs.h b/ssh_keygen_110/openbsd-compat/bsd-statvfs.h deleted file mode 100644 index e2a4c15f..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-statvfs.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2008,2014 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#if !defined(HAVE_STATVFS) || !defined(HAVE_FSTATVFS) - -#include - -#ifdef HAVE_SYS_MOUNT_H -#include -#endif -#ifdef HAVE_SYS_STATFS_H -#include -#endif -#ifdef HAVE_SYS_VFS_H -#include -#endif - -#ifndef HAVE_FSBLKCNT_T -typedef unsigned long fsblkcnt_t; -#endif -#ifndef HAVE_FSFILCNT_T -typedef unsigned long fsfilcnt_t; -#endif - -#ifndef ST_RDONLY -#define ST_RDONLY 1 -#endif -#ifndef ST_NOSUID -#define ST_NOSUID 2 -#endif - - /* as defined in IEEE Std 1003.1, 2004 Edition */ -struct statvfs { - unsigned long f_bsize; /* File system block size. */ - unsigned long f_frsize; /* Fundamental file system block size. */ - fsblkcnt_t f_blocks; /* Total number of blocks on file system in */ - /* units of f_frsize. */ - fsblkcnt_t f_bfree; /* Total number of free blocks. */ - fsblkcnt_t f_bavail; /* Number of free blocks available to */ - /* non-privileged process. */ - fsfilcnt_t f_files; /* Total number of file serial numbers. */ - fsfilcnt_t f_ffree; /* Total number of free file serial numbers. */ - fsfilcnt_t f_favail; /* Number of file serial numbers available to */ - /* non-privileged process. */ - unsigned long f_fsid; /* File system ID. */ - unsigned long f_flag; /* BBit mask of f_flag values. */ - unsigned long f_namemax;/* Maximum filename length. */ -}; -#endif - -#ifndef HAVE_STATVFS -int statvfs(const char *, struct statvfs *); -#endif - -#ifndef HAVE_FSTATVFS -int fstatvfs(int, struct statvfs *); -#endif diff --git a/ssh_keygen_110/openbsd-compat/bsd-waitpid.c b/ssh_keygen_110/openbsd-compat/bsd-waitpid.c deleted file mode 100644 index 113fb1ea..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-waitpid.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2000 Ben Lindstrom. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifndef HAVE_WAITPID -#include -#include -#include "bsd-waitpid.h" - -pid_t -waitpid(int pid, int *stat_loc, int options) -{ - union wait statusp; - pid_t wait_pid; - - if (pid <= 0) { - if (pid != -1) { - errno = EINVAL; - return (-1); - } - /* wait4() wants pid=0 for indiscriminate wait. */ - pid = 0; - } - wait_pid = wait4(pid, &statusp, options, NULL); - if (stat_loc) - *stat_loc = (int) statusp.w_status; - - return (wait_pid); -} - -#endif /* !HAVE_WAITPID */ diff --git a/ssh_keygen_110/openbsd-compat/bsd-waitpid.h b/ssh_keygen_110/openbsd-compat/bsd-waitpid.h deleted file mode 100644 index b551268a..00000000 --- a/ssh_keygen_110/openbsd-compat/bsd-waitpid.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2000 Ben Lindstrom. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _BSD_WAITPID_H -#define _BSD_WAITPID_H - -#ifndef HAVE_WAITPID -/* Clean out any potential issues */ -#undef WIFEXITED -#undef WIFSTOPPED -#undef WIFSIGNALED - -/* Define required functions to mimic a POSIX look and feel */ -#define _W_INT(w) (*(int*)&(w)) /* convert union wait to int */ -#define WIFEXITED(w) (!((_W_INT(w)) & 0377)) -#define WIFSTOPPED(w) ((_W_INT(w)) & 0100) -#define WIFSIGNALED(w) (!WIFEXITED(w) && !WIFSTOPPED(w)) -#define WEXITSTATUS(w) (int)(WIFEXITED(w) ? ((_W_INT(w) >> 8) & 0377) : -1) -#define WTERMSIG(w) (int)(WIFSIGNALED(w) ? (_W_INT(w) & 0177) : -1) -#define WCOREFLAG 0x80 -#define WCOREDUMP(w) ((_W_INT(w)) & WCOREFLAG) - -/* Prototype */ -pid_t waitpid(int, int *, int); - -#endif /* !HAVE_WAITPID */ -#endif /* _BSD_WAITPID_H */ diff --git a/ssh_keygen_110/openbsd-compat/chacha_private.h b/ssh_keygen_110/openbsd-compat/chacha_private.h deleted file mode 100644 index 7c3680fa..00000000 --- a/ssh_keygen_110/openbsd-compat/chacha_private.h +++ /dev/null @@ -1,222 +0,0 @@ -/* -chacha-merged.c version 20080118 -D. J. Bernstein -Public domain. -*/ - -/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ - -typedef unsigned char u8; -typedef unsigned int u32; - -typedef struct -{ - u32 input[16]; /* could be compressed */ -} chacha_ctx; - -#define U8C(v) (v##U) -#define U32C(v) (v##U) - -#define U8V(v) ((u8)(v) & U8C(0xFF)) -#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) - -#define ROTL32(v, n) \ - (U32V((v) << (n)) | ((v) >> (32 - (n)))) - -#define U8TO32_LITTLE(p) \ - (((u32)((p)[0]) ) | \ - ((u32)((p)[1]) << 8) | \ - ((u32)((p)[2]) << 16) | \ - ((u32)((p)[3]) << 24)) - -#define U32TO8_LITTLE(p, v) \ - do { \ - (p)[0] = U8V((v) ); \ - (p)[1] = U8V((v) >> 8); \ - (p)[2] = U8V((v) >> 16); \ - (p)[3] = U8V((v) >> 24); \ - } while (0) - -#define ROTATE(v,c) (ROTL32(v,c)) -#define XOR(v,w) ((v) ^ (w)) -#define PLUS(v,w) (U32V((v) + (w))) -#define PLUSONE(v) (PLUS((v),1)) - -#define QUARTERROUND(a,b,c,d) \ - a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ - c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ - a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ - c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); - -static const char sigma[16] = "expand 32-byte k"; -static const char tau[16] = "expand 16-byte k"; - -static void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) -{ - const char *constants; - - x->input[4] = U8TO32_LITTLE(k + 0); - x->input[5] = U8TO32_LITTLE(k + 4); - x->input[6] = U8TO32_LITTLE(k + 8); - x->input[7] = U8TO32_LITTLE(k + 12); - if (kbits == 256) { /* recommended */ - k += 16; - constants = sigma; - } else { /* kbits == 128 */ - constants = tau; - } - x->input[8] = U8TO32_LITTLE(k + 0); - x->input[9] = U8TO32_LITTLE(k + 4); - x->input[10] = U8TO32_LITTLE(k + 8); - x->input[11] = U8TO32_LITTLE(k + 12); - x->input[0] = U8TO32_LITTLE(constants + 0); - x->input[1] = U8TO32_LITTLE(constants + 4); - x->input[2] = U8TO32_LITTLE(constants + 8); - x->input[3] = U8TO32_LITTLE(constants + 12); -} - -static void -chacha_ivsetup(chacha_ctx *x,const u8 *iv) -{ - x->input[12] = 0; - x->input[13] = 0; - x->input[14] = U8TO32_LITTLE(iv + 0); - x->input[15] = U8TO32_LITTLE(iv + 4); -} - -static void -chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) -{ - u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; - u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; - u8 *ctarget = NULL; - u8 tmp[64]; - u_int i; - - if (!bytes) return; - - j0 = x->input[0]; - j1 = x->input[1]; - j2 = x->input[2]; - j3 = x->input[3]; - j4 = x->input[4]; - j5 = x->input[5]; - j6 = x->input[6]; - j7 = x->input[7]; - j8 = x->input[8]; - j9 = x->input[9]; - j10 = x->input[10]; - j11 = x->input[11]; - j12 = x->input[12]; - j13 = x->input[13]; - j14 = x->input[14]; - j15 = x->input[15]; - - for (;;) { - if (bytes < 64) { - for (i = 0;i < bytes;++i) tmp[i] = m[i]; - m = tmp; - ctarget = c; - c = tmp; - } - x0 = j0; - x1 = j1; - x2 = j2; - x3 = j3; - x4 = j4; - x5 = j5; - x6 = j6; - x7 = j7; - x8 = j8; - x9 = j9; - x10 = j10; - x11 = j11; - x12 = j12; - x13 = j13; - x14 = j14; - x15 = j15; - for (i = 20;i > 0;i -= 2) { - QUARTERROUND( x0, x4, x8,x12) - QUARTERROUND( x1, x5, x9,x13) - QUARTERROUND( x2, x6,x10,x14) - QUARTERROUND( x3, x7,x11,x15) - QUARTERROUND( x0, x5,x10,x15) - QUARTERROUND( x1, x6,x11,x12) - QUARTERROUND( x2, x7, x8,x13) - QUARTERROUND( x3, x4, x9,x14) - } - x0 = PLUS(x0,j0); - x1 = PLUS(x1,j1); - x2 = PLUS(x2,j2); - x3 = PLUS(x3,j3); - x4 = PLUS(x4,j4); - x5 = PLUS(x5,j5); - x6 = PLUS(x6,j6); - x7 = PLUS(x7,j7); - x8 = PLUS(x8,j8); - x9 = PLUS(x9,j9); - x10 = PLUS(x10,j10); - x11 = PLUS(x11,j11); - x12 = PLUS(x12,j12); - x13 = PLUS(x13,j13); - x14 = PLUS(x14,j14); - x15 = PLUS(x15,j15); - -#ifndef KEYSTREAM_ONLY - x0 = XOR(x0,U8TO32_LITTLE(m + 0)); - x1 = XOR(x1,U8TO32_LITTLE(m + 4)); - x2 = XOR(x2,U8TO32_LITTLE(m + 8)); - x3 = XOR(x3,U8TO32_LITTLE(m + 12)); - x4 = XOR(x4,U8TO32_LITTLE(m + 16)); - x5 = XOR(x5,U8TO32_LITTLE(m + 20)); - x6 = XOR(x6,U8TO32_LITTLE(m + 24)); - x7 = XOR(x7,U8TO32_LITTLE(m + 28)); - x8 = XOR(x8,U8TO32_LITTLE(m + 32)); - x9 = XOR(x9,U8TO32_LITTLE(m + 36)); - x10 = XOR(x10,U8TO32_LITTLE(m + 40)); - x11 = XOR(x11,U8TO32_LITTLE(m + 44)); - x12 = XOR(x12,U8TO32_LITTLE(m + 48)); - x13 = XOR(x13,U8TO32_LITTLE(m + 52)); - x14 = XOR(x14,U8TO32_LITTLE(m + 56)); - x15 = XOR(x15,U8TO32_LITTLE(m + 60)); -#endif - - j12 = PLUSONE(j12); - if (!j12) { - j13 = PLUSONE(j13); - /* stopping at 2^70 bytes per nonce is user's responsibility */ - } - - U32TO8_LITTLE(c + 0,x0); - U32TO8_LITTLE(c + 4,x1); - U32TO8_LITTLE(c + 8,x2); - U32TO8_LITTLE(c + 12,x3); - U32TO8_LITTLE(c + 16,x4); - U32TO8_LITTLE(c + 20,x5); - U32TO8_LITTLE(c + 24,x6); - U32TO8_LITTLE(c + 28,x7); - U32TO8_LITTLE(c + 32,x8); - U32TO8_LITTLE(c + 36,x9); - U32TO8_LITTLE(c + 40,x10); - U32TO8_LITTLE(c + 44,x11); - U32TO8_LITTLE(c + 48,x12); - U32TO8_LITTLE(c + 52,x13); - U32TO8_LITTLE(c + 56,x14); - U32TO8_LITTLE(c + 60,x15); - - if (bytes <= 64) { - if (bytes < 64) { - for (i = 0;i < bytes;++i) ctarget[i] = c[i]; - } - x->input[12] = j12; - x->input[13] = j13; - return; - } - bytes -= 64; - c += 64; -#ifndef KEYSTREAM_ONLY - m += 64; -#endif - } -} diff --git a/ssh_keygen_110/openbsd-compat/charclass.h b/ssh_keygen_110/openbsd-compat/charclass.h deleted file mode 100644 index 91f51744..00000000 --- a/ssh_keygen_110/openbsd-compat/charclass.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Public domain, 2008, Todd C. Miller - * - * $OpenBSD: charclass.h,v 1.1 2008/10/01 23:04:13 millert Exp $ - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/charclass.h */ - -/* - * POSIX character class support for fnmatch() and glob(). - */ -static struct cclass { - const char *name; - int (*isctype)(int); -} cclasses[] = { - { "alnum", isalnum }, - { "alpha", isalpha }, - { "blank", isblank }, - { "cntrl", iscntrl }, - { "digit", isdigit }, - { "graph", isgraph }, - { "lower", islower }, - { "print", isprint }, - { "punct", ispunct }, - { "space", isspace }, - { "upper", isupper }, - { "xdigit", isxdigit }, - { NULL, NULL } -}; - -#define NCCLASSES (sizeof(cclasses) / sizeof(cclasses[0]) - 1) diff --git a/ssh_keygen_110/openbsd-compat/daemon.c b/ssh_keygen_110/openbsd-compat/daemon.c deleted file mode 100644 index 3efe14c6..00000000 --- a/ssh_keygen_110/openbsd-compat/daemon.c +++ /dev/null @@ -1,82 +0,0 @@ -/* $OpenBSD: daemon.c,v 1.6 2005/08/08 08:05:33 espie Exp $ */ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */ - -#include "includes.h" - -#ifndef HAVE_DAEMON - -#include - -#ifdef HAVE_SYS_STAT_H -# include -#endif - -#ifdef HAVE_FCNTL_H -# include -#endif - -#ifdef HAVE_UNISTD_H -# include -#endif - -int -daemon(int nochdir, int noclose) -{ - int fd; - - switch (fork()) { - case -1: - return (-1); - case 0: - break; - default: - _exit(0); - } - - if (setsid() == -1) - return (-1); - - if (!nochdir) - (void)chdir("/"); - - if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { - (void)dup2(fd, STDIN_FILENO); - (void)dup2(fd, STDOUT_FILENO); - (void)dup2(fd, STDERR_FILENO); - if (fd > 2) - (void)close (fd); - } - return (0); -} - -#endif /* !HAVE_DAEMON */ - diff --git a/ssh_keygen_110/openbsd-compat/dirname.c b/ssh_keygen_110/openbsd-compat/dirname.c deleted file mode 100644 index 30fcb496..00000000 --- a/ssh_keygen_110/openbsd-compat/dirname.c +++ /dev/null @@ -1,72 +0,0 @@ -/* $OpenBSD: dirname.c,v 1.13 2005/08/08 08:05:33 espie Exp $ */ - -/* - * Copyright (c) 1997, 2004 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */ - -#include "includes.h" -#ifndef HAVE_DIRNAME - -#include -#include -#include - -char * -dirname(const char *path) -{ - static char dname[MAXPATHLEN]; - size_t len; - const char *endp; - - /* Empty or NULL string gets treated as "." */ - if (path == NULL || *path == '\0') { - dname[0] = '.'; - dname[1] = '\0'; - return (dname); - } - - /* Strip any trailing slashes */ - endp = path + strlen(path) - 1; - while (endp > path && *endp == '/') - endp--; - - /* Find the start of the dir */ - while (endp > path && *endp != '/') - endp--; - - /* Either the dir is "/" or there are no slashes */ - if (endp == path) { - dname[0] = *endp == '/' ? '/' : '.'; - dname[1] = '\0'; - return (dname); - } else { - /* Move forward past the separating slashes */ - do { - endp--; - } while (endp > path && *endp == '/'); - } - - len = endp - path + 1; - if (len >= sizeof(dname)) { - errno = ENAMETOOLONG; - return (NULL); - } - memcpy(dname, path, len); - dname[len] = '\0'; - return (dname); -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/explicit_bzero.c b/ssh_keygen_110/openbsd-compat/explicit_bzero.c deleted file mode 100644 index 6ef9825a..00000000 --- a/ssh_keygen_110/openbsd-compat/explicit_bzero.c +++ /dev/null @@ -1,57 +0,0 @@ -/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */ -/* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */ -/* - * Public domain. - * Written by Ted Unangst - */ - -#include "includes.h" - -#include - -/* - * explicit_bzero - don't let the compiler optimize away bzero - */ - -#ifndef HAVE_EXPLICIT_BZERO - -#ifdef HAVE_MEMSET_S - -void -explicit_bzero(void *p, size_t n) -{ - if (n == 0) - return; - (void)memset_s(p, n, 0, n); -} - -#else /* HAVE_MEMSET_S */ - -/* - * Indirect bzero through a volatile pointer to hopefully avoid - * dead-store optimisation eliminating the call. - */ -static void (* volatile ssh_bzero)(void *, size_t) = bzero; - -void -explicit_bzero(void *p, size_t n) -{ - if (n == 0) - return; - /* - * clang -fsanitize=memory needs to intercept memset-like functions - * to correctly detect memory initialisation. Make sure one is called - * directly since our indirection trick above successfully confuses it. - */ -#if defined(__has_feature) -# if __has_feature(memory_sanitizer) - memset(p, 0, n); -# endif -#endif - - ssh_bzero(p, n); -} - -#endif /* HAVE_MEMSET_S */ - -#endif /* HAVE_EXPLICIT_BZERO */ diff --git a/ssh_keygen_110/openbsd-compat/fake-rfc2553.c b/ssh_keygen_110/openbsd-compat/fake-rfc2553.c deleted file mode 100644 index d5a62975..00000000 --- a/ssh_keygen_110/openbsd-compat/fake-rfc2553.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Copyright (C) 2000-2003 Damien Miller. All rights reserved. - * Copyright (C) 1999 WIDE Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Pseudo-implementation of RFC2553 name / address resolution functions - * - * But these functions are not implemented correctly. The minimum subset - * is implemented for ssh use only. For example, this routine assumes - * that ai_family is AF_INET. Don't use it for another purpose. - */ - -#include "includes.h" - -#include -#include - -#include -#include - -#ifndef HAVE_GETNAMEINFO -int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, - size_t hostlen, char *serv, size_t servlen, int flags) -{ - struct sockaddr_in *sin = (struct sockaddr_in *)sa; - struct hostent *hp; - char tmpserv[16]; - - if (sa->sa_family != AF_UNSPEC && sa->sa_family != AF_INET) - return (EAI_FAMILY); - if (serv != NULL) { - snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); - if (strlcpy(serv, tmpserv, servlen) >= servlen) - return (EAI_MEMORY); - } - - if (host != NULL) { - if (flags & NI_NUMERICHOST) { - if (strlcpy(host, inet_ntoa(sin->sin_addr), - hostlen) >= hostlen) - return (EAI_MEMORY); - else - return (0); - } else { - hp = gethostbyaddr((char *)&sin->sin_addr, - sizeof(struct in_addr), AF_INET); - if (hp == NULL) - return (EAI_NODATA); - - if (strlcpy(host, hp->h_name, hostlen) >= hostlen) - return (EAI_MEMORY); - else - return (0); - } - } - return (0); -} -#endif /* !HAVE_GETNAMEINFO */ - -#ifndef HAVE_GAI_STRERROR -#ifdef HAVE_CONST_GAI_STRERROR_PROTO -const char * -#else -char * -#endif -gai_strerror(int err) -{ - switch (err) { - case EAI_NODATA: - return ("no address associated with name"); - case EAI_MEMORY: - return ("memory allocation failure."); - case EAI_NONAME: - return ("nodename nor servname provided, or not known"); - case EAI_FAMILY: - return ("ai_family not supported"); - default: - return ("unknown/invalid error."); - } -} -#endif /* !HAVE_GAI_STRERROR */ - -#ifndef HAVE_FREEADDRINFO -void -freeaddrinfo(struct addrinfo *ai) -{ - struct addrinfo *next; - - for(; ai != NULL;) { - next = ai->ai_next; - free(ai); - ai = next; - } -} -#endif /* !HAVE_FREEADDRINFO */ - -#ifndef HAVE_GETADDRINFO -static struct -addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints) -{ - struct addrinfo *ai; - - ai = malloc(sizeof(*ai) + sizeof(struct sockaddr_in)); - if (ai == NULL) - return (NULL); - - memset(ai, '\0', sizeof(*ai) + sizeof(struct sockaddr_in)); - - ai->ai_addr = (struct sockaddr *)(ai + 1); - /* XXX -- ssh doesn't use sa_len */ - ai->ai_addrlen = sizeof(struct sockaddr_in); - ai->ai_addr->sa_family = ai->ai_family = AF_INET; - - ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; - ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; - - /* XXX: the following is not generally correct, but does what we want */ - if (hints->ai_socktype) - ai->ai_socktype = hints->ai_socktype; - else - ai->ai_socktype = SOCK_STREAM; - - if (hints->ai_protocol) - ai->ai_protocol = hints->ai_protocol; - - return (ai); -} - -int -getaddrinfo(const char *hostname, const char *servname, - const struct addrinfo *hints, struct addrinfo **res) -{ - struct hostent *hp; - struct servent *sp; - struct in_addr in; - int i; - long int port; - u_long addr; - - port = 0; - if (hints && hints->ai_family != AF_UNSPEC && - hints->ai_family != AF_INET) - return (EAI_FAMILY); - if (servname != NULL) { - char *cp; - - port = strtol(servname, &cp, 10); - if (port > 0 && port <= 65535 && *cp == '\0') - port = htons(port); - else if ((sp = getservbyname(servname, NULL)) != NULL) - port = sp->s_port; - else - port = 0; - } - - if (hints && hints->ai_flags & AI_PASSIVE) { - addr = htonl(0x00000000); - if (hostname && inet_aton(hostname, &in) != 0) - addr = in.s_addr; - *res = malloc_ai(port, addr, hints); - if (*res == NULL) - return (EAI_MEMORY); - return (0); - } - - if (!hostname) { - *res = malloc_ai(port, htonl(0x7f000001), hints); - if (*res == NULL) - return (EAI_MEMORY); - return (0); - } - - if (inet_aton(hostname, &in)) { - *res = malloc_ai(port, in.s_addr, hints); - if (*res == NULL) - return (EAI_MEMORY); - return (0); - } - - /* Don't try DNS if AI_NUMERICHOST is set */ - if (hints && hints->ai_flags & AI_NUMERICHOST) - return (EAI_NONAME); - - hp = gethostbyname(hostname); - if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { - struct addrinfo *cur, *prev; - - cur = prev = *res = NULL; - for (i = 0; hp->h_addr_list[i]; i++) { - struct in_addr *in = (struct in_addr *)hp->h_addr_list[i]; - - cur = malloc_ai(port, in->s_addr, hints); - if (cur == NULL) { - if (*res != NULL) - freeaddrinfo(*res); - return (EAI_MEMORY); - } - if (prev) - prev->ai_next = cur; - else - *res = cur; - - prev = cur; - } - return (0); - } - - return (EAI_NODATA); -} -#endif /* !HAVE_GETADDRINFO */ diff --git a/ssh_keygen_110/openbsd-compat/fake-rfc2553.h b/ssh_keygen_110/openbsd-compat/fake-rfc2553.h deleted file mode 100644 index f913617f..00000000 --- a/ssh_keygen_110/openbsd-compat/fake-rfc2553.h +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright (C) 2000-2003 Damien Miller. All rights reserved. - * Copyright (C) 1999 WIDE Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Pseudo-implementation of RFC2553 name / address resolution functions - * - * But these functions are not implemented correctly. The minimum subset - * is implemented for ssh use only. For example, this routine assumes - * that ai_family is AF_INET. Don't use it for another purpose. - */ - -#ifndef _FAKE_RFC2553_H -#define _FAKE_RFC2553_H - -#include "includes.h" -#include -#if defined(HAVE_NETDB_H) -# include -#endif - -/* - * First, socket and INET6 related definitions - */ -#ifndef HAVE_STRUCT_SOCKADDR_STORAGE -# define _SS_MAXSIZE 128 /* Implementation specific max size */ -# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) -struct sockaddr_storage { - struct sockaddr ss_sa; - char __ss_pad2[_SS_PADSIZE]; -}; -# define ss_family ss_sa.sa_family -#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ - -#ifndef IN6_IS_ADDR_LOOPBACK -# define IN6_IS_ADDR_LOOPBACK(a) \ - (((u_int32_t *)(a))[0] == 0 && ((u_int32_t *)(a))[1] == 0 && \ - ((u_int32_t *)(a))[2] == 0 && ((u_int32_t *)(a))[3] == htonl(1)) -#endif /* !IN6_IS_ADDR_LOOPBACK */ - -#ifndef HAVE_STRUCT_IN6_ADDR -struct in6_addr { - u_int8_t s6_addr[16]; -}; -#endif /* !HAVE_STRUCT_IN6_ADDR */ - -#ifndef HAVE_STRUCT_SOCKADDR_IN6 -struct sockaddr_in6 { - unsigned short sin6_family; - u_int16_t sin6_port; - u_int32_t sin6_flowinfo; - struct in6_addr sin6_addr; - u_int32_t sin6_scope_id; -}; -#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */ - -#ifndef AF_INET6 -/* Define it to something that should never appear */ -#define AF_INET6 AF_MAX -#endif - -/* - * Next, RFC2553 name / address resolution API - */ - -#ifndef NI_NUMERICHOST -# define NI_NUMERICHOST (1) -#endif -#ifndef NI_NAMEREQD -# define NI_NAMEREQD (1<<1) -#endif -#ifndef NI_NUMERICSERV -# define NI_NUMERICSERV (1<<2) -#endif - -#ifndef AI_PASSIVE -# define AI_PASSIVE (1) -#endif -#ifndef AI_CANONNAME -# define AI_CANONNAME (1<<1) -#endif -#ifndef AI_NUMERICHOST -# define AI_NUMERICHOST (1<<2) -#endif -#ifndef AI_NUMERICSERV -# define AI_NUMERICSERV (1<<3) -#endif - -#ifndef NI_MAXSERV -# define NI_MAXSERV 32 -#endif /* !NI_MAXSERV */ -#ifndef NI_MAXHOST -# define NI_MAXHOST 1025 -#endif /* !NI_MAXHOST */ - -#ifndef EAI_NODATA -# define EAI_NODATA (INT_MAX - 1) -#endif -#ifndef EAI_MEMORY -# define EAI_MEMORY (INT_MAX - 2) -#endif -#ifndef EAI_NONAME -# define EAI_NONAME (INT_MAX - 3) -#endif -#ifndef EAI_SYSTEM -# define EAI_SYSTEM (INT_MAX - 4) -#endif -#ifndef EAI_FAMILY -# define EAI_FAMILY (INT_MAX - 5) -#endif - -#ifndef HAVE_STRUCT_ADDRINFO -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for hostname */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; -#endif /* !HAVE_STRUCT_ADDRINFO */ - -#ifndef HAVE_GETADDRINFO -#ifdef getaddrinfo -# undef getaddrinfo -#endif -#define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d)) -int getaddrinfo(const char *, const char *, - const struct addrinfo *, struct addrinfo **); -#endif /* !HAVE_GETADDRINFO */ - -#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO) -#define gai_strerror(a) (_ssh_compat_gai_strerror(a)) -char *gai_strerror(int); -#endif /* !HAVE_GAI_STRERROR */ - -#ifndef HAVE_FREEADDRINFO -#define freeaddrinfo(a) (ssh_freeaddrinfo(a)) -void freeaddrinfo(struct addrinfo *); -#endif /* !HAVE_FREEADDRINFO */ - -#ifndef HAVE_GETNAMEINFO -#define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g)) -int getnameinfo(const struct sockaddr *, size_t, char *, size_t, - char *, size_t, int); -#endif /* !HAVE_GETNAMEINFO */ - -#endif /* !_FAKE_RFC2553_H */ - diff --git a/ssh_keygen_110/openbsd-compat/fmt_scaled.c b/ssh_keygen_110/openbsd-compat/fmt_scaled.c deleted file mode 100644 index 2f76ef93..00000000 --- a/ssh_keygen_110/openbsd-compat/fmt_scaled.c +++ /dev/null @@ -1,303 +0,0 @@ -/* $OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $ */ - -/* - * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libutil/fmt_scaled.c */ - -/* - * fmt_scaled: Format numbers scaled for human comprehension - * scan_scaled: Scan numbers in this format. - * - * "Human-readable" output uses 4 digits max, and puts a unit suffix at - * the end. Makes output compact and easy-to-read esp. on huge disks. - * Formatting code was originally in OpenBSD "df", converted to library routine. - * Scanning code written for OpenBSD libutil. - */ - -#include "includes.h" - -#ifndef HAVE_FMT_SCALED - -#include -#include -#include -#include -#include -#include - -typedef enum { - NONE = 0, KILO = 1, MEGA = 2, GIGA = 3, TERA = 4, PETA = 5, EXA = 6 -} unit_type; - -/* These three arrays MUST be in sync! XXX make a struct */ -static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA }; -static char scale_chars[] = "BKMGTPE"; -static long long scale_factors[] = { - 1LL, - 1024LL, - 1024LL*1024, - 1024LL*1024*1024, - 1024LL*1024*1024*1024, - 1024LL*1024*1024*1024*1024, - 1024LL*1024*1024*1024*1024*1024, -}; -#define SCALE_LENGTH (sizeof(units)/sizeof(units[0])) - -#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */ - -/* Convert the given input string "scaled" into numeric in "result". - * Return 0 on success, -1 and errno set on error. - */ -int -scan_scaled(char *scaled, long long *result) -{ - char *p = scaled; - int sign = 0; - unsigned int i, ndigits = 0, fract_digits = 0; - long long scale_fact = 1, whole = 0, fpart = 0; - - /* Skip leading whitespace */ - while (isascii((unsigned char)*p) && isspace((unsigned char)*p)) - ++p; - - /* Then at most one leading + or - */ - while (*p == '-' || *p == '+') { - if (*p == '-') { - if (sign) { - errno = EINVAL; - return -1; - } - sign = -1; - ++p; - } else if (*p == '+') { - if (sign) { - errno = EINVAL; - return -1; - } - sign = +1; - ++p; - } - } - - /* Main loop: Scan digits, find decimal point, if present. - * We don't allow exponentials, so no scientific notation - * (but note that E for Exa might look like e to some!). - * Advance 'p' to end, to get scale factor. - */ - for (; isascii((unsigned char)*p) && - (isdigit((unsigned char)*p) || *p=='.'); ++p) { - if (*p == '.') { - if (fract_digits > 0) { /* oops, more than one '.' */ - errno = EINVAL; - return -1; - } - fract_digits = 1; - continue; - } - - i = (*p) - '0'; /* whew! finally a digit we can use */ - if (fract_digits > 0) { - if (fract_digits >= MAX_DIGITS-1) - /* ignore extra fractional digits */ - continue; - fract_digits++; /* for later scaling */ - if (fpart > LLONG_MAX / 10) { - errno = ERANGE; - return -1; - } - fpart *= 10; - if (i > LLONG_MAX - fpart) { - errno = ERANGE; - return -1; - } - fpart += i; - } else { /* normal digit */ - if (++ndigits >= MAX_DIGITS) { - errno = ERANGE; - return -1; - } - if (whole > LLONG_MAX / 10) { - errno = ERANGE; - return -1; - } - whole *= 10; - if (i > LLONG_MAX - whole) { - errno = ERANGE; - return -1; - } - whole += i; - } - } - - if (sign) { - whole *= sign; - fpart *= sign; - } - - /* If no scale factor given, we're done. fraction is discarded. */ - if (!*p) { - *result = whole; - return 0; - } - - /* Validate scale factor, and scale whole and fraction by it. */ - for (i = 0; i < SCALE_LENGTH; i++) { - - /* Are we there yet? */ - if (*p == scale_chars[i] || - *p == tolower((unsigned char)scale_chars[i])) { - - /* If it ends with alphanumerics after the scale char, bad. */ - if (isalnum((unsigned char)*(p+1))) { - errno = EINVAL; - return -1; - } - scale_fact = scale_factors[i]; - - /* check for overflow and underflow after scaling */ - if (whole > LLONG_MAX / scale_fact || - whole < LLONG_MIN / scale_fact) { - errno = ERANGE; - return -1; - } - - /* scale whole part */ - whole *= scale_fact; - - /* truncate fpart so it doesn't overflow. - * then scale fractional part. - */ - while (fpart >= LLONG_MAX / scale_fact) { - fpart /= 10; - fract_digits--; - } - fpart *= scale_fact; - if (fract_digits > 0) { - for (i = 0; i < fract_digits -1; i++) - fpart /= 10; - } - whole += fpart; - *result = whole; - return 0; - } - } - - /* Invalid unit or character */ - errno = EINVAL; - return -1; -} - -/* Format the given "number" into human-readable form in "result". - * Result must point to an allocated buffer of length FMT_SCALED_STRSIZE. - * Return 0 on success, -1 and errno set if error. - */ -int -fmt_scaled(long long number, char *result) -{ - long long abval, fract = 0; - unsigned int i; - unit_type unit = NONE; - - abval = llabs(number); - - /* Not every negative long long has a positive representation. - * Also check for numbers that are just too darned big to format - */ - if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) { - errno = ERANGE; - return -1; - } - - /* scale whole part; get unscaled fraction */ - for (i = 0; i < SCALE_LENGTH; i++) { - if (abval/1024 < scale_factors[i]) { - unit = units[i]; - fract = (i == 0) ? 0 : abval % scale_factors[i]; - number /= scale_factors[i]; - if (i > 0) - fract /= scale_factors[i - 1]; - break; - } - } - - fract = (10 * fract + 512) / 1024; - /* if the result would be >= 10, round main number */ - if (fract >= 10) { - if (number >= 0) - number++; - else - number--; - fract = 0; - } else if (fract < 0) { - /* shouldn't happen */ - fract = 0; - } - - if (number == 0) - strlcpy(result, "0B", FMT_SCALED_STRSIZE); - else if (unit == NONE || number >= 100 || number <= -100) { - if (fract >= 5) { - if (number >= 0) - number++; - else - number--; - } - (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld%c", - number, scale_chars[unit]); - } else - (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", - number, fract, scale_chars[unit]); - - return 0; -} - -#ifdef MAIN -/* - * This is the original version of the program in the man page. - * Copy-and-paste whatever you need from it. - */ -int -main(int argc, char **argv) -{ - char *cinput = "1.5K", buf[FMT_SCALED_STRSIZE]; - long long ninput = 10483892, result; - - if (scan_scaled(cinput, &result) == 0) - printf("\"%s\" -> %lld\n", cinput, result); - else - perror(cinput); - - if (fmt_scaled(ninput, buf) == 0) - printf("%lld -> \"%s\"\n", ninput, buf); - else - fprintf(stderr, "%lld invalid (%s)\n", ninput, strerror(errno)); - - return 0; -} -#endif - -#endif /* HAVE_FMT_SCALED */ diff --git a/ssh_keygen_110/openbsd-compat/freezero.c b/ssh_keygen_110/openbsd-compat/freezero.c deleted file mode 100644 index bad018ff..00000000 --- a/ssh_keygen_110/openbsd-compat/freezero.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include - -#ifndef HAVE_FREEZERO - -void -freezero(void *ptr, size_t sz) -{ - if (ptr == NULL) - return; - explicit_bzero(ptr, sz); - free(ptr); -} - -#endif /* HAVE_FREEZERO */ - diff --git a/ssh_keygen_110/openbsd-compat/getcwd.c b/ssh_keygen_110/openbsd-compat/getcwd.c deleted file mode 100644 index e4f7f5a3..00000000 --- a/ssh_keygen_110/openbsd-compat/getcwd.c +++ /dev/null @@ -1,240 +0,0 @@ -/* $OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp */ -/* - * Copyright (c) 1989, 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */ - -#include "includes.h" - -#if !defined(HAVE_GETCWD) - -#include -#include -#include -#include -#include -#include -#include -#include -#include "includes.h" - -#define ISDOT(dp) \ - (dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || \ - (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) - -char * -getcwd(char *pt, size_t size) -{ - struct dirent *dp; - DIR *dir = NULL; - dev_t dev; - ino_t ino; - int first; - char *bpt, *bup; - struct stat s; - dev_t root_dev; - ino_t root_ino; - size_t ptsize, upsize; - int save_errno; - char *ept, *eup, *up; - - /* - * If no buffer specified by the user, allocate one as necessary. - * If a buffer is specified, the size has to be non-zero. The path - * is built from the end of the buffer backwards. - */ - if (pt) { - ptsize = 0; - if (!size) { - errno = EINVAL; - return (NULL); - } - ept = pt + size; - } else { - if ((pt = malloc(ptsize = MAXPATHLEN)) == NULL) - return (NULL); - ept = pt + ptsize; - } - bpt = ept - 1; - *bpt = '\0'; - - /* - * Allocate bytes for the string of "../"'s. - * Should always be enough (it's 340 levels). If it's not, allocate - * as necessary. Special * case the first stat, it's ".", not "..". - */ - if ((up = malloc(upsize = MAXPATHLEN)) == NULL) - goto err; - eup = up + upsize; - bup = up; - up[0] = '.'; - up[1] = '\0'; - - /* Save root values, so know when to stop. */ - if (stat("/", &s)) - goto err; - root_dev = s.st_dev; - root_ino = s.st_ino; - - errno = 0; /* XXX readdir has no error return. */ - - for (first = 1;; first = 0) { - /* Stat the current level. */ - if (lstat(up, &s)) - goto err; - - /* Save current node values. */ - ino = s.st_ino; - dev = s.st_dev; - - /* Check for reaching root. */ - if (root_dev == dev && root_ino == ino) { - *--bpt = '/'; - /* - * It's unclear that it's a requirement to copy the - * path to the beginning of the buffer, but it's always - * been that way and stuff would probably break. - */ - memmove(pt, bpt, ept - bpt); - free(up); - return (pt); - } - - /* - * Build pointer to the parent directory, allocating memory - * as necessary. Max length is 3 for "../", the largest - * possible component name, plus a trailing NUL. - */ - if (bup + 3 + MAXNAMLEN + 1 >= eup) { - char *nup; - - if ((nup = realloc(up, upsize *= 2)) == NULL) - goto err; - bup = nup + (bup - up); - up = nup; - eup = up + upsize; - } - *bup++ = '.'; - *bup++ = '.'; - *bup = '\0'; - - /* Open and stat parent directory. */ - if (!(dir = opendir(up)) || fstat(dirfd(dir), &s)) - goto err; - - /* Add trailing slash for next directory. */ - *bup++ = '/'; - - /* - * If it's a mount point, have to stat each element because - * the inode number in the directory is for the entry in the - * parent directory, not the inode number of the mounted file. - */ - save_errno = 0; - if (s.st_dev == dev) { - for (;;) { - if (!(dp = readdir(dir))) - goto notfound; - if (dp->d_fileno == ino) - break; - } - } else - for (;;) { - if (!(dp = readdir(dir))) - goto notfound; - if (ISDOT(dp)) - continue; - memcpy(bup, dp->d_name, dp->d_namlen + 1); - - /* Save the first error for later. */ - if (lstat(up, &s)) { - if (!save_errno) - save_errno = errno; - errno = 0; - continue; - } - if (s.st_dev == dev && s.st_ino == ino) - break; - } - - /* - * Check for length of the current name, preceding slash, - * leading slash. - */ - if (bpt - pt < dp->d_namlen + (first ? 1 : 2)) { - size_t len; - char *npt; - - if (!ptsize) { - errno = ERANGE; - goto err; - } - len = ept - bpt; - if ((npt = realloc(pt, ptsize *= 2)) == NULL) - goto err; - bpt = npt + (bpt - pt); - pt = npt; - ept = pt + ptsize; - memmove(ept - len, bpt, len); - bpt = ept - len; - } - if (!first) - *--bpt = '/'; - bpt -= dp->d_namlen; - memcpy(bpt, dp->d_name, dp->d_namlen); - (void)closedir(dir); - - /* Truncate any file name. */ - *bup = '\0'; - } - -notfound: - /* - * If readdir set errno, use it, not any saved error; otherwise, - * didn't find the current directory in its parent directory, set - * errno to ENOENT. - */ - if (!errno) - errno = save_errno ? save_errno : ENOENT; - /* FALLTHROUGH */ -err: - save_errno = errno; - - if (ptsize) - free(pt); - free(up); - if (dir) - (void)closedir(dir); - - errno = save_errno; - - return (NULL); -} - -#endif /* !defined(HAVE_GETCWD) */ diff --git a/ssh_keygen_110/openbsd-compat/getgrouplist.c b/ssh_keygen_110/openbsd-compat/getgrouplist.c deleted file mode 100644 index 3906cd62..00000000 --- a/ssh_keygen_110/openbsd-compat/getgrouplist.c +++ /dev/null @@ -1,95 +0,0 @@ -/* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp */ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */ - -#include "includes.h" - -#ifndef HAVE_GETGROUPLIST - -/* - * get credential - */ -#include -#include -#include -#include - -int -getgrouplist(const char *uname, gid_t agroup, gid_t *groups, int *grpcnt) -{ - struct group *grp; - int i, ngroups; - int ret, maxgroups; - int bail; - - ret = 0; - ngroups = 0; - maxgroups = *grpcnt; - - /* - * install primary group - */ - if (ngroups >= maxgroups) { - *grpcnt = ngroups; - return (-1); - } - groups[ngroups++] = agroup; - - /* - * Scan the group file to find additional groups. - */ - setgrent(); - while ((grp = getgrent())) { - if (grp->gr_gid == agroup) - continue; - for (bail = 0, i = 0; bail == 0 && i < ngroups; i++) - if (groups[i] == grp->gr_gid) - bail = 1; - if (bail) - continue; - for (i = 0; grp->gr_mem[i]; i++) { - if (!strcmp(grp->gr_mem[i], uname)) { - if (ngroups >= maxgroups) { - ret = -1; - goto out; - } - groups[ngroups++] = grp->gr_gid; - break; - } - } - } -out: - endgrent(); - *grpcnt = ngroups; - return (ret); -} - -#endif /* HAVE_GETGROUPLIST */ diff --git a/ssh_keygen_110/openbsd-compat/getopt.h b/ssh_keygen_110/openbsd-compat/getopt.h deleted file mode 100644 index 8eb12447..00000000 --- a/ssh_keygen_110/openbsd-compat/getopt.h +++ /dev/null @@ -1,74 +0,0 @@ -/* $OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $ */ -/* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */ - -/*- - * Copyright (c) 2000 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Dieter Baron and Thomas Klausner. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _GETOPT_H_ -#define _GETOPT_H_ - -/* - * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions - */ -#define no_argument 0 -#define required_argument 1 -#define optional_argument 2 - -struct option { - /* name of long option */ - const char *name; - /* - * one of no_argument, required_argument, and optional_argument: - * whether option takes an argument - */ - int has_arg; - /* if not NULL, set *flag to val when option found */ - int *flag; - /* if flag not NULL, value to set *flag to; else return value */ - int val; -}; - -int getopt_long(int, char * const *, const char *, - const struct option *, int *); -int getopt_long_only(int, char * const *, const char *, - const struct option *, int *); -#ifndef _GETOPT_DEFINED_ -#define _GETOPT_DEFINED_ -int getopt(int, char * const *, const char *); -int getsubopt(char **, char * const *, char **); - -extern char *optarg; /* getopt(3) external variables */ -extern int opterr; -extern int optind; -extern int optopt; -extern int optreset; -extern char *suboptarg; /* getsubopt(3) external variable */ -#endif - -#endif /* !_GETOPT_H_ */ diff --git a/ssh_keygen_110/openbsd-compat/getopt_long.c b/ssh_keygen_110/openbsd-compat/getopt_long.c deleted file mode 100644 index e2894743..00000000 --- a/ssh_keygen_110/openbsd-compat/getopt_long.c +++ /dev/null @@ -1,532 +0,0 @@ -/* $OpenBSD: getopt_long.c,v 1.25 2011/03/05 22:10:11 guenther Exp $ */ -/* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */ - -/* - * Copyright (c) 2002 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Sponsored in part by the Defense Advanced Research Projects - * Agency (DARPA) and Air Force Research Laboratory, Air Force - * Materiel Command, USAF, under agreement number F39502-99-1-0512. - */ -/*- - * Copyright (c) 2000 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Dieter Baron and Thomas Klausner. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt_long.c */ -#include "includes.h" - -#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) - -/* - * Some defines to make it easier to keep the code in sync with upstream. - * getopt opterr optind optopt optreset optarg are all in defines.h which is - * pulled in by includes.h. - */ -#define warnx logit - -#if 0 -#include -#include -#endif -#include -#include -#include -#include - -#include "log.h" - -int opterr = 1; /* if error message should be printed */ -int optind = 1; /* index into parent argv vector */ -int optopt = '?'; /* character checked for validity */ -int optreset; /* reset getopt */ -char *optarg; /* argument associated with option */ - -#define PRINT_ERROR ((opterr) && (*options != ':')) - -#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ -#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ -#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ - -/* return values */ -#define BADCH (int)'?' -#define BADARG ((*options == ':') ? (int)':' : (int)'?') -#define INORDER (int)1 - -#define EMSG "" - -static int getopt_internal(int, char * const *, const char *, - const struct option *, int *, int); -static int parse_long_options(char * const *, const char *, - const struct option *, int *, int); -static int gcd(int, int); -static void permute_args(int, int, int, char * const *); - -static char *place = EMSG; /* option letter processing */ - -/* XXX: set optreset to 1 rather than these two */ -static int nonopt_start = -1; /* first non option argument (for permute) */ -static int nonopt_end = -1; /* first option after non options (for permute) */ - -/* Error messages */ -static const char recargchar[] = "option requires an argument -- %c"; -static const char recargstring[] = "option requires an argument -- %s"; -static const char ambig[] = "ambiguous option -- %.*s"; -static const char noarg[] = "option doesn't take an argument -- %.*s"; -static const char illoptchar[] = "unknown option -- %c"; -static const char illoptstring[] = "unknown option -- %s"; - -/* - * Compute the greatest common divisor of a and b. - */ -static int -gcd(int a, int b) -{ - int c; - - c = a % b; - while (c != 0) { - a = b; - b = c; - c = a % b; - } - - return (b); -} - -/* - * Exchange the block from nonopt_start to nonopt_end with the block - * from nonopt_end to opt_end (keeping the same order of arguments - * in each block). - */ -static void -permute_args(int panonopt_start, int panonopt_end, int opt_end, - char * const *nargv) -{ - int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; - char *swap; - - /* - * compute lengths of blocks and number and size of cycles - */ - nnonopts = panonopt_end - panonopt_start; - nopts = opt_end - panonopt_end; - ncycle = gcd(nnonopts, nopts); - cyclelen = (opt_end - panonopt_start) / ncycle; - - for (i = 0; i < ncycle; i++) { - cstart = panonopt_end+i; - pos = cstart; - for (j = 0; j < cyclelen; j++) { - if (pos >= panonopt_end) - pos -= nnonopts; - else - pos += nopts; - swap = nargv[pos]; - /* LINTED const cast */ - ((char **) nargv)[pos] = nargv[cstart]; - /* LINTED const cast */ - ((char **)nargv)[cstart] = swap; - } - } -} - -/* - * parse_long_options -- - * Parse long options in argc/argv argument vector. - * Returns -1 if short_too is set and the option does not match long_options. - */ -static int -parse_long_options(char * const *nargv, const char *options, - const struct option *long_options, int *idx, int short_too) -{ - char *current_argv, *has_equal; - size_t current_argv_len; - int i, match; - - current_argv = place; - match = -1; - - optind++; - - if ((has_equal = strchr(current_argv, '=')) != NULL) { - /* argument found (--option=arg) */ - current_argv_len = has_equal - current_argv; - has_equal++; - } else - current_argv_len = strlen(current_argv); - - for (i = 0; long_options[i].name; i++) { - /* find matching long option */ - if (strncmp(current_argv, long_options[i].name, - current_argv_len)) - continue; - - if (strlen(long_options[i].name) == current_argv_len) { - /* exact match */ - match = i; - break; - } - /* - * If this is a known short option, don't allow - * a partial match of a single character. - */ - if (short_too && current_argv_len == 1) - continue; - - if (match == -1) /* partial match */ - match = i; - else { - /* ambiguous abbreviation */ - if (PRINT_ERROR) - warnx(ambig, (int)current_argv_len, - current_argv); - optopt = 0; - return (BADCH); - } - } - if (match != -1) { /* option found */ - if (long_options[match].has_arg == no_argument - && has_equal) { - if (PRINT_ERROR) - warnx(noarg, (int)current_argv_len, - current_argv); - /* - * XXX: GNU sets optopt to val regardless of flag - */ - if (long_options[match].flag == NULL) - optopt = long_options[match].val; - else - optopt = 0; - return (BADARG); - } - if (long_options[match].has_arg == required_argument || - long_options[match].has_arg == optional_argument) { - if (has_equal) - optarg = has_equal; - else if (long_options[match].has_arg == - required_argument) { - /* - * optional argument doesn't use next nargv - */ - optarg = nargv[optind++]; - } - } - if ((long_options[match].has_arg == required_argument) - && (optarg == NULL)) { - /* - * Missing argument; leading ':' indicates no error - * should be generated. - */ - if (PRINT_ERROR) - warnx(recargstring, - current_argv); - /* - * XXX: GNU sets optopt to val regardless of flag - */ - if (long_options[match].flag == NULL) - optopt = long_options[match].val; - else - optopt = 0; - --optind; - return (BADARG); - } - } else { /* unknown option */ - if (short_too) { - --optind; - return (-1); - } - if (PRINT_ERROR) - warnx(illoptstring, current_argv); - optopt = 0; - return (BADCH); - } - if (idx) - *idx = match; - if (long_options[match].flag) { - *long_options[match].flag = long_options[match].val; - return (0); - } else - return (long_options[match].val); -} - -/* - * getopt_internal -- - * Parse argc/argv argument vector. Called by user level routines. - */ -static int -getopt_internal(int nargc, char * const *nargv, const char *options, - const struct option *long_options, int *idx, int flags) -{ - char *oli; /* option letter list index */ - int optchar, short_too; - static int posixly_correct = -1; - - if (options == NULL) - return (-1); - - /* - * XXX Some GNU programs (like cvs) set optind to 0 instead of - * XXX using optreset. Work around this braindamage. - */ - if (optind == 0) - optind = optreset = 1; - - /* - * Disable GNU extensions if POSIXLY_CORRECT is set or options - * string begins with a '+'. - */ - if (posixly_correct == -1 || optreset) - posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); - if (*options == '-') - flags |= FLAG_ALLARGS; - else if (posixly_correct || *options == '+') - flags &= ~FLAG_PERMUTE; - if (*options == '+' || *options == '-') - options++; - - optarg = NULL; - if (optreset) - nonopt_start = nonopt_end = -1; -start: - if (optreset || !*place) { /* update scanning pointer */ - optreset = 0; - if (optind >= nargc) { /* end of argument vector */ - place = EMSG; - if (nonopt_end != -1) { - /* do permutation, if we have to */ - permute_args(nonopt_start, nonopt_end, - optind, nargv); - optind -= nonopt_end - nonopt_start; - } - else if (nonopt_start != -1) { - /* - * If we skipped non-options, set optind - * to the first of them. - */ - optind = nonopt_start; - } - nonopt_start = nonopt_end = -1; - return (-1); - } - if (*(place = nargv[optind]) != '-' || - (place[1] == '\0' && strchr(options, '-') == NULL)) { - place = EMSG; /* found non-option */ - if (flags & FLAG_ALLARGS) { - /* - * GNU extension: - * return non-option as argument to option 1 - */ - optarg = nargv[optind++]; - return (INORDER); - } - if (!(flags & FLAG_PERMUTE)) { - /* - * If no permutation wanted, stop parsing - * at first non-option. - */ - return (-1); - } - /* do permutation */ - if (nonopt_start == -1) - nonopt_start = optind; - else if (nonopt_end != -1) { - permute_args(nonopt_start, nonopt_end, - optind, nargv); - nonopt_start = optind - - (nonopt_end - nonopt_start); - nonopt_end = -1; - } - optind++; - /* process next argument */ - goto start; - } - if (nonopt_start != -1 && nonopt_end == -1) - nonopt_end = optind; - - /* - * If we have "-" do nothing, if "--" we are done. - */ - if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { - optind++; - place = EMSG; - /* - * We found an option (--), so if we skipped - * non-options, we have to permute. - */ - if (nonopt_end != -1) { - permute_args(nonopt_start, nonopt_end, - optind, nargv); - optind -= nonopt_end - nonopt_start; - } - nonopt_start = nonopt_end = -1; - return (-1); - } - } - - /* - * Check long options if: - * 1) we were passed some - * 2) the arg is not just "-" - * 3) either the arg starts with -- we are getopt_long_only() - */ - if (long_options != NULL && place != nargv[optind] && - (*place == '-' || (flags & FLAG_LONGONLY))) { - short_too = 0; - if (*place == '-') - place++; /* --foo long option */ - else if (*place != ':' && strchr(options, *place) != NULL) - short_too = 1; /* could be short option too */ - - optchar = parse_long_options(nargv, options, long_options, - idx, short_too); - if (optchar != -1) { - place = EMSG; - return (optchar); - } - } - - if ((optchar = (int)*place++) == (int)':' || - (optchar == (int)'-' && *place != '\0') || - (oli = strchr(options, optchar)) == NULL) { - /* - * If the user specified "-" and '-' isn't listed in - * options, return -1 (non-option) as per POSIX. - * Otherwise, it is an unknown option character (or ':'). - */ - if (optchar == (int)'-' && *place == '\0') - return (-1); - if (!*place) - ++optind; - if (PRINT_ERROR) - warnx(illoptchar, optchar); - optopt = optchar; - return (BADCH); - } - if (long_options != NULL && optchar == 'W' && oli[1] == ';') { - /* -W long-option */ - if (*place) /* no space */ - /* NOTHING */; - else if (++optind >= nargc) { /* no arg */ - place = EMSG; - if (PRINT_ERROR) - warnx(recargchar, optchar); - optopt = optchar; - return (BADARG); - } else /* white space */ - place = nargv[optind]; - optchar = parse_long_options(nargv, options, long_options, - idx, 0); - place = EMSG; - return (optchar); - } - if (*++oli != ':') { /* doesn't take argument */ - if (!*place) - ++optind; - } else { /* takes (optional) argument */ - optarg = NULL; - if (*place) /* no white space */ - optarg = place; - else if (oli[1] != ':') { /* arg not optional */ - if (++optind >= nargc) { /* no arg */ - place = EMSG; - if (PRINT_ERROR) - warnx(recargchar, optchar); - optopt = optchar; - return (BADARG); - } else - optarg = nargv[optind]; - } - place = EMSG; - ++optind; - } - /* dump back option letter */ - return (optchar); -} - -/* - * getopt -- - * Parse argc/argv argument vector. - * - * [eventually this will replace the BSD getopt] - */ -int -getopt(int nargc, char * const *nargv, const char *options) -{ - - /* - * We don't pass FLAG_PERMUTE to getopt_internal() since - * the BSD getopt(3) (unlike GNU) has never done this. - * - * Furthermore, since many privileged programs call getopt() - * before dropping privileges it makes sense to keep things - * as simple (and bug-free) as possible. - */ - return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); -} - -#if 0 -/* - * getopt_long -- - * Parse argc/argv argument vector. - */ -int -getopt_long(int nargc, char * const *nargv, const char *options, - const struct option *long_options, int *idx) -{ - - return (getopt_internal(nargc, nargv, options, long_options, idx, - FLAG_PERMUTE)); -} - -/* - * getopt_long_only -- - * Parse argc/argv argument vector. - */ -int -getopt_long_only(int nargc, char * const *nargv, const char *options, - const struct option *long_options, int *idx) -{ - - return (getopt_internal(nargc, nargv, options, long_options, idx, - FLAG_PERMUTE|FLAG_LONGONLY)); -} -#endif - -#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ diff --git a/ssh_keygen_110/openbsd-compat/getrrsetbyname-ldns.c b/ssh_keygen_110/openbsd-compat/getrrsetbyname-ldns.c deleted file mode 100644 index 4647b623..00000000 --- a/ssh_keygen_110/openbsd-compat/getrrsetbyname-ldns.c +++ /dev/null @@ -1,284 +0,0 @@ -/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */ - -/* - * Copyright (c) 2007 Simon Vallet / Genoscope - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#if !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) - -#include -#include - -#include - -#include "getrrsetbyname.h" -#include "log.h" -#include "xmalloc.h" - -#define malloc(x) (xmalloc(x)) -#define calloc(x, y) (xcalloc((x),(y))) - -int -getrrsetbyname(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - struct rrsetinfo **res) -{ - int result; - unsigned int i, j, index_ans, index_sig; - struct rrsetinfo *rrset = NULL; - struct rdatainfo *rdata; - size_t len; - ldns_resolver *ldns_res = NULL; - ldns_rdf *domain = NULL; - ldns_pkt *pkt = NULL; - ldns_rr_list *rrsigs = NULL, *rrdata = NULL; - ldns_status err; - ldns_rr *rr; - - /* check for invalid class and type */ - if (rdclass > 0xffff || rdtype > 0xffff) { - result = ERRSET_INVAL; - goto fail; - } - - /* don't allow queries of class or type ANY */ - if (rdclass == 0xff || rdtype == 0xff) { - result = ERRSET_INVAL; - goto fail; - } - - /* don't allow flags yet, unimplemented */ - if (flags) { - result = ERRSET_INVAL; - goto fail; - } - - /* Initialize resolver from resolv.conf */ - domain = ldns_dname_new_frm_str(hostname); - if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \ - LDNS_STATUS_OK) { - result = ERRSET_FAIL; - goto fail; - } - -#ifdef LDNS_DEBUG - ldns_resolver_set_debug(ldns_res, true); -#endif /* LDNS_DEBUG */ - - ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */ - - /* make query */ - pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD); - - /*** TODO: finer errcodes -- see original **/ - if (!pkt || ldns_pkt_ancount(pkt) < 1) { - result = ERRSET_FAIL; - goto fail; - } - - /* initialize rrset */ - rrset = calloc(1, sizeof(struct rrsetinfo)); - if (rrset == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER); - rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata); - if (!rrset->rri_nrdatas) { - result = ERRSET_NODATA; - goto fail; - } - - /* copy name from answer section */ - len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))); - if ((rrset->rri_name = malloc(len)) == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - memcpy(rrset->rri_name, - ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len); - - rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0)); - rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0)); - rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0)); - - debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas); - - /* Check for authenticated data */ - if (ldns_pkt_ad(pkt)) { - rrset->rri_flags |= RRSET_VALIDATED; - } else { /* AD is not set, try autonomous validation */ - ldns_rr_list * trusted_keys = ldns_rr_list_new(); - - debug2("ldns: trying to validate RRset"); - /* Get eventual sigs */ - rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_ANSWER); - - rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs); - debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS", - rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG); - - if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs, - trusted_keys)) == LDNS_STATUS_OK) { - rrset->rri_flags |= RRSET_VALIDATED; - debug2("ldns: RRset is signed with a valid key"); - } else { - debug2("ldns: RRset validation failed: %s", - ldns_get_errorstr_by_id(err)); - } - - ldns_rr_list_deep_free(trusted_keys); - } - - /* allocate memory for answers */ - rrset->rri_rdatas = calloc(rrset->rri_nrdatas, - sizeof(struct rdatainfo)); - - if (rrset->rri_rdatas == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* allocate memory for signatures */ - if (rrset->rri_nsigs > 0) { - rrset->rri_sigs = calloc(rrset->rri_nsigs, - sizeof(struct rdatainfo)); - - if (rrset->rri_sigs == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - } - - /* copy answers & signatures */ - for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) { - rdata = NULL; - rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i); - - if (ldns_rr_get_class(rr) == rrset->rri_rdclass && - ldns_rr_get_type(rr) == rrset->rri_rdtype) { - rdata = &rrset->rri_rdatas[index_ans++]; - } - - if (rr->_rr_class == rrset->rri_rdclass && - rr->_rr_type == LDNS_RR_TYPE_RRSIG && - rrset->rri_sigs) { - rdata = &rrset->rri_sigs[index_sig++]; - } - - if (rdata) { - size_t rdata_offset = 0; - - rdata->rdi_length = 0; - for (j=0; j< rr->_rd_count; j++) { - rdata->rdi_length += - ldns_rdf_size(ldns_rr_rdf(rr, j)); - } - - rdata->rdi_data = malloc(rdata->rdi_length); - if (rdata->rdi_data == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* Re-create the raw DNS RDATA */ - for (j=0; j< rr->_rd_count; j++) { - len = ldns_rdf_size(ldns_rr_rdf(rr, j)); - memcpy(rdata->rdi_data + rdata_offset, - ldns_rdf_data(ldns_rr_rdf(rr, j)), len); - rdata_offset += len; - } - } - } - - *res = rrset; - result = ERRSET_SUCCESS; - -fail: - /* freerrset(rrset); */ - ldns_rdf_deep_free(domain); - ldns_pkt_free(pkt); - ldns_rr_list_deep_free(rrsigs); - ldns_rr_list_deep_free(rrdata); - ldns_resolver_deep_free(ldns_res); - - return result; -} - - -void -freerrset(struct rrsetinfo *rrset) -{ - u_int16_t i; - - if (rrset == NULL) - return; - - if (rrset->rri_rdatas) { - for (i = 0; i < rrset->rri_nrdatas; i++) { - if (rrset->rri_rdatas[i].rdi_data == NULL) - break; - free(rrset->rri_rdatas[i].rdi_data); - } - free(rrset->rri_rdatas); - } - - if (rrset->rri_sigs) { - for (i = 0; i < rrset->rri_nsigs; i++) { - if (rrset->rri_sigs[i].rdi_data == NULL) - break; - free(rrset->rri_sigs[i].rdi_data); - } - free(rrset->rri_sigs); - } - - if (rrset->rri_name) - free(rrset->rri_name); - free(rrset); -} - - -#endif /* !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) */ diff --git a/ssh_keygen_110/openbsd-compat/getrrsetbyname.c b/ssh_keygen_110/openbsd-compat/getrrsetbyname.c deleted file mode 100644 index dc6fe053..00000000 --- a/ssh_keygen_110/openbsd-compat/getrrsetbyname.c +++ /dev/null @@ -1,610 +0,0 @@ -/* $OpenBSD: getrrsetbyname.c,v 1.11 2007/10/11 18:36:41 jakob Exp $ */ - -/* - * Copyright (c) 2001 Jakob Schlyter. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ - -#include "includes.h" - -#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) - -#include -#include - -#include -#include - -#include "getrrsetbyname.h" - -#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO -extern int h_errno; -#endif - -/* We don't need multithread support here */ -#ifdef _THREAD_PRIVATE -# undef _THREAD_PRIVATE -#endif -#define _THREAD_PRIVATE(a,b,c) (c) - -#ifndef HAVE__RES_EXTERN -struct __res_state _res; -#endif - -/* Necessary functions and macros */ - -/* - * Inline versions of get/put short/long. Pointer is advanced. - * - * These macros demonstrate the property of C whereby it can be - * portable or it can be elegant but rarely both. - */ - -#ifndef INT32SZ -# define INT32SZ 4 -#endif -#ifndef INT16SZ -# define INT16SZ 2 -#endif - -#ifndef GETSHORT -#define GETSHORT(s, cp) { \ - register u_char *t_cp = (u_char *)(cp); \ - (s) = ((u_int16_t)t_cp[0] << 8) \ - | ((u_int16_t)t_cp[1]) \ - ; \ - (cp) += INT16SZ; \ -} -#endif - -#ifndef GETLONG -#define GETLONG(l, cp) { \ - register u_char *t_cp = (u_char *)(cp); \ - (l) = ((u_int32_t)t_cp[0] << 24) \ - | ((u_int32_t)t_cp[1] << 16) \ - | ((u_int32_t)t_cp[2] << 8) \ - | ((u_int32_t)t_cp[3]) \ - ; \ - (cp) += INT32SZ; \ -} -#endif - -/* - * Routines to insert/extract short/long's. - */ - -#ifndef HAVE__GETSHORT -static u_int16_t -_getshort(msgp) - register const u_char *msgp; -{ - register u_int16_t u; - - GETSHORT(u, msgp); - return (u); -} -#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0) -u_int16_t _getshort(register const u_char *); -#endif - -#ifndef HAVE__GETLONG -static u_int32_t -_getlong(msgp) - register const u_char *msgp; -{ - register u_int32_t u; - - GETLONG(u, msgp); - return (u); -} -#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0) -u_int32_t _getlong(register const u_char *); -#endif - -/* ************** */ - -#define ANSWER_BUFFER_SIZE 0xffff - -struct dns_query { - char *name; - u_int16_t type; - u_int16_t class; - struct dns_query *next; -}; - -struct dns_rr { - char *name; - u_int16_t type; - u_int16_t class; - u_int16_t ttl; - u_int16_t size; - void *rdata; - struct dns_rr *next; -}; - -struct dns_response { - HEADER header; - struct dns_query *query; - struct dns_rr *answer; - struct dns_rr *authority; - struct dns_rr *additional; -}; - -static struct dns_response *parse_dns_response(const u_char *, int); -static struct dns_query *parse_dns_qsection(const u_char *, int, - const u_char **, int); -static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **, - int); - -static void free_dns_query(struct dns_query *); -static void free_dns_rr(struct dns_rr *); -static void free_dns_response(struct dns_response *); - -static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t); - -int -getrrsetbyname(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - struct rrsetinfo **res) -{ - struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res); - int result; - struct rrsetinfo *rrset = NULL; - struct dns_response *response = NULL; - struct dns_rr *rr; - struct rdatainfo *rdata; - int length; - unsigned int index_ans, index_sig; - u_char answer[ANSWER_BUFFER_SIZE]; - - /* check for invalid class and type */ - if (rdclass > 0xffff || rdtype > 0xffff) { - result = ERRSET_INVAL; - goto fail; - } - - /* don't allow queries of class or type ANY */ - if (rdclass == 0xff || rdtype == 0xff) { - result = ERRSET_INVAL; - goto fail; - } - - /* don't allow flags yet, unimplemented */ - if (flags) { - result = ERRSET_INVAL; - goto fail; - } - - /* initialize resolver */ - if ((_resp->options & RES_INIT) == 0 && res_init() == -1) { - result = ERRSET_FAIL; - goto fail; - } - -#ifdef DEBUG - _resp->options |= RES_DEBUG; -#endif /* DEBUG */ - -#ifdef RES_USE_DNSSEC - /* turn on DNSSEC if EDNS0 is configured */ - if (_resp->options & RES_USE_EDNS0) - _resp->options |= RES_USE_DNSSEC; -#endif /* RES_USE_DNSEC */ - - /* make query */ - length = res_query(hostname, (signed int) rdclass, (signed int) rdtype, - answer, sizeof(answer)); - if (length < 0) { - switch(h_errno) { - case HOST_NOT_FOUND: - result = ERRSET_NONAME; - goto fail; - case NO_DATA: - result = ERRSET_NODATA; - goto fail; - default: - result = ERRSET_FAIL; - goto fail; - } - } - - /* parse result */ - response = parse_dns_response(answer, length); - if (response == NULL) { - result = ERRSET_FAIL; - goto fail; - } - - if (response->header.qdcount != 1) { - result = ERRSET_FAIL; - goto fail; - } - - /* initialize rrset */ - rrset = calloc(1, sizeof(struct rrsetinfo)); - if (rrset == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - rrset->rri_rdclass = response->query->class; - rrset->rri_rdtype = response->query->type; - rrset->rri_ttl = response->answer->ttl; - rrset->rri_nrdatas = response->header.ancount; - -#ifdef HAVE_HEADER_AD - /* check for authenticated data */ - if (response->header.ad == 1) - rrset->rri_flags |= RRSET_VALIDATED; -#endif - - /* copy name from answer section */ - rrset->rri_name = strdup(response->answer->name); - if (rrset->rri_name == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* count answers */ - rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass, - rrset->rri_rdtype); - rrset->rri_nsigs = count_dns_rr(response->answer, rrset->rri_rdclass, - T_RRSIG); - - /* allocate memory for answers */ - rrset->rri_rdatas = calloc(rrset->rri_nrdatas, - sizeof(struct rdatainfo)); - if (rrset->rri_rdatas == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* allocate memory for signatures */ - if (rrset->rri_nsigs > 0) { - rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - } - - /* copy answers & signatures */ - for (rr = response->answer, index_ans = 0, index_sig = 0; - rr; rr = rr->next) { - - rdata = NULL; - - if (rr->class == rrset->rri_rdclass && - rr->type == rrset->rri_rdtype) - rdata = &rrset->rri_rdatas[index_ans++]; - - if (rr->class == rrset->rri_rdclass && - rr->type == T_RRSIG) - rdata = &rrset->rri_sigs[index_sig++]; - - if (rdata) { - rdata->rdi_length = rr->size; - rdata->rdi_data = malloc(rr->size); - - if (rdata->rdi_data == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - memcpy(rdata->rdi_data, rr->rdata, rr->size); - } - } - free_dns_response(response); - - *res = rrset; - return (ERRSET_SUCCESS); - -fail: - if (rrset != NULL) - freerrset(rrset); - if (response != NULL) - free_dns_response(response); - return (result); -} - -void -freerrset(struct rrsetinfo *rrset) -{ - u_int16_t i; - - if (rrset == NULL) - return; - - if (rrset->rri_rdatas) { - for (i = 0; i < rrset->rri_nrdatas; i++) { - if (rrset->rri_rdatas[i].rdi_data == NULL) - break; - free(rrset->rri_rdatas[i].rdi_data); - } - free(rrset->rri_rdatas); - } - - if (rrset->rri_sigs) { - for (i = 0; i < rrset->rri_nsigs; i++) { - if (rrset->rri_sigs[i].rdi_data == NULL) - break; - free(rrset->rri_sigs[i].rdi_data); - } - free(rrset->rri_sigs); - } - - if (rrset->rri_name) - free(rrset->rri_name); - free(rrset); -} - -/* - * DNS response parsing routines - */ -static struct dns_response * -parse_dns_response(const u_char *answer, int size) -{ - struct dns_response *resp; - const u_char *cp; - - /* allocate memory for the response */ - resp = calloc(1, sizeof(*resp)); - if (resp == NULL) - return (NULL); - - /* initialize current pointer */ - cp = answer; - - /* copy header */ - memcpy(&resp->header, cp, HFIXEDSZ); - cp += HFIXEDSZ; - - /* fix header byte order */ - resp->header.qdcount = ntohs(resp->header.qdcount); - resp->header.ancount = ntohs(resp->header.ancount); - resp->header.nscount = ntohs(resp->header.nscount); - resp->header.arcount = ntohs(resp->header.arcount); - - /* there must be at least one query */ - if (resp->header.qdcount < 1) { - free_dns_response(resp); - return (NULL); - } - - /* parse query section */ - resp->query = parse_dns_qsection(answer, size, &cp, - resp->header.qdcount); - if (resp->header.qdcount && resp->query == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse answer section */ - resp->answer = parse_dns_rrsection(answer, size, &cp, - resp->header.ancount); - if (resp->header.ancount && resp->answer == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse authority section */ - resp->authority = parse_dns_rrsection(answer, size, &cp, - resp->header.nscount); - if (resp->header.nscount && resp->authority == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse additional section */ - resp->additional = parse_dns_rrsection(answer, size, &cp, - resp->header.arcount); - if (resp->header.arcount && resp->additional == NULL) { - free_dns_response(resp); - return (NULL); - } - - return (resp); -} - -static struct dns_query * -parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count) -{ - struct dns_query *head, *curr, *prev; - int i, length; - char name[MAXDNAME]; - - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { - - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_query)); - if (curr == NULL) { - free_dns_query(head); - return (NULL); - } - if (head == NULL) - head = curr; - if (prev != NULL) - prev->next = curr; - - /* name */ - length = dn_expand(answer, answer + size, *cp, name, - sizeof(name)); - if (length < 0) { - free_dns_query(head); - return (NULL); - } - curr->name = strdup(name); - if (curr->name == NULL) { - free_dns_query(head); - return (NULL); - } - *cp += length; - - /* type */ - curr->type = _getshort(*cp); - *cp += INT16SZ; - - /* class */ - curr->class = _getshort(*cp); - *cp += INT16SZ; - } - - return (head); -} - -static struct dns_rr * -parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, - int count) -{ - struct dns_rr *head, *curr, *prev; - int i, length; - char name[MAXDNAME]; - - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { - - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_rr)); - if (curr == NULL) { - free_dns_rr(head); - return (NULL); - } - if (head == NULL) - head = curr; - if (prev != NULL) - prev->next = curr; - - /* name */ - length = dn_expand(answer, answer + size, *cp, name, - sizeof(name)); - if (length < 0) { - free_dns_rr(head); - return (NULL); - } - curr->name = strdup(name); - if (curr->name == NULL) { - free_dns_rr(head); - return (NULL); - } - *cp += length; - - /* type */ - curr->type = _getshort(*cp); - *cp += INT16SZ; - - /* class */ - curr->class = _getshort(*cp); - *cp += INT16SZ; - - /* ttl */ - curr->ttl = _getlong(*cp); - *cp += INT32SZ; - - /* rdata size */ - curr->size = _getshort(*cp); - *cp += INT16SZ; - - /* rdata itself */ - curr->rdata = malloc(curr->size); - if (curr->rdata == NULL) { - free_dns_rr(head); - return (NULL); - } - memcpy(curr->rdata, *cp, curr->size); - *cp += curr->size; - } - - return (head); -} - -static void -free_dns_query(struct dns_query *p) -{ - if (p == NULL) - return; - - if (p->name) - free(p->name); - free_dns_query(p->next); - free(p); -} - -static void -free_dns_rr(struct dns_rr *p) -{ - if (p == NULL) - return; - - if (p->name) - free(p->name); - if (p->rdata) - free(p->rdata); - free_dns_rr(p->next); - free(p); -} - -static void -free_dns_response(struct dns_response *p) -{ - if (p == NULL) - return; - - free_dns_query(p->query); - free_dns_rr(p->answer); - free_dns_rr(p->authority); - free_dns_rr(p->additional); - free(p); -} - -static int -count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) -{ - int n = 0; - - while(p) { - if (p->class == class && p->type == type) - n++; - p = p->next; - } - - return (n); -} - -#endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */ diff --git a/ssh_keygen_110/openbsd-compat/getrrsetbyname.h b/ssh_keygen_110/openbsd-compat/getrrsetbyname.h deleted file mode 100644 index 1283f550..00000000 --- a/ssh_keygen_110/openbsd-compat/getrrsetbyname.h +++ /dev/null @@ -1,110 +0,0 @@ -/* OPENBSD BASED ON : include/netdb.h */ - -/* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */ - -/* - * Copyright (c) 2001 Jakob Schlyter. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _GETRRSETBYNAME_H -#define _GETRRSETBYNAME_H - -#include "includes.h" - -#ifndef HAVE_GETRRSETBYNAME - -#include -#include -#include -#include -#include - -#ifndef HFIXEDSZ -#define HFIXEDSZ 12 -#endif - -#ifndef T_RRSIG -#define T_RRSIG 46 -#endif - -/* - * Flags for getrrsetbyname() - */ -#ifndef RRSET_VALIDATED -# define RRSET_VALIDATED 1 -#endif - -/* - * Return codes for getrrsetbyname() - */ -#ifndef ERRSET_SUCCESS -# define ERRSET_SUCCESS 0 -# define ERRSET_NOMEMORY 1 -# define ERRSET_FAIL 2 -# define ERRSET_INVAL 3 -# define ERRSET_NONAME 4 -# define ERRSET_NODATA 5 -#endif - -struct rdatainfo { - unsigned int rdi_length; /* length of data */ - unsigned char *rdi_data; /* record data */ -}; - -struct rrsetinfo { - unsigned int rri_flags; /* RRSET_VALIDATED ... */ - unsigned int rri_rdclass; /* class number */ - unsigned int rri_rdtype; /* RR type number */ - unsigned int rri_ttl; /* time to live */ - unsigned int rri_nrdatas; /* size of rdatas array */ - unsigned int rri_nsigs; /* size of sigs array */ - char *rri_name; /* canonical name */ - struct rdatainfo *rri_rdatas; /* individual records */ - struct rdatainfo *rri_sigs; /* individual signatures */ -}; - -int getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **); -void freerrset(struct rrsetinfo *); - -#endif /* !defined(HAVE_GETRRSETBYNAME) */ - -#endif /* _GETRRSETBYNAME_H */ diff --git a/ssh_keygen_110/openbsd-compat/glob.c b/ssh_keygen_110/openbsd-compat/glob.c deleted file mode 100644 index 7c97e67f..00000000 --- a/ssh_keygen_110/openbsd-compat/glob.c +++ /dev/null @@ -1,1066 +0,0 @@ -/* $OpenBSD: glob.c,v 1.38 2011/09/22 06:27:29 djm Exp $ */ -/* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Guido van Rossum. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ - -/* - * glob(3) -- a superset of the one defined in POSIX 1003.2. - * - * The [!...] convention to negate a range is supported (SysV, Posix, ksh). - * - * Optional extra services, controlled by flags not defined by POSIX: - * - * GLOB_QUOTE: - * Escaping convention: \ inhibits any special meaning the following - * character might have (except \ at end of string is retained). - * GLOB_MAGCHAR: - * Set in gl_flags if pattern contained a globbing character. - * GLOB_NOMAGIC: - * Same as GLOB_NOCHECK, but it will only append pattern if it did - * not contain any magic characters. [Used in csh style globbing] - * GLOB_ALTDIRFUNC: - * Use alternately specified directory access functions. - * GLOB_TILDE: - * expand ~user/foo to the /home/dir/of/user/foo - * GLOB_BRACE: - * expand {1,2}{a,b} to 1a 1b 2a 2b - * gl_matchc: - * Number of matches in the current invocation of glob. - */ - -#include "includes.h" -#include "glob.h" - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \ - !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ - defined(BROKEN_GLOB) - -#include "charclass.h" - -#define DOLLAR '$' -#define DOT '.' -#define EOS '\0' -#define LBRACKET '[' -#define NOT '!' -#define QUESTION '?' -#define QUOTE '\\' -#define RANGE '-' -#define RBRACKET ']' -#define SEP '/' -#define STAR '*' -#define TILDE '~' -#define UNDERSCORE '_' -#define LBRACE '{' -#define RBRACE '}' -#define SLASH '/' -#define COMMA ',' - -#ifndef DEBUG - -#define M_QUOTE 0x8000 -#define M_PROTECT 0x4000 -#define M_MASK 0xffff -#define M_ASCII 0x00ff - -typedef u_short Char; - -#else - -#define M_QUOTE 0x80 -#define M_PROTECT 0x40 -#define M_MASK 0xff -#define M_ASCII 0x7f - -typedef char Char; - -#endif - - -#define CHAR(c) ((Char)((c)&M_ASCII)) -#define META(c) ((Char)((c)|M_QUOTE)) -#define M_ALL META('*') -#define M_END META(']') -#define M_NOT META('!') -#define M_ONE META('?') -#define M_RNG META('-') -#define M_SET META('[') -#define M_CLASS META(':') -#define ismeta(c) (((c)&M_QUOTE) != 0) - -#define GLOB_LIMIT_MALLOC 65536 -#define GLOB_LIMIT_STAT 128 -#define GLOB_LIMIT_READDIR 16384 - -/* Limit of recursion during matching attempts. */ -#define GLOB_LIMIT_RECUR 64 - -struct glob_lim { - size_t glim_malloc; - size_t glim_stat; - size_t glim_readdir; -}; - -struct glob_path_stat { - char *gps_path; - struct stat *gps_stat; -}; - -static int compare(const void *, const void *); -static int compare_gps(const void *, const void *); -static int g_Ctoc(const Char *, char *, u_int); -static int g_lstat(Char *, struct stat *, glob_t *); -static DIR *g_opendir(Char *, glob_t *); -static Char *g_strchr(const Char *, int); -static int g_strncmp(const Char *, const char *, size_t); -static int g_stat(Char *, struct stat *, glob_t *); -static int glob0(const Char *, glob_t *, struct glob_lim *); -static int glob1(Char *, Char *, glob_t *, struct glob_lim *); -static int glob2(Char *, Char *, Char *, Char *, Char *, Char *, - glob_t *, struct glob_lim *); -static int glob3(Char *, Char *, Char *, Char *, Char *, - Char *, Char *, glob_t *, struct glob_lim *); -static int globextend(const Char *, glob_t *, struct glob_lim *, - struct stat *); -static const Char * - globtilde(const Char *, Char *, size_t, glob_t *); -static int globexp1(const Char *, glob_t *, struct glob_lim *); -static int globexp2(const Char *, const Char *, glob_t *, - struct glob_lim *); -static int match(Char *, Char *, Char *, int); -#ifdef DEBUG -static void qprintf(const char *, Char *); -#endif - -int -glob(const char *pattern, int flags, int (*errfunc)(const char *, int), - glob_t *pglob) -{ - const u_char *patnext; - int c; - Char *bufnext, *bufend, patbuf[MAXPATHLEN]; - struct glob_lim limit = { 0, 0, 0 }; - - if (strnlen(pattern, PATH_MAX) == PATH_MAX) - return(GLOB_NOMATCH); - - patnext = (u_char *) pattern; - if (!(flags & GLOB_APPEND)) { - pglob->gl_pathc = 0; - pglob->gl_pathv = NULL; - pglob->gl_statv = NULL; - if (!(flags & GLOB_DOOFFS)) - pglob->gl_offs = 0; - } - pglob->gl_flags = flags & ~GLOB_MAGCHAR; - pglob->gl_errfunc = errfunc; - pglob->gl_matchc = 0; - - if (pglob->gl_offs < 0 || pglob->gl_pathc < 0 || - pglob->gl_offs >= INT_MAX || pglob->gl_pathc >= INT_MAX || - pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1) - return GLOB_NOSPACE; - - bufnext = patbuf; - bufend = bufnext + MAXPATHLEN - 1; - if (flags & GLOB_NOESCAPE) - while (bufnext < bufend && (c = *patnext++) != EOS) - *bufnext++ = c; - else { - /* Protect the quoted characters. */ - while (bufnext < bufend && (c = *patnext++) != EOS) - if (c == QUOTE) { - if ((c = *patnext++) == EOS) { - c = QUOTE; - --patnext; - } - *bufnext++ = c | M_PROTECT; - } else - *bufnext++ = c; - } - *bufnext = EOS; - - if (flags & GLOB_BRACE) - return globexp1(patbuf, pglob, &limit); - else - return glob0(patbuf, pglob, &limit); -} - -/* - * Expand recursively a glob {} pattern. When there is no more expansion - * invoke the standard globbing routine to glob the rest of the magic - * characters - */ -static int -globexp1(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) -{ - const Char* ptr = pattern; - - /* Protect a single {}, for find(1), like csh */ - if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS) - return glob0(pattern, pglob, limitp); - - if ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL) - return globexp2(ptr, pattern, pglob, limitp); - - return glob0(pattern, pglob, limitp); -} - - -/* - * Recursive brace globbing helper. Tries to expand a single brace. - * If it succeeds then it invokes globexp1 with the new pattern. - * If it fails then it tries to glob the rest of the pattern and returns. - */ -static int -globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, - struct glob_lim *limitp) -{ - int i, rv; - Char *lm, *ls; - const Char *pe, *pm, *pl; - Char patbuf[MAXPATHLEN]; - - /* copy part up to the brace */ - for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++) - ; - *lm = EOS; - ls = lm; - - /* Find the balanced brace */ - for (i = 0, pe = ++ptr; *pe; pe++) - if (*pe == LBRACKET) { - /* Ignore everything between [] */ - for (pm = pe++; *pe != RBRACKET && *pe != EOS; pe++) - ; - if (*pe == EOS) { - /* - * We could not find a matching RBRACKET. - * Ignore and just look for RBRACE - */ - pe = pm; - } - } else if (*pe == LBRACE) - i++; - else if (*pe == RBRACE) { - if (i == 0) - break; - i--; - } - - /* Non matching braces; just glob the pattern */ - if (i != 0 || *pe == EOS) - return glob0(patbuf, pglob, limitp); - - for (i = 0, pl = pm = ptr; pm <= pe; pm++) { - switch (*pm) { - case LBRACKET: - /* Ignore everything between [] */ - for (pl = pm++; *pm != RBRACKET && *pm != EOS; pm++) - ; - if (*pm == EOS) { - /* - * We could not find a matching RBRACKET. - * Ignore and just look for RBRACE - */ - pm = pl; - } - break; - - case LBRACE: - i++; - break; - - case RBRACE: - if (i) { - i--; - break; - } - /* FALLTHROUGH */ - case COMMA: - if (i && *pm == COMMA) - break; - else { - /* Append the current string */ - for (lm = ls; (pl < pm); *lm++ = *pl++) - ; - - /* - * Append the rest of the pattern after the - * closing brace - */ - for (pl = pe + 1; (*lm++ = *pl++) != EOS; ) - ; - - /* Expand the current pattern */ -#ifdef DEBUG - qprintf("globexp2:", patbuf); -#endif - rv = globexp1(patbuf, pglob, limitp); - if (rv && rv != GLOB_NOMATCH) - return rv; - - /* move after the comma, to the next string */ - pl = pm + 1; - } - break; - - default: - break; - } - } - return 0; -} - - - -/* - * expand tilde from the passwd file. - */ -static const Char * -globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob) -{ - struct passwd *pwd; - char *h; - const Char *p; - Char *b, *eb; - - if (*pattern != TILDE || !(pglob->gl_flags & GLOB_TILDE)) - return pattern; - - /* Copy up to the end of the string or / */ - eb = &patbuf[patbuf_len - 1]; - for (p = pattern + 1, h = (char *) patbuf; - h < (char *)eb && *p && *p != SLASH; *h++ = *p++) - ; - - *h = EOS; - -#if 0 - if (h == (char *)eb) - return what; -#endif - - if (((char *) patbuf)[0] == EOS) { - /* - * handle a plain ~ or ~/ by expanding $HOME - * first and then trying the password file - */ -#if 0 - if (issetugid() != 0 || (h = getenv("HOME")) == NULL) { -#endif - if ((getuid() != geteuid()) || (h = getenv("HOME")) == NULL) { - if ((pwd = getpwuid(getuid())) == NULL) - return pattern; - else - h = pwd->pw_dir; - } - } else { - /* - * Expand a ~user - */ - if ((pwd = getpwnam((char*) patbuf)) == NULL) - return pattern; - else - h = pwd->pw_dir; - } - - /* Copy the home directory */ - for (b = patbuf; b < eb && *h; *b++ = *h++) - ; - - /* Append the rest of the pattern */ - while (b < eb && (*b++ = *p++) != EOS) - ; - *b = EOS; - - return patbuf; -} - -static int -g_strncmp(const Char *s1, const char *s2, size_t n) -{ - int rv = 0; - - while (n--) { - rv = *(Char *)s1 - *(const unsigned char *)s2++; - if (rv) - break; - if (*s1++ == '\0') - break; - } - return rv; -} - -static int -g_charclass(const Char **patternp, Char **bufnextp) -{ - const Char *pattern = *patternp + 1; - Char *bufnext = *bufnextp; - const Char *colon; - struct cclass *cc; - size_t len; - - if ((colon = g_strchr(pattern, ':')) == NULL || colon[1] != ']') - return 1; /* not a character class */ - - len = (size_t)(colon - pattern); - for (cc = cclasses; cc->name != NULL; cc++) { - if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0') - break; - } - if (cc->name == NULL) - return -1; /* invalid character class */ - *bufnext++ = M_CLASS; - *bufnext++ = (Char)(cc - &cclasses[0]); - *bufnextp = bufnext; - *patternp += len + 3; - - return 0; -} - -/* - * The main glob() routine: compiles the pattern (optionally processing - * quotes), calls glob1() to do the real pattern matching, and finally - * sorts the list (unless unsorted operation is requested). Returns 0 - * if things went well, nonzero if errors occurred. It is not an error - * to find no matches. - */ -static int -glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) -{ - const Char *qpatnext; - int c, err, oldpathc; - Char *bufnext, patbuf[MAXPATHLEN]; - - qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob); - oldpathc = pglob->gl_pathc; - bufnext = patbuf; - - /* We don't need to check for buffer overflow any more. */ - while ((c = *qpatnext++) != EOS) { - switch (c) { - case LBRACKET: - c = *qpatnext; - if (c == NOT) - ++qpatnext; - if (*qpatnext == EOS || - g_strchr(qpatnext+1, RBRACKET) == NULL) { - *bufnext++ = LBRACKET; - if (c == NOT) - --qpatnext; - break; - } - *bufnext++ = M_SET; - if (c == NOT) - *bufnext++ = M_NOT; - c = *qpatnext++; - do { - if (c == LBRACKET && *qpatnext == ':') { - do { - err = g_charclass(&qpatnext, - &bufnext); - if (err) - break; - c = *qpatnext++; - } while (c == LBRACKET && *qpatnext == ':'); - if (err == -1 && - !(pglob->gl_flags & GLOB_NOCHECK)) - return GLOB_NOMATCH; - if (c == RBRACKET) - break; - } - *bufnext++ = CHAR(c); - if (*qpatnext == RANGE && - (c = qpatnext[1]) != RBRACKET) { - *bufnext++ = M_RNG; - *bufnext++ = CHAR(c); - qpatnext += 2; - } - } while ((c = *qpatnext++) != RBRACKET); - pglob->gl_flags |= GLOB_MAGCHAR; - *bufnext++ = M_END; - break; - case QUESTION: - pglob->gl_flags |= GLOB_MAGCHAR; - *bufnext++ = M_ONE; - break; - case STAR: - pglob->gl_flags |= GLOB_MAGCHAR; - /* collapse adjacent stars to one, - * to avoid exponential behavior - */ - if (bufnext == patbuf || bufnext[-1] != M_ALL) - *bufnext++ = M_ALL; - break; - default: - *bufnext++ = CHAR(c); - break; - } - } - *bufnext = EOS; -#ifdef DEBUG - qprintf("glob0:", patbuf); -#endif - - if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, limitp)) != 0) - return(err); - - /* - * If there was no match we are going to append the pattern - * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified - * and the pattern did not contain any magic characters - * GLOB_NOMAGIC is there just for compatibility with csh. - */ - if (pglob->gl_pathc == oldpathc) { - if ((pglob->gl_flags & GLOB_NOCHECK) || - ((pglob->gl_flags & GLOB_NOMAGIC) && - !(pglob->gl_flags & GLOB_MAGCHAR))) - return(globextend(pattern, pglob, limitp, NULL)); - else - return(GLOB_NOMATCH); - } - if (!(pglob->gl_flags & GLOB_NOSORT)) { - if ((pglob->gl_flags & GLOB_KEEPSTAT)) { - /* Keep the paths and stat info synced during sort */ - struct glob_path_stat *path_stat; - int i; - int n = pglob->gl_pathc - oldpathc; - int o = pglob->gl_offs + oldpathc; - - if ((path_stat = calloc(n, sizeof(*path_stat))) == NULL) - return GLOB_NOSPACE; - for (i = 0; i < n; i++) { - path_stat[i].gps_path = pglob->gl_pathv[o + i]; - path_stat[i].gps_stat = pglob->gl_statv[o + i]; - } - qsort(path_stat, n, sizeof(*path_stat), compare_gps); - for (i = 0; i < n; i++) { - pglob->gl_pathv[o + i] = path_stat[i].gps_path; - pglob->gl_statv[o + i] = path_stat[i].gps_stat; - } - free(path_stat); - } else { - qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, - pglob->gl_pathc - oldpathc, sizeof(char *), - compare); - } - } - return(0); -} - -static int -compare(const void *p, const void *q) -{ - return(strcmp(*(char **)p, *(char **)q)); -} - -static int -compare_gps(const void *_p, const void *_q) -{ - const struct glob_path_stat *p = (const struct glob_path_stat *)_p; - const struct glob_path_stat *q = (const struct glob_path_stat *)_q; - - return(strcmp(p->gps_path, q->gps_path)); -} - -static int -glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) -{ - Char pathbuf[MAXPATHLEN]; - - /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */ - if (*pattern == EOS) - return(0); - return(glob2(pathbuf, pathbuf+MAXPATHLEN-1, - pathbuf, pathbuf+MAXPATHLEN-1, - pattern, pattern_last, pglob, limitp)); -} - -/* - * The functions glob2 and glob3 are mutually recursive; there is one level - * of recursion for each segment in the pattern that contains one or more - * meta characters. - */ -static int -glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, - Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) -{ - struct stat sb; - Char *p, *q; - int anymeta; - - /* - * Loop over pattern segments until end of pattern or until - * segment with meta character found. - */ - for (anymeta = 0;;) { - if (*pattern == EOS) { /* End of pattern? */ - *pathend = EOS; - if (g_lstat(pathbuf, &sb, pglob)) - return(0); - - if ((pglob->gl_flags & GLOB_LIMIT) && - limitp->glim_stat++ >= GLOB_LIMIT_STAT) { - errno = 0; - *pathend++ = SEP; - *pathend = EOS; - return(GLOB_NOSPACE); - } - - if (((pglob->gl_flags & GLOB_MARK) && - pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) || - (S_ISLNK(sb.st_mode) && - (g_stat(pathbuf, &sb, pglob) == 0) && - S_ISDIR(sb.st_mode)))) { - if (pathend+1 > pathend_last) - return (1); - *pathend++ = SEP; - *pathend = EOS; - } - ++pglob->gl_matchc; - return(globextend(pathbuf, pglob, limitp, &sb)); - } - - /* Find end of next segment, copy tentatively to pathend. */ - q = pathend; - p = pattern; - while (*p != EOS && *p != SEP) { - if (ismeta(*p)) - anymeta = 1; - if (q+1 > pathend_last) - return (1); - *q++ = *p++; - } - - if (!anymeta) { /* No expansion, do next segment. */ - pathend = q; - pattern = p; - while (*pattern == SEP) { - if (pathend+1 > pathend_last) - return (1); - *pathend++ = *pattern++; - } - } else - /* Need expansion, recurse. */ - return(glob3(pathbuf, pathbuf_last, pathend, - pathend_last, pattern, p, pattern_last, - pglob, limitp)); - } - /* NOTREACHED */ -} - -static int -glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, - Char *pattern, Char *restpattern, Char *restpattern_last, glob_t *pglob, - struct glob_lim *limitp) -{ - struct dirent *dp; - DIR *dirp; - int err; - char buf[MAXPATHLEN]; - - /* - * The readdirfunc declaration can't be prototyped, because it is - * assigned, below, to two functions which are prototyped in glob.h - * and dirent.h as taking pointers to differently typed opaque - * structures. - */ - struct dirent *(*readdirfunc)(void *); - - if (pathend > pathend_last) - return (1); - *pathend = EOS; - errno = 0; - - if ((dirp = g_opendir(pathbuf, pglob)) == NULL) { - /* TODO: don't call for ENOENT or ENOTDIR? */ - if (pglob->gl_errfunc) { - if (g_Ctoc(pathbuf, buf, sizeof(buf))) - return(GLOB_ABORTED); - if (pglob->gl_errfunc(buf, errno) || - pglob->gl_flags & GLOB_ERR) - return(GLOB_ABORTED); - } - return(0); - } - - err = 0; - - /* Search directory for matching names. */ - if (pglob->gl_flags & GLOB_ALTDIRFUNC) - readdirfunc = pglob->gl_readdir; - else - readdirfunc = (struct dirent *(*)(void *))readdir; - while ((dp = (*readdirfunc)(dirp))) { - u_char *sc; - Char *dc; - - if ((pglob->gl_flags & GLOB_LIMIT) && - limitp->glim_readdir++ >= GLOB_LIMIT_READDIR) { - errno = 0; - *pathend++ = SEP; - *pathend = EOS; - err = GLOB_NOSPACE; - break; - } - - /* Initial DOT must be matched literally. */ - if (dp->d_name[0] == DOT && *pattern != DOT) - continue; - dc = pathend; - sc = (u_char *) dp->d_name; - while (dc < pathend_last && (*dc++ = *sc++) != EOS) - ; - if (dc >= pathend_last) { - *dc = EOS; - err = 1; - break; - } - - if (!match(pathend, pattern, restpattern, GLOB_LIMIT_RECUR)) { - *pathend = EOS; - continue; - } - err = glob2(pathbuf, pathbuf_last, --dc, pathend_last, - restpattern, restpattern_last, pglob, limitp); - if (err) - break; - } - - if (pglob->gl_flags & GLOB_ALTDIRFUNC) - (*pglob->gl_closedir)(dirp); - else - closedir(dirp); - return(err); -} - - -/* - * Extend the gl_pathv member of a glob_t structure to accommodate a new item, - * add the new item, and update gl_pathc. - * - * This assumes the BSD realloc, which only copies the block when its size - * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic - * behavior. - * - * Return 0 if new item added, error code if memory couldn't be allocated. - * - * Invariant of the glob_t structure: - * Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and - * gl_pathv points to (gl_offs + gl_pathc + 1) items. - */ -static int -globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp, - struct stat *sb) -{ - char **pathv; - ssize_t i; - size_t newn, len; - char *copy = NULL; - const Char *p; - struct stat **statv; - - newn = 2 + pglob->gl_pathc + pglob->gl_offs; - if (pglob->gl_offs >= INT_MAX || - pglob->gl_pathc >= INT_MAX || - newn >= INT_MAX || - SIZE_MAX / sizeof(*pathv) <= newn || - SIZE_MAX / sizeof(*statv) <= newn) { - nospace: - for (i = pglob->gl_offs; i < (ssize_t)(newn - 2); i++) { - if (pglob->gl_pathv && pglob->gl_pathv[i]) - free(pglob->gl_pathv[i]); - if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0 && - pglob->gl_pathv && pglob->gl_pathv[i]) - free(pglob->gl_statv[i]); - } - if (pglob->gl_pathv) { - free(pglob->gl_pathv); - pglob->gl_pathv = NULL; - } - if (pglob->gl_statv) { - free(pglob->gl_statv); - pglob->gl_statv = NULL; - } - return(GLOB_NOSPACE); - } - - pathv = realloc(pglob->gl_pathv, newn * sizeof(*pathv)); - if (pathv == NULL) - goto nospace; - if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { - /* first time around -- clear initial gl_offs items */ - pathv += pglob->gl_offs; - for (i = pglob->gl_offs; --i >= 0; ) - *--pathv = NULL; - } - pglob->gl_pathv = pathv; - - if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0) { - statv = realloc(pglob->gl_statv, newn * sizeof(*statv)); - if (statv == NULL) - goto nospace; - if (pglob->gl_statv == NULL && pglob->gl_offs > 0) { - /* first time around -- clear initial gl_offs items */ - statv += pglob->gl_offs; - for (i = pglob->gl_offs; --i >= 0; ) - *--statv = NULL; - } - pglob->gl_statv = statv; - if (sb == NULL) - statv[pglob->gl_offs + pglob->gl_pathc] = NULL; - else { - limitp->glim_malloc += sizeof(**statv); - if ((pglob->gl_flags & GLOB_LIMIT) && - limitp->glim_malloc >= GLOB_LIMIT_MALLOC) { - errno = 0; - return(GLOB_NOSPACE); - } - if ((statv[pglob->gl_offs + pglob->gl_pathc] = - malloc(sizeof(**statv))) == NULL) - goto copy_error; - memcpy(statv[pglob->gl_offs + pglob->gl_pathc], sb, - sizeof(*sb)); - } - statv[pglob->gl_offs + pglob->gl_pathc + 1] = NULL; - } - - for (p = path; *p++;) - ; - len = (size_t)(p - path); - limitp->glim_malloc += len; - if ((copy = malloc(len)) != NULL) { - if (g_Ctoc(path, copy, len)) { - free(copy); - return(GLOB_NOSPACE); - } - pathv[pglob->gl_offs + pglob->gl_pathc++] = copy; - } - pathv[pglob->gl_offs + pglob->gl_pathc] = NULL; - - if ((pglob->gl_flags & GLOB_LIMIT) && - (newn * sizeof(*pathv)) + limitp->glim_malloc > - GLOB_LIMIT_MALLOC) { - errno = 0; - return(GLOB_NOSPACE); - } - copy_error: - return(copy == NULL ? GLOB_NOSPACE : 0); -} - - -/* - * pattern matching function for filenames. Each occurrence of the * - * pattern causes a recursion level. - */ -static int -match(Char *name, Char *pat, Char *patend, int recur) -{ - int ok, negate_range; - Char c, k; - - if (recur-- == 0) - return(GLOB_NOSPACE); - - while (pat < patend) { - c = *pat++; - switch (c & M_MASK) { - case M_ALL: - while (pat < patend && (*pat & M_MASK) == M_ALL) - pat++; /* eat consecutive '*' */ - if (pat == patend) - return(1); - do { - if (match(name, pat, patend, recur)) - return(1); - } while (*name++ != EOS); - return(0); - case M_ONE: - if (*name++ == EOS) - return(0); - break; - case M_SET: - ok = 0; - if ((k = *name++) == EOS) - return(0); - if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS) - ++pat; - while (((c = *pat++) & M_MASK) != M_END) { - if ((c & M_MASK) == M_CLASS) { - Char idx = *pat & M_MASK; - if (idx < NCCLASSES && - cclasses[idx].isctype(k)) - ok = 1; - ++pat; - } - if ((*pat & M_MASK) == M_RNG) { - if (c <= k && k <= pat[1]) - ok = 1; - pat += 2; - } else if (c == k) - ok = 1; - } - if (ok == negate_range) - return(0); - break; - default: - if (*name++ != c) - return(0); - break; - } - } - return(*name == EOS); -} - -/* Free allocated data belonging to a glob_t structure. */ -void -globfree(glob_t *pglob) -{ - int i; - char **pp; - - if (pglob->gl_pathv != NULL) { - pp = pglob->gl_pathv + pglob->gl_offs; - for (i = pglob->gl_pathc; i--; ++pp) - if (*pp) - free(*pp); - free(pglob->gl_pathv); - pglob->gl_pathv = NULL; - } - if (pglob->gl_statv != NULL) { - for (i = 0; i < pglob->gl_pathc; i++) { - if (pglob->gl_statv[i] != NULL) - free(pglob->gl_statv[i]); - } - free(pglob->gl_statv); - pglob->gl_statv = NULL; - } -} - -static DIR * -g_opendir(Char *str, glob_t *pglob) -{ - char buf[MAXPATHLEN]; - - if (!*str) - strlcpy(buf, ".", sizeof buf); - else { - if (g_Ctoc(str, buf, sizeof(buf))) - return(NULL); - } - - if (pglob->gl_flags & GLOB_ALTDIRFUNC) - return((*pglob->gl_opendir)(buf)); - - return(opendir(buf)); -} - -static int -g_lstat(Char *fn, struct stat *sb, glob_t *pglob) -{ - char buf[MAXPATHLEN]; - - if (g_Ctoc(fn, buf, sizeof(buf))) - return(-1); - if (pglob->gl_flags & GLOB_ALTDIRFUNC) - return((*pglob->gl_lstat)(buf, sb)); - return(lstat(buf, sb)); -} - -static int -g_stat(Char *fn, struct stat *sb, glob_t *pglob) -{ - char buf[MAXPATHLEN]; - - if (g_Ctoc(fn, buf, sizeof(buf))) - return(-1); - if (pglob->gl_flags & GLOB_ALTDIRFUNC) - return((*pglob->gl_stat)(buf, sb)); - return(stat(buf, sb)); -} - -static Char * -g_strchr(const Char *str, int ch) -{ - do { - if (*str == ch) - return ((Char *)str); - } while (*str++); - return (NULL); -} - -static int -g_Ctoc(const Char *str, char *buf, u_int len) -{ - - while (len--) { - if ((*buf++ = *str++) == EOS) - return (0); - } - return (1); -} - -#ifdef DEBUG -static void -qprintf(const char *str, Char *s) -{ - Char *p; - - (void)printf("%s:\n", str); - for (p = s; *p; p++) - (void)printf("%c", CHAR(*p)); - (void)printf("\n"); - for (p = s; *p; p++) - (void)printf("%c", *p & M_PROTECT ? '"' : ' '); - (void)printf("\n"); - for (p = s; *p; p++) - (void)printf("%c", ismeta(*p) ? '_' : ' '); - (void)printf("\n"); -} -#endif - -#endif /* !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || - !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) */ diff --git a/ssh_keygen_110/openbsd-compat/glob.h b/ssh_keygen_110/openbsd-compat/glob.h deleted file mode 100644 index f069a05d..00000000 --- a/ssh_keygen_110/openbsd-compat/glob.h +++ /dev/null @@ -1,107 +0,0 @@ -/* $OpenBSD: glob.h,v 1.11 2010/09/24 13:32:55 djm Exp $ */ -/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ - -/* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Guido van Rossum. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)glob.h 8.1 (Berkeley) 6/2/93 - */ - -/* OPENBSD ORIGINAL: include/glob.h */ - -#if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \ - !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ - defined(BROKEN_GLOB) - -#ifndef _COMPAT_GLOB_H_ -#define _COMPAT_GLOB_H_ - -#include - -# define glob_t _ssh_compat_glob_t -# define glob(a, b, c, d) _ssh__compat_glob(a, b, c, d) -# define globfree(a) _ssh__compat_globfree(a) - -struct stat; -typedef struct { - int gl_pathc; /* Count of total paths so far. */ - int gl_matchc; /* Count of paths matching pattern. */ - int gl_offs; /* Reserved at beginning of gl_pathv. */ - int gl_flags; /* Copy of flags parameter to glob. */ - char **gl_pathv; /* List of paths matching pattern. */ - struct stat **gl_statv; /* Stat entries corresponding to gl_pathv */ - /* Copy of errfunc parameter to glob. */ - int (*gl_errfunc)(const char *, int); - - /* - * Alternate filesystem access methods for glob; replacement - * versions of closedir(3), readdir(3), opendir(3), stat(2) - * and lstat(2). - */ - void (*gl_closedir)(void *); - struct dirent *(*gl_readdir)(void *); - void *(*gl_opendir)(const char *); - int (*gl_lstat)(const char *, struct stat *); - int (*gl_stat)(const char *, struct stat *); -} glob_t; - -#define GLOB_APPEND 0x0001 /* Append to output from previous call. */ -#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */ -#define GLOB_ERR 0x0004 /* Return on error. */ -#define GLOB_MARK 0x0008 /* Append / to matching directories. */ -#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */ -#define GLOB_NOSORT 0x0020 /* Don't sort. */ -#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */ - -#define GLOB_NOSPACE (-1) /* Malloc call failed. */ -#define GLOB_ABORTED (-2) /* Unignored error. */ -#define GLOB_NOMATCH (-3) /* No match and GLOB_NOCHECK not set. */ -#define GLOB_NOSYS (-4) /* Function not supported. */ - -#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */ -#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */ -#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */ -#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */ -#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */ -#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */ -#define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */ -#define GLOB_KEEPSTAT 0x4000 /* Retain stat data for paths in gl_statv. */ -#define GLOB_ABEND GLOB_ABORTED /* backward compatibility */ - -int glob(const char *, int, int (*)(const char *, int), glob_t *); -void globfree(glob_t *); - -#endif /* !_GLOB_H_ */ - -#endif /* !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || - !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOH_HAS_GL_STATV) */ - diff --git a/ssh_keygen_110/openbsd-compat/inet_aton.c b/ssh_keygen_110/openbsd-compat/inet_aton.c deleted file mode 100644 index 093a1720..00000000 --- a/ssh_keygen_110/openbsd-compat/inet_aton.c +++ /dev/null @@ -1,179 +0,0 @@ -/* $OpenBSD: inet_addr.c,v 1.9 2005/08/06 20:30:03 espie Exp $ */ - -/* - * Copyright (c) 1983, 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * --Copyright-- - */ - -/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */ - -#include "includes.h" - -#if !defined(HAVE_INET_ATON) - -#include -#include -#include -#include -#include - -#if 0 -/* - * Ascii internet address interpretation routine. - * The value returned is in network order. - */ -in_addr_t -inet_addr(const char *cp) -{ - struct in_addr val; - - if (inet_aton(cp, &val)) - return (val.s_addr); - return (INADDR_NONE); -} -#endif - -/* - * Check whether "cp" is a valid ascii representation - * of an Internet address and convert to a binary address. - * Returns 1 if the address is valid, 0 if not. - * This replaces inet_addr, the return value from which - * cannot distinguish between failure and a local broadcast address. - */ -int -inet_aton(const char *cp, struct in_addr *addr) -{ - u_int32_t val; - int base, n; - char c; - u_int parts[4]; - u_int *pp = parts; - - c = *cp; - for (;;) { - /* - * Collect number up to ``.''. - * Values are specified as for C: - * 0x=hex, 0=octal, isdigit=decimal. - */ - if (!isdigit(c)) - return (0); - val = 0; base = 10; - if (c == '0') { - c = *++cp; - if (c == 'x' || c == 'X') - base = 16, c = *++cp; - else - base = 8; - } - for (;;) { - if (isascii(c) && isdigit(c)) { - val = (val * base) + (c - '0'); - c = *++cp; - } else if (base == 16 && isascii(c) && isxdigit(c)) { - val = (val << 4) | - (c + 10 - (islower(c) ? 'a' : 'A')); - c = *++cp; - } else - break; - } - if (c == '.') { - /* - * Internet format: - * a.b.c.d - * a.b.c (with c treated as 16 bits) - * a.b (with b treated as 24 bits) - */ - if (pp >= parts + 3) - return (0); - *pp++ = val; - c = *++cp; - } else - break; - } - /* - * Check for trailing characters. - */ - if (c != '\0' && (!isascii(c) || !isspace(c))) - return (0); - /* - * Concoct the address according to - * the number of parts specified. - */ - n = pp - parts + 1; - switch (n) { - - case 0: - return (0); /* initial nondigit */ - - case 1: /* a -- 32 bits */ - break; - - case 2: /* a.b -- 8.24 bits */ - if ((val > 0xffffff) || (parts[0] > 0xff)) - return (0); - val |= parts[0] << 24; - break; - - case 3: /* a.b.c -- 8.8.16 bits */ - if ((val > 0xffff) || (parts[0] > 0xff) || (parts[1] > 0xff)) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16); - break; - - case 4: /* a.b.c.d -- 8.8.8.8 bits */ - if ((val > 0xff) || (parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff)) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); - break; - } - if (addr) - addr->s_addr = htonl(val); - return (1); -} - -#endif /* !defined(HAVE_INET_ATON) */ diff --git a/ssh_keygen_110/openbsd-compat/inet_ntoa.c b/ssh_keygen_110/openbsd-compat/inet_ntoa.c deleted file mode 100644 index 0eb7b3bd..00000000 --- a/ssh_keygen_110/openbsd-compat/inet_ntoa.c +++ /dev/null @@ -1,59 +0,0 @@ -/* $OpenBSD: inet_ntoa.c,v 1.6 2005/08/06 20:30:03 espie Exp $ */ -/* - * Copyright (c) 1983, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */ - -#include "includes.h" - -#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) - -/* - * Convert network-format internet address - * to base 256 d.d.d.d representation. - */ -#include -#include -#include -#include - -char * -inet_ntoa(struct in_addr in) -{ - static char b[18]; - char *p; - - p = (char *)∈ -#define UC(b) (((int)b)&0xff) - (void)snprintf(b, sizeof(b), - "%u.%u.%u.%u", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3])); - return (b); -} - -#endif /* defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) */ diff --git a/ssh_keygen_110/openbsd-compat/inet_ntop.c b/ssh_keygen_110/openbsd-compat/inet_ntop.c deleted file mode 100644 index 3259037b..00000000 --- a/ssh_keygen_110/openbsd-compat/inet_ntop.c +++ /dev/null @@ -1,211 +0,0 @@ -/* $OpenBSD: inet_ntop.c,v 1.8 2008/12/09 19:38:38 otto Exp $ */ - -/* Copyright (c) 1996 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */ - -#include "includes.h" - -#ifndef HAVE_INET_NTOP - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef IN6ADDRSZ -#define IN6ADDRSZ 16 /* IPv6 T_AAAA */ -#endif - -#ifndef INT16SZ -#define INT16SZ 2 /* for systems without 16-bit ints */ -#endif - -/* - * WARNING: Don't even consider trying to compile this on a system where - * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. - */ - -static const char *inet_ntop4(const u_char *src, char *dst, size_t size); -static const char *inet_ntop6(const u_char *src, char *dst, size_t size); - -/* char * - * inet_ntop(af, src, dst, size) - * convert a network format address to presentation format. - * return: - * pointer to presentation format address (`dst'), or NULL (see errno). - * author: - * Paul Vixie, 1996. - */ -const char * -inet_ntop(int af, const void *src, char *dst, socklen_t size) -{ - switch (af) { - case AF_INET: - return (inet_ntop4(src, dst, (size_t)size)); - case AF_INET6: - return (inet_ntop6(src, dst, (size_t)size)); - default: - errno = EAFNOSUPPORT; - return (NULL); - } - /* NOTREACHED */ -} - -/* const char * - * inet_ntop4(src, dst, size) - * format an IPv4 address, more or less like inet_ntoa() - * return: - * `dst' (as a const) - * notes: - * (1) uses no statics - * (2) takes a u_char* not an in_addr as input - * author: - * Paul Vixie, 1996. - */ -static const char * -inet_ntop4(const u_char *src, char *dst, size_t size) -{ - static const char fmt[] = "%u.%u.%u.%u"; - char tmp[sizeof "255.255.255.255"]; - int l; - - l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]); - if (l <= 0 || l >= size) { - errno = ENOSPC; - return (NULL); - } - strlcpy(dst, tmp, size); - return (dst); -} - -/* const char * - * inet_ntop6(src, dst, size) - * convert IPv6 binary address into presentation (printable) format - * author: - * Paul Vixie, 1996. - */ -static const char * -inet_ntop6(const u_char *src, char *dst, size_t size) -{ - /* - * Note that int32_t and int16_t need only be "at least" large enough - * to contain a value of the specified size. On some systems, like - * Crays, there is no such thing as an integer variable with 16 bits. - * Keep this in mind if you think this function should have been coded - * to use pointer overlays. All the world's not a VAX. - */ - char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; - char *tp, *ep; - struct { int base, len; } best, cur; - u_int words[IN6ADDRSZ / INT16SZ]; - int i; - int advance; - - /* - * Preprocess: - * Copy the input (bytewise) array into a wordwise array. - * Find the longest run of 0x00's in src[] for :: shorthanding. - */ - memset(words, '\0', sizeof words); - for (i = 0; i < IN6ADDRSZ; i++) - words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3)); - best.base = -1; - cur.base = -1; - for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) { - if (words[i] == 0) { - if (cur.base == -1) - cur.base = i, cur.len = 1; - else - cur.len++; - } else { - if (cur.base != -1) { - if (best.base == -1 || cur.len > best.len) - best = cur; - cur.base = -1; - } - } - } - if (cur.base != -1) { - if (best.base == -1 || cur.len > best.len) - best = cur; - } - if (best.base != -1 && best.len < 2) - best.base = -1; - - /* - * Format the result. - */ - tp = tmp; - ep = tmp + sizeof(tmp); - for (i = 0; i < (IN6ADDRSZ / INT16SZ) && tp < ep; i++) { - /* Are we inside the best run of 0x00's? */ - if (best.base != -1 && i >= best.base && - i < (best.base + best.len)) { - if (i == best.base) { - if (tp + 1 >= ep) - return (NULL); - *tp++ = ':'; - } - continue; - } - /* Are we following an initial run of 0x00s or any real hex? */ - if (i != 0) { - if (tp + 1 >= ep) - return (NULL); - *tp++ = ':'; - } - /* Is this address an encapsulated IPv4? */ - if (i == 6 && best.base == 0 && - (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { - if (!inet_ntop4(src+12, tp, (size_t)(ep - tp))) - return (NULL); - tp += strlen(tp); - break; - } - advance = snprintf(tp, ep - tp, "%x", words[i]); - if (advance <= 0 || advance >= ep - tp) - return (NULL); - tp += advance; - } - /* Was it a trailing run of 0x00's? */ - if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) { - if (tp + 1 >= ep) - return (NULL); - *tp++ = ':'; - } - if (tp + 1 >= ep) - return (NULL); - *tp++ = '\0'; - - /* - * Check for overflow, copy, and we're done. - */ - if ((size_t)(tp - tmp) > size) { - errno = ENOSPC; - return (NULL); - } - strlcpy(dst, tmp, size); - return (dst); -} - -#endif /* !HAVE_INET_NTOP */ diff --git a/ssh_keygen_110/openbsd-compat/kludge-fd_set.c b/ssh_keygen_110/openbsd-compat/kludge-fd_set.c deleted file mode 100644 index 6c2ffb64..00000000 --- a/ssh_keygen_110/openbsd-compat/kludge-fd_set.c +++ /dev/null @@ -1,28 +0,0 @@ -/* Placed in the public domain. */ - -/* - * _FORTIFY_SOURCE includes a misguided check for FD_SET(n)/FD_ISSET(b) - * where n > FD_SETSIZE. This breaks OpenSSH and other programs that - * explicitly allocate fd_sets. To avoid this, we wrap FD_SET in a - * function compiled without _FORTIFY_SOURCE. - */ - -#include "config.h" - -#if defined(HAVE_FEATURES_H) && defined(_FORTIFY_SOURCE) -# include -# if defined(__GNU_LIBRARY__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) -# undef _FORTIFY_SOURCE -# undef __USE_FORTIFY_LEVEL -# include -void kludge_FD_SET(int n, fd_set *set) { - FD_SET(n, set); -} -int kludge_FD_ISSET(int n, fd_set *set) { - return FD_ISSET(n, set); -} -# endif /* __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) */ -# endif /* __GNU_LIBRARY__ && __GLIBC_PREREQ */ -#endif /* HAVE_FEATURES_H && _FORTIFY_SOURCE */ - diff --git a/ssh_keygen_110/openbsd-compat/libressl-api-compat.c b/ssh_keygen_110/openbsd-compat/libressl-api-compat.c deleted file mode 100644 index 22fc2401..00000000 --- a/ssh_keygen_110/openbsd-compat/libressl-api-compat.c +++ /dev/null @@ -1,637 +0,0 @@ -/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ -/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ -/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ -/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ -/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ -/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ -/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ -/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ -/* - * Copyright (c) 2018 Theo Buehler - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifndef HAVE_DSA_GET0_PQG -void -DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -{ - if (p != NULL) - *p = d->p; - if (q != NULL) - *q = d->q; - if (g != NULL) - *g = d->g; -} -#endif /* HAVE_DSA_GET0_PQG */ - -#ifndef HAVE_DSA_SET0_PQG -int -DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) -{ - if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || - (d->g == NULL && g == NULL)) - return 0; - - if (p != NULL) { - BN_free(d->p); - d->p = p; - } - if (q != NULL) { - BN_free(d->q); - d->q = q; - } - if (g != NULL) { - BN_free(d->g); - d->g = g; - } - - return 1; -} -#endif /* HAVE_DSA_SET0_PQG */ - -#ifndef HAVE_DSA_GET0_KEY -void -DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) -{ - if (pub_key != NULL) - *pub_key = d->pub_key; - if (priv_key != NULL) - *priv_key = d->priv_key; -} -#endif /* HAVE_DSA_GET0_KEY */ - -#ifndef HAVE_DSA_SET0_KEY -int -DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) -{ - if (d->pub_key == NULL && pub_key == NULL) - return 0; - - if (pub_key != NULL) { - BN_free(d->pub_key); - d->pub_key = pub_key; - } - if (priv_key != NULL) { - BN_free(d->priv_key); - d->priv_key = priv_key; - } - - return 1; -} -#endif /* HAVE_DSA_SET0_KEY */ - -#ifndef HAVE_RSA_GET0_KEY -void -RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) -{ - if (n != NULL) - *n = r->n; - if (e != NULL) - *e = r->e; - if (d != NULL) - *d = r->d; -} -#endif /* HAVE_RSA_GET0_KEY */ - -#ifndef HAVE_RSA_SET0_KEY -int -RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) -{ - if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) - return 0; - - if (n != NULL) { - BN_free(r->n); - r->n = n; - } - if (e != NULL) { - BN_free(r->e); - r->e = e; - } - if (d != NULL) { - BN_free(r->d); - r->d = d; - } - - return 1; -} -#endif /* HAVE_RSA_SET0_KEY */ - -#ifndef HAVE_RSA_GET0_CRT_PARAMS -void -RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, - const BIGNUM **iqmp) -{ - if (dmp1 != NULL) - *dmp1 = r->dmp1; - if (dmq1 != NULL) - *dmq1 = r->dmq1; - if (iqmp != NULL) - *iqmp = r->iqmp; -} -#endif /* HAVE_RSA_GET0_CRT_PARAMS */ - -#ifndef HAVE_RSA_SET0_CRT_PARAMS -int -RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) -{ - if ((r->dmp1 == NULL && dmp1 == NULL) || - (r->dmq1 == NULL && dmq1 == NULL) || - (r->iqmp == NULL && iqmp == NULL)) - return 0; - - if (dmp1 != NULL) { - BN_free(r->dmp1); - r->dmp1 = dmp1; - } - if (dmq1 != NULL) { - BN_free(r->dmq1); - r->dmq1 = dmq1; - } - if (iqmp != NULL) { - BN_free(r->iqmp); - r->iqmp = iqmp; - } - - return 1; -} -#endif /* HAVE_RSA_SET0_CRT_PARAMS */ - -#ifndef HAVE_RSA_GET0_FACTORS -void -RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) -{ - if (p != NULL) - *p = r->p; - if (q != NULL) - *q = r->q; -} -#endif /* HAVE_RSA_GET0_FACTORS */ - -#ifndef HAVE_RSA_SET0_FACTORS -int -RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) -{ - if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) - return 0; - - if (p != NULL) { - BN_free(r->p); - r->p = p; - } - if (q != NULL) { - BN_free(r->q); - r->q = q; - } - - return 1; -} -#endif /* HAVE_RSA_SET0_FACTORS */ - -#ifndef HAVE_EVP_CIPHER_CTX_GET_IV -int -EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len) -{ - if (ctx == NULL) - return 0; - if (EVP_CIPHER_CTX_iv_length(ctx) < 0) - return 0; - if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) - return 0; - if (len > EVP_MAX_IV_LENGTH) - return 0; /* sanity check; shouldn't happen */ - /* - * Skip the memcpy entirely when the requested IV length is zero, - * since the iv pointer may be NULL or invalid. - */ - if (len != 0) { - if (iv == NULL) - return 0; -# ifdef HAVE_EVP_CIPHER_CTX_IV - memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len); -# else - memcpy(iv, ctx->iv, len); -# endif /* HAVE_EVP_CIPHER_CTX_IV */ - } - return 1; -} -#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ - -#ifndef HAVE_EVP_CIPHER_CTX_SET_IV -int -EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) -{ - if (ctx == NULL) - return 0; - if (EVP_CIPHER_CTX_iv_length(ctx) < 0) - return 0; - if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) - return 0; - if (len > EVP_MAX_IV_LENGTH) - return 0; /* sanity check; shouldn't happen */ - /* - * Skip the memcpy entirely when the requested IV length is zero, - * since the iv pointer may be NULL or invalid. - */ - if (len != 0) { - if (iv == NULL) - return 0; -# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len); -# else - memcpy(ctx->iv, iv, len); -# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */ - } - return 1; -} -#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ - -#ifndef HAVE_DSA_SIG_GET0 -void -DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -{ - if (pr != NULL) - *pr = sig->r; - if (ps != NULL) - *ps = sig->s; -} -#endif /* HAVE_DSA_SIG_GET0 */ - -#ifndef HAVE_DSA_SIG_SET0 -int -DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) -{ - if (r == NULL || s == NULL) - return 0; - - BN_clear_free(sig->r); - sig->r = r; - BN_clear_free(sig->s); - sig->s = s; - - return 1; -} -#endif /* HAVE_DSA_SIG_SET0 */ - -#ifndef HAVE_ECDSA_SIG_GET0 -void -ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -{ - if (pr != NULL) - *pr = sig->r; - if (ps != NULL) - *ps = sig->s; -} -#endif /* HAVE_ECDSA_SIG_GET0 */ - -#ifndef HAVE_ECDSA_SIG_SET0 -int -ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) -{ - if (r == NULL || s == NULL) - return 0; - - BN_clear_free(sig->r); - BN_clear_free(sig->s); - sig->r = r; - sig->s = s; - return 1; -} -#endif /* HAVE_ECDSA_SIG_SET0 */ - -#ifndef HAVE_DH_GET0_PQG -void -DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -{ - if (p != NULL) - *p = dh->p; - if (q != NULL) - *q = dh->q; - if (g != NULL) - *g = dh->g; -} -#endif /* HAVE_DH_GET0_PQG */ - -#ifndef HAVE_DH_SET0_PQG -int -DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -{ - if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) - return 0; - - if (p != NULL) { - BN_free(dh->p); - dh->p = p; - } - if (q != NULL) { - BN_free(dh->q); - dh->q = q; - } - if (g != NULL) { - BN_free(dh->g); - dh->g = g; - } - - return 1; -} -#endif /* HAVE_DH_SET0_PQG */ - -#ifndef HAVE_DH_GET0_KEY -void -DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) -{ - if (pub_key != NULL) - *pub_key = dh->pub_key; - if (priv_key != NULL) - *priv_key = dh->priv_key; -} -#endif /* HAVE_DH_GET0_KEY */ - -#ifndef HAVE_DH_SET0_KEY -int -DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) -{ - if (pub_key != NULL) { - BN_free(dh->pub_key); - dh->pub_key = pub_key; - } - if (priv_key != NULL) { - BN_free(dh->priv_key); - dh->priv_key = priv_key; - } - - return 1; -} -#endif /* HAVE_DH_SET0_KEY */ - -#ifndef HAVE_DH_SET_LENGTH -int -DH_set_length(DH *dh, long length) -{ - if (length < 0 || length > INT_MAX) - return 0; - - dh->length = length; - return 1; -} -#endif /* HAVE_DH_SET_LENGTH */ - -#ifndef HAVE_RSA_METH_FREE -void -RSA_meth_free(RSA_METHOD *meth) -{ - if (meth != NULL) { - free((char *)meth->name); - free(meth); - } -} -#endif /* HAVE_RSA_METH_FREE */ - -#ifndef HAVE_RSA_METH_DUP -RSA_METHOD * -RSA_meth_dup(const RSA_METHOD *meth) -{ - RSA_METHOD *copy; - - if ((copy = calloc(1, sizeof(*copy))) == NULL) - return NULL; - memcpy(copy, meth, sizeof(*copy)); - if ((copy->name = strdup(meth->name)) == NULL) { - free(copy); - return NULL; - } - - return copy; -} -#endif /* HAVE_RSA_METH_DUP */ - -#ifndef HAVE_RSA_METH_SET1_NAME -int -RSA_meth_set1_name(RSA_METHOD *meth, const char *name) -{ - char *copy; - - if ((copy = strdup(name)) == NULL) - return 0; - free((char *)meth->name); - meth->name = copy; - return 1; -} -#endif /* HAVE_RSA_METH_SET1_NAME */ - -#ifndef HAVE_RSA_METH_GET_FINISH -int -(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) -{ - return meth->finish; -} -#endif /* HAVE_RSA_METH_GET_FINISH */ - -#ifndef HAVE_RSA_METH_SET_PRIV_ENC -int -RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) -{ - meth->rsa_priv_enc = priv_enc; - return 1; -} -#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ - -#ifndef HAVE_RSA_METH_SET_PRIV_DEC -int -RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) -{ - meth->rsa_priv_dec = priv_dec; - return 1; -} -#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ - -#ifndef HAVE_RSA_METH_SET_FINISH -int -RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) -{ - meth->finish = finish; - return 1; -} -#endif /* HAVE_RSA_METH_SET_FINISH */ - -#ifndef HAVE_EVP_PKEY_GET0_RSA -RSA * -EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_RSA) { - /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ - return NULL; - } - return pkey->pkey.rsa; -} -#endif /* HAVE_EVP_PKEY_GET0_RSA */ - -#ifndef HAVE_EVP_MD_CTX_NEW -EVP_MD_CTX * -EVP_MD_CTX_new(void) -{ - return calloc(1, sizeof(EVP_MD_CTX)); -} -#endif /* HAVE_EVP_MD_CTX_NEW */ - -#ifndef HAVE_EVP_MD_CTX_FREE -void -EVP_MD_CTX_free(EVP_MD_CTX *ctx) -{ - if (ctx == NULL) - return; - - EVP_MD_CTX_cleanup(ctx); - - free(ctx); -} -#endif /* HAVE_EVP_MD_CTX_FREE */ - - -#endif /* WITH_OPENSSL */ diff --git a/ssh_keygen_110/openbsd-compat/md5.c b/ssh_keygen_110/openbsd-compat/md5.c deleted file mode 100644 index 195ab515..00000000 --- a/ssh_keygen_110/openbsd-compat/md5.c +++ /dev/null @@ -1,251 +0,0 @@ -/* $OpenBSD: md5.c,v 1.9 2014/01/08 06:14:57 tedu Exp $ */ - -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - */ - -#include "includes.h" - -#ifndef WITH_OPENSSL - -#include -#include -#include "md5.h" - -#define PUT_64BIT_LE(cp, value) do { \ - (cp)[7] = (value) >> 56; \ - (cp)[6] = (value) >> 48; \ - (cp)[5] = (value) >> 40; \ - (cp)[4] = (value) >> 32; \ - (cp)[3] = (value) >> 24; \ - (cp)[2] = (value) >> 16; \ - (cp)[1] = (value) >> 8; \ - (cp)[0] = (value); } while (0) - -#define PUT_32BIT_LE(cp, value) do { \ - (cp)[3] = (value) >> 24; \ - (cp)[2] = (value) >> 16; \ - (cp)[1] = (value) >> 8; \ - (cp)[0] = (value); } while (0) - -static u_int8_t PADDING[MD5_BLOCK_LENGTH] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -void -MD5Init(MD5_CTX *ctx) -{ - ctx->count = 0; - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xefcdab89; - ctx->state[2] = 0x98badcfe; - ctx->state[3] = 0x10325476; -} - -/* - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -void -MD5Update(MD5_CTX *ctx, const unsigned char *input, size_t len) -{ - size_t have, need; - - /* Check how many bytes we already have and how many more we need. */ - have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1)); - need = MD5_BLOCK_LENGTH - have; - - /* Update bitcount */ - ctx->count += (u_int64_t)len << 3; - - if (len >= need) { - if (have != 0) { - memcpy(ctx->buffer + have, input, need); - MD5Transform(ctx->state, ctx->buffer); - input += need; - len -= need; - have = 0; - } - - /* Process data in MD5_BLOCK_LENGTH-byte chunks. */ - while (len >= MD5_BLOCK_LENGTH) { - MD5Transform(ctx->state, input); - input += MD5_BLOCK_LENGTH; - len -= MD5_BLOCK_LENGTH; - } - } - - /* Handle any remaining bytes of data. */ - if (len != 0) - memcpy(ctx->buffer + have, input, len); -} - -/* - * Pad pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void -MD5Pad(MD5_CTX *ctx) -{ - u_int8_t count[8]; - size_t padlen; - - /* Convert count to 8 bytes in little endian order. */ - PUT_64BIT_LE(count, ctx->count); - - /* Pad out to 56 mod 64. */ - padlen = MD5_BLOCK_LENGTH - - ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1)); - if (padlen < 1 + 8) - padlen += MD5_BLOCK_LENGTH; - MD5Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */ - MD5Update(ctx, count, 8); -} - -/* - * Final wrapup--call MD5Pad, fill in digest and zero out ctx. - */ -void -MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx) -{ - int i; - - MD5Pad(ctx); - for (i = 0; i < 4; i++) - PUT_32BIT_LE(digest + i * 4, ctx->state[i]); - memset(ctx, 0, sizeof(*ctx)); -} - - -/* The four core functions - F1 is optimized somewhat */ - -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -/* This is the central step in the MD5 algorithm. */ -#define MD5STEP(f, w, x, y, z, data, s) \ - ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) - -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. MD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -void -MD5Transform(u_int32_t state[4], const u_int8_t block[MD5_BLOCK_LENGTH]) -{ - u_int32_t a, b, c, d, in[MD5_BLOCK_LENGTH / 4]; - -#if BYTE_ORDER == LITTLE_ENDIAN - memcpy(in, block, sizeof(in)); -#else - for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++) { - in[a] = (u_int32_t)( - (u_int32_t)(block[a * 4 + 0]) | - (u_int32_t)(block[a * 4 + 1]) << 8 | - (u_int32_t)(block[a * 4 + 2]) << 16 | - (u_int32_t)(block[a * 4 + 3]) << 24); - } -#endif - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - - MD5STEP(F1, a, b, c, d, in[ 0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[ 1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[ 2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[ 3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[ 4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[ 5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[ 6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[ 7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[ 8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[ 9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[ 1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[ 6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[ 0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[ 5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[ 4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[ 9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[ 3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[ 8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[ 2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[ 7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[ 5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[ 8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[ 1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[ 4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[ 7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[ 0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[ 3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[ 6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[ 9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2 ] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[ 0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7 ] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5 ] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3 ] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1 ] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8 ] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6 ] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4 ] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2 ] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9 ] + 0xeb86d391, 21); - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; -} -#endif /* !WITH_OPENSSL */ diff --git a/ssh_keygen_110/openbsd-compat/md5.h b/ssh_keygen_110/openbsd-compat/md5.h deleted file mode 100644 index c83c19dc..00000000 --- a/ssh_keygen_110/openbsd-compat/md5.h +++ /dev/null @@ -1,51 +0,0 @@ -/* $OpenBSD: md5.h,v 1.17 2012/12/05 23:19:57 deraadt Exp $ */ - -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - */ - -#ifndef _MD5_H_ -#define _MD5_H_ - -#ifndef WITH_OPENSSL - -#define MD5_BLOCK_LENGTH 64 -#define MD5_DIGEST_LENGTH 16 -#define MD5_DIGEST_STRING_LENGTH (MD5_DIGEST_LENGTH * 2 + 1) - -typedef struct MD5Context { - u_int32_t state[4]; /* state */ - u_int64_t count; /* number of bits, mod 2^64 */ - u_int8_t buffer[MD5_BLOCK_LENGTH]; /* input buffer */ -} MD5_CTX; - -void MD5Init(MD5_CTX *); -void MD5Update(MD5_CTX *, const u_int8_t *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void MD5Pad(MD5_CTX *); -void MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *) - __attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH))); -void MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH]) - __attribute__((__bounded__(__minbytes__,1,4))) - __attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH))); -char *MD5End(MD5_CTX *, char *) - __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); -char *MD5File(const char *, char *) - __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); -char *MD5FileChunk(const char *, char *, off_t, off_t) - __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); -char *MD5Data(const u_int8_t *, size_t, char *) - __attribute__((__bounded__(__string__,1,2))) - __attribute__((__bounded__(__minbytes__,3,MD5_DIGEST_STRING_LENGTH))); - -#endif /* !WITH_OPENSSL */ - -#endif /* _MD5_H_ */ diff --git a/ssh_keygen_110/openbsd-compat/mktemp.c b/ssh_keygen_110/openbsd-compat/mktemp.c deleted file mode 100644 index 4eb52f42..00000000 --- a/ssh_keygen_110/openbsd-compat/mktemp.c +++ /dev/null @@ -1,141 +0,0 @@ -/* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */ -/* Changes: Removed mktemp */ - -/* $OpenBSD: mktemp.c,v 1.30 2010/03/21 23:09:30 schwarze Exp $ */ -/* - * Copyright (c) 1996-1998, 2008 Theo de Raadt - * Copyright (c) 1997, 2008-2009 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */ - -#include "includes.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) - -#define MKTEMP_NAME 0 -#define MKTEMP_FILE 1 -#define MKTEMP_DIR 2 - -#define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" -#define NUM_CHARS (sizeof(TEMPCHARS) - 1) - -static int -mktemp_internal(char *path, int slen, int mode) -{ - char *start, *cp, *ep; - const char *tempchars = TEMPCHARS; - unsigned int r, tries; - struct stat sb; - size_t len; - int fd; - - len = strlen(path); - if (len == 0 || slen < 0 || (size_t)slen >= len) { - errno = EINVAL; - return(-1); - } - ep = path + len - slen; - - tries = 1; - for (start = ep; start > path && start[-1] == 'X'; start--) { - if (tries < INT_MAX / NUM_CHARS) - tries *= NUM_CHARS; - } - tries *= 2; - - do { - for (cp = start; cp != ep; cp++) { - r = arc4random_uniform(NUM_CHARS); - *cp = tempchars[r]; - } - - switch (mode) { - case MKTEMP_NAME: - if (lstat(path, &sb) != 0) - return(errno == ENOENT ? 0 : -1); - break; - case MKTEMP_FILE: - fd = open(path, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR); - if (fd != -1 || errno != EEXIST) - return(fd); - break; - case MKTEMP_DIR: - if (mkdir(path, S_IRUSR|S_IWUSR|S_IXUSR) == 0) - return(0); - if (errno != EEXIST) - return(-1); - break; - } - } while (--tries); - - errno = EEXIST; - return(-1); -} - -#if 0 -char *_mktemp(char *); - -char * -_mktemp(char *path) -{ - if (mktemp_internal(path, 0, MKTEMP_NAME) == -1) - return(NULL); - return(path); -} - -__warn_references(mktemp, - "warning: mktemp() possibly used unsafely; consider using mkstemp()"); - -char * -mktemp(char *path) -{ - return(_mktemp(path)); -} -#endif - -int -mkstemp(char *path) -{ - return(mktemp_internal(path, 0, MKTEMP_FILE)); -} - -int -mkstemps(char *path, int slen) -{ - return(mktemp_internal(path, slen, MKTEMP_FILE)); -} - -char * -mkdtemp(char *path) -{ - int error; - - error = mktemp_internal(path, 0, MKTEMP_DIR); - return(error ? NULL : path); -} - -#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */ diff --git a/ssh_keygen_110/openbsd-compat/openbsd-compat.h b/ssh_keygen_110/openbsd-compat/openbsd-compat.h deleted file mode 100644 index f5c833bf..00000000 --- a/ssh_keygen_110/openbsd-compat/openbsd-compat.h +++ /dev/null @@ -1,356 +0,0 @@ -/* - * Copyright (c) 1999-2003 Damien Miller. All rights reserved. - * Copyright (c) 2003 Ben Lindstrom. All rights reserved. - * Copyright (c) 2002 Tim Rice. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _OPENBSD_COMPAT_H -#define _OPENBSD_COMPAT_H - -#include "includes.h" - -#include -#include - -#include - -#include /* for wchar_t */ - -/* OpenBSD function replacements */ -#include "base64.h" -#include "sigact.h" -#include "readpassphrase.h" -#include "vis.h" -#include "getrrsetbyname.h" -#include "sha1.h" -#include "sha2.h" -#include "rmd160.h" -#include "md5.h" -#include "blf.h" - -#ifndef HAVE_BASENAME -char *basename(const char *path); -#endif - -#ifndef HAVE_BINDRESVPORT_SA -int bindresvport_sa(int sd, struct sockaddr *sa); -#endif - -#ifndef HAVE_CLOSEFROM -void closefrom(int); -#endif - -#ifndef HAVE_GETLINE -ssize_t getline(char **, size_t *, FILE *); -#endif - -#ifndef HAVE_GETPAGESIZE -int getpagesize(void); -#endif - -#ifndef HAVE_GETCWD -char *getcwd(char *pt, size_t size); -#endif - -#ifndef HAVE_REALLOCARRAY -void *reallocarray(void *, size_t, size_t); -#endif - -#ifndef HAVE_RECALLOCARRAY -void *recallocarray(void *, size_t, size_t, size_t); -#endif - -#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) -/* - * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the - * compat version. - */ -# ifdef BROKEN_REALPATH -# define realpath(x, y) _ssh_compat_realpath(x, y) -# endif - -char *realpath(const char *path, char *resolved); -#endif - -#ifndef HAVE_RRESVPORT_AF -int rresvport_af(int *alport, sa_family_t af); -#endif - -#ifndef HAVE_STRLCPY -size_t strlcpy(char *dst, const char *src, size_t siz); -#endif - -#ifndef HAVE_STRLCAT -size_t strlcat(char *dst, const char *src, size_t siz); -#endif - -#ifndef HAVE_STRCASESTR -char *strcasestr(const char *, const char *); -#endif - -#ifndef HAVE_SETENV -int setenv(register const char *name, register const char *value, int rewrite); -#endif - -#ifndef HAVE_STRMODE -void strmode(int mode, char *p); -#endif - -#ifndef HAVE_STRPTIME -#include -char *strptime(const char *buf, const char *fmt, struct tm *tm); -#endif - -#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) -int mkstemps(char *path, int slen); -int mkstemp(char *path); -char *mkdtemp(char *path); -#endif - -#ifndef HAVE_DAEMON -int daemon(int nochdir, int noclose); -#endif - -#ifndef HAVE_DIRNAME -char *dirname(const char *path); -#endif - -#ifndef HAVE_FMT_SCALED -#define FMT_SCALED_STRSIZE 7 -int fmt_scaled(long long number, char *result); -#endif - -#ifndef HAVE_SCAN_SCALED -int scan_scaled(char *, long long *); -#endif - -#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) -char *inet_ntoa(struct in_addr in); -#endif - -#ifndef HAVE_INET_NTOP -const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); -#endif - -#ifndef HAVE_INET_ATON -int inet_aton(const char *cp, struct in_addr *addr); -#endif - -#ifndef HAVE_STRSEP -char *strsep(char **stringp, const char *delim); -#endif - -#ifndef HAVE_SETPROCTITLE -void setproctitle(const char *fmt, ...); -void compat_init_setproctitle(int argc, char *argv[]); -#endif - -#ifndef HAVE_GETGROUPLIST -int getgrouplist(const char *, gid_t, gid_t *, int *); -#endif - -#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) -int BSDgetopt(int argc, char * const *argv, const char *opts); -#include "openbsd-compat/getopt.h" -#endif - -#if ((defined(HAVE_DECL_READV) && HAVE_DECL_READV == 0) || \ - (defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0)) -# include -# include - -# if defined(HAVE_DECL_READV) && HAVE_DECL_READV == 0 -int readv(int, struct iovec *, int); -# endif - -# if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 -int writev(int, struct iovec *, int); -# endif -#endif - -/* Home grown routines */ -#include "bsd-misc.h" -#include "bsd-setres_id.h" -#include "bsd-signal.h" -#include "bsd-statvfs.h" -#include "bsd-waitpid.h" -#include "bsd-poll.h" - -#ifndef HAVE_GETPEEREID -int getpeereid(int , uid_t *, gid_t *); -#endif - -#ifdef HAVE_ARC4RANDOM -# ifndef HAVE_ARC4RANDOM_STIR -# define arc4random_stir() -# endif -#else -unsigned int arc4random(void); -void arc4random_stir(void); -#endif /* !HAVE_ARC4RANDOM */ - -#ifndef HAVE_ARC4RANDOM_BUF -void arc4random_buf(void *, size_t); -#endif - -#ifndef HAVE_ARC4RANDOM_UNIFORM -u_int32_t arc4random_uniform(u_int32_t); -#endif - -#ifndef HAVE_ASPRINTF -int asprintf(char **, const char *, ...); -#endif - -#ifndef HAVE_OPENPTY -# include /* for struct winsize */ -int openpty(int *, int *, char *, struct termios *, struct winsize *); -#endif /* HAVE_OPENPTY */ - -#ifndef HAVE_SNPRINTF -int snprintf(char *, size_t, SNPRINTF_CONST char *, ...); -#endif - -#ifndef HAVE_STRTOLL -long long strtoll(const char *, char **, int); -#endif - -#ifndef HAVE_STRTOUL -unsigned long strtoul(const char *, char **, int); -#endif - -#ifndef HAVE_STRTOULL -unsigned long long strtoull(const char *, char **, int); -#endif - -#ifndef HAVE_STRTONUM -long long strtonum(const char *, long long, long long, const char **); -#endif - -/* multibyte character support */ -#ifndef HAVE_MBLEN -# define mblen(x, y) (1) -#endif - -#ifndef HAVE_WCWIDTH -# define wcwidth(x) (((x) >= 0x20 && (x) <= 0x7e) ? 1 : -1) -/* force our no-op nl_langinfo and mbtowc */ -# undef HAVE_NL_LANGINFO -# undef HAVE_MBTOWC -# undef HAVE_LANGINFO_H -#endif - -#ifndef HAVE_NL_LANGINFO -# define nl_langinfo(x) "" -#endif - -#ifndef HAVE_MBTOWC -int mbtowc(wchar_t *, const char*, size_t); -#endif - -#if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) -# include -#endif - -/* - * Some platforms unconditionally undefine va_copy() so we define VA_COPY() - * instead. This is known to be the case on at least some configurations of - * AIX with the xlc compiler. - */ -#ifndef VA_COPY -# ifdef HAVE_VA_COPY -# define VA_COPY(dest, src) va_copy(dest, src) -# else -# ifdef HAVE___VA_COPY -# define VA_COPY(dest, src) __va_copy(dest, src) -# else -# define VA_COPY(dest, src) (dest) = (src) -# endif -# endif -#endif - -#ifndef HAVE_VASPRINTF -int vasprintf(char **, const char *, va_list); -#endif - -#ifndef HAVE_VSNPRINTF -int vsnprintf(char *, size_t, const char *, va_list); -#endif - -#ifndef HAVE_USER_FROM_UID -char *user_from_uid(uid_t, int); -#endif - -#ifndef HAVE_GROUP_FROM_GID -char *group_from_gid(gid_t, int); -#endif - -#ifndef HAVE_TIMINGSAFE_BCMP -int timingsafe_bcmp(const void *, const void *, size_t); -#endif - -#ifndef HAVE_BCRYPT_PBKDF -int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t, - u_int8_t *, size_t, unsigned int); -#endif - -#ifndef HAVE_EXPLICIT_BZERO -void explicit_bzero(void *p, size_t n); -#endif - -#ifndef HAVE_FREEZERO -void freezero(void *, size_t); -#endif - -char *xcrypt(const char *password, const char *salt); -char *shadow_pw(struct passwd *pw); - -/* rfc2553 socket API replacements */ -#include "fake-rfc2553.h" - -/* Routines for a single OS platform */ -#include "bsd-cygwin_util.h" - -#include "port-aix.h" -#include "port-irix.h" -#include "port-linux.h" -#include "port-solaris.h" -#include "port-net.h" -#include "port-uw.h" - -/* _FORTIFY_SOURCE breaks FD_ISSET(n)/FD_SET(n) for n > FD_SETSIZE. Avoid. */ -#if defined(HAVE_FEATURES_H) && defined(_FORTIFY_SOURCE) -# include -# if defined(__GNU_LIBRARY__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) -# include /* Ensure include guard is defined */ -# undef FD_SET -# undef FD_ISSET -# define FD_SET(n, set) kludge_FD_SET(n, set) -# define FD_ISSET(n, set) kludge_FD_ISSET(n, set) -void kludge_FD_SET(int, fd_set *); -int kludge_FD_ISSET(int, fd_set *); -# endif /* __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) */ -# endif /* __GNU_LIBRARY__ && __GLIBC_PREREQ */ -#endif /* HAVE_FEATURES_H && _FORTIFY_SOURCE */ - -#endif /* _OPENBSD_COMPAT_H */ diff --git a/ssh_keygen_110/openbsd-compat/openssl-compat.c b/ssh_keygen_110/openbsd-compat/openssl-compat.c deleted file mode 100644 index 8b4a3627..00000000 --- a/ssh_keygen_110/openbsd-compat/openssl-compat.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2005 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include -#include - -#ifdef USE_OPENSSL_ENGINE -# include -# include -#endif - -#include "log.h" - -#include "openssl-compat.h" - -/* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) for <1.0.0. - * After that, we acceptable compatible fix versions (so we - * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed - * within a patch series. - */ - -int -ssh_compatible_openssl(long headerver, long libver) -{ - long mask, hfix, lfix; - - /* exact match is always OK */ - if (headerver == libver) - return 1; - - /* for versions < 1.0.0, major,minor,fix,status must match */ - if (headerver < 0x1000000f) { - mask = 0xfffff00fL; /* major,minor,fix,status */ - return (headerver & mask) == (libver & mask); - } - - /* - * For versions >= 1.0.0, major,minor,status must match and library - * fix version must be equal to or newer than the header. - */ - mask = 0xfff0000fL; /* major,minor,status */ - hfix = (headerver & 0x000ff000) >> 12; - lfix = (libver & 0x000ff000) >> 12; - if ( (headerver & mask) == (libver & mask) && lfix >= hfix) - return 1; - return 0; -} - -#ifdef USE_OPENSSL_ENGINE -void -ssh_OpenSSL_add_all_algorithms(void) -{ - OpenSSL_add_all_algorithms(); - - /* Enable use of crypto hardware */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - -#if OPENSSL_VERSION_NUMBER < 0x10001000L - OPENSSL_config(NULL); -#else - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | - OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); -#endif -} -#endif - -#endif /* WITH_OPENSSL */ diff --git a/ssh_keygen_110/openbsd-compat/openssl-compat.h b/ssh_keygen_110/openbsd-compat/openssl-compat.h deleted file mode 100644 index 9e0264c0..00000000 --- a/ssh_keygen_110/openbsd-compat/openssl-compat.h +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Copyright (c) 2005 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _OPENSSL_COMPAT_H -#define _OPENSSL_COMPAT_H - -#include "includes.h" -#ifdef WITH_OPENSSL - -#include -#include -#include -#include -#include -#include - -int ssh_compatible_openssl(long, long); - -#if (OPENSSL_VERSION_NUMBER <= 0x0090805fL) -# error OpenSSL 0.9.8f or greater is required -#endif - -#if OPENSSL_VERSION_NUMBER < 0x10000001L -# define LIBCRYPTO_EVP_INL_TYPE unsigned int -#else -# define LIBCRYPTO_EVP_INL_TYPE size_t -#endif - -#ifndef OPENSSL_RSA_MAX_MODULUS_BITS -# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 -#endif -#ifndef OPENSSL_DSA_MAX_MODULUS_BITS -# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 -#endif - -#ifndef OPENSSL_HAVE_EVPCTR -# define EVP_aes_128_ctr evp_aes_128_ctr -# define EVP_aes_192_ctr evp_aes_128_ctr -# define EVP_aes_256_ctr evp_aes_128_ctr -const EVP_CIPHER *evp_aes_128_ctr(void); -void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); -#endif - -/* Avoid some #ifdef. Code that uses these is unreachable without GCM */ -#if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) -# define EVP_CTRL_GCM_SET_IV_FIXED -1 -# define EVP_CTRL_GCM_IV_GEN -1 -# define EVP_CTRL_GCM_SET_TAG -1 -# define EVP_CTRL_GCM_GET_TAG -1 -#endif - -/* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */ -#ifndef HAVE_EVP_CIPHER_CTX_CTRL -# ifdef OPENSSL_HAVE_EVPGCM -# error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */ -# else -# define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0) -# endif -#endif - -#if defined(HAVE_EVP_RIPEMD160) -# if defined(OPENSSL_NO_RIPEMD) || defined(OPENSSL_NO_RMD160) -# undef HAVE_EVP_RIPEMD160 -# endif -#endif - -/* - * We overload some of the OpenSSL crypto functions with ssh_* equivalents - * to automatically handle OpenSSL engine initialisation. - * - * In order for the compat library to call the real functions, it must - * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and - * implement the ssh_* equivalents. - */ -#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS - -# ifdef USE_OPENSSL_ENGINE -# ifdef OpenSSL_add_all_algorithms -# undef OpenSSL_add_all_algorithms -# endif -# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() -# endif - -void ssh_OpenSSL_add_all_algorithms(void); - -#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ - -/* LibreSSL/OpenSSL 1.1x API compat */ -#ifndef HAVE_DSA_GET0_PQG -void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, - const BIGNUM **g); -#endif /* HAVE_DSA_GET0_PQG */ - -#ifndef HAVE_DSA_SET0_PQG -int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); -#endif /* HAVE_DSA_SET0_PQG */ - -#ifndef HAVE_DSA_GET0_KEY -void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, - const BIGNUM **priv_key); -#endif /* HAVE_DSA_GET0_KEY */ - -#ifndef HAVE_DSA_SET0_KEY -int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); -#endif /* HAVE_DSA_SET0_KEY */ - -#ifndef HAVE_EVP_CIPHER_CTX_GET_IV -int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, - unsigned char *iv, size_t len); -#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ - -#ifndef HAVE_EVP_CIPHER_CTX_SET_IV -int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, - const unsigned char *iv, size_t len); -#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ - -#ifndef HAVE_RSA_GET0_KEY -void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, - const BIGNUM **d); -#endif /* HAVE_RSA_GET0_KEY */ - -#ifndef HAVE_RSA_SET0_KEY -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); -#endif /* HAVE_RSA_SET0_KEY */ - -#ifndef HAVE_RSA_GET0_CRT_PARAMS -void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, - const BIGNUM **iqmp); -#endif /* HAVE_RSA_GET0_CRT_PARAMS */ - -#ifndef HAVE_RSA_SET0_CRT_PARAMS -int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); -#endif /* HAVE_RSA_SET0_CRT_PARAMS */ - -#ifndef HAVE_RSA_GET0_FACTORS -void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); -#endif /* HAVE_RSA_GET0_FACTORS */ - -#ifndef HAVE_RSA_SET0_FACTORS -int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); -#endif /* HAVE_RSA_SET0_FACTORS */ - -#ifndef DSA_SIG_GET0 -void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -#endif /* DSA_SIG_GET0 */ - -#ifndef DSA_SIG_SET0 -int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); -#endif /* DSA_SIG_SET0 */ - -#ifndef HAVE_ECDSA_SIG_GET0 -void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -#endif /* HAVE_ECDSA_SIG_GET0 */ - -#ifndef HAVE_ECDSA_SIG_SET0 -int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -#endif /* HAVE_ECDSA_SIG_SET0 */ - -#ifndef HAVE_DH_GET0_PQG -void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, - const BIGNUM **g); -#endif /* HAVE_DH_GET0_PQG */ - -#ifndef HAVE_DH_SET0_PQG -int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); -#endif /* HAVE_DH_SET0_PQG */ - -#ifndef HAVE_DH_GET0_KEY -void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); -#endif /* HAVE_DH_GET0_KEY */ - -#ifndef HAVE_DH_SET0_KEY -int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); -#endif /* HAVE_DH_SET0_KEY */ - -#ifndef HAVE_DH_SET_LENGTH -int DH_set_length(DH *dh, long length); -#endif /* HAVE_DH_SET_LENGTH */ - -#ifndef HAVE_RSA_METH_FREE -void RSA_meth_free(RSA_METHOD *meth); -#endif /* HAVE_RSA_METH_FREE */ - -#ifndef HAVE_RSA_METH_DUP -RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); -#endif /* HAVE_RSA_METH_DUP */ - -#ifndef HAVE_RSA_METH_SET1_NAME -int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -#endif /* HAVE_RSA_METH_SET1_NAME */ - -#ifndef HAVE_RSA_METH_GET_FINISH -int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); -#endif /* HAVE_RSA_METH_GET_FINISH */ - -#ifndef HAVE_RSA_METH_SET_PRIV_ENC -int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); -#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ - -#ifndef HAVE_RSA_METH_SET_PRIV_DEC -int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); -#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ - -#ifndef HAVE_RSA_METH_SET_FINISH -int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); -#endif /* HAVE_RSA_METH_SET_FINISH */ - -#ifndef HAVE_EVP_PKEY_GET0_RSA -RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); -#endif /* HAVE_EVP_PKEY_GET0_RSA */ - -#ifndef HAVE_EVP_MD_CTX_new -EVP_MD_CTX *EVP_MD_CTX_new(void); -#endif /* HAVE_EVP_MD_CTX_new */ - -#ifndef HAVE_EVP_MD_CTX_free -void EVP_MD_CTX_free(EVP_MD_CTX *ctx); -#endif /* HAVE_EVP_MD_CTX_free */ - -#endif /* WITH_OPENSSL */ -#endif /* _OPENSSL_COMPAT_H */ diff --git a/ssh_keygen_110/openbsd-compat/port-aix.c b/ssh_keygen_110/openbsd-compat/port-aix.c deleted file mode 100644 index 943177c7..00000000 --- a/ssh_keygen_110/openbsd-compat/port-aix.c +++ /dev/null @@ -1,480 +0,0 @@ -/* - * - * Copyright (c) 2001 Gert Doering. All rights reserved. - * Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -#include "includes.h" - -#include "xmalloc.h" -#include "sshbuf.h" -#include "ssherr.h" -#include "sshkey.h" -#include "hostfile.h" -#include "auth.h" -#include "ssh.h" -#include "ssh_api.h" -#include "log.h" - -#ifdef _AIX - -#include -#if defined(HAVE_NETDB_H) -# include -#endif -#include -#include -#include -#include -#include - -#ifdef WITH_AIXAUTHENTICATE -# include -# include -# if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG) -# include -# endif -# include -#endif - -#include "port-aix.h" - -static char *lastlogin_msg = NULL; - -# ifdef HAVE_SETAUTHDB -static char old_registry[REGISTRY_SIZE] = ""; -# endif - -/* - * AIX has a "usrinfo" area where logname and other stuff is stored - - * a few applications actually use this and die if it's not set - * - * NOTE: TTY= should be set, but since no one uses it and it's hard to - * acquire due to privsep code. We will just drop support. - */ -void -aix_usrinfo(struct passwd *pw) -{ - u_int i; - size_t len; - char *cp; - - len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name)); - cp = xmalloc(len); - - i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', - pw->pw_name, '\0'); - if (usrinfo(SETUINFO, cp, i) == -1) - fatal("Couldn't set usrinfo: %s", strerror(errno)); - debug3("AIX/UsrInfo: set len %d", i); - - free(cp); -} - -# ifdef WITH_AIXAUTHENTICATE -/* - * Remove embedded newlines in string (if any). - * Used before logging messages returned by AIX authentication functions - * so the message is logged on one line. - */ -void -aix_remove_embedded_newlines(char *p) -{ - if (p == NULL) - return; - - for (; *p; p++) { - if (*p == '\n') - *p = ' '; - } - /* Remove trailing whitespace */ - if (*--p == ' ') - *p = '\0'; -} - -/* - * Test specifically for the case where SYSTEM == NONE and AUTH1 contains - * anything other than NONE or SYSTEM, which indicates that the admin has - * configured the account for purely AUTH1-type authentication. - * - * Since authenticate() doesn't check AUTH1, and sshd can't sanely support - * AUTH1 itself, in such a case authenticate() will allow access without - * authentation, which is almost certainly not what the admin intends. - * - * (The native tools, eg login, will process the AUTH1 list in addition to - * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods - * have been deprecated since AIX 4.2.x and would be very difficult for sshd - * to support. - * - * Returns 0 if an unsupportable combination is found, 1 otherwise. - */ -static int -aix_valid_authentications(const char *user) -{ - char *auth1, *sys, *p; - int valid = 1; - - if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { - logit("Can't retrieve attribute SYSTEM for %s: %.100s", - user, strerror(errno)); - return 0; - } - - debug3("AIX SYSTEM attribute %s", sys); - if (strcmp(sys, "NONE") != 0) - return 1; /* not "NONE", so is OK */ - - if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { - logit("Can't retrieve attribute auth1 for %s: %.100s", - user, strerror(errno)); - return 0; - } - - p = auth1; - /* A SEC_LIST is concatenated strings, ending with two NULs. */ - while (p[0] != '\0' && p[1] != '\0') { - debug3("AIX auth1 attribute list member %s", p); - if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) { - logit("Account %s has unsupported auth1 value '%s'", - user, p); - valid = 0; - } - p += strlen(p) + 1; - } - - return (valid); -} - -/* - * Do authentication via AIX's authenticate routine. We loop until the - * reenter parameter is 0, but normally authenticate is called only once. - * - * Note: this function returns 1 on success, whereas AIX's authenticate() - * returns 0. - */ -int -sys_auth_passwd(struct ssh *ssh, const char *password) -{ - Authctxt *ctxt = ssh->authctxt; - char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name; - int r, authsuccess = 0, expired, reenter, result; - - do { - result = authenticate((char *)name, (char *)password, &reenter, - &authmsg); - aix_remove_embedded_newlines(authmsg); - debug3("AIX/authenticate result %d, authmsg %.100s", result, - authmsg); - } while (reenter); - - if (!aix_valid_authentications(name)) - result = -1; - - if (result == 0) { - authsuccess = 1; - - /* - * Record successful login. We don't have a pty yet, so just - * label the line as "ssh" - */ - aix_setauthdb(name); - - /* - * Check if the user's password is expired. - */ - expired = passwdexpired(name, &msg); - if (msg && *msg) { - if ((r = sshbuf_put(ctxt->loginmsg, - msg, strlen(msg))) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - aix_remove_embedded_newlines(msg); - } - debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); - - switch (expired) { - case 0: /* password not expired */ - break; - case 1: /* expired, password change required */ - ctxt->force_pwchange = 1; - break; - default: /* user can't change(2) or other error (-1) */ - logit("Password can't be changed for user %s: %.100s", - name, msg); - free(msg); - authsuccess = 0; - } - - aix_restoreauthdb(); - } - - free(authmsg); - - return authsuccess; -} - -/* - * Check if specified account is permitted to log in. - * Returns 1 if login is allowed, 0 if not allowed. - */ -int -sys_auth_allowed_user(struct passwd *pw, struct sshbuf *loginmsg) -{ - char *msg = NULL; - int r, result, permitted = 0; - struct stat st; - - /* - * Don't perform checks for root account (PermitRootLogin controls - * logins via ssh) or if running as non-root user (since - * loginrestrictions will always fail due to insufficient privilege). - */ - if (pw->pw_uid == 0 || geteuid() != 0) { - debug3("%s: not checking", __func__); - return 1; - } - - result = loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg); - if (result == 0) - permitted = 1; - /* - * If restricted because /etc/nologin exists, the login will be denied - * in session.c after the nologin message is sent, so allow for now - * and do not append the returned message. - */ - if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) - permitted = 1; - else if (msg != NULL) { - if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - } - if (msg == NULL) - msg = xstrdup("(none)"); - aix_remove_embedded_newlines(msg); - debug3("AIX/loginrestrictions returned %d msg %.100s", result, msg); - - if (!permitted) - logit("Login restricted for %s: %.100s", pw->pw_name, msg); - free(msg); - return permitted; -} - -int -sys_auth_record_login(const char *user, const char *host, const char *ttynm, - struct sshbuf *loginmsg) -{ - char *msg = NULL; - int success = 0; - - aix_setauthdb(user); - if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { - success = 1; - if (msg != NULL) { - debug("AIX/loginsuccess: msg %s", msg); - if (lastlogin_msg == NULL) - lastlogin_msg = msg; - } - } - aix_restoreauthdb(); - return (success); -} - -char * -sys_auth_get_lastlogin_msg(const char *user, uid_t uid) -{ - char *msg = lastlogin_msg; - - lastlogin_msg = NULL; - return msg; -} - -# ifdef CUSTOM_FAILED_LOGIN -/* - * record_failed_login: generic "login failed" interface function - */ -void -record_failed_login(const char *user, const char *hostname, const char *ttyname) -{ - if (geteuid() != 0) - return; - - aix_setauthdb(user); -# ifdef AIX_LOGINFAILED_4ARG - loginfailed((char *)user, (char *)hostname, (char *)ttyname, - AUDIT_FAIL_AUTH); -# else - loginfailed((char *)user, (char *)hostname, (char *)ttyname); -# endif - aix_restoreauthdb(); -} -# endif /* CUSTOM_FAILED_LOGIN */ - -/* - * If we have setauthdb, retrieve the password registry for the user's - * account then feed it to setauthdb. This will mean that subsequent AIX auth - * functions will only use the specified loadable module. If we don't have - * setauthdb this is a no-op. - */ -void -aix_setauthdb(const char *user) -{ -# ifdef HAVE_SETAUTHDB - char *registry; - - if (setuserdb(S_READ) == -1) { - debug3("%s: Could not open userdb to read", __func__); - return; - } - - if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { - if (setauthdb(registry, old_registry) == 0) - debug3("AIX/setauthdb set registry '%s'", registry); - else - debug3("AIX/setauthdb set registry '%s' failed: %s", - registry, strerror(errno)); - } else - debug3("%s: Could not read S_REGISTRY for user: %s", __func__, - strerror(errno)); - enduserdb(); -# endif /* HAVE_SETAUTHDB */ -} - -/* - * Restore the user's registry settings from old_registry. - * Note that if the first aix_setauthdb fails, setauthdb("") is still safe - * (it restores the system default behaviour). If we don't have setauthdb, - * this is a no-op. - */ -void -aix_restoreauthdb(void) -{ -# ifdef HAVE_SETAUTHDB - if (setauthdb(old_registry, NULL) == 0) - debug3("%s: restoring old registry '%s'", __func__, - old_registry); - else - debug3("%s: failed to restore old registry %s", __func__, - old_registry); -# endif /* HAVE_SETAUTHDB */ -} - -# endif /* WITH_AIXAUTHENTICATE */ - -# ifdef USE_AIX_KRB_NAME -/* - * aix_krb5_get_principal_name: returns the user's kerberos client principal name if - * configured, otherwise NULL. Caller must free returned string. - */ -char * -aix_krb5_get_principal_name(char *pw_name) -{ - char *authname = NULL, *authdomain = NULL, *principal = NULL; - - setuserdb(S_READ); - if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0) - debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno)); - if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0) - debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno)); - - if (authdomain != NULL) - xasprintf(&principal, "%s@%s", authname ? authname : pw_name, authdomain); - else if (authname != NULL) - principal = xstrdup(authname); - enduserdb(); - return principal; -} -# endif /* USE_AIX_KRB_NAME */ - -# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) -# undef getnameinfo -/* - * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros - * IPv6 address into its textual representation ("::"), so we wrap it - * with a function that will. - */ -int -sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, - size_t hostlen, char *serv, size_t servlen, int flags) -{ - struct sockaddr_in6 *sa6; - u_int32_t *a6; - - if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && - sa->sa_family == AF_INET6) { - sa6 = (struct sockaddr_in6 *)sa; - a6 = sa6->sin6_addr.u6_addr.u6_addr32; - - if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { - strlcpy(host, "::", hostlen); - snprintf(serv, servlen, "%d", sa6->sin6_port); - return 0; - } - } - return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); -} -# endif /* AIX_GETNAMEINFO_HACK */ - -# if defined(USE_GETGRSET) -# include -int -getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt) -{ - char *cp, *grplist, *grp; - gid_t gid; - int ret = 0, ngroups = 0, maxgroups; - long l; - - maxgroups = *grpcnt; - - if ((cp = grplist = getgrset(user)) == NULL) - return -1; - - /* handle zero-length case */ - if (maxgroups <= 0) { - *grpcnt = 0; - return -1; - } - - /* copy primary group */ - groups[ngroups++] = pgid; - - /* copy each entry from getgrset into group list */ - while ((grp = strsep(&grplist, ",")) != NULL) { - l = strtol(grp, NULL, 10); - if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) { - ret = -1; - goto out; - } - gid = (gid_t)l; - if (gid == pgid) - continue; /* we have already added primary gid */ - groups[ngroups++] = gid; - } -out: - free(cp); - *grpcnt = ngroups; - return ret; -} -# endif /* USE_GETGRSET */ - -#endif /* _AIX */ diff --git a/ssh_keygen_110/openbsd-compat/port-aix.h b/ssh_keygen_110/openbsd-compat/port-aix.h deleted file mode 100644 index 748c0e4e..00000000 --- a/ssh_keygen_110/openbsd-compat/port-aix.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * - * Copyright (c) 2001 Gert Doering. All rights reserved. - * Copyright (c) 2004,2005,2006 Darren Tucker. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifdef _AIX - -#ifdef HAVE_SYS_SOCKET_H -# include -#endif - -struct sshbuf; - -/* These should be in the system headers but are not. */ -int usrinfo(int, char *, int); -#if defined(HAVE_DECL_SETAUTHDB) && (HAVE_DECL_SETAUTHDB == 0) -int setauthdb(const char *, char *); -#endif -/* these may or may not be in the headers depending on the version */ -#if defined(HAVE_DECL_AUTHENTICATE) && (HAVE_DECL_AUTHENTICATE == 0) -int authenticate(char *, char *, int *, char **); -#endif -#if defined(HAVE_DECL_LOGINFAILED) && (HAVE_DECL_LOGINFAILED == 0) -int loginfailed(char *, char *, char *); -#endif -#if defined(HAVE_DECL_LOGINRESTRICTIONS) && (HAVE_DECL_LOGINRESTRICTIONS == 0) -int loginrestrictions(char *, int, char *, char **); -#endif -#if defined(HAVE_DECL_LOGINSUCCESS) && (HAVE_DECL_LOGINSUCCESS == 0) -int loginsuccess(char *, char *, char *, char **); -#endif -#if defined(HAVE_DECL_PASSWDEXPIRED) && (HAVE_DECL_PASSWDEXPIRED == 0) -int passwdexpired(char *, char **); -#endif - -/* Some versions define r_type in the above headers, which causes a conflict */ -#ifdef r_type -# undef r_type -#endif - -/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */ -#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP) -# define nanosleep(a,b) nsleep(a,b) -#endif - -/* For struct timespec on AIX 4.2.x */ -#ifdef HAVE_SYS_TIMERS_H -# include -#endif - -/* for setpcred and friends */ -#ifdef HAVE_USERSEC_H -# include -#endif - -/* - * According to the setauthdb man page, AIX password registries must be 15 - * chars or less plus terminating NUL. - */ -#ifdef HAVE_SETAUTHDB -# define REGISTRY_SIZE 16 -#endif - -void aix_usrinfo(struct passwd *); - -#ifdef WITH_AIXAUTHENTICATE -# define CUSTOM_SYS_AUTH_PASSWD 1 -# define CUSTOM_SYS_AUTH_ALLOWED_USER 1 -int sys_auth_allowed_user(struct passwd *, struct sshbuf *); -# define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, - const char *, struct sshbuf *); -# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG -char *sys_auth_get_lastlogin_msg(const char *, uid_t); -# define CUSTOM_FAILED_LOGIN 1 -# if defined(S_AUTHDOMAIN) && defined (S_AUTHNAME) -# define USE_AIX_KRB_NAME -char *aix_krb5_get_principal_name(char *); -# endif -#endif - -void aix_setauthdb(const char *); -void aix_restoreauthdb(void); -void aix_remove_embedded_newlines(char *); - -#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO) -# ifdef getnameinfo -# undef getnameinfo -# endif -int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, - char *, size_t, int); -# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) -#endif - -/* - * We use getgrset in preference to multiple getgrent calls for efficiency - * plus it supports NIS and LDAP groups. - */ -#if !defined(HAVE_GETGROUPLIST) && defined(HAVE_GETGRSET) -# define HAVE_GETGROUPLIST -# define USE_GETGRSET -int getgrouplist(const char *, gid_t, gid_t *, int *); -#endif - -#endif /* _AIX */ diff --git a/ssh_keygen_110/openbsd-compat/port-irix.c b/ssh_keygen_110/openbsd-compat/port-irix.c deleted file mode 100644 index 525b0290..00000000 --- a/ssh_keygen_110/openbsd-compat/port-irix.c +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2000 Denis Parker. All rights reserved. - * Copyright (c) 2000 Michael Stone. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#if defined(WITH_IRIX_PROJECT) || \ - defined(WITH_IRIX_JOBS) || \ - defined(WITH_IRIX_ARRAY) - -#include -#include -#include - -#ifdef WITH_IRIX_PROJECT -# include -#endif /* WITH_IRIX_PROJECT */ -#ifdef WITH_IRIX_JOBS -# include -#endif -#ifdef WITH_IRIX_AUDIT -# include -#endif /* WITH_IRIX_AUDIT */ - -void -irix_setusercontext(struct passwd *pw) -{ -#ifdef WITH_IRIX_PROJECT - prid_t projid; -#endif -#ifdef WITH_IRIX_JOBS - jid_t jid = 0; -#elif defined(WITH_IRIX_ARRAY) - int jid = 0; -#endif - -#ifdef WITH_IRIX_JOBS - jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive"); - if (jid == -1) - fatal("Failed to create job container: %.100s", - strerror(errno)); -#endif /* WITH_IRIX_JOBS */ -#ifdef WITH_IRIX_ARRAY - /* initialize array session */ - if (jid == 0 && newarraysess() != 0) - fatal("Failed to set up new array session: %.100s", - strerror(errno)); -#endif /* WITH_IRIX_ARRAY */ -#ifdef WITH_IRIX_PROJECT - /* initialize irix project info */ - if ((projid = getdfltprojuser(pw->pw_name)) == -1) { - debug("Failed to get project id, using projid 0"); - projid = 0; - } - if (setprid(projid)) - fatal("Failed to initialize project %d for %s: %.100s", - (int)projid, pw->pw_name, strerror(errno)); -#endif /* WITH_IRIX_PROJECT */ -#ifdef WITH_IRIX_AUDIT - if (sysconf(_SC_AUDIT)) { - debug("Setting sat id to %d", (int) pw->pw_uid); - if (satsetid(pw->pw_uid)) - debug("error setting satid: %.100s", strerror(errno)); - } -#endif /* WITH_IRIX_AUDIT */ -} - - -#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ diff --git a/ssh_keygen_110/openbsd-compat/port-irix.h b/ssh_keygen_110/openbsd-compat/port-irix.h deleted file mode 100644 index bc8cc44a..00000000 --- a/ssh_keygen_110/openbsd-compat/port-irix.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2000 Denis Parker. All rights reserved. - * Copyright (c) 2000 Michael Stone. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _PORT_IRIX_H -#define _PORT_IRIX_H - -#if defined(WITH_IRIX_PROJECT) || \ - defined(WITH_IRIX_JOBS) || \ - defined(WITH_IRIX_ARRAY) - -void irix_setusercontext(struct passwd *pw); - -#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ - -#endif /* ! _PORT_IRIX_H */ diff --git a/ssh_keygen_110/openbsd-compat/port-linux.c b/ssh_keygen_110/openbsd-compat/port-linux.c deleted file mode 100644 index 62298882..00000000 --- a/ssh_keygen_110/openbsd-compat/port-linux.c +++ /dev/null @@ -1,313 +0,0 @@ -/* - * Copyright (c) 2005 Daniel Walsh - * Copyright (c) 2006 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Linux-specific portability code - just SELinux support at present - */ - -#include "includes.h" - -#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) -#include -#include -#include -#include -#include - -#include "log.h" -#include "xmalloc.h" -#include "port-linux.h" - -#ifdef WITH_SELINUX -#include -#include - -#ifndef SSH_SELINUX_UNCONFINED_TYPE -# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:" -#endif - -/* Wrapper around is_selinux_enabled() to log its return value once only */ -int -ssh_selinux_enabled(void) -{ - static int enabled = -1; - - if (enabled == -1) { - enabled = (is_selinux_enabled() == 1); - debug("SELinux support %s", enabled ? "enabled" : "disabled"); - } - - return (enabled); -} - -/* Return the default security context for the given username */ -static security_context_t -ssh_selinux_getctxbyname(char *pwname) -{ - security_context_t sc = NULL; - char *sename = NULL, *lvl = NULL; - int r; - -#ifdef HAVE_GETSEUSERBYNAME - if (getseuserbyname(pwname, &sename, &lvl) != 0) - return NULL; -#else - sename = pwname; - lvl = NULL; -#endif - -#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL - r = get_default_context_with_level(sename, lvl, NULL, &sc); -#else - r = get_default_context(sename, NULL, &sc); -#endif - - if (r != 0) { - switch (security_getenforce()) { - case -1: - fatal("%s: ssh_selinux_getctxbyname: " - "security_getenforce() failed", __func__); - case 0: - error("%s: Failed to get default SELinux security " - "context for %s", __func__, pwname); - sc = NULL; - break; - default: - fatal("%s: Failed to get default SELinux security " - "context for %s (in enforcing mode)", - __func__, pwname); - } - } - -#ifdef HAVE_GETSEUSERBYNAME - free(sename); - free(lvl); -#endif - - return sc; -} - -/* Set the execution context to the default for the specified user */ -void -ssh_selinux_setup_exec_context(char *pwname) -{ - security_context_t user_ctx = NULL; - - if (!ssh_selinux_enabled()) - return; - - debug3("%s: setting execution context", __func__); - - user_ctx = ssh_selinux_getctxbyname(pwname); - if (setexeccon(user_ctx) != 0) { - switch (security_getenforce()) { - case -1: - fatal("%s: security_getenforce() failed", __func__); - case 0: - error("%s: Failed to set SELinux execution " - "context for %s", __func__, pwname); - break; - default: - fatal("%s: Failed to set SELinux execution context " - "for %s (in enforcing mode)", __func__, pwname); - } - } - if (user_ctx != NULL) - freecon(user_ctx); - - debug3("%s: done", __func__); -} - -/* Set the TTY context for the specified user */ -void -ssh_selinux_setup_pty(char *pwname, const char *tty) -{ - security_context_t new_tty_ctx = NULL; - security_context_t user_ctx = NULL; - security_context_t old_tty_ctx = NULL; - security_class_t chrclass; - - if (!ssh_selinux_enabled()) - return; - - debug3("%s: setting TTY context on %s", __func__, tty); - - user_ctx = ssh_selinux_getctxbyname(pwname); - - /* XXX: should these calls fatal() upon failure in enforcing mode? */ - - if (getfilecon(tty, &old_tty_ctx) == -1) { - error("%s: getfilecon: %s", __func__, strerror(errno)); - goto out; - } - if ((chrclass = string_to_security_class("chr_file")) == 0) { - error("%s: couldn't get security class for chr_file", __func__); - goto out; - } - if (security_compute_relabel(user_ctx, old_tty_ctx, - chrclass, &new_tty_ctx) != 0) { - error("%s: security_compute_relabel: %s", - __func__, strerror(errno)); - goto out; - } - - if (setfilecon(tty, new_tty_ctx) != 0) - error("%s: setfilecon: %s", __func__, strerror(errno)); - out: - if (new_tty_ctx != NULL) - freecon(new_tty_ctx); - if (old_tty_ctx != NULL) - freecon(old_tty_ctx); - if (user_ctx != NULL) - freecon(user_ctx); - debug3("%s: done", __func__); -} - -void -ssh_selinux_change_context(const char *newname) -{ - int len, newlen; - char *oldctx, *newctx, *cx; - void (*switchlog) (const char *fmt,...) = logit; - - if (!ssh_selinux_enabled()) - return; - - if (getcon((security_context_t *)&oldctx) < 0) { - logit("%s: getcon failed with %s", __func__, strerror(errno)); - return; - } - if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == - NULL) { - logit ("%s: unparseable context %s", __func__, oldctx); - return; - } - - /* - * Check whether we are attempting to switch away from an unconfined - * security context. - */ - if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE, - sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) - switchlog = debug3; - - newlen = strlen(oldctx) + strlen(newname) + 1; - newctx = xmalloc(newlen); - len = cx - oldctx + 1; - memcpy(newctx, oldctx, len); - strlcpy(newctx + len, newname, newlen - len); - if ((cx = index(cx + 1, ':'))) - strlcat(newctx, cx, newlen); - debug3("%s: setting context from '%s' to '%s'", __func__, - oldctx, newctx); - if (setcon(newctx) < 0) - switchlog("%s: setcon %s from %s failed with %s", __func__, - newctx, oldctx, strerror(errno)); - free(oldctx); - free(newctx); -} - -void -ssh_selinux_setfscreatecon(const char *path) -{ - security_context_t context; - - if (!ssh_selinux_enabled()) - return; - if (path == NULL) { - setfscreatecon(NULL); - return; - } - if (matchpathcon(path, 0700, &context) == 0) - setfscreatecon(context); -} - -#endif /* WITH_SELINUX */ - -#ifdef LINUX_OOM_ADJUST -/* - * The magic "don't kill me" values, old and new, as documented in eg: - * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt - * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt - */ - -static int oom_adj_save = INT_MIN; -static char *oom_adj_path = NULL; -struct { - char *path; - int value; -} oom_adjust[] = { - {"/proc/self/oom_score_adj", -1000}, /* kernels >= 2.6.36 */ - {"/proc/self/oom_adj", -17}, /* kernels <= 2.6.35 */ - {NULL, 0}, -}; - -/* - * Tell the kernel's out-of-memory killer to avoid sshd. - * Returns the previous oom_adj value or zero. - */ -void -oom_adjust_setup(void) -{ - int i, value; - FILE *fp; - - debug3("%s", __func__); - for (i = 0; oom_adjust[i].path != NULL; i++) { - oom_adj_path = oom_adjust[i].path; - value = oom_adjust[i].value; - if ((fp = fopen(oom_adj_path, "r+")) != NULL) { - if (fscanf(fp, "%d", &oom_adj_save) != 1) - verbose("error reading %s: %s", oom_adj_path, - strerror(errno)); - else { - rewind(fp); - if (fprintf(fp, "%d\n", value) <= 0) - verbose("error writing %s: %s", - oom_adj_path, strerror(errno)); - else - debug("Set %s from %d to %d", - oom_adj_path, oom_adj_save, value); - } - fclose(fp); - return; - } - } - oom_adj_path = NULL; -} - -/* Restore the saved OOM adjustment */ -void -oom_adjust_restore(void) -{ - FILE *fp; - - debug3("%s", __func__); - if (oom_adj_save == INT_MIN || oom_adj_path == NULL || - (fp = fopen(oom_adj_path, "w")) == NULL) - return; - - if (fprintf(fp, "%d\n", oom_adj_save) <= 0) - verbose("error writing %s: %s", oom_adj_path, strerror(errno)); - else - debug("Set %s to %d", oom_adj_path, oom_adj_save); - - fclose(fp); - return; -} -#endif /* LINUX_OOM_ADJUST */ -#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ diff --git a/ssh_keygen_110/openbsd-compat/port-linux.h b/ssh_keygen_110/openbsd-compat/port-linux.h deleted file mode 100644 index 3c22a854..00000000 --- a/ssh_keygen_110/openbsd-compat/port-linux.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (c) 2006 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _PORT_LINUX_H -#define _PORT_LINUX_H - -#ifdef WITH_SELINUX -int ssh_selinux_enabled(void); -void ssh_selinux_setup_pty(char *, const char *); -void ssh_selinux_setup_exec_context(char *); -void ssh_selinux_change_context(const char *); -void ssh_selinux_setfscreatecon(const char *); -#endif - -#ifdef LINUX_OOM_ADJUST -void oom_adjust_restore(void); -void oom_adjust_setup(void); -#endif - -#endif /* ! _PORT_LINUX_H */ diff --git a/ssh_keygen_110/openbsd-compat/port-net.h b/ssh_keygen_110/openbsd-compat/port-net.h deleted file mode 100644 index 3a0d1104..00000000 --- a/ssh_keygen_110/openbsd-compat/port-net.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2005 Reyk Floeter - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _PORT_TUN_H -#define _PORT_TUN_H - -struct Channel; -struct ssh; - -#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) -# define CUSTOM_SYS_TUN_OPEN -int sys_tun_open(int, int, char **); -#endif - -#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) -# define SSH_TUN_FILTER -int sys_tun_infilter(struct ssh *, struct Channel *, char *, int); -u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); -#endif - -#if defined(SYS_RDOMAIN_LINUX) -# define HAVE_SYS_GET_RDOMAIN -# define HAVE_SYS_SET_RDOMAIN -# define HAVE_SYS_VALID_RDOMAIN -char *sys_get_rdomain(int fd); -int sys_set_rdomain(int fd, const char *name); -int sys_valid_rdomain(const char *name); -#endif - -#if defined(SYS_RDOMAIN_XXX) -# define HAVE_SYS_SET_PROCESS_RDOMAIN -void sys_set_process_rdomain(const char *name); -#endif - -#endif diff --git a/ssh_keygen_110/openbsd-compat/port-solaris.c b/ssh_keygen_110/openbsd-compat/port-solaris.c deleted file mode 100644 index 0e89dc32..00000000 --- a/ssh_keygen_110/openbsd-compat/port-solaris.c +++ /dev/null @@ -1,363 +0,0 @@ -/* - * Copyright (c) 2006 Chad Mynhier. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "config.h" -#include "includes.h" - -#ifdef USE_SOLARIS_PROCESS_CONTRACTS - -#include -#include -#include - -#include -#ifdef HAVE_FCNTL_H -# include -#endif -#include -#include -#include - -#include -#include -#include - -#include "log.h" - -#define CT_TEMPLATE CTFS_ROOT "/process/template" -#define CT_LATEST CTFS_ROOT "/process/latest" - -static int tmpl_fd = -1; - -/* Lookup the latest process contract */ -static ctid_t -get_active_process_contract_id(void) -{ - int stat_fd; - ctid_t ctid = -1; - ct_stathdl_t stathdl; - - if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) { - error("%s: Error opening 'latest' process " - "contract: %s", __func__, strerror(errno)); - return -1; - } - if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) { - error("%s: Error reading process contract " - "status: %s", __func__, strerror(errno)); - goto out; - } - if ((ctid = ct_status_get_id(stathdl)) < 0) { - error("%s: Error getting process contract id: %s", - __func__, strerror(errno)); - goto out; - } - - ct_status_free(stathdl); - out: - close(stat_fd); - return ctid; -} - -void -solaris_contract_pre_fork(void) -{ - if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) { - error("%s: open %s: %s", __func__, - CT_TEMPLATE, strerror(errno)); - return; - } - - debug2("%s: setting up process contract template on fd %d", - __func__, tmpl_fd); - - /* First we set the template parameters and event sets. */ - if (ct_pr_tmpl_set_param(tmpl_fd, CT_PR_PGRPONLY) != 0) { - error("%s: Error setting process contract parameter set " - "(pgrponly): %s", __func__, strerror(errno)); - goto fail; - } - if (ct_pr_tmpl_set_fatal(tmpl_fd, CT_PR_EV_HWERR) != 0) { - error("%s: Error setting process contract template " - "fatal events: %s", __func__, strerror(errno)); - goto fail; - } - if (ct_tmpl_set_critical(tmpl_fd, 0) != 0) { - error("%s: Error setting process contract template " - "critical events: %s", __func__, strerror(errno)); - goto fail; - } - if (ct_tmpl_set_informative(tmpl_fd, CT_PR_EV_HWERR) != 0) { - error("%s: Error setting process contract template " - "informative events: %s", __func__, strerror(errno)); - goto fail; - } - - /* Now make this the active template for this process. */ - if (ct_tmpl_activate(tmpl_fd) != 0) { - error("%s: Error activating process contract " - "template: %s", __func__, strerror(errno)); - goto fail; - } - return; - - fail: - if (tmpl_fd != -1) { - close(tmpl_fd); - tmpl_fd = -1; - } -} - -void -solaris_contract_post_fork_child() -{ - debug2("%s: clearing process contract template on fd %d", - __func__, tmpl_fd); - - /* Clear the active template. */ - if (ct_tmpl_clear(tmpl_fd) != 0) - error("%s: Error clearing active process contract " - "template: %s", __func__, strerror(errno)); - - close(tmpl_fd); - tmpl_fd = -1; -} - -void -solaris_contract_post_fork_parent(pid_t pid) -{ - ctid_t ctid; - char ctl_path[256]; - int r, ctl_fd = -1, stat_fd = -1; - - debug2("%s: clearing template (fd %d)", __func__, tmpl_fd); - - if (tmpl_fd == -1) - return; - - /* First clear the active template. */ - if ((r = ct_tmpl_clear(tmpl_fd)) != 0) - error("%s: Error clearing active process contract " - "template: %s", __func__, strerror(errno)); - - close(tmpl_fd); - tmpl_fd = -1; - - /* - * If either the fork didn't succeed (pid < 0), or clearing - * th active contract failed (r != 0), then we have nothing - * more do. - */ - if (r != 0 || pid <= 0) - return; - - /* Now lookup and abandon the contract we've created. */ - ctid = get_active_process_contract_id(); - - debug2("%s: abandoning contract id %ld", __func__, ctid); - - snprintf(ctl_path, sizeof(ctl_path), - CTFS_ROOT "/process/%ld/ctl", ctid); - if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) { - error("%s: Error opening process contract " - "ctl file: %s", __func__, strerror(errno)); - goto fail; - } - if (ct_ctl_abandon(ctl_fd) < 0) { - error("%s: Error abandoning process contract: %s", - __func__, strerror(errno)); - goto fail; - } - close(ctl_fd); - return; - - fail: - if (tmpl_fd != -1) { - close(tmpl_fd); - tmpl_fd = -1; - } - if (stat_fd != -1) - close(stat_fd); - if (ctl_fd != -1) - close(ctl_fd); -} -#endif - -#ifdef USE_SOLARIS_PROJECTS -#include -#include - -/* - * Get/set solaris default project. - * If we fail, just run along gracefully. - */ -void -solaris_set_default_project(struct passwd *pw) -{ - struct project *defaultproject; - struct project tempproject; - char buf[1024]; - - /* get default project, if we fail just return gracefully */ - if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, - sizeof(buf))) != NULL) { - /* set default project */ - if (setproject(defaultproject->pj_name, pw->pw_name, - TASK_NORMAL) != 0) - debug("setproject(%s): %s", defaultproject->pj_name, - strerror(errno)); - } else { - /* debug on getdefaultproj() error */ - debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno)); - } -} -#endif /* USE_SOLARIS_PROJECTS */ - -#ifdef USE_SOLARIS_PRIVS -# ifdef HAVE_PRIV_H -# include -# endif - -priv_set_t * -solaris_basic_privset(void) -{ - priv_set_t *pset; - -#ifdef HAVE_PRIV_BASICSET - if ((pset = priv_allocset()) == NULL) { - error("priv_allocset: %s", strerror(errno)); - return NULL; - } - priv_basicset(pset); -#else - if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL) { - error("priv_str_to_set: %s", strerror(errno)); - return NULL; - } -#endif - return pset; -} - -void -solaris_drop_privs_pinfo_net_fork_exec(void) -{ - priv_set_t *pset = NULL, *npset = NULL; - - /* - * Note: this variant avoids dropping DAC filesystem rights, in case - * the process calling it is running as root and should have the - * ability to read/write/chown any file on the system. - * - * We start with the basic set, then *add* the DAC rights to it while - * taking away other parts of BASIC we don't need. Then we intersect - * this with our existing PERMITTED set. In this way we keep any - * DAC rights we had before, while otherwise reducing ourselves to - * the minimum set of privileges we need to proceed. - * - * This also means we drop any other parts of "root" that we don't - * need (e.g. the ability to kill any process, create new device nodes - * etc etc). - */ - - if ((pset = priv_allocset()) == NULL) - fatal("priv_allocset: %s", strerror(errno)); - if ((npset = solaris_basic_privset()) == NULL) - fatal("solaris_basic_privset: %s", strerror(errno)); - - if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || - priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || - priv_addset(npset, PRIV_FILE_DAC_SEARCH) != 0 || - priv_addset(npset, PRIV_FILE_DAC_WRITE) != 0 || - priv_addset(npset, PRIV_FILE_OWNER) != 0) - fatal("priv_addset: %s", strerror(errno)); - - if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 || -#ifdef PRIV_NET_ACCESS - priv_delset(npset, PRIV_NET_ACCESS) != 0 || -#endif - priv_delset(npset, PRIV_PROC_EXEC) != 0 || - priv_delset(npset, PRIV_PROC_FORK) != 0 || - priv_delset(npset, PRIV_PROC_INFO) != 0 || - priv_delset(npset, PRIV_PROC_SESSION) != 0) - fatal("priv_delset: %s", strerror(errno)); - - if (getppriv(PRIV_PERMITTED, pset) != 0) - fatal("getppriv: %s", strerror(errno)); - - priv_intersect(pset, npset); - - if (setppriv(PRIV_SET, PRIV_PERMITTED, npset) != 0 || - setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0 || - setppriv(PRIV_SET, PRIV_INHERITABLE, npset) != 0) - fatal("setppriv: %s", strerror(errno)); - - priv_freeset(pset); - priv_freeset(npset); -} - -void -solaris_drop_privs_root_pinfo_net(void) -{ - priv_set_t *pset = NULL; - - /* Start with "basic" and drop everything we don't need. */ - if ((pset = solaris_basic_privset()) == NULL) - fatal("solaris_basic_privset: %s", strerror(errno)); - - if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || -#ifdef PRIV_NET_ACCESS - priv_delset(pset, PRIV_NET_ACCESS) != 0 || -#endif - priv_delset(pset, PRIV_PROC_INFO) != 0 || - priv_delset(pset, PRIV_PROC_SESSION) != 0) - fatal("priv_delset: %s", strerror(errno)); - - if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || - setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || - setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) - fatal("setppriv: %s", strerror(errno)); - - priv_freeset(pset); -} - -void -solaris_drop_privs_root_pinfo_net_exec(void) -{ - priv_set_t *pset = NULL; - - - /* Start with "basic" and drop everything we don't need. */ - if ((pset = solaris_basic_privset()) == NULL) - fatal("solaris_basic_privset: %s", strerror(errno)); - - if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || -#ifdef PRIV_NET_ACCESS - priv_delset(pset, PRIV_NET_ACCESS) != 0 || -#endif - priv_delset(pset, PRIV_PROC_EXEC) != 0 || - priv_delset(pset, PRIV_PROC_INFO) != 0 || - priv_delset(pset, PRIV_PROC_SESSION) != 0) - fatal("priv_delset: %s", strerror(errno)); - - if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || - setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || - setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) - fatal("setppriv: %s", strerror(errno)); - - priv_freeset(pset); -} - -#endif diff --git a/ssh_keygen_110/openbsd-compat/port-solaris.h b/ssh_keygen_110/openbsd-compat/port-solaris.h deleted file mode 100644 index dde1a5b8..00000000 --- a/ssh_keygen_110/openbsd-compat/port-solaris.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2006 Chad Mynhier. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _PORT_SOLARIS_H - -#include - -#include - -void solaris_contract_pre_fork(void); -void solaris_contract_post_fork_child(void); -void solaris_contract_post_fork_parent(pid_t pid); -void solaris_set_default_project(struct passwd *); -# ifdef USE_SOLARIS_PRIVS -#include -priv_set_t *solaris_basic_privset(void); -void solaris_drop_privs_pinfo_net_fork_exec(void); -void solaris_drop_privs_root_pinfo_net(void); -void solaris_drop_privs_root_pinfo_net_exec(void); -# endif /* USE_SOLARIS_PRIVS */ - -#endif diff --git a/ssh_keygen_110/openbsd-compat/port-uw.c b/ssh_keygen_110/openbsd-compat/port-uw.c deleted file mode 100644 index 13221313..00000000 --- a/ssh_keygen_110/openbsd-compat/port-uw.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright (c) 2005 The SCO Group. All rights reserved. - * Copyright (c) 2005 Tim Rice. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#if defined(HAVE_LIBIAF) && !defined(HAVE_SECUREWARE) -#include -#ifdef HAVE_CRYPT_H -# include -#endif -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "packet.h" -#include "auth-options.h" -#include "log.h" -#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */ -#include "servconf.h" -#include "hostfile.h" -#include "auth.h" -#include "ssh.h" -#include "ssh_api.h" - -int nischeck(char *); - -int -sys_auth_passwd(struct ssh *ssh, const char *password) -{ - Authctxt *authctxt = ssh->authctxt; - struct passwd *pw = authctxt->pw; - char *salt; - int result; - - /* Just use the supplied fake password if authctxt is invalid */ - char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; - - if (pw_password == NULL) - return 0; - - /* Check for users with no password. */ - if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) - return (1); - - /* Encrypt the candidate password using the proper salt. */ - salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; - - /* - * Authentication is accepted if the encrypted passwords - * are identical. - */ -#ifdef UNIXWARE_LONG_PASSWORDS - if (!nischeck(pw->pw_name)) { - result = ((strcmp(bigcrypt(password, salt), pw_password) == 0) - || (strcmp(osr5bigcrypt(password, salt), pw_password) == 0)); - } - else -#endif /* UNIXWARE_LONG_PASSWORDS */ - result = (strcmp(xcrypt(password, salt), pw_password) == 0); - -#ifdef USE_LIBIAF - if (authctxt->valid) - free(pw_password); -#endif - return(result); -} - -#ifdef UNIXWARE_LONG_PASSWORDS -int -nischeck(char *namep) -{ - char password_file[] = "/etc/passwd"; - FILE *fd; - struct passwd *ent = NULL; - - if ((fd = fopen (password_file, "r")) == NULL) { - /* - * If the passwd file has disappeared we are in a bad state. - * However, returning 0 will send us back through the - * authentication scheme that has checked the ia database for - * passwords earlier. - */ - return(0); - } - - /* - * fgetpwent() only reads from password file, so we know for certain - * that the user is local. - */ - while (ent = fgetpwent(fd)) { - if (strcmp (ent->pw_name, namep) == 0) { - /* Local user */ - fclose (fd); - return(0); - } - } - - fclose (fd); - return (1); -} - -#endif /* UNIXWARE_LONG_PASSWORDS */ - -/* - NOTE: ia_get_logpwd() allocates memory for arg 2 - functions that call shadow_pw() will need to free - */ - -#ifdef USE_LIBIAF -char * -get_iaf_password(struct passwd *pw) -{ - char *pw_password = NULL; - - uinfo_t uinfo; - if (!ia_openinfo(pw->pw_name,&uinfo)) { - ia_get_logpwd(uinfo, &pw_password); - if (pw_password == NULL) - fatal("ia_get_logpwd: Unable to get the shadow passwd"); - ia_closeinfo(uinfo); - return pw_password; - } - else - fatal("ia_openinfo: Unable to open the shadow passwd file"); -} -#endif /* USE_LIBIAF */ -#endif /* HAVE_LIBIAF and not HAVE_SECUREWARE */ - diff --git a/ssh_keygen_110/openbsd-compat/port-uw.h b/ssh_keygen_110/openbsd-compat/port-uw.h deleted file mode 100644 index 263d8b5a..00000000 --- a/ssh_keygen_110/openbsd-compat/port-uw.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) 2005 Tim Rice. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef USE_LIBIAF -char * get_iaf_password(struct passwd *pw); -#endif - diff --git a/ssh_keygen_110/openbsd-compat/pwcache.c b/ssh_keygen_110/openbsd-compat/pwcache.c deleted file mode 100644 index 5a8b7880..00000000 --- a/ssh_keygen_110/openbsd-compat/pwcache.c +++ /dev/null @@ -1,114 +0,0 @@ -/* $OpenBSD: pwcache.c,v 1.9 2005/08/08 08:05:34 espie Exp $ */ -/* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/pwcache.c */ - -#include "includes.h" - -#include - -#include -#include -#include -#include -#include - -#define NCACHE 64 /* power of 2 */ -#define MASK (NCACHE - 1) /* bits to store with */ - -#ifndef HAVE_USER_FROM_UID -char * -user_from_uid(uid_t uid, int nouser) -{ - static struct ncache { - uid_t uid; - char *name; - } c_uid[NCACHE]; - static int pwopen; - static char nbuf[15]; /* 32 bits == 10 digits */ - struct passwd *pw; - struct ncache *cp; - - cp = c_uid + (uid & MASK); - if (cp->uid != uid || cp->name == NULL) { - if (pwopen == 0) { -#ifdef HAVE_SETPASSENT - setpassent(1); -#endif - pwopen = 1; - } - if ((pw = getpwuid(uid)) == NULL) { - if (nouser) - return (NULL); - (void)snprintf(nbuf, sizeof(nbuf), "%u", uid); - } - cp->uid = uid; - if (cp->name != NULL) - free(cp->name); - cp->name = strdup(pw ? pw->pw_name : nbuf); - } - return (cp->name); -} -#endif - -#ifndef HAVE_GROUP_FROM_GID -char * -group_from_gid(gid_t gid, int nogroup) -{ - static struct ncache { - gid_t gid; - char *name; - } c_gid[NCACHE]; - static int gropen; - static char nbuf[15]; /* 32 bits == 10 digits */ - struct group *gr; - struct ncache *cp; - - cp = c_gid + (gid & MASK); - if (cp->gid != gid || cp->name == NULL) { - if (gropen == 0) { -#ifdef HAVE_SETGROUPENT - setgroupent(1); -#endif - gropen = 1; - } - if ((gr = getgrgid(gid)) == NULL) { - if (nogroup) - return (NULL); - (void)snprintf(nbuf, sizeof(nbuf), "%u", gid); - } - cp->gid = gid; - if (cp->name != NULL) - free(cp->name); - cp->name = strdup(gr ? gr->gr_name : nbuf); - } - return (cp->name); -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/readpassphrase.c b/ssh_keygen_110/openbsd-compat/readpassphrase.c deleted file mode 100644 index ff8ff3de..00000000 --- a/ssh_keygen_110/openbsd-compat/readpassphrase.c +++ /dev/null @@ -1,211 +0,0 @@ -/* $OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $ */ - -/* - * Copyright (c) 2000-2002, 2007, 2010 - * Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Sponsored in part by the Defense Advanced Research Projects - * Agency (DARPA) and Air Force Research Laboratory, Air Force - * Materiel Command, USAF, under agreement number F39502-99-1-0512. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */ - -#include "includes.h" - -#ifndef HAVE_READPASSPHRASE - -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef TCSASOFT -/* If we don't have TCSASOFT define it so that ORing it it below is a no-op. */ -# define TCSASOFT 0 -#endif - -/* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */ -#if !defined(_POSIX_VDISABLE) && defined(VDISABLE) -# define _POSIX_VDISABLE VDISABLE -#endif - -static volatile sig_atomic_t signo[_NSIG]; - -static void handler(int); - -char * -readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) -{ - ssize_t nr; - int input, output, save_errno, i, need_restart; - char ch, *p, *end; - struct termios term, oterm; - struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm; - struct sigaction savetstp, savettin, savettou, savepipe; - - /* I suppose we could alloc on demand in this case (XXX). */ - if (bufsiz == 0) { - errno = EINVAL; - return(NULL); - } - -restart: - for (i = 0; i < _NSIG; i++) - signo[i] = 0; - nr = -1; - save_errno = 0; - need_restart = 0; - /* - * Read and write to /dev/tty if available. If not, read from - * stdin and write to stderr unless a tty is required. - */ - if ((flags & RPP_STDIN) || - (input = output = open(_PATH_TTY, O_RDWR)) == -1) { - if (flags & RPP_REQUIRE_TTY) { - errno = ENOTTY; - return(NULL); - } - input = STDIN_FILENO; - output = STDERR_FILENO; - } - - /* - * Turn off echo if possible. - * If we are using a tty but are not the foreground pgrp this will - * generate SIGTTOU, so do it *before* installing the signal handlers. - */ - if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) { - memcpy(&term, &oterm, sizeof(term)); - if (!(flags & RPP_ECHO_ON)) - term.c_lflag &= ~(ECHO | ECHONL); -#ifdef VSTATUS - if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) - term.c_cc[VSTATUS] = _POSIX_VDISABLE; -#endif - (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); - } else { - memset(&term, 0, sizeof(term)); - term.c_lflag |= ECHO; - memset(&oterm, 0, sizeof(oterm)); - oterm.c_lflag |= ECHO; - } - - /* - * Catch signals that would otherwise cause the user to end - * up with echo turned off in the shell. Don't worry about - * things like SIGXCPU and SIGVTALRM for now. - */ - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; /* don't restart system calls */ - sa.sa_handler = handler; - (void)sigaction(SIGALRM, &sa, &savealrm); - (void)sigaction(SIGHUP, &sa, &savehup); - (void)sigaction(SIGINT, &sa, &saveint); - (void)sigaction(SIGPIPE, &sa, &savepipe); - (void)sigaction(SIGQUIT, &sa, &savequit); - (void)sigaction(SIGTERM, &sa, &saveterm); - (void)sigaction(SIGTSTP, &sa, &savetstp); - (void)sigaction(SIGTTIN, &sa, &savettin); - (void)sigaction(SIGTTOU, &sa, &savettou); - - if (!(flags & RPP_STDIN)) - (void)write(output, prompt, strlen(prompt)); - end = buf + bufsiz - 1; - p = buf; - while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') { - if (p < end) { - if ((flags & RPP_SEVENBIT)) - ch &= 0x7f; - if (isalpha((unsigned char)ch)) { - if ((flags & RPP_FORCELOWER)) - ch = (char)tolower((unsigned char)ch); - if ((flags & RPP_FORCEUPPER)) - ch = (char)toupper((unsigned char)ch); - } - *p++ = ch; - } - } - *p = '\0'; - save_errno = errno; - if (!(term.c_lflag & ECHO)) - (void)write(output, "\n", 1); - - /* Restore old terminal settings and signals. */ - if (memcmp(&term, &oterm, sizeof(term)) != 0) { - const int sigttou = signo[SIGTTOU]; - - /* Ignore SIGTTOU generated when we are not the fg pgrp. */ - while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 && - errno == EINTR && !signo[SIGTTOU]) - continue; - signo[SIGTTOU] = sigttou; - } - (void)sigaction(SIGALRM, &savealrm, NULL); - (void)sigaction(SIGHUP, &savehup, NULL); - (void)sigaction(SIGINT, &saveint, NULL); - (void)sigaction(SIGQUIT, &savequit, NULL); - (void)sigaction(SIGPIPE, &savepipe, NULL); - (void)sigaction(SIGTERM, &saveterm, NULL); - (void)sigaction(SIGTSTP, &savetstp, NULL); - (void)sigaction(SIGTTIN, &savettin, NULL); - (void)sigaction(SIGTTOU, &savettou, NULL); - if (input != STDIN_FILENO) - (void)close(input); - - /* - * If we were interrupted by a signal, resend it to ourselves - * now that we have restored the signal handlers. - */ - for (i = 0; i < _NSIG; i++) { - if (signo[i]) { - kill(getpid(), i); - switch (i) { - case SIGTSTP: - case SIGTTIN: - case SIGTTOU: - need_restart = 1; - } - } - } - if (need_restart) - goto restart; - - if (save_errno) - errno = save_errno; - return(nr == -1 ? NULL : buf); -} -DEF_WEAK(readpassphrase); - -#if 0 -char * -getpass(const char *prompt) -{ - static char buf[_PASSWORD_LEN + 1]; - - return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF)); -} -#endif - -static void handler(int s) -{ - - signo[s] = 1; -} -#endif /* HAVE_READPASSPHRASE */ diff --git a/ssh_keygen_110/openbsd-compat/readpassphrase.h b/ssh_keygen_110/openbsd-compat/readpassphrase.h deleted file mode 100644 index 5fd7c5d7..00000000 --- a/ssh_keygen_110/openbsd-compat/readpassphrase.h +++ /dev/null @@ -1,44 +0,0 @@ -/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */ - -/* - * Copyright (c) 2000, 2002 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Sponsored in part by the Defense Advanced Research Projects - * Agency (DARPA) and Air Force Research Laboratory, Air Force - * Materiel Command, USAF, under agreement number F39502-99-1-0512. - */ - -/* OPENBSD ORIGINAL: include/readpassphrase.h */ - -#ifndef _READPASSPHRASE_H_ -#define _READPASSPHRASE_H_ - -#include "includes.h" - -#ifndef HAVE_READPASSPHRASE - -#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */ -#define RPP_ECHO_ON 0x01 /* Leave echo on. */ -#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */ -#define RPP_FORCELOWER 0x04 /* Force input to lower case. */ -#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ -#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ -#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */ - -char * readpassphrase(const char *, char *, size_t, int); - -#endif /* HAVE_READPASSPHRASE */ - -#endif /* !_READPASSPHRASE_H_ */ diff --git a/ssh_keygen_110/openbsd-compat/reallocarray.c b/ssh_keygen_110/openbsd-compat/reallocarray.c deleted file mode 100644 index 1a52acc6..00000000 --- a/ssh_keygen_110/openbsd-compat/reallocarray.c +++ /dev/null @@ -1,46 +0,0 @@ -/* $OpenBSD: reallocarray.c,v 1.2 2014/12/08 03:45:00 bcook Exp $ */ -/* - * Copyright (c) 2008 Otto Moerbeek - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/reallocarray.c */ - -#include "includes.h" -#ifndef HAVE_REALLOCARRAY - -#include -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include - -/* - * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX - * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW - */ -#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) - -void * -reallocarray(void *optr, size_t nmemb, size_t size) -{ - if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && - nmemb > 0 && SIZE_MAX / nmemb < size) { - errno = ENOMEM; - return NULL; - } - return realloc(optr, size * nmemb); -} -#endif /* HAVE_REALLOCARRAY */ diff --git a/ssh_keygen_110/openbsd-compat/realpath.c b/ssh_keygen_110/openbsd-compat/realpath.c deleted file mode 100644 index a2f090e5..00000000 --- a/ssh_keygen_110/openbsd-compat/realpath.c +++ /dev/null @@ -1,229 +0,0 @@ -/* $OpenBSD: realpath.c,v 1.20 2015/10/13 20:55:37 millert Exp $ */ -/* - * Copyright (c) 2003 Constantin S. Svintsoff - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ - -#include "includes.h" - -#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#ifndef SYMLOOP_MAX -# define SYMLOOP_MAX 32 -#endif - -/* A slightly modified copy of this file exists in libexec/ld.so */ - -/* - * char *realpath(const char *path, char resolved[PATH_MAX]); - * - * Find the real name of path, by removing all ".", ".." and symlink - * components. Returns (resolved) on success, or (NULL) on failure, - * in which case the path which caused trouble is left in (resolved). - */ -char * -realpath(const char *path, char *resolved) -{ - struct stat sb; - char *p, *q, *s; - size_t left_len, resolved_len; - unsigned symlinks; - int serrno, slen, mem_allocated; - char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; - - if (path[0] == '\0') { - errno = ENOENT; - return (NULL); - } - - serrno = errno; - - if (resolved == NULL) { - resolved = malloc(PATH_MAX); - if (resolved == NULL) - return (NULL); - mem_allocated = 1; - } else - mem_allocated = 0; - - symlinks = 0; - if (path[0] == '/') { - resolved[0] = '/'; - resolved[1] = '\0'; - if (path[1] == '\0') - return (resolved); - resolved_len = 1; - left_len = strlcpy(left, path + 1, sizeof(left)); - } else { - if (getcwd(resolved, PATH_MAX) == NULL) { - if (mem_allocated) - free(resolved); - else - strlcpy(resolved, ".", PATH_MAX); - return (NULL); - } - resolved_len = strlen(resolved); - left_len = strlcpy(left, path, sizeof(left)); - } - if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { - errno = ENAMETOOLONG; - goto err; - } - - /* - * Iterate over path components in `left'. - */ - while (left_len != 0) { - /* - * Extract the next path component and adjust `left' - * and its length. - */ - p = strchr(left, '/'); - s = p ? p : left + left_len; - if (s - left >= (ptrdiff_t)sizeof(next_token)) { - errno = ENAMETOOLONG; - goto err; - } - memcpy(next_token, left, s - left); - next_token[s - left] = '\0'; - left_len -= s - left; - if (p != NULL) - memmove(left, s + 1, left_len + 1); - if (resolved[resolved_len - 1] != '/') { - if (resolved_len + 1 >= PATH_MAX) { - errno = ENAMETOOLONG; - goto err; - } - resolved[resolved_len++] = '/'; - resolved[resolved_len] = '\0'; - } - if (next_token[0] == '\0') - continue; - else if (strcmp(next_token, ".") == 0) - continue; - else if (strcmp(next_token, "..") == 0) { - /* - * Strip the last path component except when we have - * single "/" - */ - if (resolved_len > 1) { - resolved[resolved_len - 1] = '\0'; - q = strrchr(resolved, '/') + 1; - *q = '\0'; - resolved_len = q - resolved; - } - continue; - } - - /* - * Append the next path component and lstat() it. If - * lstat() fails we still can return successfully if - * there are no more path components left. - */ - resolved_len = strlcat(resolved, next_token, PATH_MAX); - if (resolved_len >= PATH_MAX) { - errno = ENAMETOOLONG; - goto err; - } - if (lstat(resolved, &sb) != 0) { - if (errno == ENOENT && p == NULL) { - errno = serrno; - return (resolved); - } - goto err; - } - if (S_ISLNK(sb.st_mode)) { - if (symlinks++ > SYMLOOP_MAX) { - errno = ELOOP; - goto err; - } - slen = readlink(resolved, symlink, sizeof(symlink) - 1); - if (slen < 0) - goto err; - symlink[slen] = '\0'; - if (symlink[0] == '/') { - resolved[1] = 0; - resolved_len = 1; - } else if (resolved_len > 1) { - /* Strip the last path component. */ - resolved[resolved_len - 1] = '\0'; - q = strrchr(resolved, '/') + 1; - *q = '\0'; - resolved_len = q - resolved; - } - - /* - * If there are any path components left, then - * append them to symlink. The result is placed - * in `left'. - */ - if (p != NULL) { - if (symlink[slen - 1] != '/') { - if (slen + 1 >= - (ptrdiff_t)sizeof(symlink)) { - errno = ENAMETOOLONG; - goto err; - } - symlink[slen] = '/'; - symlink[slen + 1] = 0; - } - left_len = strlcat(symlink, left, sizeof(symlink)); - if (left_len >= sizeof(symlink)) { - errno = ENAMETOOLONG; - goto err; - } - } - left_len = strlcpy(left, symlink, sizeof(left)); - } - } - - /* - * Remove trailing slash except when the resolved pathname - * is a single "/". - */ - if (resolved_len > 1 && resolved[resolved_len - 1] == '/') - resolved[resolved_len - 1] = '\0'; - return (resolved); - -err: - if (mem_allocated) - free(resolved); - return (NULL); -} -#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ diff --git a/ssh_keygen_110/openbsd-compat/recallocarray.c b/ssh_keygen_110/openbsd-compat/recallocarray.c deleted file mode 100644 index 3e1156ce..00000000 --- a/ssh_keygen_110/openbsd-compat/recallocarray.c +++ /dev/null @@ -1,90 +0,0 @@ -/* $OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $ */ -/* - * Copyright (c) 2008, 2017 Otto Moerbeek - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/recallocarray.c */ - -#include "includes.h" -#ifndef HAVE_RECALLOCARRAY - -#include -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include -#include - -/* - * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX - * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW - */ -#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) - -void * -recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) -{ - size_t oldsize, newsize; - void *newptr; - - if (ptr == NULL) - return calloc(newnmemb, size); - - if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && - newnmemb > 0 && SIZE_MAX / newnmemb < size) { - errno = ENOMEM; - return NULL; - } - newsize = newnmemb * size; - - if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && - oldnmemb > 0 && SIZE_MAX / oldnmemb < size) { - errno = EINVAL; - return NULL; - } - oldsize = oldnmemb * size; - - /* - * Don't bother too much if we're shrinking just a bit, - * we do not shrink for series of small steps, oh well. - */ - if (newsize <= oldsize) { - size_t d = oldsize - newsize; - - if (d < oldsize / 2 && d < (size_t)getpagesize()) { - memset((char *)ptr + newsize, 0, d); - return ptr; - } - } - - newptr = malloc(newsize); - if (newptr == NULL) - return NULL; - - if (newsize > oldsize) { - memcpy(newptr, ptr, oldsize); - memset((char *)newptr + oldsize, 0, newsize - oldsize); - } else - memcpy(newptr, ptr, newsize); - - explicit_bzero(ptr, oldsize); - free(ptr); - - return newptr; -} -/* DEF_WEAK(recallocarray); */ - -#endif /* HAVE_RECALLOCARRAY */ diff --git a/ssh_keygen_110/openbsd-compat/regress/Makefile.in b/ssh_keygen_110/openbsd-compat/regress/Makefile.in deleted file mode 100644 index 529331be..00000000 --- a/ssh_keygen_110/openbsd-compat/regress/Makefile.in +++ /dev/null @@ -1,36 +0,0 @@ -sysconfdir=@sysconfdir@ -piddir=@piddir@ -srcdir=@srcdir@ -top_srcdir=@top_srcdir@ - -VPATH=@srcdir@ -CC=@CC@ -LD=@LD@ -CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -EXEEXT=@EXEEXT@ -LIBCOMPAT=../libopenbsd-compat.a -LIBS=@LIBS@ -LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) - -TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ - strtonumtest$(EXEEXT) opensslvertest$(EXEEXT) - -all: t-exec ${OTHERTESTS} - -%$(EXEEXT): %.c $(LIBCOMPAT) - $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) - -t-exec: $(TESTPROGS) - @echo running compat regress tests - @for TEST in ""$?; do \ - echo "run test $${TEST}" ... 1>&2; \ - ./$${TEST}$(EXEEXT) || exit $$? ; \ - done - @echo finished compat regress tests - -clean: - rm -f *.o *.a core $(TESTPROGS) valid.out - -distclean: clean - rm -f Makefile *~ diff --git a/ssh_keygen_110/openbsd-compat/regress/closefromtest.c b/ssh_keygen_110/openbsd-compat/regress/closefromtest.c deleted file mode 100644 index 82ffeb9a..00000000 --- a/ssh_keygen_110/openbsd-compat/regress/closefromtest.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2006 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include -#include -#include -#include - -#define NUM_OPENS 10 - -int closefrom(int); - -void -fail(char *msg) -{ - fprintf(stderr, "closefrom: %s\n", msg); - exit(1); -} - -int -main(void) -{ - int i, max, fds[NUM_OPENS]; - char buf[512]; - - for (i = 0; i < NUM_OPENS; i++) - if ((fds[i] = open("/dev/null", O_RDONLY)) == -1) - exit(0); /* can't test */ - max = i - 1; - - /* should close last fd only */ - closefrom(fds[max]); - if (close(fds[max]) != -1) - fail("failed to close highest fd"); - - /* make sure we can still use remaining descriptors */ - for (i = 0; i < max; i++) - if (read(fds[i], buf, sizeof(buf)) == -1) - fail("closed descriptors it should not have"); - - /* should close all fds */ - closefrom(fds[0]); - for (i = 0; i < NUM_OPENS; i++) - if (close(fds[i]) != -1) - fail("failed to close from lowest fd"); - return 0; -} diff --git a/ssh_keygen_110/openbsd-compat/regress/opensslvertest.c b/ssh_keygen_110/openbsd-compat/regress/opensslvertest.c deleted file mode 100644 index 5d019b59..00000000 --- a/ssh_keygen_110/openbsd-compat/regress/opensslvertest.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2014 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -int ssh_compatible_openssl(long, long); - -struct version_test { - long headerver; - long libver; - int result; -} version_tests[] = { - /* built with 0.9.8b release headers */ - { 0x0090802fL, 0x0090802fL, 1}, /* exact match */ - { 0x0090802fL, 0x0090804fL, 1}, /* newer library fix version: ok */ - { 0x0090802fL, 0x0090801fL, 1}, /* older library fix version: ok */ - { 0x0090802fL, 0x0090702fL, 0}, /* older library minor version: NO */ - { 0x0090802fL, 0x0090902fL, 0}, /* newer library minor version: NO */ - { 0x0090802fL, 0x0080802fL, 0}, /* older library major version: NO */ - { 0x0090802fL, 0x1000100fL, 0}, /* newer library major version: NO */ - - /* built with 1.0.1b release headers */ - { 0x1000101fL, 0x1000101fL, 1},/* exact match */ - { 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */ - { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */ - { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */ - { 0x1000101fL, 0x1000001fL, 0}, /* older library fix version: NO */ - { 0x1000101fL, 0x1010101fL, 0}, /* newer library minor version: NO */ - { 0x1000101fL, 0x0000101fL, 0}, /* older library major version: NO */ - { 0x1000101fL, 0x2000101fL, 0}, /* newer library major version: NO */ -}; - -void -fail(long hver, long lver, int result) -{ - fprintf(stderr, "opensslver: header %lx library %lx != %d \n", hver, lver, result); - exit(1); -} - -int -main(void) -{ - unsigned int i; - int res; - long hver, lver; - - for (i = 0; i < sizeof(version_tests) / sizeof(version_tests[0]); i++) { - hver = version_tests[i].headerver; - lver = version_tests[i].libver; - res = version_tests[i].result; - if (ssh_compatible_openssl(hver, lver) != res) - fail(hver, lver, res); - } - exit(0); -} diff --git a/ssh_keygen_110/openbsd-compat/regress/snprintftest.c b/ssh_keygen_110/openbsd-compat/regress/snprintftest.c deleted file mode 100644 index 4ca63e18..00000000 --- a/ssh_keygen_110/openbsd-compat/regress/snprintftest.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2005 Darren Tucker - * Copyright (c) 2005 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define BUFSZ 2048 - -#include -#include -#include -#include -#include - -static int failed = 0; - -static void -fail(const char *m) -{ - fprintf(stderr, "snprintftest: %s\n", m); - failed = 1; -} - -int x_snprintf(char *str, size_t count, const char *fmt, ...) -{ - size_t ret; - va_list ap; - - va_start(ap, fmt); - ret = vsnprintf(str, count, fmt, ap); - va_end(ap); - return ret; -} - -int -main(void) -{ - char b[5]; - char *src; - - snprintf(b,5,"123456789"); - if (b[4] != '\0') - fail("snprintf does not correctly terminate long strings"); - - /* check for read overrun on unterminated string */ - if ((src = malloc(BUFSZ)) == NULL) { - fail("malloc failed"); - } else { - memset(src, 'a', BUFSZ); - snprintf(b, sizeof(b), "%.*s", 1, src); - if (strcmp(b, "a") != 0) - fail("failed with length limit '%%.s'"); - } - - /* check that snprintf and vsnprintf return sane values */ - if (snprintf(b, 1, "%s %d", "hello", 12345) != 11) - fail("snprintf does not return required length"); - if (x_snprintf(b, 1, "%s %d", "hello", 12345) != 11) - fail("vsnprintf does not return required length"); - - return failed; -} diff --git a/ssh_keygen_110/openbsd-compat/regress/strduptest.c b/ssh_keygen_110/openbsd-compat/regress/strduptest.c deleted file mode 100644 index 7f6d779b..00000000 --- a/ssh_keygen_110/openbsd-compat/regress/strduptest.c +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2005 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -static int fail = 0; - -void -test(const char *a) -{ - char *b; - - b = strdup(a); - if (b == 0) { - fail = 1; - return; - } - if (strcmp(a, b) != 0) - fail = 1; - free(b); -} - -int -main(void) -{ - test(""); - test("a"); - test("\0"); - test("abcdefghijklmnopqrstuvwxyz"); - return fail; -} diff --git a/ssh_keygen_110/openbsd-compat/regress/strtonumtest.c b/ssh_keygen_110/openbsd-compat/regress/strtonumtest.c deleted file mode 100644 index 50ca5bd2..00000000 --- a/ssh_keygen_110/openbsd-compat/regress/strtonumtest.c +++ /dev/null @@ -1,80 +0,0 @@ -/* $OpenBSD: strtonumtest.c,v 1.1 2004/08/03 20:38:36 otto Exp $ */ -/* - * Copyright (c) 2004 Otto Moerbeek - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: regress/lib/libc/strtonum/strtonumtest.c */ - -#include -#include -#include - -/* LLONG_MAX is known as LONGLONG_MAX on AIX */ -#if defined(LONGLONG_MAX) && !defined(LLONG_MAX) -# define LLONG_MAX LONGLONG_MAX -# define LLONG_MIN LONGLONG_MIN -#endif - -/* LLONG_MAX is known as LONG_LONG_MAX on HP-UX */ -#if defined(LONG_LONG_MAX) && !defined(LLONG_MAX) -# define LLONG_MAX LONG_LONG_MAX -# define LLONG_MIN LONG_LONG_MIN -#endif - -long long strtonum(const char *, long long, long long, const char **); - -int fail; - -void -test(const char *p, long long lb, long long ub, int ok) -{ - long long val; - const char *q; - - val = strtonum(p, lb, ub, &q); - if (ok && q != NULL) { - fprintf(stderr, "%s [%lld-%lld] ", p, lb, ub); - fprintf(stderr, "NUMBER NOT ACCEPTED %s\n", q); - fail = 1; - } else if (!ok && q == NULL) { - fprintf(stderr, "%s [%lld-%lld] %lld ", p, lb, ub, val); - fprintf(stderr, "NUMBER ACCEPTED\n"); - fail = 1; - } -} - -int main(int argc, char *argv[]) -{ - test("1", 0, 10, 1); - test("0", -2, 5, 1); - test("0", 2, 5, 0); - test("0", 2, LLONG_MAX, 0); - test("-2", 0, LLONG_MAX, 0); - test("0", -5, LLONG_MAX, 1); - test("-3", -3, LLONG_MAX, 1); - test("-9223372036854775808", LLONG_MIN, LLONG_MAX, 1); - test("9223372036854775807", LLONG_MIN, LLONG_MAX, 1); - test("-9223372036854775809", LLONG_MIN, LLONG_MAX, 0); - test("9223372036854775808", LLONG_MIN, LLONG_MAX, 0); - test("1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); - test("-1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); - test("-2", 10, -1, 0); - test("-2", -10, -1, 1); - test("-20", -10, -1, 0); - test("20", -10, -1, 0); - - return (fail); -} - diff --git a/ssh_keygen_110/openbsd-compat/rmd160.c b/ssh_keygen_110/openbsd-compat/rmd160.c deleted file mode 100644 index e915141a..00000000 --- a/ssh_keygen_110/openbsd-compat/rmd160.c +++ /dev/null @@ -1,378 +0,0 @@ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160", - * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997, - * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf - */ - -#include "includes.h" - -#ifndef WITH_OPENSSL - -#include -#ifdef HAVE_ENDIAN_H -#include -#endif -#include -#include - -#define PUT_64BIT_LE(cp, value) do { \ - (cp)[7] = (value) >> 56; \ - (cp)[6] = (value) >> 48; \ - (cp)[5] = (value) >> 40; \ - (cp)[4] = (value) >> 32; \ - (cp)[3] = (value) >> 24; \ - (cp)[2] = (value) >> 16; \ - (cp)[1] = (value) >> 8; \ - (cp)[0] = (value); } while (0) - -#define PUT_32BIT_LE(cp, value) do { \ - (cp)[3] = (value) >> 24; \ - (cp)[2] = (value) >> 16; \ - (cp)[1] = (value) >> 8; \ - (cp)[0] = (value); } while (0) - -#define H0 0x67452301U -#define H1 0xEFCDAB89U -#define H2 0x98BADCFEU -#define H3 0x10325476U -#define H4 0xC3D2E1F0U - -#define K0 0x00000000U -#define K1 0x5A827999U -#define K2 0x6ED9EBA1U -#define K3 0x8F1BBCDCU -#define K4 0xA953FD4EU - -#define KK0 0x50A28BE6U -#define KK1 0x5C4DD124U -#define KK2 0x6D703EF3U -#define KK3 0x7A6D76E9U -#define KK4 0x00000000U - -/* rotate x left n bits. */ -#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n)))) - -#define F0(x, y, z) ((x) ^ (y) ^ (z)) -#define F1(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define F2(x, y, z) (((x) | (~y)) ^ (z)) -#define F3(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define F4(x, y, z) ((x) ^ ((y) | (~z))) - -#define R(a, b, c, d, e, Fj, Kj, sj, rj) \ - do { \ - a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \ - c = ROL(10, c); \ - } while(0) - -#define X(i) x[i] - -static u_int8_t PADDING[RMD160_BLOCK_LENGTH] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -void -RMD160Init(RMD160_CTX *ctx) -{ - ctx->count = 0; - ctx->state[0] = H0; - ctx->state[1] = H1; - ctx->state[2] = H2; - ctx->state[3] = H3; - ctx->state[4] = H4; -} - -void -RMD160Update(RMD160_CTX *ctx, const u_int8_t *input, size_t len) -{ - size_t have, off, need; - - have = (ctx->count / 8) % RMD160_BLOCK_LENGTH; - need = RMD160_BLOCK_LENGTH - have; - ctx->count += 8 * len; - off = 0; - - if (len >= need) { - if (have) { - memcpy(ctx->buffer + have, input, need); - RMD160Transform(ctx->state, ctx->buffer); - off = need; - have = 0; - } - /* now the buffer is empty */ - while (off + RMD160_BLOCK_LENGTH <= len) { - RMD160Transform(ctx->state, input+off); - off += RMD160_BLOCK_LENGTH; - } - } - if (off < len) - memcpy(ctx->buffer + have, input+off, len-off); -} - -void -RMD160Pad(RMD160_CTX *ctx) -{ - u_int8_t size[8]; - size_t padlen; - - PUT_64BIT_LE(size, ctx->count); - - /* - * pad to RMD160_BLOCK_LENGTH byte blocks, at least one byte from - * PADDING plus 8 bytes for the size - */ - padlen = RMD160_BLOCK_LENGTH - ((ctx->count / 8) % RMD160_BLOCK_LENGTH); - if (padlen < 1 + 8) - padlen += RMD160_BLOCK_LENGTH; - RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */ - RMD160Update(ctx, size, 8); -} - -void -RMD160Final(u_int8_t digest[RMD160_DIGEST_LENGTH], RMD160_CTX *ctx) -{ - int i; - - RMD160Pad(ctx); - for (i = 0; i < 5; i++) - PUT_32BIT_LE(digest + i*4, ctx->state[i]); - memset(ctx, 0, sizeof (*ctx)); -} - -void -RMD160Transform(u_int32_t state[5], const u_int8_t block[RMD160_BLOCK_LENGTH]) -{ - u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16]; - -#if BYTE_ORDER == LITTLE_ENDIAN - memcpy(x, block, RMD160_BLOCK_LENGTH); -#else - int i; - - for (i = 0; i < 16; i++) - x[i] = (u_int32_t)( - (u_int32_t)(block[i*4 + 0]) | - (u_int32_t)(block[i*4 + 1]) << 8 | - (u_int32_t)(block[i*4 + 2]) << 16 | - (u_int32_t)(block[i*4 + 3]) << 24); -#endif - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - /* Round 1 */ - R(a, b, c, d, e, F0, K0, 11, 0); - R(e, a, b, c, d, F0, K0, 14, 1); - R(d, e, a, b, c, F0, K0, 15, 2); - R(c, d, e, a, b, F0, K0, 12, 3); - R(b, c, d, e, a, F0, K0, 5, 4); - R(a, b, c, d, e, F0, K0, 8, 5); - R(e, a, b, c, d, F0, K0, 7, 6); - R(d, e, a, b, c, F0, K0, 9, 7); - R(c, d, e, a, b, F0, K0, 11, 8); - R(b, c, d, e, a, F0, K0, 13, 9); - R(a, b, c, d, e, F0, K0, 14, 10); - R(e, a, b, c, d, F0, K0, 15, 11); - R(d, e, a, b, c, F0, K0, 6, 12); - R(c, d, e, a, b, F0, K0, 7, 13); - R(b, c, d, e, a, F0, K0, 9, 14); - R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */ - /* Round 2 */ - R(e, a, b, c, d, F1, K1, 7, 7); - R(d, e, a, b, c, F1, K1, 6, 4); - R(c, d, e, a, b, F1, K1, 8, 13); - R(b, c, d, e, a, F1, K1, 13, 1); - R(a, b, c, d, e, F1, K1, 11, 10); - R(e, a, b, c, d, F1, K1, 9, 6); - R(d, e, a, b, c, F1, K1, 7, 15); - R(c, d, e, a, b, F1, K1, 15, 3); - R(b, c, d, e, a, F1, K1, 7, 12); - R(a, b, c, d, e, F1, K1, 12, 0); - R(e, a, b, c, d, F1, K1, 15, 9); - R(d, e, a, b, c, F1, K1, 9, 5); - R(c, d, e, a, b, F1, K1, 11, 2); - R(b, c, d, e, a, F1, K1, 7, 14); - R(a, b, c, d, e, F1, K1, 13, 11); - R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */ - /* Round 3 */ - R(d, e, a, b, c, F2, K2, 11, 3); - R(c, d, e, a, b, F2, K2, 13, 10); - R(b, c, d, e, a, F2, K2, 6, 14); - R(a, b, c, d, e, F2, K2, 7, 4); - R(e, a, b, c, d, F2, K2, 14, 9); - R(d, e, a, b, c, F2, K2, 9, 15); - R(c, d, e, a, b, F2, K2, 13, 8); - R(b, c, d, e, a, F2, K2, 15, 1); - R(a, b, c, d, e, F2, K2, 14, 2); - R(e, a, b, c, d, F2, K2, 8, 7); - R(d, e, a, b, c, F2, K2, 13, 0); - R(c, d, e, a, b, F2, K2, 6, 6); - R(b, c, d, e, a, F2, K2, 5, 13); - R(a, b, c, d, e, F2, K2, 12, 11); - R(e, a, b, c, d, F2, K2, 7, 5); - R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */ - /* Round 4 */ - R(c, d, e, a, b, F3, K3, 11, 1); - R(b, c, d, e, a, F3, K3, 12, 9); - R(a, b, c, d, e, F3, K3, 14, 11); - R(e, a, b, c, d, F3, K3, 15, 10); - R(d, e, a, b, c, F3, K3, 14, 0); - R(c, d, e, a, b, F3, K3, 15, 8); - R(b, c, d, e, a, F3, K3, 9, 12); - R(a, b, c, d, e, F3, K3, 8, 4); - R(e, a, b, c, d, F3, K3, 9, 13); - R(d, e, a, b, c, F3, K3, 14, 3); - R(c, d, e, a, b, F3, K3, 5, 7); - R(b, c, d, e, a, F3, K3, 6, 15); - R(a, b, c, d, e, F3, K3, 8, 14); - R(e, a, b, c, d, F3, K3, 6, 5); - R(d, e, a, b, c, F3, K3, 5, 6); - R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */ - /* Round 5 */ - R(b, c, d, e, a, F4, K4, 9, 4); - R(a, b, c, d, e, F4, K4, 15, 0); - R(e, a, b, c, d, F4, K4, 5, 5); - R(d, e, a, b, c, F4, K4, 11, 9); - R(c, d, e, a, b, F4, K4, 6, 7); - R(b, c, d, e, a, F4, K4, 8, 12); - R(a, b, c, d, e, F4, K4, 13, 2); - R(e, a, b, c, d, F4, K4, 12, 10); - R(d, e, a, b, c, F4, K4, 5, 14); - R(c, d, e, a, b, F4, K4, 12, 1); - R(b, c, d, e, a, F4, K4, 13, 3); - R(a, b, c, d, e, F4, K4, 14, 8); - R(e, a, b, c, d, F4, K4, 11, 11); - R(d, e, a, b, c, F4, K4, 8, 6); - R(c, d, e, a, b, F4, K4, 5, 15); - R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */ - - aa = a ; bb = b; cc = c; dd = d; ee = e; - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - /* Parallel round 1 */ - R(a, b, c, d, e, F4, KK0, 8, 5); - R(e, a, b, c, d, F4, KK0, 9, 14); - R(d, e, a, b, c, F4, KK0, 9, 7); - R(c, d, e, a, b, F4, KK0, 11, 0); - R(b, c, d, e, a, F4, KK0, 13, 9); - R(a, b, c, d, e, F4, KK0, 15, 2); - R(e, a, b, c, d, F4, KK0, 15, 11); - R(d, e, a, b, c, F4, KK0, 5, 4); - R(c, d, e, a, b, F4, KK0, 7, 13); - R(b, c, d, e, a, F4, KK0, 7, 6); - R(a, b, c, d, e, F4, KK0, 8, 15); - R(e, a, b, c, d, F4, KK0, 11, 8); - R(d, e, a, b, c, F4, KK0, 14, 1); - R(c, d, e, a, b, F4, KK0, 14, 10); - R(b, c, d, e, a, F4, KK0, 12, 3); - R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */ - /* Parallel round 2 */ - R(e, a, b, c, d, F3, KK1, 9, 6); - R(d, e, a, b, c, F3, KK1, 13, 11); - R(c, d, e, a, b, F3, KK1, 15, 3); - R(b, c, d, e, a, F3, KK1, 7, 7); - R(a, b, c, d, e, F3, KK1, 12, 0); - R(e, a, b, c, d, F3, KK1, 8, 13); - R(d, e, a, b, c, F3, KK1, 9, 5); - R(c, d, e, a, b, F3, KK1, 11, 10); - R(b, c, d, e, a, F3, KK1, 7, 14); - R(a, b, c, d, e, F3, KK1, 7, 15); - R(e, a, b, c, d, F3, KK1, 12, 8); - R(d, e, a, b, c, F3, KK1, 7, 12); - R(c, d, e, a, b, F3, KK1, 6, 4); - R(b, c, d, e, a, F3, KK1, 15, 9); - R(a, b, c, d, e, F3, KK1, 13, 1); - R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */ - /* Parallel round 3 */ - R(d, e, a, b, c, F2, KK2, 9, 15); - R(c, d, e, a, b, F2, KK2, 7, 5); - R(b, c, d, e, a, F2, KK2, 15, 1); - R(a, b, c, d, e, F2, KK2, 11, 3); - R(e, a, b, c, d, F2, KK2, 8, 7); - R(d, e, a, b, c, F2, KK2, 6, 14); - R(c, d, e, a, b, F2, KK2, 6, 6); - R(b, c, d, e, a, F2, KK2, 14, 9); - R(a, b, c, d, e, F2, KK2, 12, 11); - R(e, a, b, c, d, F2, KK2, 13, 8); - R(d, e, a, b, c, F2, KK2, 5, 12); - R(c, d, e, a, b, F2, KK2, 14, 2); - R(b, c, d, e, a, F2, KK2, 13, 10); - R(a, b, c, d, e, F2, KK2, 13, 0); - R(e, a, b, c, d, F2, KK2, 7, 4); - R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */ - /* Parallel round 4 */ - R(c, d, e, a, b, F1, KK3, 15, 8); - R(b, c, d, e, a, F1, KK3, 5, 6); - R(a, b, c, d, e, F1, KK3, 8, 4); - R(e, a, b, c, d, F1, KK3, 11, 1); - R(d, e, a, b, c, F1, KK3, 14, 3); - R(c, d, e, a, b, F1, KK3, 14, 11); - R(b, c, d, e, a, F1, KK3, 6, 15); - R(a, b, c, d, e, F1, KK3, 14, 0); - R(e, a, b, c, d, F1, KK3, 6, 5); - R(d, e, a, b, c, F1, KK3, 9, 12); - R(c, d, e, a, b, F1, KK3, 12, 2); - R(b, c, d, e, a, F1, KK3, 9, 13); - R(a, b, c, d, e, F1, KK3, 12, 9); - R(e, a, b, c, d, F1, KK3, 5, 7); - R(d, e, a, b, c, F1, KK3, 15, 10); - R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */ - /* Parallel round 5 */ - R(b, c, d, e, a, F0, KK4, 8, 12); - R(a, b, c, d, e, F0, KK4, 5, 15); - R(e, a, b, c, d, F0, KK4, 12, 10); - R(d, e, a, b, c, F0, KK4, 9, 4); - R(c, d, e, a, b, F0, KK4, 12, 1); - R(b, c, d, e, a, F0, KK4, 5, 5); - R(a, b, c, d, e, F0, KK4, 14, 8); - R(e, a, b, c, d, F0, KK4, 6, 7); - R(d, e, a, b, c, F0, KK4, 8, 6); - R(c, d, e, a, b, F0, KK4, 13, 2); - R(b, c, d, e, a, F0, KK4, 6, 13); - R(a, b, c, d, e, F0, KK4, 5, 14); - R(e, a, b, c, d, F0, KK4, 15, 0); - R(d, e, a, b, c, F0, KK4, 13, 3); - R(c, d, e, a, b, F0, KK4, 11, 9); - R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */ - - t = state[1] + cc + d; - state[1] = state[2] + dd + e; - state[2] = state[3] + ee + a; - state[3] = state[4] + aa + b; - state[4] = state[0] + bb + c; - state[0] = t; -} - -#endif /* !WITH_OPENSSL */ diff --git a/ssh_keygen_110/openbsd-compat/rmd160.h b/ssh_keygen_110/openbsd-compat/rmd160.h deleted file mode 100644 index 99c1dcdc..00000000 --- a/ssh_keygen_110/openbsd-compat/rmd160.h +++ /dev/null @@ -1,61 +0,0 @@ -/* $OpenBSD: rmd160.h,v 1.17 2012/12/05 23:19:57 deraadt Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _RMD160_H -#define _RMD160_H - -#ifndef WITH_OPENSSL - -#define RMD160_BLOCK_LENGTH 64 -#define RMD160_DIGEST_LENGTH 20 -#define RMD160_DIGEST_STRING_LENGTH (RMD160_DIGEST_LENGTH * 2 + 1) - -/* RMD160 context. */ -typedef struct RMD160Context { - u_int32_t state[5]; /* state */ - u_int64_t count; /* number of bits, mod 2^64 */ - u_int8_t buffer[RMD160_BLOCK_LENGTH]; /* input buffer */ -} RMD160_CTX; - -void RMD160Init(RMD160_CTX *); -void RMD160Transform(u_int32_t [5], const u_int8_t [RMD160_BLOCK_LENGTH]) - __attribute__((__bounded__(__minbytes__,1,5))) - __attribute__((__bounded__(__minbytes__,2,RMD160_BLOCK_LENGTH))); -void RMD160Update(RMD160_CTX *, const u_int8_t *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void RMD160Pad(RMD160_CTX *); -void RMD160Final(u_int8_t [RMD160_DIGEST_LENGTH], RMD160_CTX *) - __attribute__((__bounded__(__minbytes__,1,RMD160_DIGEST_LENGTH))); -char *RMD160End(RMD160_CTX *, char *) - __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH))); -char *RMD160File(const char *, char *) - __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH))); -char *RMD160FileChunk(const char *, char *, off_t, off_t) - __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH))); -char *RMD160Data(const u_int8_t *, size_t, char *) - __attribute__((__bounded__(__string__,1,2))) - __attribute__((__bounded__(__minbytes__,3,RMD160_DIGEST_STRING_LENGTH))); - -#endif /* !WITH_OPENSSL */ -#endif /* _RMD160_H */ diff --git a/ssh_keygen_110/openbsd-compat/rresvport.c b/ssh_keygen_110/openbsd-compat/rresvport.c deleted file mode 100644 index 1cd61e58..00000000 --- a/ssh_keygen_110/openbsd-compat/rresvport.c +++ /dev/null @@ -1,108 +0,0 @@ -/* $OpenBSD: rresvport.c,v 1.9 2005/11/10 10:00:17 espie Exp $ */ -/* - * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved. - * Copyright (c) 1983, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */ - -#include "includes.h" - -#ifndef HAVE_RRESVPORT_AF - -#include -#include - -#include -#include - -#include -#include -#include -#include - -#if 0 -int -rresvport(int *alport) -{ - return rresvport_af(alport, AF_INET); -} -#endif - -int -rresvport_af(int *alport, sa_family_t af) -{ - struct sockaddr_storage ss; - struct sockaddr *sa; - u_int16_t *portp; - int s; - socklen_t salen; - - memset(&ss, '\0', sizeof ss); - sa = (struct sockaddr *)&ss; - - switch (af) { - case AF_INET: - salen = sizeof(struct sockaddr_in); - portp = &((struct sockaddr_in *)sa)->sin_port; - break; - case AF_INET6: - salen = sizeof(struct sockaddr_in6); - portp = &((struct sockaddr_in6 *)sa)->sin6_port; - break; - default: - errno = EPFNOSUPPORT; - return (-1); - } - sa->sa_family = af; - - s = socket(af, SOCK_STREAM, 0); - if (s < 0) - return (-1); - - *portp = htons(*alport); - if (*alport < IPPORT_RESERVED - 1) { - if (bind(s, sa, salen) >= 0) - return (s); - if (errno != EADDRINUSE) { - (void)close(s); - return (-1); - } - } - - *portp = 0; - sa->sa_family = af; - if (bindresvport_sa(s, sa) == -1) { - (void)close(s); - return (-1); - } - *alport = ntohs(*portp); - return (s); -} - -#endif /* HAVE_RRESVPORT_AF */ diff --git a/ssh_keygen_110/openbsd-compat/setenv.c b/ssh_keygen_110/openbsd-compat/setenv.c deleted file mode 100644 index 373b701d..00000000 --- a/ssh_keygen_110/openbsd-compat/setenv.c +++ /dev/null @@ -1,226 +0,0 @@ -/* $OpenBSD: setenv.c,v 1.13 2010/08/23 22:31:50 millert Exp $ */ -/* - * Copyright (c) 1987 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */ - -#include "includes.h" - -#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) - -#include -#include -#include - -extern char **environ; -static char **lastenv; /* last value of environ */ - -/* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */ -/* - * __findenv -- - * Returns pointer to value associated with name, if any, else NULL. - * Starts searching within the environmental array at offset. - * Sets offset to be the offset of the name/value combination in the - * environmental array, for use by putenv(3), setenv(3) and unsetenv(3). - * Explicitly removes '=' in argument name. - * - * This routine *should* be a static; don't use it. - */ -static char * -__findenv(const char *name, int len, int *offset) -{ - extern char **environ; - int i; - const char *np; - char **p, *cp; - - if (name == NULL || environ == NULL) - return (NULL); - for (p = environ + *offset; (cp = *p) != NULL; ++p) { - for (np = name, i = len; i && *cp; i--) - if (*cp++ != *np++) - break; - if (i == 0 && *cp++ == '=') { - *offset = p - environ; - return (cp); - } - } - return (NULL); -} - -#if 0 /* nothing uses putenv */ -/* - * putenv -- - * Add a name=value string directly to the environmental, replacing - * any current value. - */ -int -putenv(char *str) -{ - char **P, *cp; - size_t cnt; - int offset = 0; - - for (cp = str; *cp && *cp != '='; ++cp) - ; - if (*cp != '=') { - errno = EINVAL; - return (-1); /* missing `=' in string */ - } - - if (__findenv(str, (int)(cp - str), &offset) != NULL) { - environ[offset++] = str; - /* could be set multiple times */ - while (__findenv(str, (int)(cp - str), &offset)) { - for (P = &environ[offset];; ++P) - if (!(*P = *(P + 1))) - break; - } - return (0); - } - - /* create new slot for string */ - for (P = environ; *P != NULL; P++) - ; - cnt = P - environ; - P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2)); - if (!P) - return (-1); - if (lastenv != environ) - memcpy(P, environ, cnt * sizeof(char *)); - lastenv = environ = P; - environ[cnt] = str; - environ[cnt + 1] = NULL; - return (0); -} - -#endif - -#ifndef HAVE_SETENV -/* - * setenv -- - * Set the value of the environmental variable "name" to be - * "value". If rewrite is set, replace any current value. - */ -int -setenv(const char *name, const char *value, int rewrite) -{ - char *C, **P; - const char *np; - int l_value, offset = 0; - - for (np = name; *np && *np != '='; ++np) - ; -#ifdef notyet - if (*np) { - errno = EINVAL; - return (-1); /* has `=' in name */ - } -#endif - - l_value = strlen(value); - if ((C = __findenv(name, (int)(np - name), &offset)) != NULL) { - int tmpoff = offset + 1; - if (!rewrite) - return (0); -#if 0 /* XXX - existing entry may not be writable */ - if (strlen(C) >= l_value) { /* old larger; copy over */ - while ((*C++ = *value++)) - ; - return (0); - } -#endif - /* could be set multiple times */ - while (__findenv(name, (int)(np - name), &tmpoff)) { - for (P = &environ[tmpoff];; ++P) - if (!(*P = *(P + 1))) - break; - } - } else { /* create new slot */ - size_t cnt; - - for (P = environ; *P != NULL; P++) - ; - cnt = P - environ; - P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2)); - if (!P) - return (-1); - if (lastenv != environ) - memcpy(P, environ, cnt * sizeof(char *)); - lastenv = environ = P; - offset = cnt; - environ[cnt + 1] = NULL; - } - if (!(environ[offset] = /* name + `=' + value */ - malloc((size_t)((int)(np - name) + l_value + 2)))) - return (-1); - for (C = environ[offset]; (*C = *name++) && *C != '='; ++C) - ; - for (*C++ = '='; (*C++ = *value++); ) - ; - return (0); -} - -#endif /* HAVE_SETENV */ - -#ifndef HAVE_UNSETENV -/* - * unsetenv(name) -- - * Delete environmental variable "name". - */ -int -unsetenv(const char *name) -{ - char **P; - const char *np; - int offset = 0; - - if (!name || !*name) { - errno = EINVAL; - return (-1); - } - for (np = name; *np && *np != '='; ++np) - ; - if (*np) { - errno = EINVAL; - return (-1); /* has `=' in name */ - } - - /* could be set multiple times */ - while (__findenv(name, (int)(np - name), &offset)) { - for (P = &environ[offset];; ++P) - if (!(*P = *(P + 1))) - break; - } - return (0); -} -#endif /* HAVE_UNSETENV */ - -#endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */ - diff --git a/ssh_keygen_110/openbsd-compat/setproctitle.c b/ssh_keygen_110/openbsd-compat/setproctitle.c deleted file mode 100644 index dbd1a95a..00000000 --- a/ssh_keygen_110/openbsd-compat/setproctitle.c +++ /dev/null @@ -1,169 +0,0 @@ -/* Based on conf.c from UCB sendmail 8.8.8 */ - -/* - * Copyright 2003 Damien Miller - * Copyright (c) 1983, 1995-1997 Eric P. Allman - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "includes.h" - -#ifndef HAVE_SETPROCTITLE - -#include -#include -#include -#ifdef HAVE_SYS_PSTAT_H -#include -#endif -#include - -#include - -#define SPT_NONE 0 /* don't use it at all */ -#define SPT_PSTAT 1 /* use pstat(PSTAT_SETCMD, ...) */ -#define SPT_REUSEARGV 2 /* cover argv with title information */ - -#ifndef SPT_TYPE -# define SPT_TYPE SPT_NONE -#endif - -#ifndef SPT_PADCHAR -# define SPT_PADCHAR '\0' -#endif - -#if SPT_TYPE == SPT_REUSEARGV -static char *argv_start = NULL; -static size_t argv_env_len = 0; -#endif - -#endif /* HAVE_SETPROCTITLE */ - -void -compat_init_setproctitle(int argc, char *argv[]) -{ -#if !defined(HAVE_SETPROCTITLE) && \ - defined(SPT_TYPE) && SPT_TYPE == SPT_REUSEARGV - extern char **environ; - char *lastargv = NULL; - char **envp = environ; - int i; - - /* - * NB: This assumes that argv has already been copied out of the - * way. This is true for sshd, but may not be true for other - * programs. Beware. - */ - - if (argc == 0 || argv[0] == NULL) - return; - - /* Fail if we can't allocate room for the new environment */ - for (i = 0; envp[i] != NULL; i++) - ; - if ((environ = calloc(i + 1, sizeof(*environ))) == NULL) { - environ = envp; /* put it back */ - return; - } - - /* - * Find the last argv string or environment variable within - * our process memory area. - */ - for (i = 0; i < argc; i++) { - if (lastargv == NULL || lastargv + 1 == argv[i]) - lastargv = argv[i] + strlen(argv[i]); - } - for (i = 0; envp[i] != NULL; i++) { - if (lastargv + 1 == envp[i]) - lastargv = envp[i] + strlen(envp[i]); - } - - argv[1] = NULL; - argv_start = argv[0]; - argv_env_len = lastargv - argv[0] - 1; - - /* - * Copy environment - * XXX - will truncate env on strdup fail - */ - for (i = 0; envp[i] != NULL; i++) - environ[i] = strdup(envp[i]); - environ[i] = NULL; -#endif /* SPT_REUSEARGV */ -} - -#ifndef HAVE_SETPROCTITLE -void -setproctitle(const char *fmt, ...) -{ -#if SPT_TYPE != SPT_NONE - va_list ap; - char buf[1024], ptitle[1024]; - size_t len = 0; - int r; - extern char *__progname; -#if SPT_TYPE == SPT_PSTAT - union pstun pst; -#endif - -#if SPT_TYPE == SPT_REUSEARGV - if (argv_env_len <= 0) - return; -#endif - - strlcpy(buf, __progname, sizeof(buf)); - - r = -1; - va_start(ap, fmt); - if (fmt != NULL) { - len = strlcat(buf, ": ", sizeof(buf)); - if (len < sizeof(buf)) - r = vsnprintf(buf + len, sizeof(buf) - len , fmt, ap); - } - va_end(ap); - if (r == -1 || (size_t)r >= sizeof(buf) - len) - return; - strnvis(ptitle, buf, sizeof(ptitle), - VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL); - -#if SPT_TYPE == SPT_PSTAT - pst.pst_command = ptitle; - pstat(PSTAT_SETCMD, pst, strlen(ptitle), 0, 0); -#elif SPT_TYPE == SPT_REUSEARGV -/* debug("setproctitle: copy \"%s\" into len %d", - buf, argv_env_len); */ - len = strlcpy(argv_start, ptitle, argv_env_len); - for(; len < argv_env_len; len++) - argv_start[len] = SPT_PADCHAR; -#endif - -#endif /* SPT_NONE */ -} - -#endif /* HAVE_SETPROCTITLE */ diff --git a/ssh_keygen_110/openbsd-compat/sha1.c b/ssh_keygen_110/openbsd-compat/sha1.c deleted file mode 100644 index 4b5381f8..00000000 --- a/ssh_keygen_110/openbsd-compat/sha1.c +++ /dev/null @@ -1,177 +0,0 @@ -/* $OpenBSD: sha1.c,v 1.23 2014/01/08 06:14:57 tedu Exp $ */ - -/* - * SHA-1 in C - * By Steve Reid - * 100% Public Domain - * - * Test Vectors (from FIPS PUB 180-1) - * "abc" - * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D - * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" - * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 - * A million repetitions of "a" - * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F - */ - -#include "includes.h" - -#ifndef WITH_OPENSSL - -#include -#include - -#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) - -/* - * blk0() and blk() perform the initial expand. - * I got the idea of expanding during the round function from SSLeay - */ -#if BYTE_ORDER == LITTLE_ENDIAN -# define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ - |(rol(block->l[i],8)&0x00FF00FF)) -#else -# define blk0(i) block->l[i] -#endif -#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ - ^block->l[(i+2)&15]^block->l[i&15],1)) - -/* - * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 - */ -#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); -#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); -#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); - -typedef union { - u_int8_t c[64]; - u_int32_t l[16]; -} CHAR64LONG16; - -/* - * Hash a single 512-bit block. This is the core of the algorithm. - */ -void -SHA1Transform(u_int32_t state[5], const u_int8_t buffer[SHA1_BLOCK_LENGTH]) -{ - u_int32_t a, b, c, d, e; - u_int8_t workspace[SHA1_BLOCK_LENGTH]; - CHAR64LONG16 *block = (CHAR64LONG16 *)workspace; - - (void)memcpy(block, buffer, SHA1_BLOCK_LENGTH); - - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - - /* Wipe variables */ - a = b = c = d = e = 0; -} - - -/* - * SHA1Init - Initialize new context - */ -void -SHA1Init(SHA1_CTX *context) -{ - - /* SHA1 initialization constants */ - context->count = 0; - context->state[0] = 0x67452301; - context->state[1] = 0xEFCDAB89; - context->state[2] = 0x98BADCFE; - context->state[3] = 0x10325476; - context->state[4] = 0xC3D2E1F0; -} - - -/* - * Run your data through this. - */ -void -SHA1Update(SHA1_CTX *context, const u_int8_t *data, size_t len) -{ - size_t i, j; - - j = (size_t)((context->count >> 3) & 63); - context->count += (len << 3); - if ((j + len) > 63) { - (void)memcpy(&context->buffer[j], data, (i = 64-j)); - SHA1Transform(context->state, context->buffer); - for ( ; i + 63 < len; i += 64) - SHA1Transform(context->state, (u_int8_t *)&data[i]); - j = 0; - } else { - i = 0; - } - (void)memcpy(&context->buffer[j], &data[i], len - i); -} - - -/* - * Add padding and return the message digest. - */ -void -SHA1Pad(SHA1_CTX *context) -{ - u_int8_t finalcount[8]; - u_int i; - - for (i = 0; i < 8; i++) { - finalcount[i] = (u_int8_t)((context->count >> - ((7 - (i & 7)) * 8)) & 255); /* Endian independent */ - } - SHA1Update(context, (u_int8_t *)"\200", 1); - while ((context->count & 504) != 448) - SHA1Update(context, (u_int8_t *)"\0", 1); - SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ -} - -void -SHA1Final(u_int8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context) -{ - u_int i; - - SHA1Pad(context); - for (i = 0; i < SHA1_DIGEST_LENGTH; i++) { - digest[i] = (u_int8_t) - ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); - } - memset(context, 0, sizeof(*context)); -} -#endif /* !WITH_OPENSSL */ diff --git a/ssh_keygen_110/openbsd-compat/sha1.h b/ssh_keygen_110/openbsd-compat/sha1.h deleted file mode 100644 index 327d94cd..00000000 --- a/ssh_keygen_110/openbsd-compat/sha1.h +++ /dev/null @@ -1,58 +0,0 @@ -/* $OpenBSD: sha1.h,v 1.24 2012/12/05 23:19:57 deraadt Exp $ */ - -/* - * SHA-1 in C - * By Steve Reid - * 100% Public Domain - */ - -#ifndef _SHA1_H -#define _SHA1_H - -#ifndef WITH_OPENSSL - -#define SHA1_BLOCK_LENGTH 64 -#define SHA1_DIGEST_LENGTH 20 -#define SHA1_DIGEST_STRING_LENGTH (SHA1_DIGEST_LENGTH * 2 + 1) - -typedef struct { - u_int32_t state[5]; - u_int64_t count; - u_int8_t buffer[SHA1_BLOCK_LENGTH]; -} SHA1_CTX; - -void SHA1Init(SHA1_CTX *); -void SHA1Pad(SHA1_CTX *); -void SHA1Transform(u_int32_t [5], const u_int8_t [SHA1_BLOCK_LENGTH]) - __attribute__((__bounded__(__minbytes__,1,5))) - __attribute__((__bounded__(__minbytes__,2,SHA1_BLOCK_LENGTH))); -void SHA1Update(SHA1_CTX *, const u_int8_t *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA1Final(u_int8_t [SHA1_DIGEST_LENGTH], SHA1_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA1_DIGEST_LENGTH))); -char *SHA1End(SHA1_CTX *, char *) - __attribute__((__bounded__(__minbytes__,2,SHA1_DIGEST_STRING_LENGTH))); -char *SHA1File(const char *, char *) - __attribute__((__bounded__(__minbytes__,2,SHA1_DIGEST_STRING_LENGTH))); -char *SHA1FileChunk(const char *, char *, off_t, off_t) - __attribute__((__bounded__(__minbytes__,2,SHA1_DIGEST_STRING_LENGTH))); -char *SHA1Data(const u_int8_t *, size_t, char *) - __attribute__((__bounded__(__string__,1,2))) - __attribute__((__bounded__(__minbytes__,3,SHA1_DIGEST_STRING_LENGTH))); - -#define HTONDIGEST(x) do { \ - x[0] = htonl(x[0]); \ - x[1] = htonl(x[1]); \ - x[2] = htonl(x[2]); \ - x[3] = htonl(x[3]); \ - x[4] = htonl(x[4]); } while (0) - -#define NTOHDIGEST(x) do { \ - x[0] = ntohl(x[0]); \ - x[1] = ntohl(x[1]); \ - x[2] = ntohl(x[2]); \ - x[3] = ntohl(x[3]); \ - x[4] = ntohl(x[4]); } while (0) - -#endif /* !WITH_OPENSSL */ -#endif /* _SHA1_H */ diff --git a/ssh_keygen_110/openbsd-compat/sha2.c b/ssh_keygen_110/openbsd-compat/sha2.c deleted file mode 100644 index b55ea30a..00000000 --- a/ssh_keygen_110/openbsd-compat/sha2.c +++ /dev/null @@ -1,904 +0,0 @@ -/* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp */ - -/* - * FILE: sha2.c - * AUTHOR: Aaron D. Gifford - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ - */ - -/* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */ - -#include "includes.h" - -#ifdef WITH_OPENSSL -# include -# if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) -# define _NEED_SHA2 1 -# endif -#else -# define _NEED_SHA2 1 -#endif - -#if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) - -#include - -/* - * UNROLLED TRANSFORM LOOP NOTE: - * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform - * loop version for the hash transform rounds (defined using macros - * later in this file). Either define on the command line, for example: - * - * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c - * - * or define below: - * - * #define SHA2_UNROLL_TRANSFORM - * - */ - -/*** SHA-256/384/512 Machine Architecture Definitions *****************/ -/* - * BYTE_ORDER NOTE: - * - * Please make sure that your system defines BYTE_ORDER. If your - * architecture is little-endian, make sure it also defines - * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivalent. - * - * If your system does not define the above, then you can do so by - * hand like this: - * - * #define LITTLE_ENDIAN 1234 - * #define BIG_ENDIAN 4321 - * - * And for little-endian machines, add: - * - * #define BYTE_ORDER LITTLE_ENDIAN - * - * Or for big-endian machines: - * - * #define BYTE_ORDER BIG_ENDIAN - * - * The FreeBSD machine this was written on defines BYTE_ORDER - * appropriately by including (which in turn includes - * where the appropriate definitions are actually - * made). - */ -#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) -#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN -#endif - - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -/* NOTE: Most of these are in sha2.h */ -#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) -#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) -#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) - -/*** ENDIAN SPECIFIC COPY MACROS **************************************/ -#define BE_8_TO_32(dst, cp) do { \ - (dst) = (u_int32_t)(cp)[3] | ((u_int32_t)(cp)[2] << 8) | \ - ((u_int32_t)(cp)[1] << 16) | ((u_int32_t)(cp)[0] << 24); \ -} while(0) - -#define BE_8_TO_64(dst, cp) do { \ - (dst) = (u_int64_t)(cp)[7] | ((u_int64_t)(cp)[6] << 8) | \ - ((u_int64_t)(cp)[5] << 16) | ((u_int64_t)(cp)[4] << 24) | \ - ((u_int64_t)(cp)[3] << 32) | ((u_int64_t)(cp)[2] << 40) | \ - ((u_int64_t)(cp)[1] << 48) | ((u_int64_t)(cp)[0] << 56); \ -} while (0) - -#define BE_64_TO_8(cp, src) do { \ - (cp)[0] = (src) >> 56; \ - (cp)[1] = (src) >> 48; \ - (cp)[2] = (src) >> 40; \ - (cp)[3] = (src) >> 32; \ - (cp)[4] = (src) >> 24; \ - (cp)[5] = (src) >> 16; \ - (cp)[6] = (src) >> 8; \ - (cp)[7] = (src); \ -} while (0) - -#define BE_32_TO_8(cp, src) do { \ - (cp)[0] = (src) >> 24; \ - (cp)[1] = (src) >> 16; \ - (cp)[2] = (src) >> 8; \ - (cp)[3] = (src); \ -} while (0) - -/* - * Macro for incrementally adding the unsigned 64-bit integer n to the - * unsigned 128-bit integer (represented using a two-element array of - * 64-bit words): - */ -#define ADDINC128(w,n) do { \ - (w)[0] += (u_int64_t)(n); \ - if ((w)[0] < (n)) { \ - (w)[1]++; \ - } \ -} while (0) - -/*** THE SIX LOGICAL FUNCTIONS ****************************************/ -/* - * Bit shifting and rotation (used by the six SHA-XYZ logical functions: - * - * NOTE: The naming of R and S appears backwards here (R is a SHIFT and - * S is a ROTATION) because the SHA-256/384/512 description document - * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this - * same "backwards" definition. - */ -/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ -#define R(b,x) ((x) >> (b)) -/* 32-bit Rotate-right (used in SHA-256): */ -#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) -/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ -#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) - -/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -/* Four of six logical functions used in SHA-256: */ -#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) -#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) -#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) -#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) - -/* Four of six logical functions used in SHA-384 and SHA-512: */ -#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) -#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) -#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) -#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) - - -/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ -/* Hash constant words K for SHA-256: */ -const static u_int32_t K256[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, - 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, - 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, - 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, - 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, - 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, - 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, - 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, - 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, - 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, - 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, - 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, - 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -}; - -/* Initial hash value H for SHA-256: */ -const static u_int32_t sha256_initial_hash_value[8] = { - 0x6a09e667UL, - 0xbb67ae85UL, - 0x3c6ef372UL, - 0xa54ff53aUL, - 0x510e527fUL, - 0x9b05688cUL, - 0x1f83d9abUL, - 0x5be0cd19UL -}; - -/* Hash constant words K for SHA-384 and SHA-512: */ -const static u_int64_t K512[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* Initial hash value H for SHA-384 */ -const static u_int64_t sha384_initial_hash_value[8] = { - 0xcbbb9d5dc1059ed8ULL, - 0x629a292a367cd507ULL, - 0x9159015a3070dd17ULL, - 0x152fecd8f70e5939ULL, - 0x67332667ffc00b31ULL, - 0x8eb44a8768581511ULL, - 0xdb0c2e0d64f98fa7ULL, - 0x47b5481dbefa4fa4ULL -}; - -/* Initial hash value H for SHA-512 */ -const static u_int64_t sha512_initial_hash_value[8] = { - 0x6a09e667f3bcc908ULL, - 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, - 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, - 0x5be0cd19137e2179ULL -}; - - -/*** SHA-256: *********************************************************/ -void -SHA256_Init(SHA256_CTX *context) -{ - if (context == NULL) - return; - memcpy(context->state, sha256_initial_hash_value, - sizeof(sha256_initial_hash_value)); - memset(context->buffer, 0, sizeof(context->buffer)); - context->bitcount = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-256 round macros: */ - -#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) do { \ - BE_8_TO_32(W256[j], data); \ - data += 4; \ - T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + W256[j]; \ - (d) += T1; \ - (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -#define ROUND256(a,b,c,d,e,f,g,h) do { \ - s0 = W256[(j+1)&0x0f]; \ - s0 = sigma0_256(s0); \ - s1 = W256[(j+14)&0x0f]; \ - s1 = sigma1_256(s1); \ - T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + \ - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -void -SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) -{ - u_int32_t a, b, c, d, e, f, g, h, s0, s1; - u_int32_t T1, W256[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - /* Rounds 0 to 15 (unrolled): */ - ROUND256_0_TO_15(a,b,c,d,e,f,g,h); - ROUND256_0_TO_15(h,a,b,c,d,e,f,g); - ROUND256_0_TO_15(g,h,a,b,c,d,e,f); - ROUND256_0_TO_15(f,g,h,a,b,c,d,e); - ROUND256_0_TO_15(e,f,g,h,a,b,c,d); - ROUND256_0_TO_15(d,e,f,g,h,a,b,c); - ROUND256_0_TO_15(c,d,e,f,g,h,a,b); - ROUND256_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds up to 63: */ - do { - ROUND256(a,b,c,d,e,f,g,h); - ROUND256(h,a,b,c,d,e,f,g); - ROUND256(g,h,a,b,c,d,e,f); - ROUND256(f,g,h,a,b,c,d,e); - ROUND256(e,f,g,h,a,b,c,d); - ROUND256(d,e,f,g,h,a,b,c); - ROUND256(c,d,e,f,g,h,a,b); - ROUND256(b,c,d,e,f,g,h,a); - } while (j < 64); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void -SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) -{ - u_int32_t a, b, c, d, e, f, g, h, s0, s1; - u_int32_t T1, T2, W256[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - BE_8_TO_32(W256[j], data); - data += 4; - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W256[(j+1)&0x0f]; - s0 = sigma0_256(s0); - s1 = W256[(j+14)&0x0f]; - s1 = sigma1_256(s1); - - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 64); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void -SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len) -{ - size_t freespace, usedspace; - - /* Calling with no data is valid (we do nothing) */ - if (len == 0) - return; - - usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA256_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - memcpy(&context->buffer[usedspace], data, freespace); - context->bitcount += freespace << 3; - len -= freespace; - data += freespace; - SHA256_Transform(context->state, context->buffer); - } else { - /* The buffer is not yet full */ - memcpy(&context->buffer[usedspace], data, len); - context->bitcount += len << 3; - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA256_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - SHA256_Transform(context->state, data); - context->bitcount += SHA256_BLOCK_LENGTH << 3; - len -= SHA256_BLOCK_LENGTH; - data += SHA256_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - memcpy(context->buffer, data, len); - context->bitcount += len << 3; - } - /* Clean up: */ - usedspace = freespace = 0; -} - -void -SHA256_Pad(SHA256_CTX *context) -{ - unsigned int usedspace; - - usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - memset(&context->buffer[usedspace], 0, - SHA256_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < SHA256_BLOCK_LENGTH) { - memset(&context->buffer[usedspace], 0, - SHA256_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - SHA256_Transform(context->state, context->buffer); - - /* Prepare for last transform: */ - memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); - } - } else { - /* Set-up for the last transform: */ - memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Store the length of input data (in bits) in big endian format: */ - BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], - context->bitcount); - - /* Final transform: */ - SHA256_Transform(context->state, context->buffer); - - /* Clean up: */ - usedspace = 0; -} - -void -SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX *context) -{ - SHA256_Pad(context); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != NULL) { -#if BYTE_ORDER == LITTLE_ENDIAN - int i; - - /* Convert TO host byte order */ - for (i = 0; i < 8; i++) - BE_32_TO_8(digest + i * 4, context->state[i]); -#else - memcpy(digest, context->state, SHA256_DIGEST_LENGTH); -#endif - memset(context, 0, sizeof(*context)); - } -} - - -/*** SHA-512: *********************************************************/ -void -SHA512_Init(SHA512_CTX *context) -{ - if (context == NULL) - return; - memcpy(context->state, sha512_initial_hash_value, - sizeof(sha512_initial_hash_value)); - memset(context->buffer, 0, sizeof(context->buffer)); - context->bitcount[0] = context->bitcount[1] = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-512 round macros: */ - -#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) do { \ - BE_8_TO_64(W512[j], data); \ - data += 8; \ - T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + W512[j]; \ - (d) += T1; \ - (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - - -#define ROUND512(a,b,c,d,e,f,g,h) do { \ - s0 = W512[(j+1)&0x0f]; \ - s0 = sigma0_512(s0); \ - s1 = W512[(j+14)&0x0f]; \ - s1 = sigma1_512(s1); \ - T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + \ - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -void -SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) -{ - u_int64_t a, b, c, d, e, f, g, h, s0, s1; - u_int64_t T1, W512[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - /* Rounds 0 to 15 (unrolled): */ - ROUND512_0_TO_15(a,b,c,d,e,f,g,h); - ROUND512_0_TO_15(h,a,b,c,d,e,f,g); - ROUND512_0_TO_15(g,h,a,b,c,d,e,f); - ROUND512_0_TO_15(f,g,h,a,b,c,d,e); - ROUND512_0_TO_15(e,f,g,h,a,b,c,d); - ROUND512_0_TO_15(d,e,f,g,h,a,b,c); - ROUND512_0_TO_15(c,d,e,f,g,h,a,b); - ROUND512_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds up to 79: */ - do { - ROUND512(a,b,c,d,e,f,g,h); - ROUND512(h,a,b,c,d,e,f,g); - ROUND512(g,h,a,b,c,d,e,f); - ROUND512(f,g,h,a,b,c,d,e); - ROUND512(e,f,g,h,a,b,c,d); - ROUND512(d,e,f,g,h,a,b,c); - ROUND512(c,d,e,f,g,h,a,b); - ROUND512(b,c,d,e,f,g,h,a); - } while (j < 80); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void -SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) -{ - u_int64_t a, b, c, d, e, f, g, h, s0, s1; - u_int64_t T1, T2, W512[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - BE_8_TO_64(W512[j], data); - data += 8; - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W512[(j+1)&0x0f]; - s0 = sigma0_512(s0); - s1 = W512[(j+14)&0x0f]; - s1 = sigma1_512(s1); - - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 80); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void -SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) -{ - size_t freespace, usedspace; - - /* Calling with no data is valid (we do nothing) */ - if (len == 0) - return; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA512_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - memcpy(&context->buffer[usedspace], data, freespace); - ADDINC128(context->bitcount, freespace << 3); - len -= freespace; - data += freespace; - SHA512_Transform(context->state, context->buffer); - } else { - /* The buffer is not yet full */ - memcpy(&context->buffer[usedspace], data, len); - ADDINC128(context->bitcount, len << 3); - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA512_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - SHA512_Transform(context->state, data); - ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); - len -= SHA512_BLOCK_LENGTH; - data += SHA512_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - memcpy(context->buffer, data, len); - ADDINC128(context->bitcount, len << 3); - } - /* Clean up: */ - usedspace = freespace = 0; -} - -void -SHA512_Pad(SHA512_CTX *context) -{ - unsigned int usedspace; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - memset(&context->buffer[usedspace], 0, SHA512_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < SHA512_BLOCK_LENGTH) { - memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - SHA512_Transform(context->state, context->buffer); - - /* And set-up for the last transform: */ - memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); - } - } else { - /* Prepare for final transform: */ - memset(context->buffer, 0, SHA512_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Store the length of input data (in bits) in big endian format: */ - BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], - context->bitcount[1]); - BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH + 8], - context->bitcount[0]); - - /* Final transform: */ - SHA512_Transform(context->state, context->buffer); - - /* Clean up: */ - usedspace = 0; -} - -void -SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context) -{ - SHA512_Pad(context); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != NULL) { -#if BYTE_ORDER == LITTLE_ENDIAN - int i; - - /* Convert TO host byte order */ - for (i = 0; i < 8; i++) - BE_64_TO_8(digest + i * 8, context->state[i]); -#else - memcpy(digest, context->state, SHA512_DIGEST_LENGTH); -#endif - memset(context, 0, sizeof(*context)); - } -} - - -/*** SHA-384: *********************************************************/ -void -SHA384_Init(SHA384_CTX *context) -{ - if (context == NULL) - return; - memcpy(context->state, sha384_initial_hash_value, - sizeof(sha384_initial_hash_value)); - memset(context->buffer, 0, sizeof(context->buffer)); - context->bitcount[0] = context->bitcount[1] = 0; -} - -#if 0 -__weak_alias(SHA384_Transform, SHA512_Transform); -__weak_alias(SHA384_Update, SHA512_Update); -__weak_alias(SHA384_Pad, SHA512_Pad); -#endif - -void -SHA384_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) -{ - return SHA512_Transform(state, data); -} - -void -SHA384_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) -{ - SHA512_Update(context, data, len); -} - -void -SHA384_Pad(SHA512_CTX *context) -{ - SHA512_Pad(context); -} - -void -SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context) -{ - SHA384_Pad(context); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != NULL) { -#if BYTE_ORDER == LITTLE_ENDIAN - int i; - - /* Convert TO host byte order */ - for (i = 0; i < 6; i++) - BE_64_TO_8(digest + i * 8, context->state[i]); -#else - memcpy(digest, context->state, SHA384_DIGEST_LENGTH); -#endif - } - - /* Zero out state data */ - memset(context, 0, sizeof(*context)); -} - -#endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */ diff --git a/ssh_keygen_110/openbsd-compat/sha2.h b/ssh_keygen_110/openbsd-compat/sha2.h deleted file mode 100644 index c6e6c97a..00000000 --- a/ssh_keygen_110/openbsd-compat/sha2.h +++ /dev/null @@ -1,134 +0,0 @@ -/* $OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp */ - -/* - * FILE: sha2.h - * AUTHOR: Aaron D. Gifford - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ - */ - -/* OPENBSD ORIGINAL: include/sha2.h */ - -#ifndef _SSHSHA2_H -#define _SSHSHA2_H - -#include "includes.h" - -#ifdef WITH_OPENSSL -# include -# if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) -# define _NEED_SHA2 1 -# endif -#else -# define _NEED_SHA2 1 -#endif - -#if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -#define SHA256_BLOCK_LENGTH 64 -#define SHA256_DIGEST_LENGTH 32 -#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) -#define SHA384_BLOCK_LENGTH 128 -#define SHA384_DIGEST_LENGTH 48 -#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) - - -/*** SHA-256/384/512 Context Structures *******************************/ -typedef struct _SHA256_CTX { - u_int32_t state[8]; - u_int64_t bitcount; - u_int8_t buffer[SHA256_BLOCK_LENGTH]; -} SHA256_CTX; -typedef struct _SHA512_CTX { - u_int64_t state[8]; - u_int64_t bitcount[2]; - u_int8_t buffer[SHA512_BLOCK_LENGTH]; -} SHA512_CTX; - -typedef SHA512_CTX SHA384_CTX; - -void SHA256_Init(SHA256_CTX *); -void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]); -void SHA256_Update(SHA256_CTX *, const u_int8_t *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA256_Pad(SHA256_CTX *); -void SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA256_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH))); -char *SHA256_End(SHA256_CTX *, char *) - __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); -char *SHA256_File(const char *, char *) - __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); -char *SHA256_FileChunk(const char *, char *, off_t, off_t) - __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); -char *SHA256_Data(const u_int8_t *, size_t, char *) - __attribute__((__bounded__(__string__,1,2))) - __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); - -void SHA384_Init(SHA384_CTX *); -void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); -void SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA384_Pad(SHA384_CTX *); -void SHA384_Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA384_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH))); -char *SHA384_End(SHA384_CTX *, char *) - __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); -char *SHA384_File(const char *, char *) - __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); -char *SHA384_FileChunk(const char *, char *, off_t, off_t) - __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); -char *SHA384_Data(const u_int8_t *, size_t, char *) - __attribute__((__bounded__(__string__,1,2))) - __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); - -void SHA512_Init(SHA512_CTX *); -void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); -void SHA512_Update(SHA512_CTX *, const u_int8_t *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA512_Pad(SHA512_CTX *); -void SHA512_Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA512_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH))); -char *SHA512_End(SHA512_CTX *, char *) - __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); -char *SHA512_File(const char *, char *) - __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); -char *SHA512_FileChunk(const char *, char *, off_t, off_t) - __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); -char *SHA512_Data(const u_int8_t *, size_t, char *) - __attribute__((__bounded__(__string__,1,2))) - __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); - -#endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */ - -#endif /* _SSHSHA2_H */ diff --git a/ssh_keygen_110/openbsd-compat/sigact.c b/ssh_keygen_110/openbsd-compat/sigact.c deleted file mode 100644 index d67845cf..00000000 --- a/ssh_keygen_110/openbsd-compat/sigact.c +++ /dev/null @@ -1,132 +0,0 @@ -/* $OpenBSD: sigaction.c,v 1.4 2001/01/22 18:01:48 millert Exp $ */ - -/**************************************************************************** - * Copyright (c) 1998,2000 Free Software Foundation, Inc. * - * * - * Permission is hereby granted, free of charge, to any person obtaining a * - * copy of this software and associated documentation files (the * - * "Software"), to deal in the Software without restriction, including * - * without limitation the rights to use, copy, modify, merge, publish, * - * distribute, distribute with modifications, sublicense, and/or sell * - * copies of the Software, and to permit persons to whom the Software is * - * furnished to do so, subject to the following conditions: * - * * - * The above copyright notice and this permission notice shall be included * - * in all copies or substantial portions of the Software. * - * * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * - * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * - * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, * - * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR * - * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR * - * THE USE OR OTHER DEALINGS IN THE SOFTWARE. * - * * - * Except as contained in this notice, the name(s) of the above copyright * - * holders shall not be used in advertising or otherwise to promote the * - * sale, use or other dealings in this Software without prior written * - * authorization. * - ****************************************************************************/ - -/**************************************************************************** - * Author: Zeyd M. Ben-Halim 1992,1995 * - * and: Eric S. Raymond * - ****************************************************************************/ - -/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */ - -#include "includes.h" -#include -#include -#include "sigact.h" - -/* This file provides sigaction() emulation using sigvec() */ -/* Use only if this is non POSIX system */ - -#if !HAVE_SIGACTION && HAVE_SIGVEC - -int -sigaction(int sig, struct sigaction *sigact, struct sigaction *osigact) -{ - return sigvec(sig, sigact ? &sigact->sv : NULL, - osigact ? &osigact->sv : NULL); -} - -int -sigemptyset (sigset_t *mask) -{ - if (!mask) { - errno = EINVAL; - return -1; - } - *mask = 0; - return 0; -} - -int -sigprocmask (int mode, sigset_t *mask, sigset_t *omask) -{ - sigset_t current = sigsetmask(0); - - if (!mask) { - errno = EINVAL; - return -1; - } - - if (omask) - *omask = current; - - if (mode == SIG_BLOCK) - current |= *mask; - else if (mode == SIG_UNBLOCK) - current &= ~*mask; - else if (mode == SIG_SETMASK) - current = *mask; - - sigsetmask(current); - return 0; -} - -int -sigsuspend (sigset_t *mask) -{ - if (!mask) { - errno = EINVAL; - return -1; - } - return sigpause(*mask); -} - -int -sigdelset (sigset_t *mask, int sig) -{ - if (!mask) { - errno = EINVAL; - return -1; - } - *mask &= ~sigmask(sig); - return 0; -} - -int -sigaddset (sigset_t *mask, int sig) -{ - if (!mask) { - errno = EINVAL; - return -1; - } - *mask |= sigmask(sig); - return 0; -} - -int -sigismember (sigset_t *mask, int sig) -{ - if (!mask) { - errno = EINVAL; - return -1; - } - return (*mask & sigmask(sig)) != 0; -} - -#endif diff --git a/ssh_keygen_110/openbsd-compat/sigact.h b/ssh_keygen_110/openbsd-compat/sigact.h deleted file mode 100644 index db96d0a5..00000000 --- a/ssh_keygen_110/openbsd-compat/sigact.h +++ /dev/null @@ -1,90 +0,0 @@ -/* $OpenBSD: SigAction.h,v 1.3 2001/01/22 18:01:32 millert Exp $ */ - -/**************************************************************************** - * Copyright (c) 1998,2000 Free Software Foundation, Inc. * - * * - * Permission is hereby granted, free of charge, to any person obtaining a * - * copy of this software and associated documentation files (the * - * "Software"), to deal in the Software without restriction, including * - * without limitation the rights to use, copy, modify, merge, publish, * - * distribute, distribute with modifications, sublicense, and/or sell * - * copies of the Software, and to permit persons to whom the Software is * - * furnished to do so, subject to the following conditions: * - * * - * The above copyright notice and this permission notice shall be included * - * in all copies or substantial portions of the Software. * - * * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * - * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * - * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, * - * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR * - * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR * - * THE USE OR OTHER DEALINGS IN THE SOFTWARE. * - * * - * Except as contained in this notice, the name(s) of the above copyright * - * holders shall not be used in advertising or otherwise to promote the * - * sale, use or other dealings in this Software without prior written * - * authorization. * - ****************************************************************************/ - -/**************************************************************************** - * Author: Zeyd M. Ben-Halim 1992,1995 * - * and: Eric S. Raymond * - ****************************************************************************/ - -/* - * $From: SigAction.h,v 1.6 2000/12/10 02:36:10 tom Exp $ - * - * This file exists to handle non-POSIX systems which don't have , - * and usually no sigaction() nor - */ - -/* OPENBSD ORIGINAL: lib/libcurses/SigAction.h */ - -#ifndef _SIGACTION_H -#define _SIGACTION_H - -#if !defined(HAVE_SIGACTION) && defined(HAVE_SIGVEC) - -#undef SIG_BLOCK -#define SIG_BLOCK 00 - -#undef SIG_UNBLOCK -#define SIG_UNBLOCK 01 - -#undef SIG_SETMASK -#define SIG_SETMASK 02 - -/* - * is in the Linux 1.2.8 + gcc 2.7.0 configuration, - * and is useful for testing this header file. - */ -#if HAVE_BSD_SIGNAL_H -# include -#endif - -struct sigaction -{ - struct sigvec sv; -}; - -typedef unsigned long sigset_t; - -#undef sa_mask -#define sa_mask sv.sv_mask -#undef sa_handler -#define sa_handler sv.sv_handler -#undef sa_flags -#define sa_flags sv.sv_flags - -int sigaction(int sig, struct sigaction *sigact, struct sigaction *osigact); -int sigprocmask (int how, sigset_t *mask, sigset_t *omask); -int sigemptyset (sigset_t *mask); -int sigsuspend (sigset_t *mask); -int sigdelset (sigset_t *mask, int sig); -int sigaddset (sigset_t *mask, int sig); - -#endif /* !defined(HAVE_SIGACTION) && defined(HAVE_SIGVEC) */ - -#endif /* !defined(_SIGACTION_H) */ diff --git a/ssh_keygen_110/openbsd-compat/strcasestr.c b/ssh_keygen_110/openbsd-compat/strcasestr.c deleted file mode 100644 index 4c4d1475..00000000 --- a/ssh_keygen_110/openbsd-compat/strcasestr.c +++ /dev/null @@ -1,69 +0,0 @@ -/* $OpenBSD: strcasestr.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */ -/* $NetBSD: strcasestr.c,v 1.2 2005/02/09 21:35:47 kleink Exp $ */ - -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Chris Torek. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strcasestr.c */ - -#include "includes.h" - -#ifndef HAVE_STRCASESTR - -#include -#include - -/* - * Find the first occurrence of find in s, ignore case. - */ -char * -strcasestr(const char *s, const char *find) -{ - char c, sc; - size_t len; - - if ((c = *find++) != 0) { - c = (char)tolower((unsigned char)c); - len = strlen(find); - do { - do { - if ((sc = *s++) == 0) - return (NULL); - } while ((char)tolower((unsigned char)sc) != c); - } while (strncasecmp(s, find, len) != 0); - s--; - } - return ((char *)s); -} -DEF_WEAK(strcasestr); - -#endif diff --git a/ssh_keygen_110/openbsd-compat/strlcat.c b/ssh_keygen_110/openbsd-compat/strlcat.c deleted file mode 100644 index bcc1b61a..00000000 --- a/ssh_keygen_110/openbsd-compat/strlcat.c +++ /dev/null @@ -1,62 +0,0 @@ -/* $OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ - -/* - * Copyright (c) 1998 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ - -#include "includes.h" -#ifndef HAVE_STRLCAT - -#include -#include - -/* - * Appends src to string dst of size siz (unlike strncat, siz is the - * full size of dst, not space left). At most siz-1 characters - * will be copied. Always NUL terminates (unless siz <= strlen(dst)). - * Returns strlen(src) + MIN(siz, strlen(initial dst)). - * If retval >= siz, truncation occurred. - */ -size_t -strlcat(char *dst, const char *src, size_t siz) -{ - char *d = dst; - const char *s = src; - size_t n = siz; - size_t dlen; - - /* Find the end of dst and adjust bytes left but don't go past end */ - while (n-- != 0 && *d != '\0') - d++; - dlen = d - dst; - n = siz - dlen; - - if (n == 0) - return(dlen + strlen(s)); - while (*s != '\0') { - if (n != 1) { - *d++ = *s; - n--; - } - s++; - } - *d = '\0'; - - return(dlen + (s - src)); /* count does not include NUL */ -} - -#endif /* !HAVE_STRLCAT */ diff --git a/ssh_keygen_110/openbsd-compat/strlcpy.c b/ssh_keygen_110/openbsd-compat/strlcpy.c deleted file mode 100644 index b4b1b601..00000000 --- a/ssh_keygen_110/openbsd-compat/strlcpy.c +++ /dev/null @@ -1,58 +0,0 @@ -/* $OpenBSD: strlcpy.c,v 1.11 2006/05/05 15:27:38 millert Exp $ */ - -/* - * Copyright (c) 1998 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ - -#include "includes.h" -#ifndef HAVE_STRLCPY - -#include -#include - -/* - * Copy src to string dst of size siz. At most siz-1 characters - * will be copied. Always NUL terminates (unless siz == 0). - * Returns strlen(src); if retval >= siz, truncation occurred. - */ -size_t -strlcpy(char *dst, const char *src, size_t siz) -{ - char *d = dst; - const char *s = src; - size_t n = siz; - - /* Copy as many bytes as will fit */ - if (n != 0) { - while (--n != 0) { - if ((*d++ = *s++) == '\0') - break; - } - } - - /* Not enough room in dst, add NUL and traverse rest of src */ - if (n == 0) { - if (siz != 0) - *d = '\0'; /* NUL-terminate dst */ - while (*s++) - ; - } - - return(s - src - 1); /* count does not include NUL */ -} - -#endif /* !HAVE_STRLCPY */ diff --git a/ssh_keygen_110/openbsd-compat/strmode.c b/ssh_keygen_110/openbsd-compat/strmode.c deleted file mode 100644 index 4a816142..00000000 --- a/ssh_keygen_110/openbsd-compat/strmode.c +++ /dev/null @@ -1,148 +0,0 @@ -/* $OpenBSD: strmode.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */ -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */ - -#include "includes.h" -#ifndef HAVE_STRMODE - -#include -#include -#include - -/* XXX mode should be mode_t */ - -void -strmode(int mode, char *p) -{ - /* print type */ - switch (mode & S_IFMT) { - case S_IFDIR: /* directory */ - *p++ = 'd'; - break; - case S_IFCHR: /* character special */ - *p++ = 'c'; - break; - case S_IFBLK: /* block special */ - *p++ = 'b'; - break; - case S_IFREG: /* regular */ - *p++ = '-'; - break; - case S_IFLNK: /* symbolic link */ - *p++ = 'l'; - break; -#ifdef S_IFSOCK - case S_IFSOCK: /* socket */ - *p++ = 's'; - break; -#endif -#ifdef S_IFIFO - case S_IFIFO: /* fifo */ - *p++ = 'p'; - break; -#endif - default: /* unknown */ - *p++ = '?'; - break; - } - /* usr */ - if (mode & S_IRUSR) - *p++ = 'r'; - else - *p++ = '-'; - if (mode & S_IWUSR) - *p++ = 'w'; - else - *p++ = '-'; - switch (mode & (S_IXUSR | S_ISUID)) { - case 0: - *p++ = '-'; - break; - case S_IXUSR: - *p++ = 'x'; - break; - case S_ISUID: - *p++ = 'S'; - break; - case S_IXUSR | S_ISUID: - *p++ = 's'; - break; - } - /* group */ - if (mode & S_IRGRP) - *p++ = 'r'; - else - *p++ = '-'; - if (mode & S_IWGRP) - *p++ = 'w'; - else - *p++ = '-'; - switch (mode & (S_IXGRP | S_ISGID)) { - case 0: - *p++ = '-'; - break; - case S_IXGRP: - *p++ = 'x'; - break; - case S_ISGID: - *p++ = 'S'; - break; - case S_IXGRP | S_ISGID: - *p++ = 's'; - break; - } - /* other */ - if (mode & S_IROTH) - *p++ = 'r'; - else - *p++ = '-'; - if (mode & S_IWOTH) - *p++ = 'w'; - else - *p++ = '-'; - switch (mode & (S_IXOTH | S_ISVTX)) { - case 0: - *p++ = '-'; - break; - case S_IXOTH: - *p++ = 'x'; - break; - case S_ISVTX: - *p++ = 'T'; - break; - case S_IXOTH | S_ISVTX: - *p++ = 't'; - break; - } - *p++ = ' '; /* will be a '+' if ACL's implemented */ - *p = '\0'; -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/strnlen.c b/ssh_keygen_110/openbsd-compat/strnlen.c deleted file mode 100644 index 7ad3573a..00000000 --- a/ssh_keygen_110/openbsd-compat/strnlen.c +++ /dev/null @@ -1,37 +0,0 @@ -/* $OpenBSD: strnlen.c,v 1.3 2010/06/02 12:58:12 millert Exp $ */ - -/* - * Copyright (c) 2010 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */ - -#include "includes.h" -#if !defined(HAVE_STRNLEN) || defined(BROKEN_STRNLEN) -#include - -#include - -size_t -strnlen(const char *str, size_t maxlen) -{ - const char *cp; - - for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) - ; - - return (size_t)(cp - str); -} -#endif diff --git a/ssh_keygen_110/openbsd-compat/strptime.c b/ssh_keygen_110/openbsd-compat/strptime.c deleted file mode 100644 index d8d83d90..00000000 --- a/ssh_keygen_110/openbsd-compat/strptime.c +++ /dev/null @@ -1,401 +0,0 @@ -/* $OpenBSD: strptime.c,v 1.12 2008/06/26 05:42:05 ray Exp $ */ -/* $NetBSD: strptime.c,v 1.12 1998/01/20 21:39:40 mycroft Exp $ */ - -/*- - * Copyright (c) 1997, 1998 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code was contributed to The NetBSD Foundation by Klaus Klein. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/time/strptime.c */ - -#include "includes.h" - -#ifndef HAVE_STRPTIME - -#define TM_YEAR_BASE 1900 /* from tzfile.h */ - -#include -#include -#include -#include - -/* #define _ctloc(x) (_CurrentTimeLocale->x) */ - -/* - * We do not implement alternate representations. However, we always - * check whether a given modifier is allowed for a certain conversion. - */ -#define _ALT_E 0x01 -#define _ALT_O 0x02 -#define _LEGAL_ALT(x) { if (alt_format & ~(x)) return (0); } - - -static int _conv_num(const unsigned char **, int *, int, int); -static char *_strptime(const char *, const char *, struct tm *, int); - - -char * -strptime(const char *buf, const char *fmt, struct tm *tm) -{ - return(_strptime(buf, fmt, tm, 1)); -} - -static char * -_strptime(const char *buf, const char *fmt, struct tm *tm, int initialize) -{ - unsigned char c; - const unsigned char *bp; - size_t len; - int alt_format, i; - static int century, relyear; - - if (initialize) { - century = TM_YEAR_BASE; - relyear = -1; - } - - bp = (unsigned char *)buf; - while ((c = *fmt) != '\0') { - /* Clear `alternate' modifier prior to new conversion. */ - alt_format = 0; - - /* Eat up white-space. */ - if (isspace(c)) { - while (isspace(*bp)) - bp++; - - fmt++; - continue; - } - - if ((c = *fmt++) != '%') - goto literal; - - -again: switch (c = *fmt++) { - case '%': /* "%%" is converted to "%". */ -literal: - if (c != *bp++) - return (NULL); - - break; - - /* - * "Alternative" modifiers. Just set the appropriate flag - * and start over again. - */ - case 'E': /* "%E?" alternative conversion modifier. */ - _LEGAL_ALT(0); - alt_format |= _ALT_E; - goto again; - - case 'O': /* "%O?" alternative conversion modifier. */ - _LEGAL_ALT(0); - alt_format |= _ALT_O; - goto again; - - /* - * "Complex" conversion rules, implemented through recursion. - */ -#if 0 - case 'c': /* Date and time, using the locale's format. */ - _LEGAL_ALT(_ALT_E); - if (!(bp = _strptime(bp, _ctloc(d_t_fmt), tm, 0))) - return (NULL); - break; -#endif - case 'D': /* The date as "%m/%d/%y". */ - _LEGAL_ALT(0); - if (!(bp = _strptime(bp, "%m/%d/%y", tm, 0))) - return (NULL); - break; - - case 'R': /* The time as "%H:%M". */ - _LEGAL_ALT(0); - if (!(bp = _strptime(bp, "%H:%M", tm, 0))) - return (NULL); - break; - - case 'r': /* The time as "%I:%M:%S %p". */ - _LEGAL_ALT(0); - if (!(bp = _strptime(bp, "%I:%M:%S %p", tm, 0))) - return (NULL); - break; - - case 'T': /* The time as "%H:%M:%S". */ - _LEGAL_ALT(0); - if (!(bp = _strptime(bp, "%H:%M:%S", tm, 0))) - return (NULL); - break; -#if 0 - case 'X': /* The time, using the locale's format. */ - _LEGAL_ALT(_ALT_E); - if (!(bp = _strptime(bp, _ctloc(t_fmt), tm, 0))) - return (NULL); - break; - - case 'x': /* The date, using the locale's format. */ - _LEGAL_ALT(_ALT_E); - if (!(bp = _strptime(bp, _ctloc(d_fmt), tm, 0))) - return (NULL); - break; -#endif - /* - * "Elementary" conversion rules. - */ -#if 0 - case 'A': /* The day of week, using the locale's form. */ - case 'a': - _LEGAL_ALT(0); - for (i = 0; i < 7; i++) { - /* Full name. */ - len = strlen(_ctloc(day[i])); - if (strncasecmp(_ctloc(day[i]), bp, len) == 0) - break; - - /* Abbreviated name. */ - len = strlen(_ctloc(abday[i])); - if (strncasecmp(_ctloc(abday[i]), bp, len) == 0) - break; - } - - /* Nothing matched. */ - if (i == 7) - return (NULL); - - tm->tm_wday = i; - bp += len; - break; - - case 'B': /* The month, using the locale's form. */ - case 'b': - case 'h': - _LEGAL_ALT(0); - for (i = 0; i < 12; i++) { - /* Full name. */ - len = strlen(_ctloc(mon[i])); - if (strncasecmp(_ctloc(mon[i]), bp, len) == 0) - break; - - /* Abbreviated name. */ - len = strlen(_ctloc(abmon[i])); - if (strncasecmp(_ctloc(abmon[i]), bp, len) == 0) - break; - } - - /* Nothing matched. */ - if (i == 12) - return (NULL); - - tm->tm_mon = i; - bp += len; - break; -#endif - - case 'C': /* The century number. */ - _LEGAL_ALT(_ALT_E); - if (!(_conv_num(&bp, &i, 0, 99))) - return (NULL); - - century = i * 100; - break; - - case 'd': /* The day of month. */ - case 'e': - _LEGAL_ALT(_ALT_O); - if (!(_conv_num(&bp, &tm->tm_mday, 1, 31))) - return (NULL); - break; - - case 'k': /* The hour (24-hour clock representation). */ - _LEGAL_ALT(0); - /* FALLTHROUGH */ - case 'H': - _LEGAL_ALT(_ALT_O); - if (!(_conv_num(&bp, &tm->tm_hour, 0, 23))) - return (NULL); - break; - - case 'l': /* The hour (12-hour clock representation). */ - _LEGAL_ALT(0); - /* FALLTHROUGH */ - case 'I': - _LEGAL_ALT(_ALT_O); - if (!(_conv_num(&bp, &tm->tm_hour, 1, 12))) - return (NULL); - break; - - case 'j': /* The day of year. */ - _LEGAL_ALT(0); - if (!(_conv_num(&bp, &tm->tm_yday, 1, 366))) - return (NULL); - tm->tm_yday--; - break; - - case 'M': /* The minute. */ - _LEGAL_ALT(_ALT_O); - if (!(_conv_num(&bp, &tm->tm_min, 0, 59))) - return (NULL); - break; - - case 'm': /* The month. */ - _LEGAL_ALT(_ALT_O); - if (!(_conv_num(&bp, &tm->tm_mon, 1, 12))) - return (NULL); - tm->tm_mon--; - break; - -#if 0 - case 'p': /* The locale's equivalent of AM/PM. */ - _LEGAL_ALT(0); - /* AM? */ - len = strlen(_ctloc(am_pm[0])); - if (strncasecmp(_ctloc(am_pm[0]), bp, len) == 0) { - if (tm->tm_hour > 12) /* i.e., 13:00 AM ?! */ - return (NULL); - else if (tm->tm_hour == 12) - tm->tm_hour = 0; - - bp += len; - break; - } - /* PM? */ - len = strlen(_ctloc(am_pm[1])); - if (strncasecmp(_ctloc(am_pm[1]), bp, len) == 0) { - if (tm->tm_hour > 12) /* i.e., 13:00 PM ?! */ - return (NULL); - else if (tm->tm_hour < 12) - tm->tm_hour += 12; - - bp += len; - break; - } - - /* Nothing matched. */ - return (NULL); -#endif - case 'S': /* The seconds. */ - _LEGAL_ALT(_ALT_O); - if (!(_conv_num(&bp, &tm->tm_sec, 0, 61))) - return (NULL); - break; - - case 'U': /* The week of year, beginning on sunday. */ - case 'W': /* The week of year, beginning on monday. */ - _LEGAL_ALT(_ALT_O); - /* - * XXX This is bogus, as we can not assume any valid - * information present in the tm structure at this - * point to calculate a real value, so just check the - * range for now. - */ - if (!(_conv_num(&bp, &i, 0, 53))) - return (NULL); - break; - - case 'w': /* The day of week, beginning on sunday. */ - _LEGAL_ALT(_ALT_O); - if (!(_conv_num(&bp, &tm->tm_wday, 0, 6))) - return (NULL); - break; - - case 'Y': /* The year. */ - _LEGAL_ALT(_ALT_E); - if (!(_conv_num(&bp, &i, 0, 9999))) - return (NULL); - - relyear = -1; - tm->tm_year = i - TM_YEAR_BASE; - break; - - case 'y': /* The year within the century (2 digits). */ - _LEGAL_ALT(_ALT_E | _ALT_O); - if (!(_conv_num(&bp, &relyear, 0, 99))) - return (NULL); - break; - - /* - * Miscellaneous conversions. - */ - case 'n': /* Any kind of white-space. */ - case 't': - _LEGAL_ALT(0); - while (isspace(*bp)) - bp++; - break; - - - default: /* Unknown/unsupported conversion. */ - return (NULL); - } - - - } - - /* - * We need to evaluate the two digit year spec (%y) - * last as we can get a century spec (%C) at any time. - */ - if (relyear != -1) { - if (century == TM_YEAR_BASE) { - if (relyear <= 68) - tm->tm_year = relyear + 2000 - TM_YEAR_BASE; - else - tm->tm_year = relyear + 1900 - TM_YEAR_BASE; - } else { - tm->tm_year = relyear + century - TM_YEAR_BASE; - } - } - - return ((char *)bp); -} - - -static int -_conv_num(const unsigned char **buf, int *dest, int llim, int ulim) -{ - int result = 0; - int rulim = ulim; - - if (**buf < '0' || **buf > '9') - return (0); - - /* we use rulim to break out of the loop when we run out of digits */ - do { - result *= 10; - result += *(*buf)++ - '0'; - rulim /= 10; - } while ((result * 10 <= ulim) && rulim && **buf >= '0' && **buf <= '9'); - - if (result < llim || result > ulim) - return (0); - - *dest = result; - return (1); -} - -#endif /* HAVE_STRPTIME */ - diff --git a/ssh_keygen_110/openbsd-compat/strsep.c b/ssh_keygen_110/openbsd-compat/strsep.c deleted file mode 100644 index b36eb8fd..00000000 --- a/ssh_keygen_110/openbsd-compat/strsep.c +++ /dev/null @@ -1,79 +0,0 @@ -/* $OpenBSD: strsep.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */ - -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */ - -#include "includes.h" - -#if !defined(HAVE_STRSEP) - -#include -#include - -/* - * Get next token from string *stringp, where tokens are possibly-empty - * strings separated by characters from delim. - * - * Writes NULs into the string at *stringp to end tokens. - * delim need not remain constant from call to call. - * On return, *stringp points past the last NUL written (if there might - * be further tokens), or is NULL (if there are definitely no more tokens). - * - * If *stringp is NULL, strsep returns NULL. - */ -char * -strsep(char **stringp, const char *delim) -{ - char *s; - const char *spanp; - int c, sc; - char *tok; - - if ((s = *stringp) == NULL) - return (NULL); - for (tok = s;;) { - c = *s++; - spanp = delim; - do { - if ((sc = *spanp++) == c) { - if (c == 0) - s = NULL; - else - s[-1] = 0; - *stringp = s; - return (tok); - } - } while (sc != 0); - } - /* NOTREACHED */ -} - -#endif /* !defined(HAVE_STRSEP) */ diff --git a/ssh_keygen_110/openbsd-compat/strtoll.c b/ssh_keygen_110/openbsd-compat/strtoll.c deleted file mode 100644 index f6293038..00000000 --- a/ssh_keygen_110/openbsd-compat/strtoll.c +++ /dev/null @@ -1,148 +0,0 @@ -/* $OpenBSD: strtoll.c,v 1.6 2005/11/10 10:00:17 espie Exp $ */ -/*- - * Copyright (c) 1992 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */ - -#include "includes.h" -#ifndef HAVE_STRTOLL - -#include - -#include -#include -#include -#include - -/* - * Convert a string to a long long. - * - * Ignores `locale' stuff. Assumes that the upper and lower case - * alphabets and digits are each contiguous. - */ -long long -strtoll(const char *nptr, char **endptr, int base) -{ - const char *s; - long long acc, cutoff; - int c; - int neg, any, cutlim; - - /* - * Skip white space and pick up leading +/- sign if any. - * If base is 0, allow 0x for hex and 0 for octal, else - * assume decimal; if base is already 16, allow 0x. - */ - s = nptr; - do { - c = (unsigned char) *s++; - } while (isspace(c)); - if (c == '-') { - neg = 1; - c = *s++; - } else { - neg = 0; - if (c == '+') - c = *s++; - } - if ((base == 0 || base == 16) && - c == '0' && (*s == 'x' || *s == 'X')) { - c = s[1]; - s += 2; - base = 16; - } - if (base == 0) - base = c == '0' ? 8 : 10; - - /* - * Compute the cutoff value between legal numbers and illegal - * numbers. That is the largest legal value, divided by the - * base. An input number that is greater than this value, if - * followed by a legal input character, is too big. One that - * is equal to this value may be valid or not; the limit - * between valid and invalid numbers is then based on the last - * digit. For instance, if the range for long longs is - * [-9223372036854775808..9223372036854775807] and the input base - * is 10, cutoff will be set to 922337203685477580 and cutlim to - * either 7 (neg==0) or 8 (neg==1), meaning that if we have - * accumulated a value > 922337203685477580, or equal but the - * next digit is > 7 (or 8), the number is too big, and we will - * return a range error. - * - * Set any if any `digits' consumed; make it negative to indicate - * overflow. - */ - cutoff = neg ? LLONG_MIN : LLONG_MAX; - cutlim = cutoff % base; - cutoff /= base; - if (neg) { - if (cutlim > 0) { - cutlim -= base; - cutoff += 1; - } - cutlim = -cutlim; - } - for (acc = 0, any = 0;; c = (unsigned char) *s++) { - if (isdigit(c)) - c -= '0'; - else if (isalpha(c)) - c -= isupper(c) ? 'A' - 10 : 'a' - 10; - else - break; - if (c >= base) - break; - if (any < 0) - continue; - if (neg) { - if (acc < cutoff || (acc == cutoff && c > cutlim)) { - any = -1; - acc = LLONG_MIN; - errno = ERANGE; - } else { - any = 1; - acc *= base; - acc -= c; - } - } else { - if (acc > cutoff || (acc == cutoff && c > cutlim)) { - any = -1; - acc = LLONG_MAX; - errno = ERANGE; - } else { - any = 1; - acc *= base; - acc += c; - } - } - } - if (endptr != 0) - *endptr = (char *) (any ? s - 1 : nptr); - return (acc); -} -#endif /* HAVE_STRTOLL */ diff --git a/ssh_keygen_110/openbsd-compat/strtonum.c b/ssh_keygen_110/openbsd-compat/strtonum.c deleted file mode 100644 index 87f2f24b..00000000 --- a/ssh_keygen_110/openbsd-compat/strtonum.c +++ /dev/null @@ -1,72 +0,0 @@ -/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */ - -/* - * Copyright (c) 2004 Ted Unangst and Todd Miller - * All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */ - -#include "includes.h" - -#ifndef HAVE_STRTONUM -#include -#include -#include - -#define INVALID 1 -#define TOOSMALL 2 -#define TOOLARGE 3 - -long long -strtonum(const char *numstr, long long minval, long long maxval, - const char **errstrp) -{ - long long ll = 0; - char *ep; - int error = 0; - struct errval { - const char *errstr; - int err; - } ev[4] = { - { NULL, 0 }, - { "invalid", EINVAL }, - { "too small", ERANGE }, - { "too large", ERANGE }, - }; - - ev[0].err = errno; - errno = 0; - if (minval > maxval) - error = INVALID; - else { - ll = strtoll(numstr, &ep, 10); - if (numstr == ep || *ep != '\0') - error = INVALID; - else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) - error = TOOSMALL; - else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) - error = TOOLARGE; - } - if (errstrp != NULL) - *errstrp = ev[error].errstr; - errno = ev[error].err; - if (error) - ll = 0; - - return (ll); -} - -#endif /* HAVE_STRTONUM */ diff --git a/ssh_keygen_110/openbsd-compat/strtoul.c b/ssh_keygen_110/openbsd-compat/strtoul.c deleted file mode 100644 index 8219c839..00000000 --- a/ssh_keygen_110/openbsd-compat/strtoul.c +++ /dev/null @@ -1,108 +0,0 @@ -/* $OpenBSD: strtoul.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */ -/* - * Copyright (c) 1990 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */ - -#include "includes.h" -#ifndef HAVE_STRTOUL - -#include -#include -#include -#include - -/* - * Convert a string to an unsigned long integer. - * - * Ignores `locale' stuff. Assumes that the upper and lower case - * alphabets and digits are each contiguous. - */ -unsigned long -strtoul(const char *nptr, char **endptr, int base) -{ - const char *s; - unsigned long acc, cutoff; - int c; - int neg, any, cutlim; - - /* - * See strtol for comments as to the logic used. - */ - s = nptr; - do { - c = (unsigned char) *s++; - } while (isspace(c)); - if (c == '-') { - neg = 1; - c = *s++; - } else { - neg = 0; - if (c == '+') - c = *s++; - } - if ((base == 0 || base == 16) && - c == '0' && (*s == 'x' || *s == 'X')) { - c = s[1]; - s += 2; - base = 16; - } - if (base == 0) - base = c == '0' ? 8 : 10; - - cutoff = ULONG_MAX / (unsigned long)base; - cutlim = ULONG_MAX % (unsigned long)base; - for (acc = 0, any = 0;; c = (unsigned char) *s++) { - if (isdigit(c)) - c -= '0'; - else if (isalpha(c)) - c -= isupper(c) ? 'A' - 10 : 'a' - 10; - else - break; - if (c >= base) - break; - if (any < 0) - continue; - if (acc > cutoff || acc == cutoff && c > cutlim) { - any = -1; - acc = ULONG_MAX; - errno = ERANGE; - } else { - any = 1; - acc *= (unsigned long)base; - acc += c; - } - } - if (neg && any > 0) - acc = -acc; - if (endptr != 0) - *endptr = (char *) (any ? s - 1 : nptr); - return (acc); -} -#endif /* !HAVE_STRTOUL */ diff --git a/ssh_keygen_110/openbsd-compat/strtoull.c b/ssh_keygen_110/openbsd-compat/strtoull.c deleted file mode 100644 index f7c818c5..00000000 --- a/ssh_keygen_110/openbsd-compat/strtoull.c +++ /dev/null @@ -1,110 +0,0 @@ -/* $OpenBSD: strtoull.c,v 1.5 2005/08/08 08:05:37 espie Exp $ */ -/*- - * Copyright (c) 1992 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoull.c */ - -#include "includes.h" -#ifndef HAVE_STRTOULL - -#include - -#include -#include -#include -#include - -/* - * Convert a string to an unsigned long long. - * - * Ignores `locale' stuff. Assumes that the upper and lower case - * alphabets and digits are each contiguous. - */ -unsigned long long -strtoull(const char *nptr, char **endptr, int base) -{ - const char *s; - unsigned long long acc, cutoff; - int c; - int neg, any, cutlim; - - /* - * See strtoq for comments as to the logic used. - */ - s = nptr; - do { - c = (unsigned char) *s++; - } while (isspace(c)); - if (c == '-') { - neg = 1; - c = *s++; - } else { - neg = 0; - if (c == '+') - c = *s++; - } - if ((base == 0 || base == 16) && - c == '0' && (*s == 'x' || *s == 'X')) { - c = s[1]; - s += 2; - base = 16; - } - if (base == 0) - base = c == '0' ? 8 : 10; - - cutoff = ULLONG_MAX / (unsigned long long)base; - cutlim = ULLONG_MAX % (unsigned long long)base; - for (acc = 0, any = 0;; c = (unsigned char) *s++) { - if (isdigit(c)) - c -= '0'; - else if (isalpha(c)) - c -= isupper(c) ? 'A' - 10 : 'a' - 10; - else - break; - if (c >= base) - break; - if (any < 0) - continue; - if (acc > cutoff || (acc == cutoff && c > cutlim)) { - any = -1; - acc = ULLONG_MAX; - errno = ERANGE; - } else { - any = 1; - acc *= (unsigned long long)base; - acc += c; - } - } - if (neg && any > 0) - acc = -acc; - if (endptr != 0) - *endptr = (char *) (any ? s - 1 : nptr); - return (acc); -} -#endif /* !HAVE_STRTOULL */ diff --git a/ssh_keygen_110/openbsd-compat/sys-queue.h b/ssh_keygen_110/openbsd-compat/sys-queue.h deleted file mode 100644 index af93d681..00000000 --- a/ssh_keygen_110/openbsd-compat/sys-queue.h +++ /dev/null @@ -1,658 +0,0 @@ -/* $OpenBSD: queue.h,v 1.36 2012/04/11 13:29:14 naddy Exp $ */ -/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ - -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)queue.h 8.5 (Berkeley) 8/20/94 - */ - -/* OPENBSD ORIGINAL: sys/sys/queue.h */ - -#ifndef _FAKE_QUEUE_H_ -#define _FAKE_QUEUE_H_ - -/* - * Require for OS/X and other platforms that have old/broken/incomplete - * . - */ -#undef SLIST_HEAD -#undef SLIST_HEAD_INITIALIZER -#undef SLIST_ENTRY -#undef SLIST_FOREACH_PREVPTR -#undef SLIST_FOREACH_SAFE -#undef SLIST_FIRST -#undef SLIST_END -#undef SLIST_EMPTY -#undef SLIST_NEXT -#undef SLIST_FOREACH -#undef SLIST_INIT -#undef SLIST_INSERT_AFTER -#undef SLIST_INSERT_HEAD -#undef SLIST_REMOVE_HEAD -#undef SLIST_REMOVE_AFTER -#undef SLIST_REMOVE -#undef SLIST_REMOVE_NEXT -#undef LIST_HEAD -#undef LIST_HEAD_INITIALIZER -#undef LIST_ENTRY -#undef LIST_FIRST -#undef LIST_END -#undef LIST_EMPTY -#undef LIST_NEXT -#undef LIST_FOREACH -#undef LIST_FOREACH_SAFE -#undef LIST_INIT -#undef LIST_INSERT_AFTER -#undef LIST_INSERT_BEFORE -#undef LIST_INSERT_HEAD -#undef LIST_REMOVE -#undef LIST_REPLACE -#undef SIMPLEQ_HEAD -#undef SIMPLEQ_HEAD_INITIALIZER -#undef SIMPLEQ_ENTRY -#undef SIMPLEQ_FIRST -#undef SIMPLEQ_END -#undef SIMPLEQ_EMPTY -#undef SIMPLEQ_NEXT -#undef SIMPLEQ_FOREACH -#undef SIMPLEQ_INIT -#undef SIMPLEQ_INSERT_HEAD -#undef SIMPLEQ_INSERT_TAIL -#undef SIMPLEQ_INSERT_AFTER -#undef SIMPLEQ_REMOVE_HEAD -#undef TAILQ_HEAD -#undef TAILQ_HEAD_INITIALIZER -#undef TAILQ_ENTRY -#undef TAILQ_FIRST -#undef TAILQ_END -#undef TAILQ_NEXT -#undef TAILQ_LAST -#undef TAILQ_PREV -#undef TAILQ_EMPTY -#undef TAILQ_FOREACH -#undef TAILQ_FOREACH_REVERSE -#undef TAILQ_FOREACH_SAFE -#undef TAILQ_FOREACH_REVERSE_SAFE -#undef TAILQ_INIT -#undef TAILQ_INSERT_HEAD -#undef TAILQ_INSERT_TAIL -#undef TAILQ_INSERT_AFTER -#undef TAILQ_INSERT_BEFORE -#undef TAILQ_REMOVE -#undef TAILQ_REPLACE -#undef CIRCLEQ_HEAD -#undef CIRCLEQ_HEAD_INITIALIZER -#undef CIRCLEQ_ENTRY -#undef CIRCLEQ_FIRST -#undef CIRCLEQ_LAST -#undef CIRCLEQ_END -#undef CIRCLEQ_NEXT -#undef CIRCLEQ_PREV -#undef CIRCLEQ_EMPTY -#undef CIRCLEQ_FOREACH -#undef CIRCLEQ_FOREACH_REVERSE -#undef CIRCLEQ_INIT -#undef CIRCLEQ_INSERT_AFTER -#undef CIRCLEQ_INSERT_BEFORE -#undef CIRCLEQ_INSERT_HEAD -#undef CIRCLEQ_INSERT_TAIL -#undef CIRCLEQ_REMOVE -#undef CIRCLEQ_REPLACE - -/* - * This file defines five types of data structures: singly-linked lists, - * lists, simple queues, tail queues, and circular queues. - * - * - * A singly-linked list is headed by a single forward pointer. The elements - * are singly linked for minimum space and pointer manipulation overhead at - * the expense of O(n) removal for arbitrary elements. New elements can be - * added to the list after an existing element or at the head of the list. - * Elements being removed from the head of the list should use the explicit - * macro for this purpose for optimum efficiency. A singly-linked list may - * only be traversed in the forward direction. Singly-linked lists are ideal - * for applications with large datasets and few or no removals or for - * implementing a LIFO queue. - * - * A list is headed by a single forward pointer (or an array of forward - * pointers for a hash table header). The elements are doubly linked - * so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before - * or after an existing element or at the head of the list. A list - * may only be traversed in the forward direction. - * - * A simple queue is headed by a pair of pointers, one the head of the - * list and the other to the tail of the list. The elements are singly - * linked to save space, so elements can only be removed from the - * head of the list. New elements can be added to the list before or after - * an existing element, at the head of the list, or at the end of the - * list. A simple queue may only be traversed in the forward direction. - * - * A tail queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or - * after an existing element, at the head of the list, or at the end of - * the list. A tail queue may be traversed in either direction. - * - * A circle queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or after - * an existing element, at the head of the list, or at the end of the list. - * A circle queue may be traversed in either direction, but has a more - * complex end of list detection. - * - * For details on the use of these macros, see the queue(3) manual page. - */ - -#if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC)) -#define _Q_INVALIDATE(a) (a) = ((void *)-1) -#else -#define _Q_INVALIDATE(a) -#endif - -/* - * Singly-linked List definitions. - */ -#define SLIST_HEAD(name, type) \ -struct name { \ - struct type *slh_first; /* first element */ \ -} - -#define SLIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define SLIST_ENTRY(type) \ -struct { \ - struct type *sle_next; /* next element */ \ -} - -/* - * Singly-linked List access methods. - */ -#define SLIST_FIRST(head) ((head)->slh_first) -#define SLIST_END(head) NULL -#define SLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head)) -#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) - -#define SLIST_FOREACH(var, head, field) \ - for((var) = SLIST_FIRST(head); \ - (var) != SLIST_END(head); \ - (var) = SLIST_NEXT(var, field)) - -#define SLIST_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = SLIST_FIRST(head); \ - (var) && ((tvar) = SLIST_NEXT(var, field), 1); \ - (var) = (tvar)) - -/* - * Singly-linked List functions. - */ -#define SLIST_INIT(head) { \ - SLIST_FIRST(head) = SLIST_END(head); \ -} - -#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ - (elm)->field.sle_next = (slistelm)->field.sle_next; \ - (slistelm)->field.sle_next = (elm); \ -} while (0) - -#define SLIST_INSERT_HEAD(head, elm, field) do { \ - (elm)->field.sle_next = (head)->slh_first; \ - (head)->slh_first = (elm); \ -} while (0) - -#define SLIST_REMOVE_AFTER(elm, field) do { \ - (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \ -} while (0) - -#define SLIST_REMOVE_HEAD(head, field) do { \ - (head)->slh_first = (head)->slh_first->field.sle_next; \ -} while (0) - -#define SLIST_REMOVE(head, elm, type, field) do { \ - if ((head)->slh_first == (elm)) { \ - SLIST_REMOVE_HEAD((head), field); \ - } else { \ - struct type *curelm = (head)->slh_first; \ - \ - while (curelm->field.sle_next != (elm)) \ - curelm = curelm->field.sle_next; \ - curelm->field.sle_next = \ - curelm->field.sle_next->field.sle_next; \ - _Q_INVALIDATE((elm)->field.sle_next); \ - } \ -} while (0) - -/* - * List definitions. - */ -#define LIST_HEAD(name, type) \ -struct name { \ - struct type *lh_first; /* first element */ \ -} - -#define LIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define LIST_ENTRY(type) \ -struct { \ - struct type *le_next; /* next element */ \ - struct type **le_prev; /* address of previous next element */ \ -} - -/* - * List access methods - */ -#define LIST_FIRST(head) ((head)->lh_first) -#define LIST_END(head) NULL -#define LIST_EMPTY(head) (LIST_FIRST(head) == LIST_END(head)) -#define LIST_NEXT(elm, field) ((elm)->field.le_next) - -#define LIST_FOREACH(var, head, field) \ - for((var) = LIST_FIRST(head); \ - (var)!= LIST_END(head); \ - (var) = LIST_NEXT(var, field)) - -#define LIST_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = LIST_FIRST(head); \ - (var) && ((tvar) = LIST_NEXT(var, field), 1); \ - (var) = (tvar)) - -/* - * List functions. - */ -#define LIST_INIT(head) do { \ - LIST_FIRST(head) = LIST_END(head); \ -} while (0) - -#define LIST_INSERT_AFTER(listelm, elm, field) do { \ - if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ - (listelm)->field.le_next->field.le_prev = \ - &(elm)->field.le_next; \ - (listelm)->field.le_next = (elm); \ - (elm)->field.le_prev = &(listelm)->field.le_next; \ -} while (0) - -#define LIST_INSERT_BEFORE(listelm, elm, field) do { \ - (elm)->field.le_prev = (listelm)->field.le_prev; \ - (elm)->field.le_next = (listelm); \ - *(listelm)->field.le_prev = (elm); \ - (listelm)->field.le_prev = &(elm)->field.le_next; \ -} while (0) - -#define LIST_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.le_next = (head)->lh_first) != NULL) \ - (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ - (head)->lh_first = (elm); \ - (elm)->field.le_prev = &(head)->lh_first; \ -} while (0) - -#define LIST_REMOVE(elm, field) do { \ - if ((elm)->field.le_next != NULL) \ - (elm)->field.le_next->field.le_prev = \ - (elm)->field.le_prev; \ - *(elm)->field.le_prev = (elm)->field.le_next; \ - _Q_INVALIDATE((elm)->field.le_prev); \ - _Q_INVALIDATE((elm)->field.le_next); \ -} while (0) - -#define LIST_REPLACE(elm, elm2, field) do { \ - if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \ - (elm2)->field.le_next->field.le_prev = \ - &(elm2)->field.le_next; \ - (elm2)->field.le_prev = (elm)->field.le_prev; \ - *(elm2)->field.le_prev = (elm2); \ - _Q_INVALIDATE((elm)->field.le_prev); \ - _Q_INVALIDATE((elm)->field.le_next); \ -} while (0) - -/* - * Simple queue definitions. - */ -#define SIMPLEQ_HEAD(name, type) \ -struct name { \ - struct type *sqh_first; /* first element */ \ - struct type **sqh_last; /* addr of last next element */ \ -} - -#define SIMPLEQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).sqh_first } - -#define SIMPLEQ_ENTRY(type) \ -struct { \ - struct type *sqe_next; /* next element */ \ -} - -/* - * Simple queue access methods. - */ -#define SIMPLEQ_FIRST(head) ((head)->sqh_first) -#define SIMPLEQ_END(head) NULL -#define SIMPLEQ_EMPTY(head) (SIMPLEQ_FIRST(head) == SIMPLEQ_END(head)) -#define SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next) - -#define SIMPLEQ_FOREACH(var, head, field) \ - for((var) = SIMPLEQ_FIRST(head); \ - (var) != SIMPLEQ_END(head); \ - (var) = SIMPLEQ_NEXT(var, field)) - -#define SIMPLEQ_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = SIMPLEQ_FIRST(head); \ - (var) && ((tvar) = SIMPLEQ_NEXT(var, field), 1); \ - (var) = (tvar)) - -/* - * Simple queue functions. - */ -#define SIMPLEQ_INIT(head) do { \ - (head)->sqh_first = NULL; \ - (head)->sqh_last = &(head)->sqh_first; \ -} while (0) - -#define SIMPLEQ_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \ - (head)->sqh_last = &(elm)->field.sqe_next; \ - (head)->sqh_first = (elm); \ -} while (0) - -#define SIMPLEQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.sqe_next = NULL; \ - *(head)->sqh_last = (elm); \ - (head)->sqh_last = &(elm)->field.sqe_next; \ -} while (0) - -#define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ - if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\ - (head)->sqh_last = &(elm)->field.sqe_next; \ - (listelm)->field.sqe_next = (elm); \ -} while (0) - -#define SIMPLEQ_REMOVE_HEAD(head, field) do { \ - if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \ - (head)->sqh_last = &(head)->sqh_first; \ -} while (0) - -#define SIMPLEQ_REMOVE_AFTER(head, elm, field) do { \ - if (((elm)->field.sqe_next = (elm)->field.sqe_next->field.sqe_next) \ - == NULL) \ - (head)->sqh_last = &(elm)->field.sqe_next; \ -} while (0) - -/* - * Tail queue definitions. - */ -#define TAILQ_HEAD(name, type) \ -struct name { \ - struct type *tqh_first; /* first element */ \ - struct type **tqh_last; /* addr of last next element */ \ -} - -#define TAILQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).tqh_first } - -#define TAILQ_ENTRY(type) \ -struct { \ - struct type *tqe_next; /* next element */ \ - struct type **tqe_prev; /* address of previous next element */ \ -} - -/* - * tail queue access methods - */ -#define TAILQ_FIRST(head) ((head)->tqh_first) -#define TAILQ_END(head) NULL -#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) -#define TAILQ_LAST(head, headname) \ - (*(((struct headname *)((head)->tqh_last))->tqh_last)) -/* XXX */ -#define TAILQ_PREV(elm, headname, field) \ - (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) -#define TAILQ_EMPTY(head) \ - (TAILQ_FIRST(head) == TAILQ_END(head)) - -#define TAILQ_FOREACH(var, head, field) \ - for((var) = TAILQ_FIRST(head); \ - (var) != TAILQ_END(head); \ - (var) = TAILQ_NEXT(var, field)) - -#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = TAILQ_FIRST(head); \ - (var) != TAILQ_END(head) && \ - ((tvar) = TAILQ_NEXT(var, field), 1); \ - (var) = (tvar)) - - -#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ - for((var) = TAILQ_LAST(head, headname); \ - (var) != TAILQ_END(head); \ - (var) = TAILQ_PREV(var, headname, field)) - -#define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ - for ((var) = TAILQ_LAST(head, headname); \ - (var) != TAILQ_END(head) && \ - ((tvar) = TAILQ_PREV(var, headname, field), 1); \ - (var) = (tvar)) - -/* - * Tail queue functions. - */ -#define TAILQ_INIT(head) do { \ - (head)->tqh_first = NULL; \ - (head)->tqh_last = &(head)->tqh_first; \ -} while (0) - -#define TAILQ_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ - (head)->tqh_first->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (head)->tqh_first = (elm); \ - (elm)->field.tqe_prev = &(head)->tqh_first; \ -} while (0) - -#define TAILQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.tqe_next = NULL; \ - (elm)->field.tqe_prev = (head)->tqh_last; \ - *(head)->tqh_last = (elm); \ - (head)->tqh_last = &(elm)->field.tqe_next; \ -} while (0) - -#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ - if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ - (elm)->field.tqe_next->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (listelm)->field.tqe_next = (elm); \ - (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ -} while (0) - -#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ - (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ - (elm)->field.tqe_next = (listelm); \ - *(listelm)->field.tqe_prev = (elm); \ - (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ -} while (0) - -#define TAILQ_REMOVE(head, elm, field) do { \ - if (((elm)->field.tqe_next) != NULL) \ - (elm)->field.tqe_next->field.tqe_prev = \ - (elm)->field.tqe_prev; \ - else \ - (head)->tqh_last = (elm)->field.tqe_prev; \ - *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ - _Q_INVALIDATE((elm)->field.tqe_prev); \ - _Q_INVALIDATE((elm)->field.tqe_next); \ -} while (0) - -#define TAILQ_REPLACE(head, elm, elm2, field) do { \ - if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \ - (elm2)->field.tqe_next->field.tqe_prev = \ - &(elm2)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm2)->field.tqe_next; \ - (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ - *(elm2)->field.tqe_prev = (elm2); \ - _Q_INVALIDATE((elm)->field.tqe_prev); \ - _Q_INVALIDATE((elm)->field.tqe_next); \ -} while (0) - -/* - * Circular queue definitions. - */ -#define CIRCLEQ_HEAD(name, type) \ -struct name { \ - struct type *cqh_first; /* first element */ \ - struct type *cqh_last; /* last element */ \ -} - -#define CIRCLEQ_HEAD_INITIALIZER(head) \ - { CIRCLEQ_END(&head), CIRCLEQ_END(&head) } - -#define CIRCLEQ_ENTRY(type) \ -struct { \ - struct type *cqe_next; /* next element */ \ - struct type *cqe_prev; /* previous element */ \ -} - -/* - * Circular queue access methods - */ -#define CIRCLEQ_FIRST(head) ((head)->cqh_first) -#define CIRCLEQ_LAST(head) ((head)->cqh_last) -#define CIRCLEQ_END(head) ((void *)(head)) -#define CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next) -#define CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev) -#define CIRCLEQ_EMPTY(head) \ - (CIRCLEQ_FIRST(head) == CIRCLEQ_END(head)) - -#define CIRCLEQ_FOREACH(var, head, field) \ - for((var) = CIRCLEQ_FIRST(head); \ - (var) != CIRCLEQ_END(head); \ - (var) = CIRCLEQ_NEXT(var, field)) - -#define CIRCLEQ_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = CIRCLEQ_FIRST(head); \ - (var) != CIRCLEQ_END(head) && \ - ((tvar) = CIRCLEQ_NEXT(var, field), 1); \ - (var) = (tvar)) - -#define CIRCLEQ_FOREACH_REVERSE(var, head, field) \ - for((var) = CIRCLEQ_LAST(head); \ - (var) != CIRCLEQ_END(head); \ - (var) = CIRCLEQ_PREV(var, field)) - -#define CIRCLEQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ - for ((var) = CIRCLEQ_LAST(head, headname); \ - (var) != CIRCLEQ_END(head) && \ - ((tvar) = CIRCLEQ_PREV(var, headname, field), 1); \ - (var) = (tvar)) - -/* - * Circular queue functions. - */ -#define CIRCLEQ_INIT(head) do { \ - (head)->cqh_first = CIRCLEQ_END(head); \ - (head)->cqh_last = CIRCLEQ_END(head); \ -} while (0) - -#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ - (elm)->field.cqe_next = (listelm)->field.cqe_next; \ - (elm)->field.cqe_prev = (listelm); \ - if ((listelm)->field.cqe_next == CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm); \ - else \ - (listelm)->field.cqe_next->field.cqe_prev = (elm); \ - (listelm)->field.cqe_next = (elm); \ -} while (0) - -#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \ - (elm)->field.cqe_next = (listelm); \ - (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ - if ((listelm)->field.cqe_prev == CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm); \ - else \ - (listelm)->field.cqe_prev->field.cqe_next = (elm); \ - (listelm)->field.cqe_prev = (elm); \ -} while (0) - -#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \ - (elm)->field.cqe_next = (head)->cqh_first; \ - (elm)->field.cqe_prev = CIRCLEQ_END(head); \ - if ((head)->cqh_last == CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm); \ - else \ - (head)->cqh_first->field.cqe_prev = (elm); \ - (head)->cqh_first = (elm); \ -} while (0) - -#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.cqe_next = CIRCLEQ_END(head); \ - (elm)->field.cqe_prev = (head)->cqh_last; \ - if ((head)->cqh_first == CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm); \ - else \ - (head)->cqh_last->field.cqe_next = (elm); \ - (head)->cqh_last = (elm); \ -} while (0) - -#define CIRCLEQ_REMOVE(head, elm, field) do { \ - if ((elm)->field.cqe_next == CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm)->field.cqe_prev; \ - else \ - (elm)->field.cqe_next->field.cqe_prev = \ - (elm)->field.cqe_prev; \ - if ((elm)->field.cqe_prev == CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm)->field.cqe_next; \ - else \ - (elm)->field.cqe_prev->field.cqe_next = \ - (elm)->field.cqe_next; \ - _Q_INVALIDATE((elm)->field.cqe_prev); \ - _Q_INVALIDATE((elm)->field.cqe_next); \ -} while (0) - -#define CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ - if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \ - CIRCLEQ_END(head)) \ - (head).cqh_last = (elm2); \ - else \ - (elm2)->field.cqe_next->field.cqe_prev = (elm2); \ - if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \ - CIRCLEQ_END(head)) \ - (head).cqh_first = (elm2); \ - else \ - (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ - _Q_INVALIDATE((elm)->field.cqe_prev); \ - _Q_INVALIDATE((elm)->field.cqe_next); \ -} while (0) - -#endif /* !_FAKE_QUEUE_H_ */ diff --git a/ssh_keygen_110/openbsd-compat/sys-tree.h b/ssh_keygen_110/openbsd-compat/sys-tree.h deleted file mode 100644 index 7f7546ec..00000000 --- a/ssh_keygen_110/openbsd-compat/sys-tree.h +++ /dev/null @@ -1,755 +0,0 @@ -/* $OpenBSD: tree.h,v 1.13 2011/07/09 00:19:45 pirofti Exp $ */ -/* - * Copyright 2002 Niels Provos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: sys/sys/tree.h */ - -#include "config.h" -#ifdef NO_ATTRIBUTE_ON_RETURN_TYPE -# define __attribute__(x) -#endif - -#ifndef _SYS_TREE_H_ -#define _SYS_TREE_H_ - -/* - * This file defines data structures for different types of trees: - * splay trees and red-black trees. - * - * A splay tree is a self-organizing data structure. Every operation - * on the tree causes a splay to happen. The splay moves the requested - * node to the root of the tree and partly rebalances it. - * - * This has the benefit that request locality causes faster lookups as - * the requested nodes move to the top of the tree. On the other hand, - * every lookup causes memory writes. - * - * The Balance Theorem bounds the total access time for m operations - * and n inserts on an initially empty tree as O((m + n)lg n). The - * amortized cost for a sequence of m accesses to a splay tree is O(lg n); - * - * A red-black tree is a binary search tree with the node color as an - * extra attribute. It fulfills a set of conditions: - * - every search path from the root to a leaf consists of the - * same number of black nodes, - * - each red node (except for the root) has a black parent, - * - each leaf node is black. - * - * Every operation on a red-black tree is bounded as O(lg n). - * The maximum height of a red-black tree is 2lg (n+1). - */ - -#define SPLAY_HEAD(name, type) \ -struct name { \ - struct type *sph_root; /* root of the tree */ \ -} - -#define SPLAY_INITIALIZER(root) \ - { NULL } - -#define SPLAY_INIT(root) do { \ - (root)->sph_root = NULL; \ -} while (0) - -#define SPLAY_ENTRY(type) \ -struct { \ - struct type *spe_left; /* left element */ \ - struct type *spe_right; /* right element */ \ -} - -#define SPLAY_LEFT(elm, field) (elm)->field.spe_left -#define SPLAY_RIGHT(elm, field) (elm)->field.spe_right -#define SPLAY_ROOT(head) (head)->sph_root -#define SPLAY_EMPTY(head) (SPLAY_ROOT(head) == NULL) - -/* SPLAY_ROTATE_{LEFT,RIGHT} expect that tmp hold SPLAY_{RIGHT,LEFT} */ -#define SPLAY_ROTATE_RIGHT(head, tmp, field) do { \ - SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(tmp, field); \ - SPLAY_RIGHT(tmp, field) = (head)->sph_root; \ - (head)->sph_root = tmp; \ -} while (0) - -#define SPLAY_ROTATE_LEFT(head, tmp, field) do { \ - SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(tmp, field); \ - SPLAY_LEFT(tmp, field) = (head)->sph_root; \ - (head)->sph_root = tmp; \ -} while (0) - -#define SPLAY_LINKLEFT(head, tmp, field) do { \ - SPLAY_LEFT(tmp, field) = (head)->sph_root; \ - tmp = (head)->sph_root; \ - (head)->sph_root = SPLAY_LEFT((head)->sph_root, field); \ -} while (0) - -#define SPLAY_LINKRIGHT(head, tmp, field) do { \ - SPLAY_RIGHT(tmp, field) = (head)->sph_root; \ - tmp = (head)->sph_root; \ - (head)->sph_root = SPLAY_RIGHT((head)->sph_root, field); \ -} while (0) - -#define SPLAY_ASSEMBLE(head, node, left, right, field) do { \ - SPLAY_RIGHT(left, field) = SPLAY_LEFT((head)->sph_root, field); \ - SPLAY_LEFT(right, field) = SPLAY_RIGHT((head)->sph_root, field);\ - SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(node, field); \ - SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(node, field); \ -} while (0) - -/* Generates prototypes and inline functions */ - -#define SPLAY_PROTOTYPE(name, type, field, cmp) \ -void name##_SPLAY(struct name *, struct type *); \ -void name##_SPLAY_MINMAX(struct name *, int); \ -struct type *name##_SPLAY_INSERT(struct name *, struct type *); \ -struct type *name##_SPLAY_REMOVE(struct name *, struct type *); \ - \ -/* Finds the node with the same key as elm */ \ -static __inline struct type * \ -name##_SPLAY_FIND(struct name *head, struct type *elm) \ -{ \ - if (SPLAY_EMPTY(head)) \ - return(NULL); \ - name##_SPLAY(head, elm); \ - if ((cmp)(elm, (head)->sph_root) == 0) \ - return (head->sph_root); \ - return (NULL); \ -} \ - \ -static __inline struct type * \ -name##_SPLAY_NEXT(struct name *head, struct type *elm) \ -{ \ - name##_SPLAY(head, elm); \ - if (SPLAY_RIGHT(elm, field) != NULL) { \ - elm = SPLAY_RIGHT(elm, field); \ - while (SPLAY_LEFT(elm, field) != NULL) { \ - elm = SPLAY_LEFT(elm, field); \ - } \ - } else \ - elm = NULL; \ - return (elm); \ -} \ - \ -static __inline struct type * \ -name##_SPLAY_MIN_MAX(struct name *head, int val) \ -{ \ - name##_SPLAY_MINMAX(head, val); \ - return (SPLAY_ROOT(head)); \ -} - -/* Main splay operation. - * Moves node close to the key of elm to top - */ -#define SPLAY_GENERATE(name, type, field, cmp) \ -struct type * \ -name##_SPLAY_INSERT(struct name *head, struct type *elm) \ -{ \ - if (SPLAY_EMPTY(head)) { \ - SPLAY_LEFT(elm, field) = SPLAY_RIGHT(elm, field) = NULL; \ - } else { \ - int __comp; \ - name##_SPLAY(head, elm); \ - __comp = (cmp)(elm, (head)->sph_root); \ - if(__comp < 0) { \ - SPLAY_LEFT(elm, field) = SPLAY_LEFT((head)->sph_root, field);\ - SPLAY_RIGHT(elm, field) = (head)->sph_root; \ - SPLAY_LEFT((head)->sph_root, field) = NULL; \ - } else if (__comp > 0) { \ - SPLAY_RIGHT(elm, field) = SPLAY_RIGHT((head)->sph_root, field);\ - SPLAY_LEFT(elm, field) = (head)->sph_root; \ - SPLAY_RIGHT((head)->sph_root, field) = NULL; \ - } else \ - return ((head)->sph_root); \ - } \ - (head)->sph_root = (elm); \ - return (NULL); \ -} \ - \ -struct type * \ -name##_SPLAY_REMOVE(struct name *head, struct type *elm) \ -{ \ - struct type *__tmp; \ - if (SPLAY_EMPTY(head)) \ - return (NULL); \ - name##_SPLAY(head, elm); \ - if ((cmp)(elm, (head)->sph_root) == 0) { \ - if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \ - (head)->sph_root = SPLAY_RIGHT((head)->sph_root, field);\ - } else { \ - __tmp = SPLAY_RIGHT((head)->sph_root, field); \ - (head)->sph_root = SPLAY_LEFT((head)->sph_root, field);\ - name##_SPLAY(head, elm); \ - SPLAY_RIGHT((head)->sph_root, field) = __tmp; \ - } \ - return (elm); \ - } \ - return (NULL); \ -} \ - \ -void \ -name##_SPLAY(struct name *head, struct type *elm) \ -{ \ - struct type __node, *__left, *__right, *__tmp; \ - int __comp; \ -\ - SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\ - __left = __right = &__node; \ -\ - while ((__comp = (cmp)(elm, (head)->sph_root))) { \ - if (__comp < 0) { \ - __tmp = SPLAY_LEFT((head)->sph_root, field); \ - if (__tmp == NULL) \ - break; \ - if ((cmp)(elm, __tmp) < 0){ \ - SPLAY_ROTATE_RIGHT(head, __tmp, field); \ - if (SPLAY_LEFT((head)->sph_root, field) == NULL)\ - break; \ - } \ - SPLAY_LINKLEFT(head, __right, field); \ - } else if (__comp > 0) { \ - __tmp = SPLAY_RIGHT((head)->sph_root, field); \ - if (__tmp == NULL) \ - break; \ - if ((cmp)(elm, __tmp) > 0){ \ - SPLAY_ROTATE_LEFT(head, __tmp, field); \ - if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\ - break; \ - } \ - SPLAY_LINKRIGHT(head, __left, field); \ - } \ - } \ - SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \ -} \ - \ -/* Splay with either the minimum or the maximum element \ - * Used to find minimum or maximum element in tree. \ - */ \ -void name##_SPLAY_MINMAX(struct name *head, int __comp) \ -{ \ - struct type __node, *__left, *__right, *__tmp; \ -\ - SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\ - __left = __right = &__node; \ -\ - while (1) { \ - if (__comp < 0) { \ - __tmp = SPLAY_LEFT((head)->sph_root, field); \ - if (__tmp == NULL) \ - break; \ - if (__comp < 0){ \ - SPLAY_ROTATE_RIGHT(head, __tmp, field); \ - if (SPLAY_LEFT((head)->sph_root, field) == NULL)\ - break; \ - } \ - SPLAY_LINKLEFT(head, __right, field); \ - } else if (__comp > 0) { \ - __tmp = SPLAY_RIGHT((head)->sph_root, field); \ - if (__tmp == NULL) \ - break; \ - if (__comp > 0) { \ - SPLAY_ROTATE_LEFT(head, __tmp, field); \ - if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\ - break; \ - } \ - SPLAY_LINKRIGHT(head, __left, field); \ - } \ - } \ - SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \ -} - -#define SPLAY_NEGINF -1 -#define SPLAY_INF 1 - -#define SPLAY_INSERT(name, x, y) name##_SPLAY_INSERT(x, y) -#define SPLAY_REMOVE(name, x, y) name##_SPLAY_REMOVE(x, y) -#define SPLAY_FIND(name, x, y) name##_SPLAY_FIND(x, y) -#define SPLAY_NEXT(name, x, y) name##_SPLAY_NEXT(x, y) -#define SPLAY_MIN(name, x) (SPLAY_EMPTY(x) ? NULL \ - : name##_SPLAY_MIN_MAX(x, SPLAY_NEGINF)) -#define SPLAY_MAX(name, x) (SPLAY_EMPTY(x) ? NULL \ - : name##_SPLAY_MIN_MAX(x, SPLAY_INF)) - -#define SPLAY_FOREACH(x, name, head) \ - for ((x) = SPLAY_MIN(name, head); \ - (x) != NULL; \ - (x) = SPLAY_NEXT(name, head, x)) - -/* Macros that define a red-black tree */ -#define RB_HEAD(name, type) \ -struct name { \ - struct type *rbh_root; /* root of the tree */ \ -} - -#define RB_INITIALIZER(root) \ - { NULL } - -#define RB_INIT(root) do { \ - (root)->rbh_root = NULL; \ -} while (0) - -#define RB_BLACK 0 -#define RB_RED 1 -#define RB_ENTRY(type) \ -struct { \ - struct type *rbe_left; /* left element */ \ - struct type *rbe_right; /* right element */ \ - struct type *rbe_parent; /* parent element */ \ - int rbe_color; /* node color */ \ -} - -#define RB_LEFT(elm, field) (elm)->field.rbe_left -#define RB_RIGHT(elm, field) (elm)->field.rbe_right -#define RB_PARENT(elm, field) (elm)->field.rbe_parent -#define RB_COLOR(elm, field) (elm)->field.rbe_color -#define RB_ROOT(head) (head)->rbh_root -#define RB_EMPTY(head) (RB_ROOT(head) == NULL) - -#define RB_SET(elm, parent, field) do { \ - RB_PARENT(elm, field) = parent; \ - RB_LEFT(elm, field) = RB_RIGHT(elm, field) = NULL; \ - RB_COLOR(elm, field) = RB_RED; \ -} while (0) - -#define RB_SET_BLACKRED(black, red, field) do { \ - RB_COLOR(black, field) = RB_BLACK; \ - RB_COLOR(red, field) = RB_RED; \ -} while (0) - -#ifndef RB_AUGMENT -#define RB_AUGMENT(x) do {} while (0) -#endif - -#define RB_ROTATE_LEFT(head, elm, tmp, field) do { \ - (tmp) = RB_RIGHT(elm, field); \ - if ((RB_RIGHT(elm, field) = RB_LEFT(tmp, field))) { \ - RB_PARENT(RB_LEFT(tmp, field), field) = (elm); \ - } \ - RB_AUGMENT(elm); \ - if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field))) { \ - if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \ - RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ - else \ - RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ - } else \ - (head)->rbh_root = (tmp); \ - RB_LEFT(tmp, field) = (elm); \ - RB_PARENT(elm, field) = (tmp); \ - RB_AUGMENT(tmp); \ - if ((RB_PARENT(tmp, field))) \ - RB_AUGMENT(RB_PARENT(tmp, field)); \ -} while (0) - -#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ - (tmp) = RB_LEFT(elm, field); \ - if ((RB_LEFT(elm, field) = RB_RIGHT(tmp, field))) { \ - RB_PARENT(RB_RIGHT(tmp, field), field) = (elm); \ - } \ - RB_AUGMENT(elm); \ - if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field))) { \ - if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \ - RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ - else \ - RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ - } else \ - (head)->rbh_root = (tmp); \ - RB_RIGHT(tmp, field) = (elm); \ - RB_PARENT(elm, field) = (tmp); \ - RB_AUGMENT(tmp); \ - if ((RB_PARENT(tmp, field))) \ - RB_AUGMENT(RB_PARENT(tmp, field)); \ -} while (0) - -/* Generates prototypes and inline functions */ -#define RB_PROTOTYPE(name, type, field, cmp) \ - RB_PROTOTYPE_INTERNAL(name, type, field, cmp,) -#define RB_PROTOTYPE_STATIC(name, type, field, cmp) \ - RB_PROTOTYPE_INTERNAL(name, type, field, cmp, __attribute__((__unused__)) static) -#define RB_PROTOTYPE_INTERNAL(name, type, field, cmp, attr) \ -attr void name##_RB_INSERT_COLOR(struct name *, struct type *); \ -attr void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\ -attr struct type *name##_RB_REMOVE(struct name *, struct type *); \ -attr struct type *name##_RB_INSERT(struct name *, struct type *); \ -attr struct type *name##_RB_FIND(struct name *, struct type *); \ -attr struct type *name##_RB_NFIND(struct name *, struct type *); \ -attr struct type *name##_RB_NEXT(struct type *); \ -attr struct type *name##_RB_PREV(struct type *); \ -attr struct type *name##_RB_MINMAX(struct name *, int); \ - \ - -/* Main rb operation. - * Moves node close to the key of elm to top - */ -#define RB_GENERATE(name, type, field, cmp) \ - RB_GENERATE_INTERNAL(name, type, field, cmp,) -#define RB_GENERATE_STATIC(name, type, field, cmp) \ - RB_GENERATE_INTERNAL(name, type, field, cmp, __attribute__((__unused__)) static) -#define RB_GENERATE_INTERNAL(name, type, field, cmp, attr) \ -attr void \ -name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \ -{ \ - struct type *parent, *gparent, *tmp; \ - while ((parent = RB_PARENT(elm, field)) && \ - RB_COLOR(parent, field) == RB_RED) { \ - gparent = RB_PARENT(parent, field); \ - if (parent == RB_LEFT(gparent, field)) { \ - tmp = RB_RIGHT(gparent, field); \ - if (tmp && RB_COLOR(tmp, field) == RB_RED) { \ - RB_COLOR(tmp, field) = RB_BLACK; \ - RB_SET_BLACKRED(parent, gparent, field);\ - elm = gparent; \ - continue; \ - } \ - if (RB_RIGHT(parent, field) == elm) { \ - RB_ROTATE_LEFT(head, parent, tmp, field);\ - tmp = parent; \ - parent = elm; \ - elm = tmp; \ - } \ - RB_SET_BLACKRED(parent, gparent, field); \ - RB_ROTATE_RIGHT(head, gparent, tmp, field); \ - } else { \ - tmp = RB_LEFT(gparent, field); \ - if (tmp && RB_COLOR(tmp, field) == RB_RED) { \ - RB_COLOR(tmp, field) = RB_BLACK; \ - RB_SET_BLACKRED(parent, gparent, field);\ - elm = gparent; \ - continue; \ - } \ - if (RB_LEFT(parent, field) == elm) { \ - RB_ROTATE_RIGHT(head, parent, tmp, field);\ - tmp = parent; \ - parent = elm; \ - elm = tmp; \ - } \ - RB_SET_BLACKRED(parent, gparent, field); \ - RB_ROTATE_LEFT(head, gparent, tmp, field); \ - } \ - } \ - RB_COLOR(head->rbh_root, field) = RB_BLACK; \ -} \ - \ -attr void \ -name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) \ -{ \ - struct type *tmp; \ - while ((elm == NULL || RB_COLOR(elm, field) == RB_BLACK) && \ - elm != RB_ROOT(head)) { \ - if (RB_LEFT(parent, field) == elm) { \ - tmp = RB_RIGHT(parent, field); \ - if (RB_COLOR(tmp, field) == RB_RED) { \ - RB_SET_BLACKRED(tmp, parent, field); \ - RB_ROTATE_LEFT(head, parent, tmp, field);\ - tmp = RB_RIGHT(parent, field); \ - } \ - if ((RB_LEFT(tmp, field) == NULL || \ - RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\ - (RB_RIGHT(tmp, field) == NULL || \ - RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\ - RB_COLOR(tmp, field) = RB_RED; \ - elm = parent; \ - parent = RB_PARENT(elm, field); \ - } else { \ - if (RB_RIGHT(tmp, field) == NULL || \ - RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK) {\ - struct type *oleft; \ - if ((oleft = RB_LEFT(tmp, field)))\ - RB_COLOR(oleft, field) = RB_BLACK;\ - RB_COLOR(tmp, field) = RB_RED; \ - RB_ROTATE_RIGHT(head, tmp, oleft, field);\ - tmp = RB_RIGHT(parent, field); \ - } \ - RB_COLOR(tmp, field) = RB_COLOR(parent, field);\ - RB_COLOR(parent, field) = RB_BLACK; \ - if (RB_RIGHT(tmp, field)) \ - RB_COLOR(RB_RIGHT(tmp, field), field) = RB_BLACK;\ - RB_ROTATE_LEFT(head, parent, tmp, field);\ - elm = RB_ROOT(head); \ - break; \ - } \ - } else { \ - tmp = RB_LEFT(parent, field); \ - if (RB_COLOR(tmp, field) == RB_RED) { \ - RB_SET_BLACKRED(tmp, parent, field); \ - RB_ROTATE_RIGHT(head, parent, tmp, field);\ - tmp = RB_LEFT(parent, field); \ - } \ - if ((RB_LEFT(tmp, field) == NULL || \ - RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\ - (RB_RIGHT(tmp, field) == NULL || \ - RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\ - RB_COLOR(tmp, field) = RB_RED; \ - elm = parent; \ - parent = RB_PARENT(elm, field); \ - } else { \ - if (RB_LEFT(tmp, field) == NULL || \ - RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) {\ - struct type *oright; \ - if ((oright = RB_RIGHT(tmp, field)))\ - RB_COLOR(oright, field) = RB_BLACK;\ - RB_COLOR(tmp, field) = RB_RED; \ - RB_ROTATE_LEFT(head, tmp, oright, field);\ - tmp = RB_LEFT(parent, field); \ - } \ - RB_COLOR(tmp, field) = RB_COLOR(parent, field);\ - RB_COLOR(parent, field) = RB_BLACK; \ - if (RB_LEFT(tmp, field)) \ - RB_COLOR(RB_LEFT(tmp, field), field) = RB_BLACK;\ - RB_ROTATE_RIGHT(head, parent, tmp, field);\ - elm = RB_ROOT(head); \ - break; \ - } \ - } \ - } \ - if (elm) \ - RB_COLOR(elm, field) = RB_BLACK; \ -} \ - \ -attr struct type * \ -name##_RB_REMOVE(struct name *head, struct type *elm) \ -{ \ - struct type *child, *parent, *old = elm; \ - int color; \ - if (RB_LEFT(elm, field) == NULL) \ - child = RB_RIGHT(elm, field); \ - else if (RB_RIGHT(elm, field) == NULL) \ - child = RB_LEFT(elm, field); \ - else { \ - struct type *left; \ - elm = RB_RIGHT(elm, field); \ - while ((left = RB_LEFT(elm, field))) \ - elm = left; \ - child = RB_RIGHT(elm, field); \ - parent = RB_PARENT(elm, field); \ - color = RB_COLOR(elm, field); \ - if (child) \ - RB_PARENT(child, field) = parent; \ - if (parent) { \ - if (RB_LEFT(parent, field) == elm) \ - RB_LEFT(parent, field) = child; \ - else \ - RB_RIGHT(parent, field) = child; \ - RB_AUGMENT(parent); \ - } else \ - RB_ROOT(head) = child; \ - if (RB_PARENT(elm, field) == old) \ - parent = elm; \ - (elm)->field = (old)->field; \ - if (RB_PARENT(old, field)) { \ - if (RB_LEFT(RB_PARENT(old, field), field) == old)\ - RB_LEFT(RB_PARENT(old, field), field) = elm;\ - else \ - RB_RIGHT(RB_PARENT(old, field), field) = elm;\ - RB_AUGMENT(RB_PARENT(old, field)); \ - } else \ - RB_ROOT(head) = elm; \ - RB_PARENT(RB_LEFT(old, field), field) = elm; \ - if (RB_RIGHT(old, field)) \ - RB_PARENT(RB_RIGHT(old, field), field) = elm; \ - if (parent) { \ - left = parent; \ - do { \ - RB_AUGMENT(left); \ - } while ((left = RB_PARENT(left, field))); \ - } \ - goto color; \ - } \ - parent = RB_PARENT(elm, field); \ - color = RB_COLOR(elm, field); \ - if (child) \ - RB_PARENT(child, field) = parent; \ - if (parent) { \ - if (RB_LEFT(parent, field) == elm) \ - RB_LEFT(parent, field) = child; \ - else \ - RB_RIGHT(parent, field) = child; \ - RB_AUGMENT(parent); \ - } else \ - RB_ROOT(head) = child; \ -color: \ - if (color == RB_BLACK) \ - name##_RB_REMOVE_COLOR(head, parent, child); \ - return (old); \ -} \ - \ -/* Inserts a node into the RB tree */ \ -attr struct type * \ -name##_RB_INSERT(struct name *head, struct type *elm) \ -{ \ - struct type *tmp; \ - struct type *parent = NULL; \ - int comp = 0; \ - tmp = RB_ROOT(head); \ - while (tmp) { \ - parent = tmp; \ - comp = (cmp)(elm, parent); \ - if (comp < 0) \ - tmp = RB_LEFT(tmp, field); \ - else if (comp > 0) \ - tmp = RB_RIGHT(tmp, field); \ - else \ - return (tmp); \ - } \ - RB_SET(elm, parent, field); \ - if (parent != NULL) { \ - if (comp < 0) \ - RB_LEFT(parent, field) = elm; \ - else \ - RB_RIGHT(parent, field) = elm; \ - RB_AUGMENT(parent); \ - } else \ - RB_ROOT(head) = elm; \ - name##_RB_INSERT_COLOR(head, elm); \ - return (NULL); \ -} \ - \ -/* Finds the node with the same key as elm */ \ -attr struct type * \ -name##_RB_FIND(struct name *head, struct type *elm) \ -{ \ - struct type *tmp = RB_ROOT(head); \ - int comp; \ - while (tmp) { \ - comp = cmp(elm, tmp); \ - if (comp < 0) \ - tmp = RB_LEFT(tmp, field); \ - else if (comp > 0) \ - tmp = RB_RIGHT(tmp, field); \ - else \ - return (tmp); \ - } \ - return (NULL); \ -} \ - \ -/* Finds the first node greater than or equal to the search key */ \ -attr struct type * \ -name##_RB_NFIND(struct name *head, struct type *elm) \ -{ \ - struct type *tmp = RB_ROOT(head); \ - struct type *res = NULL; \ - int comp; \ - while (tmp) { \ - comp = cmp(elm, tmp); \ - if (comp < 0) { \ - res = tmp; \ - tmp = RB_LEFT(tmp, field); \ - } \ - else if (comp > 0) \ - tmp = RB_RIGHT(tmp, field); \ - else \ - return (tmp); \ - } \ - return (res); \ -} \ - \ -/* ARGSUSED */ \ -attr struct type * \ -name##_RB_NEXT(struct type *elm) \ -{ \ - if (RB_RIGHT(elm, field)) { \ - elm = RB_RIGHT(elm, field); \ - while (RB_LEFT(elm, field)) \ - elm = RB_LEFT(elm, field); \ - } else { \ - if (RB_PARENT(elm, field) && \ - (elm == RB_LEFT(RB_PARENT(elm, field), field))) \ - elm = RB_PARENT(elm, field); \ - else { \ - while (RB_PARENT(elm, field) && \ - (elm == RB_RIGHT(RB_PARENT(elm, field), field)))\ - elm = RB_PARENT(elm, field); \ - elm = RB_PARENT(elm, field); \ - } \ - } \ - return (elm); \ -} \ - \ -/* ARGSUSED */ \ -attr struct type * \ -name##_RB_PREV(struct type *elm) \ -{ \ - if (RB_LEFT(elm, field)) { \ - elm = RB_LEFT(elm, field); \ - while (RB_RIGHT(elm, field)) \ - elm = RB_RIGHT(elm, field); \ - } else { \ - if (RB_PARENT(elm, field) && \ - (elm == RB_RIGHT(RB_PARENT(elm, field), field))) \ - elm = RB_PARENT(elm, field); \ - else { \ - while (RB_PARENT(elm, field) && \ - (elm == RB_LEFT(RB_PARENT(elm, field), field)))\ - elm = RB_PARENT(elm, field); \ - elm = RB_PARENT(elm, field); \ - } \ - } \ - return (elm); \ -} \ - \ -attr struct type * \ -name##_RB_MINMAX(struct name *head, int val) \ -{ \ - struct type *tmp = RB_ROOT(head); \ - struct type *parent = NULL; \ - while (tmp) { \ - parent = tmp; \ - if (val < 0) \ - tmp = RB_LEFT(tmp, field); \ - else \ - tmp = RB_RIGHT(tmp, field); \ - } \ - return (parent); \ -} - -#define RB_NEGINF -1 -#define RB_INF 1 - -#define RB_INSERT(name, x, y) name##_RB_INSERT(x, y) -#define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y) -#define RB_FIND(name, x, y) name##_RB_FIND(x, y) -#define RB_NFIND(name, x, y) name##_RB_NFIND(x, y) -#define RB_NEXT(name, x, y) name##_RB_NEXT(y) -#define RB_PREV(name, x, y) name##_RB_PREV(y) -#define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF) -#define RB_MAX(name, x) name##_RB_MINMAX(x, RB_INF) - -#define RB_FOREACH(x, name, head) \ - for ((x) = RB_MIN(name, head); \ - (x) != NULL; \ - (x) = name##_RB_NEXT(x)) - -#define RB_FOREACH_SAFE(x, name, head, y) \ - for ((x) = RB_MIN(name, head); \ - ((x) != NULL) && ((y) = name##_RB_NEXT(x), 1); \ - (x) = (y)) - -#define RB_FOREACH_REVERSE(x, name, head) \ - for ((x) = RB_MAX(name, head); \ - (x) != NULL; \ - (x) = name##_RB_PREV(x)) - -#define RB_FOREACH_REVERSE_SAFE(x, name, head, y) \ - for ((x) = RB_MAX(name, head); \ - ((x) != NULL) && ((y) = name##_RB_PREV(x), 1); \ - (x) = (y)) - -#endif /* _SYS_TREE_H_ */ diff --git a/ssh_keygen_110/openbsd-compat/timingsafe_bcmp.c b/ssh_keygen_110/openbsd-compat/timingsafe_bcmp.c deleted file mode 100644 index 7e28c0e2..00000000 --- a/ssh_keygen_110/openbsd-compat/timingsafe_bcmp.c +++ /dev/null @@ -1,34 +0,0 @@ -/* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */ -/* - * Copyright (c) 2010 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/timingsafe_bcmp.c */ - -#include "includes.h" -#ifndef HAVE_TIMINGSAFE_BCMP - -int -timingsafe_bcmp(const void *b1, const void *b2, size_t n) -{ - const unsigned char *p1 = b1, *p2 = b2; - int ret = 0; - - for (; n > 0; n--) - ret |= *p1++ ^ *p2++; - return (ret != 0); -} - -#endif /* TIMINGSAFE_BCMP */ diff --git a/ssh_keygen_110/openbsd-compat/vis.c b/ssh_keygen_110/openbsd-compat/vis.c deleted file mode 100644 index 0e04ed02..00000000 --- a/ssh_keygen_110/openbsd-compat/vis.c +++ /dev/null @@ -1,251 +0,0 @@ -/* $OpenBSD: vis.c,v 1.25 2015/09/13 11:32:51 guenther Exp $ */ -/*- - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */ - -#include "includes.h" -#if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS) - -#include -#include -#include -#include -#include -#include - -#include "vis.h" - -#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') -#define isvisible(c,flag) \ - (((c) == '\\' || (flag & VIS_ALL) == 0) && \ - (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ - (((c) != '*' && (c) != '?' && (c) != '[' && (c) != '#') || \ - (flag & VIS_GLOB) == 0) && isgraph((u_char)(c))) || \ - ((flag & VIS_SP) == 0 && (c) == ' ') || \ - ((flag & VIS_TAB) == 0 && (c) == '\t') || \ - ((flag & VIS_NL) == 0 && (c) == '\n') || \ - ((flag & VIS_SAFE) && ((c) == '\b' || \ - (c) == '\007' || (c) == '\r' || \ - isgraph((u_char)(c)))))) - -/* - * vis - visually encode characters - */ -char * -vis(char *dst, int c, int flag, int nextc) -{ - if (isvisible(c, flag)) { - if ((c == '"' && (flag & VIS_DQ) != 0) || - (c == '\\' && (flag & VIS_NOSLASH) == 0)) - *dst++ = '\\'; - *dst++ = c; - *dst = '\0'; - return (dst); - } - - if (flag & VIS_CSTYLE) { - switch(c) { - case '\n': - *dst++ = '\\'; - *dst++ = 'n'; - goto done; - case '\r': - *dst++ = '\\'; - *dst++ = 'r'; - goto done; - case '\b': - *dst++ = '\\'; - *dst++ = 'b'; - goto done; - case '\a': - *dst++ = '\\'; - *dst++ = 'a'; - goto done; - case '\v': - *dst++ = '\\'; - *dst++ = 'v'; - goto done; - case '\t': - *dst++ = '\\'; - *dst++ = 't'; - goto done; - case '\f': - *dst++ = '\\'; - *dst++ = 'f'; - goto done; - case ' ': - *dst++ = '\\'; - *dst++ = 's'; - goto done; - case '\0': - *dst++ = '\\'; - *dst++ = '0'; - if (isoctal(nextc)) { - *dst++ = '0'; - *dst++ = '0'; - } - goto done; - } - } - if (((c & 0177) == ' ') || (flag & VIS_OCTAL) || - ((flag & VIS_GLOB) && (c == '*' || c == '?' || c == '[' || c == '#'))) { - *dst++ = '\\'; - *dst++ = ((u_char)c >> 6 & 07) + '0'; - *dst++ = ((u_char)c >> 3 & 07) + '0'; - *dst++ = ((u_char)c & 07) + '0'; - goto done; - } - if ((flag & VIS_NOSLASH) == 0) - *dst++ = '\\'; - if (c & 0200) { - c &= 0177; - *dst++ = 'M'; - } - if (iscntrl((u_char)c)) { - *dst++ = '^'; - if (c == 0177) - *dst++ = '?'; - else - *dst++ = c + '@'; - } else { - *dst++ = '-'; - *dst++ = c; - } -done: - *dst = '\0'; - return (dst); -} -DEF_WEAK(vis); - -/* - * strvis, strnvis, strvisx - visually encode characters from src into dst - * - * Dst must be 4 times the size of src to account for possible - * expansion. The length of dst, not including the trailing NULL, - * is returned. - * - * Strnvis will write no more than siz-1 bytes (and will NULL terminate). - * The number of bytes needed to fully encode the string is returned. - * - * Strvisx encodes exactly len bytes from src into dst. - * This is useful for encoding a block of data. - */ -int -strvis(char *dst, const char *src, int flag) -{ - char c; - char *start; - - for (start = dst; (c = *src);) - dst = vis(dst, c, flag, *++src); - *dst = '\0'; - return (dst - start); -} -DEF_WEAK(strvis); - -int -strnvis(char *dst, const char *src, size_t siz, int flag) -{ - char *start, *end; - char tbuf[5]; - int c, i; - - i = 0; - for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { - if (isvisible(c, flag)) { - if ((c == '"' && (flag & VIS_DQ) != 0) || - (c == '\\' && (flag & VIS_NOSLASH) == 0)) { - /* need space for the extra '\\' */ - if (dst + 1 >= end) { - i = 2; - break; - } - *dst++ = '\\'; - } - i = 1; - *dst++ = c; - src++; - } else { - i = vis(tbuf, c, flag, *++src) - tbuf; - if (dst + i <= end) { - memcpy(dst, tbuf, i); - dst += i; - } else { - src--; - break; - } - } - } - if (siz > 0) - *dst = '\0'; - if (dst + i > end) { - /* adjust return value for truncation */ - while ((c = *src)) - dst += vis(tbuf, c, flag, *++src) - tbuf; - } - return (dst - start); -} - -int -stravis(char **outp, const char *src, int flag) -{ - char *buf; - int len, serrno; - - buf = reallocarray(NULL, 4, strlen(src) + 1); - if (buf == NULL) - return -1; - len = strvis(buf, src, flag); - serrno = errno; - *outp = realloc(buf, len + 1); - if (*outp == NULL) { - *outp = buf; - errno = serrno; - } - return (len); -} - -int -strvisx(char *dst, const char *src, size_t len, int flag) -{ - char c; - char *start; - - for (start = dst; len > 1; len--) { - c = *src; - dst = vis(dst, c, flag, *++src); - } - if (len) - dst = vis(dst, *src, flag, '\0'); - *dst = '\0'; - return (dst - start); -} - -#endif diff --git a/ssh_keygen_110/openbsd-compat/vis.h b/ssh_keygen_110/openbsd-compat/vis.h deleted file mode 100644 index 2cdfd364..00000000 --- a/ssh_keygen_110/openbsd-compat/vis.h +++ /dev/null @@ -1,98 +0,0 @@ -/* $OpenBSD: vis.h,v 1.15 2015/07/20 01:52:27 millert Exp $ */ -/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ - -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)vis.h 5.9 (Berkeley) 4/3/91 - */ - -/* OPENBSD ORIGINAL: include/vis.h */ - -#include "includes.h" -#if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS) - -#ifndef _VIS_H_ -#define _VIS_H_ - -#include -#include - -/* - * to select alternate encoding format - */ -#define VIS_OCTAL 0x01 /* use octal \ddd format */ -#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */ - -/* - * to alter set of characters encoded (default is to encode all - * non-graphic except space, tab, and newline). - */ -#define VIS_SP 0x04 /* also encode space */ -#define VIS_TAB 0x08 /* also encode tab */ -#define VIS_NL 0x10 /* also encode newline */ -#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL) -#define VIS_SAFE 0x20 /* only encode "unsafe" characters */ -#define VIS_DQ 0x200 /* backslash-escape double quotes */ -#define VIS_ALL 0x400 /* encode all characters */ - -/* - * other - */ -#define VIS_NOSLASH 0x40 /* inhibit printing '\' */ -#define VIS_GLOB 0x100 /* encode glob(3) magics and '#' */ - -/* - * unvis return codes - */ -#define UNVIS_VALID 1 /* character valid */ -#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */ -#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */ -#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */ -#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */ - -/* - * unvis flags - */ -#define UNVIS_END 1 /* no more characters */ - -char *vis(char *, int, int, int); -int strvis(char *, const char *, int); -int stravis(char **, const char *, int); -int strnvis(char *, const char *, size_t, int) - __attribute__ ((__bounded__(__string__,1,3))); -int strvisx(char *, const char *, size_t, int) - __attribute__ ((__bounded__(__string__,1,3))); -int strunvis(char *, const char *); -int unvis(char *, char, int *, int); -ssize_t strnunvis(char *, const char *, size_t) - __attribute__ ((__bounded__(__string__,1,3))); - -#endif /* !_VIS_H_ */ - -#endif /* !HAVE_STRNVIS || BROKEN_STRNVIS */ diff --git a/ssh_keygen_110/openbsd-compat/xcrypt.c b/ssh_keygen_110/openbsd-compat/xcrypt.c deleted file mode 100644 index 360b187a..00000000 --- a/ssh_keygen_110/openbsd-compat/xcrypt.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Copyright (c) 2003 Ben Lindstrom. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include -#include - -# if defined(HAVE_CRYPT_H) && !defined(HAVE_SECUREWARE) -# include -# endif - -# ifdef __hpux -# include -# include -# endif - -# ifdef HAVE_SECUREWARE -# include -# include -# include -# endif - -# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) -# include -# endif - -# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) -# include -# include -# include -# endif - -# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) -# include "md5crypt.h" -# endif - -# if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) -# include -# define crypt DES_crypt -# endif - -/* - * Pick an appropriate password encryption type and salt for the running - * system by searching through accounts until we find one that has a valid - * salt. Usually this will be root unless the root account is locked out. - * If we don't find one we return a traditional DES-based salt. - */ -static const char * -pick_salt(void) -{ - struct passwd *pw; - char *passwd, *p; - size_t typelen; - static char salt[32]; - - if (salt[0] != '\0') - return salt; - strlcpy(salt, "xx", sizeof(salt)); - setpwent(); - while ((pw = getpwent()) != NULL) { - if ((passwd = shadow_pw(pw)) == NULL) - continue; - if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { - typelen = p - passwd + 1; - strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); - explicit_bzero(passwd, strlen(passwd)); - goto out; - } - } - out: - endpwent(); - return salt; -} - -char * -xcrypt(const char *password, const char *salt) -{ - char *crypted; - - /* - * If we don't have a salt we are encrypting a fake password for - * for timing purposes. Pick an appropriate salt. - */ - if (salt == NULL) - salt = pick_salt(); - -# ifdef HAVE_MD5_PASSWORDS - if (is_md5_salt(salt)) - crypted = md5_crypt(password, salt); - else - crypted = crypt(password, salt); -# elif defined(__hpux) && !defined(HAVE_SECUREWARE) - if (iscomsec()) - crypted = bigcrypt(password, salt); - else - crypted = crypt(password, salt); -# elif defined(HAVE_SECUREWARE) - crypted = bigcrypt(password, salt); -# else - crypted = crypt(password, salt); -# endif - - return crypted; -} - -/* - * Handle shadowed password systems in a cleaner way for portable - * version. - */ - -char * -shadow_pw(struct passwd *pw) -{ - char *pw_password = pw->pw_passwd; - -# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) - struct spwd *spw = getspnam(pw->pw_name); - - if (spw != NULL) - pw_password = spw->sp_pwdp; -# endif - -#ifdef USE_LIBIAF - return(get_iaf_password(pw)); -#endif - -# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) - struct passwd_adjunct *spw; - if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) - pw_password = spw->pwa_passwd; -# elif defined(HAVE_SECUREWARE) - struct pr_passwd *spw = getprpwnam(pw->pw_name); - - if (spw != NULL) - pw_password = spw->ufld.fd_encrypt; -# endif - - return pw_password; -} diff --git a/ssh_keygen_110/pathnames.h b/ssh_keygen_110/pathnames.h deleted file mode 100644 index daa57a9e..00000000 --- a/ssh_keygen_110/pathnames.h +++ /dev/null @@ -1,172 +0,0 @@ -/* $OpenBSD: pathnames.h,v 1.25 2016/03/31 05:24:06 dtucker Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#define ETCDIR "/etc" - -#ifndef SSHDIR -#define SSHDIR ETCDIR "/ssh" -#endif - -#ifndef _PATH_SSH_PIDDIR -#define _PATH_SSH_PIDDIR "/var/run" -#endif - -/* - * System-wide file containing host keys of known hosts. This file should be - * world-readable. - */ -#define _PATH_SSH_SYSTEM_HOSTFILE SSHDIR "/ssh_known_hosts" -/* backward compat for protocol 2 */ -#define _PATH_SSH_SYSTEM_HOSTFILE2 SSHDIR "/ssh_known_hosts2" - -/* - * Of these, ssh_host_key must be readable only by root, whereas ssh_config - * should be world-readable. - */ -#define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config" -#define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config" -#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" -#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" -#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" -#define _PATH_HOST_XMSS_KEY_FILE SSHDIR "/ssh_host_xmss_key" -#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" -#define _PATH_DH_MODULI SSHDIR "/moduli" - -#ifndef _PATH_SSH_PROGRAM -#define _PATH_SSH_PROGRAM "/usr/bin/ssh" -#endif - -/* - * The process id of the daemon listening for connections is saved here to - * make it easier to kill the correct daemon when necessary. - */ -#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid" - -/* - * The directory in user's home directory in which the files reside. The - * directory should be world-readable (though not all files are). - */ -#define _PATH_SSH_USER_DIR ".ssh" - -/* - * Per-user file containing host keys of known hosts. This file need not be - * readable by anyone except the user him/herself, though this does not - * contain anything particularly secret. - */ -#define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts" -/* backward compat for protocol 2 */ -#define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2" - -/* - * Name of the default file containing client-side authentication key. This - * file should only be readable by the user him/herself. - */ -#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" -#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" -#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" -#define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519" -#define _PATH_SSH_CLIENT_ID_XMSS _PATH_SSH_USER_DIR "/id_xmss" - -/* - * Configuration file in user's home directory. This file need not be - * readable by anyone but the user him/herself, but does not contain anything - * particularly secret. If the user's home directory resides on an NFS - * volume where root is mapped to nobody, this may need to be world-readable. - */ -#define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config" - -/* - * File containing a list of those rsa keys that permit logging in as this - * user. This file need not be readable by anyone but the user him/herself, - * but does not contain anything particularly secret. If the user's home - * directory resides on an NFS volume where root is mapped to nobody, this - * may need to be world-readable. (This file is read by the daemon which is - * running as root.) - */ -#define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys" - -/* backward compat for protocol v2 */ -#define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2" - -/* - * Per-user and system-wide ssh "rc" files. These files are executed with - * /bin/sh before starting the shell or command if they exist. They will be - * passed "proto cookie" as arguments if X11 forwarding with spoofing is in - * use. xauth will be run if neither of these exists. - */ -#define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc" -#define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" - -/* - * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use - * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. - */ -#define _PATH_SSH_HOSTS_EQUIV SSHDIR "/shosts.equiv" -#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv" - -/* - * Default location of askpass - */ -#ifndef _PATH_SSH_ASKPASS_DEFAULT -#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" -#endif - -/* Location of ssh-keysign for hostbased authentication */ -#ifndef _PATH_SSH_KEY_SIGN -#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" -#endif - -/* Location of ssh-pkcs11-helper to support keys in tokens */ -#ifndef _PATH_SSH_PKCS11_HELPER -#define _PATH_SSH_PKCS11_HELPER "/usr/libexec/ssh-pkcs11-helper" -#endif - -/* xauth for X11 forwarding */ -#ifndef _PATH_XAUTH -#define _PATH_XAUTH "/usr/X11R6/bin/xauth" -#endif - -/* UNIX domain socket for X11 server; displaynum will replace %u */ -#ifndef _PATH_UNIX_X -#define _PATH_UNIX_X "/tmp/.X11-unix/X%u" -#endif - -/* for scp */ -#ifndef _PATH_CP -#define _PATH_CP "cp" -#endif - -/* for sftp */ -#ifndef _PATH_SFTP_SERVER -#define _PATH_SFTP_SERVER "/usr/libexec/sftp-server" -#endif - -/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ -#ifndef _PATH_PRIVSEP_CHROOT_DIR -#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" -#endif - -/* for passwd change */ -#ifndef _PATH_PASSWD_PROG -#define _PATH_PASSWD_PROG "/usr/bin/passwd" -#endif - -#ifndef _PATH_LS -#define _PATH_LS "ls" -#endif - -/* Askpass program define */ -#ifndef ASKPASS_PROGRAM -#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" -#endif /* ASKPASS_PROGRAM */ diff --git a/ssh_keygen_110/pkcs11.h b/ssh_keygen_110/pkcs11.h deleted file mode 100644 index b01d58f9..00000000 --- a/ssh_keygen_110/pkcs11.h +++ /dev/null @@ -1,1357 +0,0 @@ -/* $OpenBSD: pkcs11.h,v 1.3 2013/11/26 19:15:09 deraadt Exp $ */ -/* pkcs11.h - Copyright 2006, 2007 g10 Code GmbH - Copyright 2006 Andreas Jellinghaus - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even - the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. */ - -/* Please submit changes back to the Scute project at - http://www.scute.org/ (or send them to marcus@g10code.com), so that - they can be picked up by other projects from there as well. */ - -/* This file is a modified implementation of the PKCS #11 standard by - RSA Security Inc. It is mostly a drop-in replacement, with the - following change: - - This header file does not require any macro definitions by the user - (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros - for you (if useful, some are missing, let me know if you need - more). - - There is an additional API available that does comply better to the - GNU coding standard. It can be switched on by defining - CRYPTOKI_GNU before including this header file. For this, the - following changes are made to the specification: - - All structure types are changed to a "struct ck_foo" where CK_FOO - is the type name in PKCS #11. - - All non-structure types are changed to ck_foo_t where CK_FOO is the - lowercase version of the type name in PKCS #11. The basic types - (CK_ULONG et al.) are removed without substitute. - - All members of structures are modified in the following way: Type - indication prefixes are removed, and underscore characters are - inserted before words. Then the result is lowercased. - - Note that function names are still in the original case, as they - need for ABI compatibility. - - CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use - . - - If CRYPTOKI_COMPAT is defined before including this header file, - then none of the API changes above take place, and the API is the - one defined by the PKCS #11 standard. */ - -#ifndef PKCS11_H -#define PKCS11_H 1 - -#if defined(__cplusplus) -extern "C" { -#endif - - -/* The version of cryptoki we implement. The revision is changed with - each modification of this file. If you do not use the "official" - version of this file, please consider deleting the revision macro - (you may use a macro with a different name to keep track of your - versions). */ -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 -#define CRYPTOKI_VERSION_REVISION 6 - - -/* Compatibility interface is default, unless CRYPTOKI_GNU is - given. */ -#ifndef CRYPTOKI_GNU -#ifndef CRYPTOKI_COMPAT -#define CRYPTOKI_COMPAT 1 -#endif -#endif - -/* System dependencies. */ - -#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) - -/* There is a matching pop below. */ -#pragma pack(push, cryptoki, 1) - -#ifdef CRYPTOKI_EXPORTS -#define CK_SPEC __declspec(dllexport) -#else -#define CK_SPEC __declspec(dllimport) -#endif - -#else - -#define CK_SPEC - -#endif - - -#ifdef CRYPTOKI_COMPAT - /* If we are in compatibility mode, switch all exposed names to the - PKCS #11 variant. There are corresponding #undefs below. */ - -#define ck_flags_t CK_FLAGS -#define ck_version _CK_VERSION - -#define ck_info _CK_INFO -#define cryptoki_version cryptokiVersion -#define manufacturer_id manufacturerID -#define library_description libraryDescription -#define library_version libraryVersion - -#define ck_notification_t CK_NOTIFICATION -#define ck_slot_id_t CK_SLOT_ID - -#define ck_slot_info _CK_SLOT_INFO -#define slot_description slotDescription -#define hardware_version hardwareVersion -#define firmware_version firmwareVersion - -#define ck_token_info _CK_TOKEN_INFO -#define serial_number serialNumber -#define max_session_count ulMaxSessionCount -#define session_count ulSessionCount -#define max_rw_session_count ulMaxRwSessionCount -#define rw_session_count ulRwSessionCount -#define max_pin_len ulMaxPinLen -#define min_pin_len ulMinPinLen -#define total_public_memory ulTotalPublicMemory -#define free_public_memory ulFreePublicMemory -#define total_private_memory ulTotalPrivateMemory -#define free_private_memory ulFreePrivateMemory -#define utc_time utcTime - -#define ck_session_handle_t CK_SESSION_HANDLE -#define ck_user_type_t CK_USER_TYPE -#define ck_state_t CK_STATE - -#define ck_session_info _CK_SESSION_INFO -#define slot_id slotID -#define device_error ulDeviceError - -#define ck_object_handle_t CK_OBJECT_HANDLE -#define ck_object_class_t CK_OBJECT_CLASS -#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE -#define ck_key_type_t CK_KEY_TYPE -#define ck_certificate_type_t CK_CERTIFICATE_TYPE -#define ck_attribute_type_t CK_ATTRIBUTE_TYPE - -#define ck_attribute _CK_ATTRIBUTE -#define value pValue -#define value_len ulValueLen - -#define ck_date _CK_DATE - -#define ck_mechanism_type_t CK_MECHANISM_TYPE - -#define ck_mechanism _CK_MECHANISM -#define parameter pParameter -#define parameter_len ulParameterLen - -#define ck_mechanism_info _CK_MECHANISM_INFO -#define min_key_size ulMinKeySize -#define max_key_size ulMaxKeySize - -#define ck_rv_t CK_RV -#define ck_notify_t CK_NOTIFY - -#define ck_function_list _CK_FUNCTION_LIST - -#define ck_createmutex_t CK_CREATEMUTEX -#define ck_destroymutex_t CK_DESTROYMUTEX -#define ck_lockmutex_t CK_LOCKMUTEX -#define ck_unlockmutex_t CK_UNLOCKMUTEX - -#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS -#define create_mutex CreateMutex -#define destroy_mutex DestroyMutex -#define lock_mutex LockMutex -#define unlock_mutex UnlockMutex -#define reserved pReserved - -#endif /* CRYPTOKI_COMPAT */ - - - -typedef unsigned long ck_flags_t; - -struct ck_version -{ - unsigned char major; - unsigned char minor; -}; - - -struct ck_info -{ - struct ck_version cryptoki_version; - unsigned char manufacturer_id[32]; - ck_flags_t flags; - unsigned char library_description[32]; - struct ck_version library_version; -}; - - -typedef unsigned long ck_notification_t; - -#define CKN_SURRENDER (0) - - -typedef unsigned long ck_slot_id_t; - - -struct ck_slot_info -{ - unsigned char slot_description[64]; - unsigned char manufacturer_id[32]; - ck_flags_t flags; - struct ck_version hardware_version; - struct ck_version firmware_version; -}; - - -#define CKF_TOKEN_PRESENT (1 << 0) -#define CKF_REMOVABLE_DEVICE (1 << 1) -#define CKF_HW_SLOT (1 << 2) -#define CKF_ARRAY_ATTRIBUTE (1 << 30) - - -struct ck_token_info -{ - unsigned char label[32]; - unsigned char manufacturer_id[32]; - unsigned char model[16]; - unsigned char serial_number[16]; - ck_flags_t flags; - unsigned long max_session_count; - unsigned long session_count; - unsigned long max_rw_session_count; - unsigned long rw_session_count; - unsigned long max_pin_len; - unsigned long min_pin_len; - unsigned long total_public_memory; - unsigned long free_public_memory; - unsigned long total_private_memory; - unsigned long free_private_memory; - struct ck_version hardware_version; - struct ck_version firmware_version; - unsigned char utc_time[16]; -}; - - -#define CKF_RNG (1 << 0) -#define CKF_WRITE_PROTECTED (1 << 1) -#define CKF_LOGIN_REQUIRED (1 << 2) -#define CKF_USER_PIN_INITIALIZED (1 << 3) -#define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5) -#define CKF_CLOCK_ON_TOKEN (1 << 6) -#define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8) -#define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9) -#define CKF_TOKEN_INITIALIZED (1 << 10) -#define CKF_SECONDARY_AUTHENTICATION (1 << 11) -#define CKF_USER_PIN_COUNT_LOW (1 << 16) -#define CKF_USER_PIN_FINAL_TRY (1 << 17) -#define CKF_USER_PIN_LOCKED (1 << 18) -#define CKF_USER_PIN_TO_BE_CHANGED (1 << 19) -#define CKF_SO_PIN_COUNT_LOW (1 << 20) -#define CKF_SO_PIN_FINAL_TRY (1 << 21) -#define CKF_SO_PIN_LOCKED (1 << 22) -#define CKF_SO_PIN_TO_BE_CHANGED (1 << 23) - -#define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1) -#define CK_EFFECTIVELY_INFINITE (0) - - -typedef unsigned long ck_session_handle_t; - -#define CK_INVALID_HANDLE (0) - - -typedef unsigned long ck_user_type_t; - -#define CKU_SO (0) -#define CKU_USER (1) -#define CKU_CONTEXT_SPECIFIC (2) - - -typedef unsigned long ck_state_t; - -#define CKS_RO_PUBLIC_SESSION (0) -#define CKS_RO_USER_FUNCTIONS (1) -#define CKS_RW_PUBLIC_SESSION (2) -#define CKS_RW_USER_FUNCTIONS (3) -#define CKS_RW_SO_FUNCTIONS (4) - - -struct ck_session_info -{ - ck_slot_id_t slot_id; - ck_state_t state; - ck_flags_t flags; - unsigned long device_error; -}; - -#define CKF_RW_SESSION (1 << 1) -#define CKF_SERIAL_SESSION (1 << 2) - - -typedef unsigned long ck_object_handle_t; - - -typedef unsigned long ck_object_class_t; - -#define CKO_DATA (0) -#define CKO_CERTIFICATE (1) -#define CKO_PUBLIC_KEY (2) -#define CKO_PRIVATE_KEY (3) -#define CKO_SECRET_KEY (4) -#define CKO_HW_FEATURE (5) -#define CKO_DOMAIN_PARAMETERS (6) -#define CKO_MECHANISM (7) -#define CKO_VENDOR_DEFINED (1U << 31) - - -typedef unsigned long ck_hw_feature_type_t; - -#define CKH_MONOTONIC_COUNTER (1) -#define CKH_CLOCK (2) -#define CKH_USER_INTERFACE (3) -#define CKH_VENDOR_DEFINED (1U << 31) - - -typedef unsigned long ck_key_type_t; - -#define CKK_RSA (0) -#define CKK_DSA (1) -#define CKK_DH (2) -#define CKK_ECDSA (3) -#define CKK_EC (3) -#define CKK_X9_42_DH (4) -#define CKK_KEA (5) -#define CKK_GENERIC_SECRET (0x10) -#define CKK_RC2 (0x11) -#define CKK_RC4 (0x12) -#define CKK_DES (0x13) -#define CKK_DES2 (0x14) -#define CKK_DES3 (0x15) -#define CKK_CAST (0x16) -#define CKK_CAST3 (0x17) -#define CKK_CAST128 (0x18) -#define CKK_RC5 (0x19) -#define CKK_IDEA (0x1a) -#define CKK_SKIPJACK (0x1b) -#define CKK_BATON (0x1c) -#define CKK_JUNIPER (0x1d) -#define CKK_CDMF (0x1e) -#define CKK_AES (0x1f) -#define CKK_BLOWFISH (0x20) -#define CKK_TWOFISH (0x21) -#define CKK_VENDOR_DEFINED (1U << 31) - -typedef unsigned long ck_certificate_type_t; - -#define CKC_X_509 (0) -#define CKC_X_509_ATTR_CERT (1) -#define CKC_WTLS (2) -#define CKC_VENDOR_DEFINED (1U << 31) - - -typedef unsigned long ck_attribute_type_t; - -#define CKA_CLASS (0) -#define CKA_TOKEN (1) -#define CKA_PRIVATE (2) -#define CKA_LABEL (3) -#define CKA_APPLICATION (0x10) -#define CKA_VALUE (0x11) -#define CKA_OBJECT_ID (0x12) -#define CKA_CERTIFICATE_TYPE (0x80) -#define CKA_ISSUER (0x81) -#define CKA_SERIAL_NUMBER (0x82) -#define CKA_AC_ISSUER (0x83) -#define CKA_OWNER (0x84) -#define CKA_ATTR_TYPES (0x85) -#define CKA_TRUSTED (0x86) -#define CKA_CERTIFICATE_CATEGORY (0x87) -#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88) -#define CKA_URL (0x89) -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a) -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b) -#define CKA_CHECK_VALUE (0x90) -#define CKA_KEY_TYPE (0x100) -#define CKA_SUBJECT (0x101) -#define CKA_ID (0x102) -#define CKA_SENSITIVE (0x103) -#define CKA_ENCRYPT (0x104) -#define CKA_DECRYPT (0x105) -#define CKA_WRAP (0x106) -#define CKA_UNWRAP (0x107) -#define CKA_SIGN (0x108) -#define CKA_SIGN_RECOVER (0x109) -#define CKA_VERIFY (0x10a) -#define CKA_VERIFY_RECOVER (0x10b) -#define CKA_DERIVE (0x10c) -#define CKA_START_DATE (0x110) -#define CKA_END_DATE (0x111) -#define CKA_MODULUS (0x120) -#define CKA_MODULUS_BITS (0x121) -#define CKA_PUBLIC_EXPONENT (0x122) -#define CKA_PRIVATE_EXPONENT (0x123) -#define CKA_PRIME_1 (0x124) -#define CKA_PRIME_2 (0x125) -#define CKA_EXPONENT_1 (0x126) -#define CKA_EXPONENT_2 (0x127) -#define CKA_COEFFICIENT (0x128) -#define CKA_PRIME (0x130) -#define CKA_SUBPRIME (0x131) -#define CKA_BASE (0x132) -#define CKA_PRIME_BITS (0x133) -#define CKA_SUB_PRIME_BITS (0x134) -#define CKA_VALUE_BITS (0x160) -#define CKA_VALUE_LEN (0x161) -#define CKA_EXTRACTABLE (0x162) -#define CKA_LOCAL (0x163) -#define CKA_NEVER_EXTRACTABLE (0x164) -#define CKA_ALWAYS_SENSITIVE (0x165) -#define CKA_KEY_GEN_MECHANISM (0x166) -#define CKA_MODIFIABLE (0x170) -#define CKA_ECDSA_PARAMS (0x180) -#define CKA_EC_PARAMS (0x180) -#define CKA_EC_POINT (0x181) -#define CKA_SECONDARY_AUTH (0x200) -#define CKA_AUTH_PIN_FLAGS (0x201) -#define CKA_ALWAYS_AUTHENTICATE (0x202) -#define CKA_WRAP_WITH_TRUSTED (0x210) -#define CKA_HW_FEATURE_TYPE (0x300) -#define CKA_RESET_ON_INIT (0x301) -#define CKA_HAS_RESET (0x302) -#define CKA_PIXEL_X (0x400) -#define CKA_PIXEL_Y (0x401) -#define CKA_RESOLUTION (0x402) -#define CKA_CHAR_ROWS (0x403) -#define CKA_CHAR_COLUMNS (0x404) -#define CKA_COLOR (0x405) -#define CKA_BITS_PER_PIXEL (0x406) -#define CKA_CHAR_SETS (0x480) -#define CKA_ENCODING_METHODS (0x481) -#define CKA_MIME_TYPES (0x482) -#define CKA_MECHANISM_TYPE (0x500) -#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501) -#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502) -#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503) -#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211) -#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212) -#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600) -#define CKA_VENDOR_DEFINED (1U << 31) - - -struct ck_attribute -{ - ck_attribute_type_t type; - void *value; - unsigned long value_len; -}; - - -struct ck_date -{ - unsigned char year[4]; - unsigned char month[2]; - unsigned char day[2]; -}; - - -typedef unsigned long ck_mechanism_type_t; - -#define CKM_RSA_PKCS_KEY_PAIR_GEN (0) -#define CKM_RSA_PKCS (1) -#define CKM_RSA_9796 (2) -#define CKM_RSA_X_509 (3) -#define CKM_MD2_RSA_PKCS (4) -#define CKM_MD5_RSA_PKCS (5) -#define CKM_SHA1_RSA_PKCS (6) -#define CKM_RIPEMD128_RSA_PKCS (7) -#define CKM_RIPEMD160_RSA_PKCS (8) -#define CKM_RSA_PKCS_OAEP (9) -#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa) -#define CKM_RSA_X9_31 (0xb) -#define CKM_SHA1_RSA_X9_31 (0xc) -#define CKM_RSA_PKCS_PSS (0xd) -#define CKM_SHA1_RSA_PKCS_PSS (0xe) -#define CKM_DSA_KEY_PAIR_GEN (0x10) -#define CKM_DSA (0x11) -#define CKM_DSA_SHA1 (0x12) -#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20) -#define CKM_DH_PKCS_DERIVE (0x21) -#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30) -#define CKM_X9_42_DH_DERIVE (0x31) -#define CKM_X9_42_DH_HYBRID_DERIVE (0x32) -#define CKM_X9_42_MQV_DERIVE (0x33) -#define CKM_SHA256_RSA_PKCS (0x40) -#define CKM_SHA384_RSA_PKCS (0x41) -#define CKM_SHA512_RSA_PKCS (0x42) -#define CKM_SHA256_RSA_PKCS_PSS (0x43) -#define CKM_SHA384_RSA_PKCS_PSS (0x44) -#define CKM_SHA512_RSA_PKCS_PSS (0x45) -#define CKM_RC2_KEY_GEN (0x100) -#define CKM_RC2_ECB (0x101) -#define CKM_RC2_CBC (0x102) -#define CKM_RC2_MAC (0x103) -#define CKM_RC2_MAC_GENERAL (0x104) -#define CKM_RC2_CBC_PAD (0x105) -#define CKM_RC4_KEY_GEN (0x110) -#define CKM_RC4 (0x111) -#define CKM_DES_KEY_GEN (0x120) -#define CKM_DES_ECB (0x121) -#define CKM_DES_CBC (0x122) -#define CKM_DES_MAC (0x123) -#define CKM_DES_MAC_GENERAL (0x124) -#define CKM_DES_CBC_PAD (0x125) -#define CKM_DES2_KEY_GEN (0x130) -#define CKM_DES3_KEY_GEN (0x131) -#define CKM_DES3_ECB (0x132) -#define CKM_DES3_CBC (0x133) -#define CKM_DES3_MAC (0x134) -#define CKM_DES3_MAC_GENERAL (0x135) -#define CKM_DES3_CBC_PAD (0x136) -#define CKM_CDMF_KEY_GEN (0x140) -#define CKM_CDMF_ECB (0x141) -#define CKM_CDMF_CBC (0x142) -#define CKM_CDMF_MAC (0x143) -#define CKM_CDMF_MAC_GENERAL (0x144) -#define CKM_CDMF_CBC_PAD (0x145) -#define CKM_MD2 (0x200) -#define CKM_MD2_HMAC (0x201) -#define CKM_MD2_HMAC_GENERAL (0x202) -#define CKM_MD5 (0x210) -#define CKM_MD5_HMAC (0x211) -#define CKM_MD5_HMAC_GENERAL (0x212) -#define CKM_SHA_1 (0x220) -#define CKM_SHA_1_HMAC (0x221) -#define CKM_SHA_1_HMAC_GENERAL (0x222) -#define CKM_RIPEMD128 (0x230) -#define CKM_RIPEMD128_HMAC (0x231) -#define CKM_RIPEMD128_HMAC_GENERAL (0x232) -#define CKM_RIPEMD160 (0x240) -#define CKM_RIPEMD160_HMAC (0x241) -#define CKM_RIPEMD160_HMAC_GENERAL (0x242) -#define CKM_SHA256 (0x250) -#define CKM_SHA256_HMAC (0x251) -#define CKM_SHA256_HMAC_GENERAL (0x252) -#define CKM_SHA384 (0x260) -#define CKM_SHA384_HMAC (0x261) -#define CKM_SHA384_HMAC_GENERAL (0x262) -#define CKM_SHA512 (0x270) -#define CKM_SHA512_HMAC (0x271) -#define CKM_SHA512_HMAC_GENERAL (0x272) -#define CKM_CAST_KEY_GEN (0x300) -#define CKM_CAST_ECB (0x301) -#define CKM_CAST_CBC (0x302) -#define CKM_CAST_MAC (0x303) -#define CKM_CAST_MAC_GENERAL (0x304) -#define CKM_CAST_CBC_PAD (0x305) -#define CKM_CAST3_KEY_GEN (0x310) -#define CKM_CAST3_ECB (0x311) -#define CKM_CAST3_CBC (0x312) -#define CKM_CAST3_MAC (0x313) -#define CKM_CAST3_MAC_GENERAL (0x314) -#define CKM_CAST3_CBC_PAD (0x315) -#define CKM_CAST5_KEY_GEN (0x320) -#define CKM_CAST128_KEY_GEN (0x320) -#define CKM_CAST5_ECB (0x321) -#define CKM_CAST128_ECB (0x321) -#define CKM_CAST5_CBC (0x322) -#define CKM_CAST128_CBC (0x322) -#define CKM_CAST5_MAC (0x323) -#define CKM_CAST128_MAC (0x323) -#define CKM_CAST5_MAC_GENERAL (0x324) -#define CKM_CAST128_MAC_GENERAL (0x324) -#define CKM_CAST5_CBC_PAD (0x325) -#define CKM_CAST128_CBC_PAD (0x325) -#define CKM_RC5_KEY_GEN (0x330) -#define CKM_RC5_ECB (0x331) -#define CKM_RC5_CBC (0x332) -#define CKM_RC5_MAC (0x333) -#define CKM_RC5_MAC_GENERAL (0x334) -#define CKM_RC5_CBC_PAD (0x335) -#define CKM_IDEA_KEY_GEN (0x340) -#define CKM_IDEA_ECB (0x341) -#define CKM_IDEA_CBC (0x342) -#define CKM_IDEA_MAC (0x343) -#define CKM_IDEA_MAC_GENERAL (0x344) -#define CKM_IDEA_CBC_PAD (0x345) -#define CKM_GENERIC_SECRET_KEY_GEN (0x350) -#define CKM_CONCATENATE_BASE_AND_KEY (0x360) -#define CKM_CONCATENATE_BASE_AND_DATA (0x362) -#define CKM_CONCATENATE_DATA_AND_BASE (0x363) -#define CKM_XOR_BASE_AND_DATA (0x364) -#define CKM_EXTRACT_KEY_FROM_KEY (0x365) -#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370) -#define CKM_SSL3_MASTER_KEY_DERIVE (0x371) -#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372) -#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373) -#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374) -#define CKM_TLS_MASTER_KEY_DERIVE (0x375) -#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376) -#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377) -#define CKM_SSL3_MD5_MAC (0x380) -#define CKM_SSL3_SHA1_MAC (0x381) -#define CKM_MD5_KEY_DERIVATION (0x390) -#define CKM_MD2_KEY_DERIVATION (0x391) -#define CKM_SHA1_KEY_DERIVATION (0x392) -#define CKM_PBE_MD2_DES_CBC (0x3a0) -#define CKM_PBE_MD5_DES_CBC (0x3a1) -#define CKM_PBE_MD5_CAST_CBC (0x3a2) -#define CKM_PBE_MD5_CAST3_CBC (0x3a3) -#define CKM_PBE_MD5_CAST5_CBC (0x3a4) -#define CKM_PBE_MD5_CAST128_CBC (0x3a4) -#define CKM_PBE_SHA1_CAST5_CBC (0x3a5) -#define CKM_PBE_SHA1_CAST128_CBC (0x3a5) -#define CKM_PBE_SHA1_RC4_128 (0x3a6) -#define CKM_PBE_SHA1_RC4_40 (0x3a7) -#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8) -#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9) -#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa) -#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) -#define CKM_PKCS5_PBKD2 (0x3b0) -#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0) -#define CKM_KEY_WRAP_LYNKS (0x400) -#define CKM_KEY_WRAP_SET_OAEP (0x401) -#define CKM_SKIPJACK_KEY_GEN (0x1000) -#define CKM_SKIPJACK_ECB64 (0x1001) -#define CKM_SKIPJACK_CBC64 (0x1002) -#define CKM_SKIPJACK_OFB64 (0x1003) -#define CKM_SKIPJACK_CFB64 (0x1004) -#define CKM_SKIPJACK_CFB32 (0x1005) -#define CKM_SKIPJACK_CFB16 (0x1006) -#define CKM_SKIPJACK_CFB8 (0x1007) -#define CKM_SKIPJACK_WRAP (0x1008) -#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009) -#define CKM_SKIPJACK_RELAYX (0x100a) -#define CKM_KEA_KEY_PAIR_GEN (0x1010) -#define CKM_KEA_KEY_DERIVE (0x1011) -#define CKM_FORTEZZA_TIMESTAMP (0x1020) -#define CKM_BATON_KEY_GEN (0x1030) -#define CKM_BATON_ECB128 (0x1031) -#define CKM_BATON_ECB96 (0x1032) -#define CKM_BATON_CBC128 (0x1033) -#define CKM_BATON_COUNTER (0x1034) -#define CKM_BATON_SHUFFLE (0x1035) -#define CKM_BATON_WRAP (0x1036) -#define CKM_ECDSA_KEY_PAIR_GEN (0x1040) -#define CKM_EC_KEY_PAIR_GEN (0x1040) -#define CKM_ECDSA (0x1041) -#define CKM_ECDSA_SHA1 (0x1042) -#define CKM_ECDH1_DERIVE (0x1050) -#define CKM_ECDH1_COFACTOR_DERIVE (0x1051) -#define CKM_ECMQV_DERIVE (0x1052) -#define CKM_JUNIPER_KEY_GEN (0x1060) -#define CKM_JUNIPER_ECB128 (0x1061) -#define CKM_JUNIPER_CBC128 (0x1062) -#define CKM_JUNIPER_COUNTER (0x1063) -#define CKM_JUNIPER_SHUFFLE (0x1064) -#define CKM_JUNIPER_WRAP (0x1065) -#define CKM_FASTHASH (0x1070) -#define CKM_AES_KEY_GEN (0x1080) -#define CKM_AES_ECB (0x1081) -#define CKM_AES_CBC (0x1082) -#define CKM_AES_MAC (0x1083) -#define CKM_AES_MAC_GENERAL (0x1084) -#define CKM_AES_CBC_PAD (0x1085) -#define CKM_DSA_PARAMETER_GEN (0x2000) -#define CKM_DH_PKCS_PARAMETER_GEN (0x2001) -#define CKM_X9_42_DH_PARAMETER_GEN (0x2002) -#define CKM_VENDOR_DEFINED (1U << 31) - - -struct ck_mechanism -{ - ck_mechanism_type_t mechanism; - void *parameter; - unsigned long parameter_len; -}; - - -struct ck_mechanism_info -{ - unsigned long min_key_size; - unsigned long max_key_size; - ck_flags_t flags; -}; - -#define CKF_HW (1 << 0) -#define CKF_ENCRYPT (1 << 8) -#define CKF_DECRYPT (1 << 9) -#define CKF_DIGEST (1 << 10) -#define CKF_SIGN (1 << 11) -#define CKF_SIGN_RECOVER (1 << 12) -#define CKF_VERIFY (1 << 13) -#define CKF_VERIFY_RECOVER (1 << 14) -#define CKF_GENERATE (1 << 15) -#define CKF_GENERATE_KEY_PAIR (1 << 16) -#define CKF_WRAP (1 << 17) -#define CKF_UNWRAP (1 << 18) -#define CKF_DERIVE (1 << 19) -#define CKF_EXTENSION (1U << 31) - - -/* Flags for C_WaitForSlotEvent. */ -#define CKF_DONT_BLOCK (1) - - -typedef unsigned long ck_rv_t; - - -typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, - ck_notification_t event, void *application); - -/* Forward reference. */ -struct ck_function_list; - -#define _CK_DECLARE_FUNCTION(name, args) \ -typedef ck_rv_t (*CK_ ## name) args; \ -ck_rv_t CK_SPEC name args - -_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); -_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); -_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); -_CK_DECLARE_FUNCTION (C_GetFunctionList, - (struct ck_function_list **function_list)); - -_CK_DECLARE_FUNCTION (C_GetSlotList, - (unsigned char token_present, ck_slot_id_t *slot_list, - unsigned long *count)); -_CK_DECLARE_FUNCTION (C_GetSlotInfo, - (ck_slot_id_t slot_id, struct ck_slot_info *info)); -_CK_DECLARE_FUNCTION (C_GetTokenInfo, - (ck_slot_id_t slot_id, struct ck_token_info *info)); -_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, - (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); -_CK_DECLARE_FUNCTION (C_GetMechanismList, - (ck_slot_id_t slot_id, - ck_mechanism_type_t *mechanism_list, - unsigned long *count)); -_CK_DECLARE_FUNCTION (C_GetMechanismInfo, - (ck_slot_id_t slot_id, ck_mechanism_type_t type, - struct ck_mechanism_info *info)); -_CK_DECLARE_FUNCTION (C_InitToken, - (ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label)); -_CK_DECLARE_FUNCTION (C_InitPIN, - (ck_session_handle_t session, unsigned char *pin, - unsigned long pin_len)); -_CK_DECLARE_FUNCTION (C_SetPIN, - (ck_session_handle_t session, unsigned char *old_pin, - unsigned long old_len, unsigned char *new_pin, - unsigned long new_len)); - -_CK_DECLARE_FUNCTION (C_OpenSession, - (ck_slot_id_t slot_id, ck_flags_t flags, - void *application, ck_notify_t notify, - ck_session_handle_t *session)); -_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); -_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); -_CK_DECLARE_FUNCTION (C_GetSessionInfo, - (ck_session_handle_t session, - struct ck_session_info *info)); -_CK_DECLARE_FUNCTION (C_GetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long *operation_state_len)); -_CK_DECLARE_FUNCTION (C_SetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key)); -_CK_DECLARE_FUNCTION (C_Login, - (ck_session_handle_t session, ck_user_type_t user_type, - unsigned char *pin, unsigned long pin_len)); -_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); - -_CK_DECLARE_FUNCTION (C_CreateObject, - (ck_session_handle_t session, - struct ck_attribute *templ, - unsigned long count, ck_object_handle_t *object)); -_CK_DECLARE_FUNCTION (C_CopyObject, - (ck_session_handle_t session, ck_object_handle_t object, - struct ck_attribute *templ, unsigned long count, - ck_object_handle_t *new_object)); -_CK_DECLARE_FUNCTION (C_DestroyObject, - (ck_session_handle_t session, - ck_object_handle_t object)); -_CK_DECLARE_FUNCTION (C_GetObjectSize, - (ck_session_handle_t session, - ck_object_handle_t object, - unsigned long *size)); -_CK_DECLARE_FUNCTION (C_GetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_SetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_FindObjectsInit, - (ck_session_handle_t session, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_FindObjects, - (ck_session_handle_t session, - ck_object_handle_t *object, - unsigned long max_object_count, - unsigned long *object_count)); -_CK_DECLARE_FUNCTION (C_FindObjectsFinal, - (ck_session_handle_t session)); - -_CK_DECLARE_FUNCTION (C_EncryptInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Encrypt, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len)); -_CK_DECLARE_FUNCTION (C_EncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_EncryptFinal, - (ck_session_handle_t session, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len)); - -_CK_DECLARE_FUNCTION (C_DecryptInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Decrypt, - (ck_session_handle_t session, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len)); -_CK_DECLARE_FUNCTION (C_DecryptUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len)); -_CK_DECLARE_FUNCTION (C_DecryptFinal, - (ck_session_handle_t session, - unsigned char *last_part, - unsigned long *last_part_len)); - -_CK_DECLARE_FUNCTION (C_DigestInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism)); -_CK_DECLARE_FUNCTION (C_Digest, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *digest, - unsigned long *digest_len)); -_CK_DECLARE_FUNCTION (C_DigestUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_DigestKey, - (ck_session_handle_t session, ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_DigestFinal, - (ck_session_handle_t session, - unsigned char *digest, - unsigned long *digest_len)); - -_CK_DECLARE_FUNCTION (C_SignInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Sign, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); -_CK_DECLARE_FUNCTION (C_SignUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_SignFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long *signature_len)); -_CK_DECLARE_FUNCTION (C_SignRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_SignRecover, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); - -_CK_DECLARE_FUNCTION (C_VerifyInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Verify, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long signature_len)); -_CK_DECLARE_FUNCTION (C_VerifyUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_VerifyFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len)); -_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_VerifyRecover, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, - unsigned long *data_len)); - -_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len)); -_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len)); - -_CK_DECLARE_FUNCTION (C_GenerateKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - struct ck_attribute *templ, - unsigned long count, - ck_object_handle_t *key)); -_CK_DECLARE_FUNCTION (C_GenerateKeyPair, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - struct ck_attribute *public_key_template, - unsigned long public_key_attribute_count, - struct ck_attribute *private_key_template, - unsigned long private_key_attribute_count, - ck_object_handle_t *public_key, - ck_object_handle_t *private_key)); -_CK_DECLARE_FUNCTION (C_WrapKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, - unsigned char *wrapped_key, - unsigned long *wrapped_key_len)); -_CK_DECLARE_FUNCTION (C_UnwrapKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key)); -_CK_DECLARE_FUNCTION (C_DeriveKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t base_key, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key)); - -_CK_DECLARE_FUNCTION (C_SeedRandom, - (ck_session_handle_t session, unsigned char *seed, - unsigned long seed_len)); -_CK_DECLARE_FUNCTION (C_GenerateRandom, - (ck_session_handle_t session, - unsigned char *random_data, - unsigned long random_len)); - -_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); -_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); - - -struct ck_function_list -{ - struct ck_version version; - CK_C_Initialize C_Initialize; - CK_C_Finalize C_Finalize; - CK_C_GetInfo C_GetInfo; - CK_C_GetFunctionList C_GetFunctionList; - CK_C_GetSlotList C_GetSlotList; - CK_C_GetSlotInfo C_GetSlotInfo; - CK_C_GetTokenInfo C_GetTokenInfo; - CK_C_GetMechanismList C_GetMechanismList; - CK_C_GetMechanismInfo C_GetMechanismInfo; - CK_C_InitToken C_InitToken; - CK_C_InitPIN C_InitPIN; - CK_C_SetPIN C_SetPIN; - CK_C_OpenSession C_OpenSession; - CK_C_CloseSession C_CloseSession; - CK_C_CloseAllSessions C_CloseAllSessions; - CK_C_GetSessionInfo C_GetSessionInfo; - CK_C_GetOperationState C_GetOperationState; - CK_C_SetOperationState C_SetOperationState; - CK_C_Login C_Login; - CK_C_Logout C_Logout; - CK_C_CreateObject C_CreateObject; - CK_C_CopyObject C_CopyObject; - CK_C_DestroyObject C_DestroyObject; - CK_C_GetObjectSize C_GetObjectSize; - CK_C_GetAttributeValue C_GetAttributeValue; - CK_C_SetAttributeValue C_SetAttributeValue; - CK_C_FindObjectsInit C_FindObjectsInit; - CK_C_FindObjects C_FindObjects; - CK_C_FindObjectsFinal C_FindObjectsFinal; - CK_C_EncryptInit C_EncryptInit; - CK_C_Encrypt C_Encrypt; - CK_C_EncryptUpdate C_EncryptUpdate; - CK_C_EncryptFinal C_EncryptFinal; - CK_C_DecryptInit C_DecryptInit; - CK_C_Decrypt C_Decrypt; - CK_C_DecryptUpdate C_DecryptUpdate; - CK_C_DecryptFinal C_DecryptFinal; - CK_C_DigestInit C_DigestInit; - CK_C_Digest C_Digest; - CK_C_DigestUpdate C_DigestUpdate; - CK_C_DigestKey C_DigestKey; - CK_C_DigestFinal C_DigestFinal; - CK_C_SignInit C_SignInit; - CK_C_Sign C_Sign; - CK_C_SignUpdate C_SignUpdate; - CK_C_SignFinal C_SignFinal; - CK_C_SignRecoverInit C_SignRecoverInit; - CK_C_SignRecover C_SignRecover; - CK_C_VerifyInit C_VerifyInit; - CK_C_Verify C_Verify; - CK_C_VerifyUpdate C_VerifyUpdate; - CK_C_VerifyFinal C_VerifyFinal; - CK_C_VerifyRecoverInit C_VerifyRecoverInit; - CK_C_VerifyRecover C_VerifyRecover; - CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; - CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; - CK_C_SignEncryptUpdate C_SignEncryptUpdate; - CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; - CK_C_GenerateKey C_GenerateKey; - CK_C_GenerateKeyPair C_GenerateKeyPair; - CK_C_WrapKey C_WrapKey; - CK_C_UnwrapKey C_UnwrapKey; - CK_C_DeriveKey C_DeriveKey; - CK_C_SeedRandom C_SeedRandom; - CK_C_GenerateRandom C_GenerateRandom; - CK_C_GetFunctionStatus C_GetFunctionStatus; - CK_C_CancelFunction C_CancelFunction; - CK_C_WaitForSlotEvent C_WaitForSlotEvent; -}; - - -typedef ck_rv_t (*ck_createmutex_t) (void **mutex); -typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); -typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); -typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); - - -struct ck_c_initialize_args -{ - ck_createmutex_t create_mutex; - ck_destroymutex_t destroy_mutex; - ck_lockmutex_t lock_mutex; - ck_unlockmutex_t unlock_mutex; - ck_flags_t flags; - void *reserved; -}; - - -#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0) -#define CKF_OS_LOCKING_OK (1 << 1) - -#define CKR_OK (0) -#define CKR_CANCEL (1) -#define CKR_HOST_MEMORY (2) -#define CKR_SLOT_ID_INVALID (3) -#define CKR_GENERAL_ERROR (5) -#define CKR_FUNCTION_FAILED (6) -#define CKR_ARGUMENTS_BAD (7) -#define CKR_NO_EVENT (8) -#define CKR_NEED_TO_CREATE_THREADS (9) -#define CKR_CANT_LOCK (0xa) -#define CKR_ATTRIBUTE_READ_ONLY (0x10) -#define CKR_ATTRIBUTE_SENSITIVE (0x11) -#define CKR_ATTRIBUTE_TYPE_INVALID (0x12) -#define CKR_ATTRIBUTE_VALUE_INVALID (0x13) -#define CKR_DATA_INVALID (0x20) -#define CKR_DATA_LEN_RANGE (0x21) -#define CKR_DEVICE_ERROR (0x30) -#define CKR_DEVICE_MEMORY (0x31) -#define CKR_DEVICE_REMOVED (0x32) -#define CKR_ENCRYPTED_DATA_INVALID (0x40) -#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41) -#define CKR_FUNCTION_CANCELED (0x50) -#define CKR_FUNCTION_NOT_PARALLEL (0x51) -#define CKR_FUNCTION_NOT_SUPPORTED (0x54) -#define CKR_KEY_HANDLE_INVALID (0x60) -#define CKR_KEY_SIZE_RANGE (0x62) -#define CKR_KEY_TYPE_INCONSISTENT (0x63) -#define CKR_KEY_NOT_NEEDED (0x64) -#define CKR_KEY_CHANGED (0x65) -#define CKR_KEY_NEEDED (0x66) -#define CKR_KEY_INDIGESTIBLE (0x67) -#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68) -#define CKR_KEY_NOT_WRAPPABLE (0x69) -#define CKR_KEY_UNEXTRACTABLE (0x6a) -#define CKR_MECHANISM_INVALID (0x70) -#define CKR_MECHANISM_PARAM_INVALID (0x71) -#define CKR_OBJECT_HANDLE_INVALID (0x82) -#define CKR_OPERATION_ACTIVE (0x90) -#define CKR_OPERATION_NOT_INITIALIZED (0x91) -#define CKR_PIN_INCORRECT (0xa0) -#define CKR_PIN_INVALID (0xa1) -#define CKR_PIN_LEN_RANGE (0xa2) -#define CKR_PIN_EXPIRED (0xa3) -#define CKR_PIN_LOCKED (0xa4) -#define CKR_SESSION_CLOSED (0xb0) -#define CKR_SESSION_COUNT (0xb1) -#define CKR_SESSION_HANDLE_INVALID (0xb3) -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4) -#define CKR_SESSION_READ_ONLY (0xb5) -#define CKR_SESSION_EXISTS (0xb6) -#define CKR_SESSION_READ_ONLY_EXISTS (0xb7) -#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8) -#define CKR_SIGNATURE_INVALID (0xc0) -#define CKR_SIGNATURE_LEN_RANGE (0xc1) -#define CKR_TEMPLATE_INCOMPLETE (0xd0) -#define CKR_TEMPLATE_INCONSISTENT (0xd1) -#define CKR_TOKEN_NOT_PRESENT (0xe0) -#define CKR_TOKEN_NOT_RECOGNIZED (0xe1) -#define CKR_TOKEN_WRITE_PROTECTED (0xe2) -#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0) -#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1) -#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2) -#define CKR_USER_ALREADY_LOGGED_IN (0x100) -#define CKR_USER_NOT_LOGGED_IN (0x101) -#define CKR_USER_PIN_NOT_INITIALIZED (0x102) -#define CKR_USER_TYPE_INVALID (0x103) -#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104) -#define CKR_USER_TOO_MANY_TYPES (0x105) -#define CKR_WRAPPED_KEY_INVALID (0x110) -#define CKR_WRAPPED_KEY_LEN_RANGE (0x112) -#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113) -#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114) -#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115) -#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120) -#define CKR_RANDOM_NO_RNG (0x121) -#define CKR_DOMAIN_PARAMS_INVALID (0x130) -#define CKR_BUFFER_TOO_SMALL (0x150) -#define CKR_SAVED_STATE_INVALID (0x160) -#define CKR_INFORMATION_SENSITIVE (0x170) -#define CKR_STATE_UNSAVEABLE (0x180) -#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190) -#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191) -#define CKR_MUTEX_BAD (0x1a0) -#define CKR_MUTEX_NOT_LOCKED (0x1a1) -#define CKR_FUNCTION_REJECTED (0x200) -#define CKR_VENDOR_DEFINED (1U << 31) - - - -/* Compatibility layer. */ - -#ifdef CRYPTOKI_COMPAT - -#undef CK_DEFINE_FUNCTION -#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name - -/* For NULL. */ -#include - -typedef unsigned char CK_BYTE; -typedef unsigned char CK_CHAR; -typedef unsigned char CK_UTF8CHAR; -typedef unsigned char CK_BBOOL; -typedef unsigned long int CK_ULONG; -typedef long int CK_LONG; -typedef CK_BYTE *CK_BYTE_PTR; -typedef CK_CHAR *CK_CHAR_PTR; -typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; -typedef CK_ULONG *CK_ULONG_PTR; -typedef void *CK_VOID_PTR; -typedef void **CK_VOID_PTR_PTR; -#define CK_FALSE 0 -#define CK_TRUE 1 -#ifndef CK_DISABLE_TRUE_FALSE -#ifndef FALSE -#define FALSE 0 -#endif -#ifndef TRUE -#define TRUE 1 -#endif -#endif - -typedef struct ck_version CK_VERSION; -typedef struct ck_version *CK_VERSION_PTR; - -typedef struct ck_info CK_INFO; -typedef struct ck_info *CK_INFO_PTR; - -typedef ck_slot_id_t *CK_SLOT_ID_PTR; - -typedef struct ck_slot_info CK_SLOT_INFO; -typedef struct ck_slot_info *CK_SLOT_INFO_PTR; - -typedef struct ck_token_info CK_TOKEN_INFO; -typedef struct ck_token_info *CK_TOKEN_INFO_PTR; - -typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; - -typedef struct ck_session_info CK_SESSION_INFO; -typedef struct ck_session_info *CK_SESSION_INFO_PTR; - -typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; - -typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; - -typedef struct ck_attribute CK_ATTRIBUTE; -typedef struct ck_attribute *CK_ATTRIBUTE_PTR; - -typedef struct ck_date CK_DATE; -typedef struct ck_date *CK_DATE_PTR; - -typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; - -typedef struct ck_mechanism CK_MECHANISM; -typedef struct ck_mechanism *CK_MECHANISM_PTR; - -typedef struct ck_mechanism_info CK_MECHANISM_INFO; -typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; - -typedef struct ck_function_list CK_FUNCTION_LIST; -typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; -typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; - -typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; -typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; - -#define NULL_PTR NULL - -/* Delete the helper macros defined at the top of the file. */ -#undef ck_flags_t -#undef ck_version - -#undef ck_info -#undef cryptoki_version -#undef manufacturer_id -#undef library_description -#undef library_version - -#undef ck_notification_t -#undef ck_slot_id_t - -#undef ck_slot_info -#undef slot_description -#undef hardware_version -#undef firmware_version - -#undef ck_token_info -#undef serial_number -#undef max_session_count -#undef session_count -#undef max_rw_session_count -#undef rw_session_count -#undef max_pin_len -#undef min_pin_len -#undef total_public_memory -#undef free_public_memory -#undef total_private_memory -#undef free_private_memory -#undef utc_time - -#undef ck_session_handle_t -#undef ck_user_type_t -#undef ck_state_t - -#undef ck_session_info -#undef slot_id -#undef device_error - -#undef ck_object_handle_t -#undef ck_object_class_t -#undef ck_hw_feature_type_t -#undef ck_key_type_t -#undef ck_certificate_type_t -#undef ck_attribute_type_t - -#undef ck_attribute -#undef value -#undef value_len - -#undef ck_date - -#undef ck_mechanism_type_t - -#undef ck_mechanism -#undef parameter -#undef parameter_len - -#undef ck_mechanism_info -#undef min_key_size -#undef max_key_size - -#undef ck_rv_t -#undef ck_notify_t - -#undef ck_function_list - -#undef ck_createmutex_t -#undef ck_destroymutex_t -#undef ck_lockmutex_t -#undef ck_unlockmutex_t - -#undef ck_c_initialize_args -#undef create_mutex -#undef destroy_mutex -#undef lock_mutex -#undef unlock_mutex -#undef reserved - -#endif /* CRYPTOKI_COMPAT */ - - -/* System dependencies. */ -#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) -#pragma pack(pop, cryptoki) -#endif - -#if defined(__cplusplus) -} -#endif - -#endif /* PKCS11_H */ diff --git a/ssh_keygen_110/platform.h b/ssh_keygen_110/platform.h deleted file mode 100644 index ea4f9c58..00000000 --- a/ssh_keygen_110/platform.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2006 Darren Tucker. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include - -void platform_pre_listen(void); -void platform_pre_fork(void); -void platform_pre_restart(void); -void platform_post_fork_parent(pid_t child_pid); -void platform_post_fork_child(void); -int platform_privileged_uidswap(void); -void platform_setusercontext(struct passwd *); -void platform_setusercontext_post_groups(struct passwd *); -char *platform_get_krb5_client(const char *); -char *platform_krb5_get_principal_name(const char *); -int platform_sys_dir_uid(uid_t); -void platform_disable_tracing(int); - -/* in platform-pledge.c */ -void platform_pledge_agent(void); -void platform_pledge_sftp_server(void); -void platform_pledge_mux(void); diff --git a/ssh_keygen_110/poly1305.c b/ssh_keygen_110/poly1305.c deleted file mode 100644 index 6fd1fc8c..00000000 --- a/ssh_keygen_110/poly1305.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Public Domain poly1305 from Andrew Moon - * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna - */ - -/* $OpenBSD: poly1305.c,v 1.3 2013/12/19 22:57:13 djm Exp $ */ - -#include "includes.h" - -#include -#ifdef HAVE_STDINT_H -# include -#endif - -#include "poly1305.h" - -#define mul32x32_64(a,b) ((uint64_t)(a) * (b)) - -#define U8TO32_LE(p) \ - (((uint32_t)((p)[0])) | \ - ((uint32_t)((p)[1]) << 8) | \ - ((uint32_t)((p)[2]) << 16) | \ - ((uint32_t)((p)[3]) << 24)) - -#define U32TO8_LE(p, v) \ - do { \ - (p)[0] = (uint8_t)((v)); \ - (p)[1] = (uint8_t)((v) >> 8); \ - (p)[2] = (uint8_t)((v) >> 16); \ - (p)[3] = (uint8_t)((v) >> 24); \ - } while (0) - -void -poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) { - uint32_t t0,t1,t2,t3; - uint32_t h0,h1,h2,h3,h4; - uint32_t r0,r1,r2,r3,r4; - uint32_t s1,s2,s3,s4; - uint32_t b, nb; - size_t j; - uint64_t t[5]; - uint64_t f0,f1,f2,f3; - uint32_t g0,g1,g2,g3,g4; - uint64_t c; - unsigned char mp[16]; - - /* clamp key */ - t0 = U8TO32_LE(key+0); - t1 = U8TO32_LE(key+4); - t2 = U8TO32_LE(key+8); - t3 = U8TO32_LE(key+12); - - /* precompute multipliers */ - r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6; - r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12; - r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18; - r3 = t2 & 0x3f03fff; t3 >>= 8; - r4 = t3 & 0x00fffff; - - s1 = r1 * 5; - s2 = r2 * 5; - s3 = r3 * 5; - s4 = r4 * 5; - - /* init state */ - h0 = 0; - h1 = 0; - h2 = 0; - h3 = 0; - h4 = 0; - - /* full blocks */ - if (inlen < 16) goto poly1305_donna_atmost15bytes; -poly1305_donna_16bytes: - m += 16; - inlen -= 16; - - t0 = U8TO32_LE(m-16); - t1 = U8TO32_LE(m-12); - t2 = U8TO32_LE(m-8); - t3 = U8TO32_LE(m-4); - - h0 += t0 & 0x3ffffff; - h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; - h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; - h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; - h4 += (t3 >> 8) | (1 << 24); - - -poly1305_donna_mul: - t[0] = mul32x32_64(h0,r0) + mul32x32_64(h1,s4) + mul32x32_64(h2,s3) + mul32x32_64(h3,s2) + mul32x32_64(h4,s1); - t[1] = mul32x32_64(h0,r1) + mul32x32_64(h1,r0) + mul32x32_64(h2,s4) + mul32x32_64(h3,s3) + mul32x32_64(h4,s2); - t[2] = mul32x32_64(h0,r2) + mul32x32_64(h1,r1) + mul32x32_64(h2,r0) + mul32x32_64(h3,s4) + mul32x32_64(h4,s3); - t[3] = mul32x32_64(h0,r3) + mul32x32_64(h1,r2) + mul32x32_64(h2,r1) + mul32x32_64(h3,r0) + mul32x32_64(h4,s4); - t[4] = mul32x32_64(h0,r4) + mul32x32_64(h1,r3) + mul32x32_64(h2,r2) + mul32x32_64(h3,r1) + mul32x32_64(h4,r0); - - h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26); - t[1] += c; h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26); - t[2] += b; h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26); - t[3] += b; h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26); - t[4] += b; h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26); - h0 += b * 5; - - if (inlen >= 16) goto poly1305_donna_16bytes; - - /* final bytes */ -poly1305_donna_atmost15bytes: - if (!inlen) goto poly1305_donna_finish; - - for (j = 0; j < inlen; j++) mp[j] = m[j]; - mp[j++] = 1; - for (; j < 16; j++) mp[j] = 0; - inlen = 0; - - t0 = U8TO32_LE(mp+0); - t1 = U8TO32_LE(mp+4); - t2 = U8TO32_LE(mp+8); - t3 = U8TO32_LE(mp+12); - - h0 += t0 & 0x3ffffff; - h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; - h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; - h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; - h4 += (t3 >> 8); - - goto poly1305_donna_mul; - -poly1305_donna_finish: - b = h0 >> 26; h0 = h0 & 0x3ffffff; - h1 += b; b = h1 >> 26; h1 = h1 & 0x3ffffff; - h2 += b; b = h2 >> 26; h2 = h2 & 0x3ffffff; - h3 += b; b = h3 >> 26; h3 = h3 & 0x3ffffff; - h4 += b; b = h4 >> 26; h4 = h4 & 0x3ffffff; - h0 += b * 5; b = h0 >> 26; h0 = h0 & 0x3ffffff; - h1 += b; - - g0 = h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff; - g1 = h1 + b; b = g1 >> 26; g1 &= 0x3ffffff; - g2 = h2 + b; b = g2 >> 26; g2 &= 0x3ffffff; - g3 = h3 + b; b = g3 >> 26; g3 &= 0x3ffffff; - g4 = h4 + b - (1 << 26); - - b = (g4 >> 31) - 1; - nb = ~b; - h0 = (h0 & nb) | (g0 & b); - h1 = (h1 & nb) | (g1 & b); - h2 = (h2 & nb) | (g2 & b); - h3 = (h3 & nb) | (g3 & b); - h4 = (h4 & nb) | (g4 & b); - - f0 = ((h0 ) | (h1 << 26)) + (uint64_t)U8TO32_LE(&key[16]); - f1 = ((h1 >> 6) | (h2 << 20)) + (uint64_t)U8TO32_LE(&key[20]); - f2 = ((h2 >> 12) | (h3 << 14)) + (uint64_t)U8TO32_LE(&key[24]); - f3 = ((h3 >> 18) | (h4 << 8)) + (uint64_t)U8TO32_LE(&key[28]); - - U32TO8_LE(&out[ 0], f0); f1 += (f0 >> 32); - U32TO8_LE(&out[ 4], f1); f2 += (f1 >> 32); - U32TO8_LE(&out[ 8], f2); f3 += (f2 >> 32); - U32TO8_LE(&out[12], f3); -} diff --git a/ssh_keygen_110/poly1305.h b/ssh_keygen_110/poly1305.h deleted file mode 100644 index f7db5f8d..00000000 --- a/ssh_keygen_110/poly1305.h +++ /dev/null @@ -1,22 +0,0 @@ -/* $OpenBSD: poly1305.h,v 1.4 2014/05/02 03:27:54 djm Exp $ */ - -/* - * Public Domain poly1305 from Andrew Moon - * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna - */ - -#ifndef POLY1305_H -#define POLY1305_H - -#include - -#define POLY1305_KEYLEN 32 -#define POLY1305_TAGLEN 16 - -void poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen, - const u_char key[POLY1305_KEYLEN]) - __attribute__((__bounded__(__minbytes__, 1, POLY1305_TAGLEN))) - __attribute__((__bounded__(__buffer__, 2, 3))) - __attribute__((__bounded__(__minbytes__, 4, POLY1305_KEYLEN))); - -#endif /* POLY1305_H */ diff --git a/ssh_keygen_110/readpass.c b/ssh_keygen_110/readpass.c deleted file mode 100644 index bbcb0279..00000000 --- a/ssh_keygen_110/readpass.c +++ /dev/null @@ -1,119 +0,0 @@ -/* $OpenBSD: readpass.c,v 1.51 2015/12/11 00:20:04 mmcc Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -#include "xmalloc.h" -/* #include "misc.h" - #include "pathnames.h" - #include "log.h" - #include "ssh.h" - #include "uidswap.h" */ -#include "ios_error.h" -#import - -UIViewController * -__topViewController(void) -{ - // Get root controller of first window (First window on UIScreen.mainScreen) - UIViewController *ctrl = [[[[UIApplication sharedApplication] windows] firstObject] rootViewController]; - - while (ctrl.presentedViewController) { - ctrl = ctrl.presentedViewController; - } - - return ctrl; -} - -/* - * Reads a passphrase using an iOS alert with secureTextEntry - * Only way to prevent password to be in the terminal. - */ -char * -read_passphrase(const char *prompt, int flags) -{ - dispatch_semaphore_t dsema = dispatch_semaphore_create(0); - - __block NSString *result = @""; - - // alerts have to go to the main queue: - dispatch_async(dispatch_get_main_queue(), ^ { - UIViewController *topViewController = __topViewController(); - - if (!topViewController) { - dispatch_semaphore_signal(dsema); - return; - } - - NSString *title = [NSString stringWithUTF8String:prompt]; - UIAlertController* alertController = [UIAlertController - alertControllerWithTitle: title - message:nil - preferredStyle:UIAlertControllerStyleAlert]; - - [alertController addTextFieldWithConfigurationHandler:^(UITextField *textField) { - textField.placeholder = @"passphrase"; - textField.textColor = [UIColor blueColor]; - textField.clearButtonMode = UITextFieldViewModeWhileEditing; - textField.borderStyle = UITextBorderStyleRoundedRect; - textField.secureTextEntry = YES; - }]; - - [alertController addAction:[UIAlertAction actionWithTitle:@"OK" - style:UIAlertActionStyleDefault - handler:^(UIAlertAction *action) { - UITextField *passwordField = alertController.textFields.firstObject; - result = passwordField.text ?: @""; - dispatch_semaphore_signal(dsema); - // TODO: explicit_bzero of passwordField -- impossible? - }]]; - - [topViewController presentViewController:alertController animated:YES completion:nil]; - }); - - dispatch_semaphore_wait(dsema, DISPATCH_TIME_FOREVER); - return xstrdup(result.UTF8String); -} - -void systemAlert(char* prompt) { - dispatch_semaphore_t dsema = dispatch_semaphore_create(0); - - dispatch_async(dispatch_get_main_queue(), ^ { - UIViewController *topViewController = __topViewController(); - - NSString *title = [NSString stringWithUTF8String:prompt]; - UIAlertController* alertController = [UIAlertController alertControllerWithTitle:title - message:nil preferredStyle:UIAlertControllerStyleAlert]; - - [alertController addAction:[UIAlertAction actionWithTitle:@"OK" - style:UIAlertActionStyleDefault - handler:^(UIAlertAction *action) { - dispatch_semaphore_signal(dsema); - }]]; - - [topViewController presentViewController:alertController animated:YES completion:nil]; - }); - - dispatch_semaphore_wait(dsema, DISPATCH_TIME_FOREVER); -} diff --git a/ssh_keygen_110/rijndael.h b/ssh_keygen_110/rijndael.h deleted file mode 100644 index 53e74e0a..00000000 --- a/ssh_keygen_110/rijndael.h +++ /dev/null @@ -1,56 +0,0 @@ -/* $OpenBSD: rijndael.h,v 1.14 2014/04/29 15:42:07 markus Exp $ */ - -/** - * rijndael-alg-fst.h - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _PRIVATE_RIJNDAEL_H -#define _PRIVATE_RIJNDAEL_H - -#define AES_MAXKEYBITS (256) -#define AES_MAXKEYBYTES (AES_MAXKEYBITS/8) -/* for 256-bit keys, fewer for less */ -#define AES_MAXROUNDS 14 - -typedef unsigned char u8; -typedef unsigned short u16; -typedef unsigned int u32; - -int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int); -void rijndaelEncrypt(const unsigned int [], int, const unsigned char [], - unsigned char []); - -/* The structure for key information */ -typedef struct { - int decrypt; - int Nr; /* key-length-dependent number of rounds */ - u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ - u32 dk[4*(AES_MAXROUNDS + 1)]; /* decrypt key schedule */ -} rijndael_ctx; - -void rijndael_set_key(rijndael_ctx *, u_char *, int, int); -void rijndael_decrypt(rijndael_ctx *, u_char *, u_char *); -void rijndael_encrypt(rijndael_ctx *, u_char *, u_char *); - -#endif /* _PRIVATE_RIJNDAEL_H */ diff --git a/ssh_keygen_110/sc25519.c b/ssh_keygen_110/sc25519.c deleted file mode 100644 index 1568d9a5..00000000 --- a/ssh_keygen_110/sc25519.c +++ /dev/null @@ -1,308 +0,0 @@ -/* $OpenBSD: sc25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c - */ - -#include "includes.h" - -#include "sc25519.h" - -/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ - -static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; - -static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, - 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; - -static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ -{ - unsigned int x = a; - x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ - x >>= 31; /* 0: no; 1: yes */ - return x; -} - -/* Reduce coefficients of r before calling reduce_add_sub */ -static void reduce_add_sub(sc25519 *r) -{ - crypto_uint32 pb = 0; - crypto_uint32 b; - crypto_uint32 mask; - int i; - unsigned char t[32]; - - for(i=0;i<32;i++) - { - pb += m[i]; - b = lt(r->v[i],pb); - t[i] = r->v[i]-pb+(b<<8); - pb = b; - } - mask = b - 1; - for(i=0;i<32;i++) - r->v[i] ^= mask & (r->v[i] ^ t[i]); -} - -/* Reduce coefficients of x before calling barrett_reduce */ -static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) -{ - /* See HAC, Alg. 14.42 */ - int i,j; - crypto_uint32 q2[66]; - crypto_uint32 *q3 = q2 + 33; - crypto_uint32 r1[33]; - crypto_uint32 r2[33]; - crypto_uint32 carry; - crypto_uint32 pb = 0; - crypto_uint32 b; - - for (i = 0;i < 66;++i) q2[i] = 0; - for (i = 0;i < 33;++i) r2[i] = 0; - - for(i=0;i<33;i++) - for(j=0;j<33;j++) - if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; - carry = q2[31] >> 8; - q2[32] += carry; - carry = q2[32] >> 8; - q2[33] += carry; - - for(i=0;i<33;i++)r1[i] = x[i]; - for(i=0;i<32;i++) - for(j=0;j<33;j++) - if(i+j < 33) r2[i+j] += m[i]*q3[j]; - - for(i=0;i<32;i++) - { - carry = r2[i] >> 8; - r2[i+1] += carry; - r2[i] &= 0xff; - } - - for(i=0;i<32;i++) - { - pb += r2[i]; - b = lt(r1[i],pb); - r->v[i] = r1[i]-pb+(b<<8); - pb = b; - } - - /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 - * If so: Handle it here! - */ - - reduce_add_sub(r); - reduce_add_sub(r); -} - -void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) -{ - int i; - crypto_uint32 t[64]; - for(i=0;i<32;i++) t[i] = x[i]; - for(i=32;i<64;++i) t[i] = 0; - barrett_reduce(r, t); -} - -void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]) -{ - int i; - for(i=0;i<16;i++) r->v[i] = x[i]; -} - -void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) -{ - int i; - crypto_uint32 t[64]; - for(i=0;i<64;i++) t[i] = x[i]; - barrett_reduce(r, t); -} - -void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x) -{ - int i; - for(i=0;i<16;i++) - r->v[i] = x->v[i]; - for(i=0;i<16;i++) - r->v[16+i] = 0; -} - -void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) -{ - int i; - for(i=0;i<32;i++) r[i] = x->v[i]; -} - -int sc25519_iszero_vartime(const sc25519 *x) -{ - int i; - for(i=0;i<32;i++) - if(x->v[i] != 0) return 0; - return 1; -} - -int sc25519_isshort_vartime(const sc25519 *x) -{ - int i; - for(i=31;i>15;i--) - if(x->v[i] != 0) return 0; - return 1; -} - -int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y) -{ - int i; - for(i=31;i>=0;i--) - { - if(x->v[i] < y->v[i]) return 1; - if(x->v[i] > y->v[i]) return 0; - } - return 0; -} - -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - int i, carry; - for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; - for(i=0;i<31;i++) - { - carry = r->v[i] >> 8; - r->v[i+1] += carry; - r->v[i] &= 0xff; - } - reduce_add_sub(r); -} - -void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - crypto_uint32 b = 0; - crypto_uint32 t; - int i; - for(i=0;i<32;i++) - { - t = x->v[i] - y->v[i] - b; - r->v[i] = t & 255; - b = (t >> 8) & 1; - } -} - -void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - int i,j,carry; - crypto_uint32 t[64]; - for(i=0;i<64;i++)t[i] = 0; - - for(i=0;i<32;i++) - for(j=0;j<32;j++) - t[i+j] += x->v[i] * y->v[j]; - - /* Reduce coefficients */ - for(i=0;i<63;i++) - { - carry = t[i] >> 8; - t[i+1] += carry; - t[i] &= 0xff; - } - - barrett_reduce(r, t); -} - -void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y) -{ - sc25519 t; - sc25519_from_shortsc(&t, y); - sc25519_mul(r, x, &t); -} - -void sc25519_window3(signed char r[85], const sc25519 *s) -{ - char carry; - int i; - for(i=0;i<10;i++) - { - r[8*i+0] = s->v[3*i+0] & 7; - r[8*i+1] = (s->v[3*i+0] >> 3) & 7; - r[8*i+2] = (s->v[3*i+0] >> 6) & 7; - r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; - r[8*i+3] = (s->v[3*i+1] >> 1) & 7; - r[8*i+4] = (s->v[3*i+1] >> 4) & 7; - r[8*i+5] = (s->v[3*i+1] >> 7) & 7; - r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; - r[8*i+6] = (s->v[3*i+2] >> 2) & 7; - r[8*i+7] = (s->v[3*i+2] >> 5) & 7; - } - r[8*i+0] = s->v[3*i+0] & 7; - r[8*i+1] = (s->v[3*i+0] >> 3) & 7; - r[8*i+2] = (s->v[3*i+0] >> 6) & 7; - r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; - r[8*i+3] = (s->v[3*i+1] >> 1) & 7; - r[8*i+4] = (s->v[3*i+1] >> 4) & 7; - - /* Making it signed */ - carry = 0; - for(i=0;i<84;i++) - { - r[i] += carry; - r[i+1] += r[i] >> 3; - r[i] &= 7; - carry = r[i] >> 2; - r[i] -= carry<<3; - } - r[84] += carry; -} - -void sc25519_window5(signed char r[51], const sc25519 *s) -{ - char carry; - int i; - for(i=0;i<6;i++) - { - r[8*i+0] = s->v[5*i+0] & 31; - r[8*i+1] = (s->v[5*i+0] >> 5) & 31; - r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; - r[8*i+2] = (s->v[5*i+1] >> 2) & 31; - r[8*i+3] = (s->v[5*i+1] >> 7) & 31; - r[8*i+3] ^= (s->v[5*i+2] << 1) & 31; - r[8*i+4] = (s->v[5*i+2] >> 4) & 31; - r[8*i+4] ^= (s->v[5*i+3] << 4) & 31; - r[8*i+5] = (s->v[5*i+3] >> 1) & 31; - r[8*i+6] = (s->v[5*i+3] >> 6) & 31; - r[8*i+6] ^= (s->v[5*i+4] << 2) & 31; - r[8*i+7] = (s->v[5*i+4] >> 3) & 31; - } - r[8*i+0] = s->v[5*i+0] & 31; - r[8*i+1] = (s->v[5*i+0] >> 5) & 31; - r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; - r[8*i+2] = (s->v[5*i+1] >> 2) & 31; - - /* Making it signed */ - carry = 0; - for(i=0;i<50;i++) - { - r[i] += carry; - r[i+1] += r[i] >> 5; - r[i] &= 31; - carry = r[i] >> 4; - r[i] -= carry<<5; - } - r[50] += carry; -} - -void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2) -{ - int i; - for(i=0;i<31;i++) - { - r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); - r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); - r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); - r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); - } - r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); - r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); - r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); -} diff --git a/ssh_keygen_110/sc25519.h b/ssh_keygen_110/sc25519.h deleted file mode 100644 index a2c15d5f..00000000 --- a/ssh_keygen_110/sc25519.h +++ /dev/null @@ -1,80 +0,0 @@ -/* $OpenBSD: sc25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.h - */ - -#ifndef SC25519_H -#define SC25519_H - -#include "crypto_api.h" - -#define sc25519 crypto_sign_ed25519_ref_sc25519 -#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 -#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes -#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes -#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes -#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc -#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes -#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime -#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime -#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime -#define sc25519_add crypto_sign_ed25519_ref_sc25519_add -#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored -#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul -#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc -#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 -#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5 -#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 - -typedef struct -{ - crypto_uint32 v[32]; -} -sc25519; - -typedef struct -{ - crypto_uint32 v[16]; -} -shortsc25519; - -void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); - -void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]); - -void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); - -void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x); - -void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); - -int sc25519_iszero_vartime(const sc25519 *x); - -int sc25519_isshort_vartime(const sc25519 *x); - -int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y); - -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); - -/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3 - * with r[i] in {-4,...,3} - */ -void sc25519_window3(signed char r[85], const sc25519 *s); - -/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5 - * with r[i] in {-16,...,15} - */ -void sc25519_window5(signed char r[51], const sc25519 *s); - -void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); - -#endif diff --git a/ssh_keygen_110/ssh-dss.c b/ssh_keygen_110/ssh-dss.c deleted file mode 100644 index a23c383d..00000000 --- a/ssh_keygen_110/ssh-dss.c +++ /dev/null @@ -1,209 +0,0 @@ -/* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include - -#include -#include -#include - -#include -#include - -#include "sshbuf.h" -#include "compat.h" -#include "ssherr.h" -#include "digest.h" -#define SSHKEY_INTERNAL -#include "sshkey.h" - -#include "openbsd-compat/openssl-compat.h" - -#define INTBLOB_LEN 20 -#define SIGBLOB_LEN (2*INTBLOB_LEN) - -int -ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) -{ - DSA_SIG *sig = NULL; - const BIGNUM *sig_r, *sig_s; - u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; - size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); - struct sshbuf *b = NULL; - int ret = SSH_ERR_INVALID_ARGUMENT; - - if (lenp != NULL) - *lenp = 0; - if (sigp != NULL) - *sigp = NULL; - - if (key == NULL || key->dsa == NULL || - sshkey_type_plain(key->type) != KEY_DSA) - return SSH_ERR_INVALID_ARGUMENT; - if (dlen == 0) - return SSH_ERR_INTERNAL_ERROR; - - if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, - digest, sizeof(digest))) != 0) - goto out; - - if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - DSA_SIG_get0(sig, &sig_r, &sig_s); - rlen = BN_num_bytes(sig_r); - slen = BN_num_bytes(sig_s); - if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { - ret = SSH_ERR_INTERNAL_ERROR; - goto out; - } - explicit_bzero(sigblob, SIGBLOB_LEN); - BN_bn2bin(sig_r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); - BN_bn2bin(sig_s, sigblob + SIGBLOB_LEN - slen); - - if ((b = sshbuf_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || - (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) - goto out; - - len = sshbuf_len(b); - if (sigp != NULL) { - if ((*sigp = malloc(len)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*sigp, sshbuf_ptr(b), len); - } - if (lenp != NULL) - *lenp = len; - ret = 0; - out: - explicit_bzero(digest, sizeof(digest)); - DSA_SIG_free(sig); - sshbuf_free(b); - return ret; -} - -int -ssh_dss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) -{ - DSA_SIG *sig = NULL; - BIGNUM *sig_r = NULL, *sig_s = NULL; - u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL; - size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); - int ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL; - char *ktype = NULL; - - if (key == NULL || key->dsa == NULL || - sshkey_type_plain(key->type) != KEY_DSA || - signature == NULL || signaturelen == 0) - return SSH_ERR_INVALID_ARGUMENT; - if (dlen == 0) - return SSH_ERR_INTERNAL_ERROR; - - /* fetch signature */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || - sshbuf_get_string(b, &sigblob, &len) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (strcmp("ssh-dss", ktype) != 0) { - ret = SSH_ERR_KEY_TYPE_MISMATCH; - goto out; - } - if (sshbuf_len(b) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; - } - - if (len != SIGBLOB_LEN) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - - /* parse signature */ - if ((sig = DSA_SIG_new()) == NULL || - (sig_r = BN_new()) == NULL || - (sig_s = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig_r) == NULL) || - (BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig_s) == NULL)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (!DSA_SIG_set0(sig, sig_r, sig_s)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - sig_r = sig_s = NULL; /* transferred */ - - /* sha1 the data */ - if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, - digest, sizeof(digest))) != 0) - goto out; - - switch (DSA_do_verify(digest, dlen, sig, key->dsa)) { - case 1: - ret = 0; - break; - case 0: - ret = SSH_ERR_SIGNATURE_INVALID; - goto out; - default: - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - out: - explicit_bzero(digest, sizeof(digest)); - DSA_SIG_free(sig); - BN_clear_free(sig_r); - BN_clear_free(sig_s); - sshbuf_free(b); - free(ktype); - if (sigblob != NULL) { - explicit_bzero(sigblob, len); - free(sigblob); - } - return ret; -} -#endif /* WITH_OPENSSL */ diff --git a/ssh_keygen_110/ssh-ecdsa.c b/ssh_keygen_110/ssh-ecdsa.c deleted file mode 100644 index 2f553175..00000000 --- a/ssh_keygen_110/ssh-ecdsa.c +++ /dev/null @@ -1,202 +0,0 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.14 2018/02/07 02:06:51 jsing Exp $ */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * Copyright (c) 2010 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) - -#include - -#include -#include -#include -#include - -#include - -#include "sshbuf.h" -#include "ssherr.h" -#include "digest.h" -#define SSHKEY_INTERNAL -#include "sshkey.h" - -#include "openbsd-compat/openssl-compat.h" - -/* ARGSUSED */ -int -ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) -{ - ECDSA_SIG *sig = NULL; - const BIGNUM *sig_r, *sig_s; - int hash_alg; - u_char digest[SSH_DIGEST_MAX_LENGTH]; - size_t len, dlen; - struct sshbuf *b = NULL, *bb = NULL; - int ret = SSH_ERR_INTERNAL_ERROR; - - if (lenp != NULL) - *lenp = 0; - if (sigp != NULL) - *sigp = NULL; - - if (key == NULL || key->ecdsa == NULL || - sshkey_type_plain(key->type) != KEY_ECDSA) - return SSH_ERR_INVALID_ARGUMENT; - - if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || - (dlen = ssh_digest_bytes(hash_alg)) == 0) - return SSH_ERR_INTERNAL_ERROR; - if ((ret = ssh_digest_memory(hash_alg, data, datalen, - digest, sizeof(digest))) != 0) - goto out; - - if ((sig = ECDSA_do_sign(digest, dlen, key->ecdsa)) == NULL) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - if ((bb = sshbuf_new()) == NULL || (b = sshbuf_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - ECDSA_SIG_get0(sig, &sig_r, &sig_s); - if ((ret = sshbuf_put_bignum2(bb, sig_r)) != 0 || - (ret = sshbuf_put_bignum2(bb, sig_s)) != 0) - goto out; - if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || - (ret = sshbuf_put_stringb(b, bb)) != 0) - goto out; - len = sshbuf_len(b); - if (sigp != NULL) { - if ((*sigp = malloc(len)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*sigp, sshbuf_ptr(b), len); - } - if (lenp != NULL) - *lenp = len; - ret = 0; - out: - explicit_bzero(digest, sizeof(digest)); - sshbuf_free(b); - sshbuf_free(bb); - ECDSA_SIG_free(sig); - return ret; -} - -/* ARGSUSED */ -int -ssh_ecdsa_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) -{ - ECDSA_SIG *sig = NULL; - BIGNUM *sig_r = NULL, *sig_s = NULL; - int hash_alg; - u_char digest[SSH_DIGEST_MAX_LENGTH]; - size_t dlen; - int ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL, *sigbuf = NULL; - char *ktype = NULL; - - if (key == NULL || key->ecdsa == NULL || - sshkey_type_plain(key->type) != KEY_ECDSA || - signature == NULL || signaturelen == 0) - return SSH_ERR_INVALID_ARGUMENT; - - if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || - (dlen = ssh_digest_bytes(hash_alg)) == 0) - return SSH_ERR_INTERNAL_ERROR; - - /* fetch signature */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || - sshbuf_froms(b, &sigbuf) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) { - ret = SSH_ERR_KEY_TYPE_MISMATCH; - goto out; - } - if (sshbuf_len(b) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; - } - - /* parse signature */ - if ((sig = ECDSA_SIG_new()) == NULL || - (sig_r = BN_new()) == NULL || - (sig_s = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_bignum2(sigbuf, sig_r) != 0 || - sshbuf_get_bignum2(sigbuf, sig_s) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - sig_r = sig_s = NULL; /* transferred */ - - if (sshbuf_len(sigbuf) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; - } - if ((ret = ssh_digest_memory(hash_alg, data, datalen, - digest, sizeof(digest))) != 0) - goto out; - - switch (ECDSA_do_verify(digest, dlen, sig, key->ecdsa)) { - case 1: - ret = 0; - break; - case 0: - ret = SSH_ERR_SIGNATURE_INVALID; - goto out; - default: - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - out: - explicit_bzero(digest, sizeof(digest)); - sshbuf_free(sigbuf); - sshbuf_free(b); - ECDSA_SIG_free(sig); - BN_clear_free(sig_r); - BN_clear_free(sig_s); - free(ktype); - return ret; -} - -#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ diff --git a/ssh_keygen_110/ssh-ed25519.c b/ssh_keygen_110/ssh-ed25519.c deleted file mode 100644 index 5163e029..00000000 --- a/ssh_keygen_110/ssh-ed25519.c +++ /dev/null @@ -1,167 +0,0 @@ -/* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */ -/* - * Copyright (c) 2013 Markus Friedl - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include - -#include "crypto_api.h" - -#include -#include - -#include "log.h" -#include "sshbuf.h" -#define SSHKEY_INTERNAL -#include "sshkey.h" -#include "ssherr.h" -#include "ssh.h" - -int -ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) -{ - u_char *sig = NULL; - size_t slen = 0, len; - unsigned long long smlen; - int r, ret; - struct sshbuf *b = NULL; - - if (lenp != NULL) - *lenp = 0; - if (sigp != NULL) - *sigp = NULL; - - if (key == NULL || - sshkey_type_plain(key->type) != KEY_ED25519 || - key->ed25519_sk == NULL || - datalen >= INT_MAX - crypto_sign_ed25519_BYTES) - return SSH_ERR_INVALID_ARGUMENT; - smlen = slen = datalen + crypto_sign_ed25519_BYTES; - if ((sig = malloc(slen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - - if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen, - key->ed25519_sk)) != 0 || smlen <= datalen) { - r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */ - goto out; - } - /* encode signature */ - if ((b = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 || - (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0) - goto out; - len = sshbuf_len(b); - if (sigp != NULL) { - if ((*sigp = malloc(len)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*sigp, sshbuf_ptr(b), len); - } - if (lenp != NULL) - *lenp = len; - /* success */ - r = 0; - out: - sshbuf_free(b); - if (sig != NULL) { - explicit_bzero(sig, slen); - free(sig); - } - - return r; -} - -int -ssh_ed25519_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) -{ - struct sshbuf *b = NULL; - char *ktype = NULL; - const u_char *sigblob; - u_char *sm = NULL, *m = NULL; - size_t len; - unsigned long long smlen = 0, mlen = 0; - int r, ret; - - if (key == NULL || - sshkey_type_plain(key->type) != KEY_ED25519 || - key->ed25519_pk == NULL || - datalen >= INT_MAX - crypto_sign_ed25519_BYTES || - signature == NULL || signaturelen == 0) - return SSH_ERR_INVALID_ARGUMENT; - - if ((b = sshbuf_from(signature, signaturelen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 || - (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0) - goto out; - if (strcmp("ssh-ed25519", ktype) != 0) { - r = SSH_ERR_KEY_TYPE_MISMATCH; - goto out; - } - if (sshbuf_len(b) != 0) { - r = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; - } - if (len > crypto_sign_ed25519_BYTES) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (datalen >= SIZE_MAX - len) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - smlen = len + datalen; - mlen = smlen; - if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(sm, sigblob, len); - memcpy(sm+len, data, datalen); - if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, - key->ed25519_pk)) != 0) { - debug2("%s: crypto_sign_ed25519_open failed: %d", - __func__, ret); - } - if (ret != 0 || mlen != datalen) { - r = SSH_ERR_SIGNATURE_INVALID; - goto out; - } - /* XXX compare 'm' and 'data' ? */ - /* success */ - r = 0; - out: - if (sm != NULL) { - explicit_bzero(sm, smlen); - free(sm); - } - if (m != NULL) { - explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ - free(m); - } - sshbuf_free(b); - free(ktype); - return r; -} diff --git a/ssh_keygen_110/ssh-keygen.c b/ssh_keygen_110/ssh-keygen.c deleted file mode 100644 index 02c28359..00000000 --- a/ssh_keygen_110/ssh-keygen.c +++ /dev/null @@ -1,3021 +0,0 @@ -/* $OpenBSD: ssh-keygen.c,v 1.322 2018/09/14 04:17:44 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Identity and host key generation and maintenance. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" - -#include -#include -#include - -#ifdef WITH_OPENSSL -#include -#include -#include "openbsd-compat/openssl-compat.h" -#endif - -#include -#include -#include -#ifdef HAVE_PATHS_H -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "sshkey.h" -#include "authfile.h" -#include "uuencode.h" -#include "sshbuf.h" -#include "pathnames.h" -#include "log.h" -#include "misc.h" -#include "match.h" -#include "hostfile.h" -#include "dns.h" -#include "ssh.h" -#include "ssh2.h" -#include "ssherr.h" -#include "ssh-pkcs11.h" -#include "atomicio.h" -#include "krl.h" -#include "digest.h" -#include "utf8.h" -#include "authfd.h" - -#ifdef WITH_OPENSSL -# define DEFAULT_KEY_TYPE_NAME "rsa" -#else -# define DEFAULT_KEY_TYPE_NAME "ed25519" -#endif - -/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ -#define DEFAULT_BITS 2048 -#define DEFAULT_BITS_DSA 1024 -#define DEFAULT_BITS_ECDSA 256 -u_int32_t bits = 0; - -/* - * Flag indicating that we just want to change the passphrase. This can be - * set on the command line. - */ -int change_passphrase = 0; - -/* - * Flag indicating that we just want to change the comment. This can be set - * on the command line. - */ -int change_comment = 0; - -int quiet = 0; - -int log_level = SYSLOG_LEVEL_INFO; - -/* Flag indicating that we want to hash a known_hosts file */ -int hash_hosts = 0; -/* Flag indicating that we want lookup a host in known_hosts file */ -int find_host = 0; -/* Flag indicating that we want to delete a host from a known_hosts file */ -int delete_host = 0; - -/* Flag indicating that we want to show the contents of a certificate */ -int show_cert = 0; - -/* Flag indicating that we just want to see the key fingerprint */ -int print_fingerprint = 0; -int print_bubblebabble = 0; - -/* Hash algorithm to use for fingerprints. */ -int fingerprint_hash = SSH_FP_HASH_DEFAULT; - -/* The identity file name, given on the command line or entered by the user. */ -char identity_file[1024]; -int have_identity = 0; - -/* This is set to the passphrase if given on the command line. */ -char *identity_passphrase = NULL; - -/* This is set to the new passphrase if given on the command line. */ -char *identity_new_passphrase = NULL; - -/* This is set to the new comment if given on the command line. */ -char *identity_comment = NULL; - -/* Path to CA key when certifying keys. */ -char *ca_key_path = NULL; - -/* Prefer to use agent keys for CA signing */ -int prefer_agent = 0; - -/* Certificate serial number */ -unsigned long long cert_serial = 0; - -/* Key type when certifying */ -u_int cert_key_type = SSH2_CERT_TYPE_USER; - -/* "key ID" of signed key */ -char *cert_key_id = NULL; - -/* Comma-separated list of principal names for certifying keys */ -char *cert_principals = NULL; - -/* Validity period for certificates */ -u_int64_t cert_valid_from = 0; -u_int64_t cert_valid_to = ~0ULL; - -/* Certificate options */ -#define CERTOPT_X_FWD (1) -#define CERTOPT_AGENT_FWD (1<<1) -#define CERTOPT_PORT_FWD (1<<2) -#define CERTOPT_PTY (1<<3) -#define CERTOPT_USER_RC (1<<4) -#define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ - CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) -u_int32_t certflags_flags = CERTOPT_DEFAULT; -char *certflags_command = NULL; -char *certflags_src_addr = NULL; - -/* Arbitrary extensions specified by user */ -struct cert_userext { - char *key; - char *val; - int crit; -}; -struct cert_userext *cert_userext; -size_t ncert_userext; - -/* Conversion to/from various formats */ -int convert_to = 0; -int convert_from = 0; -enum { - FMT_RFC4716, - FMT_PKCS8, - FMT_PEM -} convert_format = FMT_RFC4716; -int print_public = 0; -int print_generic = 0; - -char *key_type_name = NULL; - -/* Load key from this PKCS#11 provider */ -char *pkcs11provider = NULL; - -/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ -int use_new_format = 1; - -/* Cipher for new-format private keys */ -char *new_format_cipher = NULL; - -/* - * Number of KDF rounds to derive new format keys / - * number of primality trials when screening moduli. - */ -int rounds = 0; - -/* argv0 */ -extern char *__progname; - -char hostname[NI_MAXHOST]; - -#ifdef WITH_OPENSSL -/* moduli.c */ -int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, - unsigned long); -#endif - - -void sshkeygen_cleanup() { - // reset all flags, cleanup memory: - // init all flags: - // No need to free strings, since they are not allocated but set to = optargs - change_passphrase = 0; - change_comment = 0; - quiet = 0; - log_level = SYSLOG_LEVEL_INFO; - hash_hosts = 0; - find_host = 0; - delete_host = 0; - show_cert = 0; - print_fingerprint = 0; - print_bubblebabble = 0; - fingerprint_hash = SSH_FP_HASH_DEFAULT; - have_identity = 0; - identity_passphrase = NULL; - identity_new_passphrase = NULL; - identity_comment = NULL; - ca_key_path = NULL; - cert_serial = 0; - cert_key_type = SSH2_CERT_TYPE_USER; - cert_key_id = NULL; - cert_principals = NULL; - cert_valid_from = 0; - cert_valid_to = ~0ULL; - certflags_flags = CERTOPT_DEFAULT; - certflags_command = NULL; - certflags_src_addr = NULL; - convert_to = 0; - convert_from = 0; - print_public = 0; - print_generic = 0; - key_type_name = NULL; - pkcs11provider = NULL; - use_new_format = 0; - new_format_cipher = NULL; - rounds = 0; - // end init all flags -} - - -static void -type_bits_valid(int type, const char *name, u_int32_t *bitsp) -{ -#ifdef WITH_OPENSSL - u_int maxbits, nid; -#endif - - if (type == KEY_UNSPEC) - fatal("unknown key type %s", key_type_name); - if (*bitsp == 0) { -#ifdef WITH_OPENSSL - if (type == KEY_DSA) - *bitsp = DEFAULT_BITS_DSA; - else if (type == KEY_ECDSA) { - if (name != NULL && - (nid = sshkey_ecdsa_nid_from_name(name)) > 0) - *bitsp = sshkey_curve_nid_to_bits(nid); - if (*bitsp == 0) - *bitsp = DEFAULT_BITS_ECDSA; - } else -#endif - *bitsp = DEFAULT_BITS; - } -#ifdef WITH_OPENSSL - maxbits = (type == KEY_DSA) ? - OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; - if (*bitsp > maxbits) - fatal("key bits exceeds maximum %d", maxbits); - switch (type) { - case KEY_DSA: - if (*bitsp != 1024) - fatal("Invalid DSA key length: must be 1024 bits"); - break; - case KEY_RSA: - if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) - fatal("Invalid RSA key length: minimum is %d bits", - SSH_RSA_MINIMUM_MODULUS_SIZE); - break; - case KEY_ECDSA: - if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) - fatal("Invalid ECDSA key length: valid lengths are " - "256, 384 or 521 bits"); - } -#endif -} - -static void -ask_filename(struct passwd *pw, const char *prompt) -{ - char buf[1024]; - char *name = NULL; - - if (key_type_name == NULL) - name = _PATH_SSH_CLIENT_ID_RSA; - else { - switch (sshkey_type_from_name(key_type_name)) { - case KEY_DSA_CERT: - case KEY_DSA: - name = _PATH_SSH_CLIENT_ID_DSA; - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - name = _PATH_SSH_CLIENT_ID_ECDSA; - break; -#endif - case KEY_RSA_CERT: - case KEY_RSA: - name = _PATH_SSH_CLIENT_ID_RSA; - break; - case KEY_ED25519: - case KEY_ED25519_CERT: - name = _PATH_SSH_CLIENT_ID_ED25519; - break; - case KEY_XMSS: - case KEY_XMSS_CERT: - name = _PATH_SSH_CLIENT_ID_XMSS; - break; - default: - fatal("bad key type"); - } - } - snprintf(identity_file, sizeof(identity_file), - "%s/%s", pw->pw_dir, name); - printf("%s (%s): ", prompt, identity_file); - fflush(stdout); - if (fgets(buf, sizeof(buf), stdin) == NULL) { - sshkeygen_cleanup(); - exit(1); - } - buf[strcspn(buf, "\n")] = '\0'; - if (strcmp(buf, "") != 0) - strlcpy(identity_file, buf, sizeof(identity_file)); - have_identity = 1; -} - -static struct sshkey * -load_identity(char *filename) -{ - char *pass; - struct sshkey *prv; - int r; - - if ((r = sshkey_load_private(filename, "", &prv, NULL)) == 0) - return prv; - if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) - fatal("Load key \"%s\": %s", filename, ssh_err(r)); - if (identity_passphrase) - pass = xstrdup(identity_passphrase); - else - pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); - r = sshkey_load_private(filename, pass, &prv, NULL); - explicit_bzero(pass, strlen(pass)); - free(pass); - if (r != 0) - fatal("Load key \"%s\": %s", filename, ssh_err(r)); - return prv; -} - -#define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" -#define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----" -#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" -#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb - -#ifdef WITH_OPENSSL -static void -do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) -{ - size_t len; - u_char *blob; - char comment[61]; - int r; - - if ((r = sshkey_to_blob(k, &blob, &len)) != 0) - fatal("key_to_blob failed: %s", ssh_err(r)); - /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ - snprintf(comment, sizeof(comment), - "%u-bit %s, converted by %s@%s from OpenSSH", - sshkey_size(k), sshkey_type(k), - pw->pw_name, hostname); - - fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); - fprintf(stdout, "Comment: \"%s\"\n", comment); - dump_base64(stdout, blob, len); - fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); - sshkey_free(k); - free(blob); - sshkeygen_cleanup(); - exit(0); -} - -static void -do_convert_to_pkcs8(struct sshkey *k) -{ - switch (sshkey_type_plain(k->type)) { - case KEY_RSA: - if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) - fatal("PEM_write_RSA_PUBKEY failed"); - break; - case KEY_DSA: - if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) - fatal("PEM_write_DSA_PUBKEY failed"); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa)) - fatal("PEM_write_EC_PUBKEY failed"); - break; -#endif - default: - fatal("%s: unsupported key type %s", __func__, sshkey_type(k)); - } - sshkeygen_cleanup(); - exit(0); -} - -static void -do_convert_to_pem(struct sshkey *k) -{ - switch (sshkey_type_plain(k->type)) { - case KEY_RSA: - if (!PEM_write_RSAPublicKey(stdout, k->rsa)) - fatal("PEM_write_RSAPublicKey failed"); - break; - default: - fatal("%s: unsupported key type %s", __func__, sshkey_type(k)); - } - sshkeygen_cleanup(); - exit(0); -} - -static void -do_convert_to(struct passwd *pw) -{ - struct sshkey *k; - struct stat st; - int r; - - if (!have_identity) - ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); - if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0) - k = load_identity(identity_file); - switch (convert_format) { - case FMT_RFC4716: - do_convert_to_ssh2(pw, k); - break; - case FMT_PKCS8: - do_convert_to_pkcs8(k); - break; - case FMT_PEM: - do_convert_to_pem(k); - break; - default: - fatal("%s: unknown key format %d", __func__, convert_format); - } - sshkeygen_cleanup(); - exit(0); -} - -/* - * This is almost exactly the bignum1 encoding, but with 32 bit for length - * instead of 16. - */ -static void -buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value) -{ - u_int bytes, bignum_bits; - int r; - - if ((r = sshbuf_get_u32(b, &bignum_bits)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - bytes = (bignum_bits + 7) / 8; - if (sshbuf_len(b) < bytes) - fatal("%s: input buffer too small: need %d have %zu", - __func__, bytes, sshbuf_len(b)); - if (BN_bin2bn(sshbuf_ptr(b), bytes, value) == NULL) - fatal("%s: BN_bin2bn failed", __func__); - if ((r = sshbuf_consume(b, bytes)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); -} - -static struct sshkey * -do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) -{ - struct sshbuf *b; - struct sshkey *key = NULL; - char *type, *cipher; - u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345"; - int r, rlen, ktype; - u_int magic, i1, i2, i3, i4; - size_t slen; - u_long e; - BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; - BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; - BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; - BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; - if ((b = sshbuf_from(blob, blen)) == NULL) - fatal("%s: sshbuf_from failed", __func__); - if ((r = sshbuf_get_u32(b, &magic)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { - error("bad magic 0x%x != 0x%x", magic, - SSH_COM_PRIVATE_KEY_MAGIC); - sshbuf_free(b); - return NULL; - } - if ((r = sshbuf_get_u32(b, &i1)) != 0 || - (r = sshbuf_get_cstring(b, &type, NULL)) != 0 || - (r = sshbuf_get_cstring(b, &cipher, NULL)) != 0 || - (r = sshbuf_get_u32(b, &i2)) != 0 || - (r = sshbuf_get_u32(b, &i3)) != 0 || - (r = sshbuf_get_u32(b, &i4)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug("ignore (%d %d %d %d)", i1, i2, i3, i4); - if (strcmp(cipher, "none") != 0) { - error("unsupported cipher %s", cipher); - free(cipher); - sshbuf_free(b); - free(type); - return NULL; - } - free(cipher); - - if (strstr(type, "dsa")) { - ktype = KEY_DSA; - } else if (strstr(type, "rsa")) { - ktype = KEY_RSA; - } else { - sshbuf_free(b); - free(type); - return NULL; - } - if ((key = sshkey_new(ktype)) == NULL) - fatal("sshkey_new failed"); - free(type); - - switch (key->type) { - case KEY_DSA: - if ((dsa_p = BN_new()) == NULL || - (dsa_q = BN_new()) == NULL || - (dsa_g = BN_new()) == NULL || - (dsa_pub_key = BN_new()) == NULL || - (dsa_priv_key = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - buffer_get_bignum_bits(b, dsa_p); - buffer_get_bignum_bits(b, dsa_g); - buffer_get_bignum_bits(b, dsa_q); - buffer_get_bignum_bits(b, dsa_pub_key); - buffer_get_bignum_bits(b, dsa_priv_key); - if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) - fatal("%s: DSA_set0_pqg failed", __func__); - dsa_p = dsa_q = dsa_g = NULL; /* transferred */ - if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key)) - fatal("%s: DSA_set0_key failed", __func__); - dsa_pub_key = dsa_priv_key = NULL; /* transferred */ - break; - case KEY_RSA: - if ((r = sshbuf_get_u8(b, &e1)) != 0 || - (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || - (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0)) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - e = e1; - debug("e %lx", e); - if (e < 30) { - e <<= 8; - e += e2; - debug("e %lx", e); - e <<= 8; - e += e3; - debug("e %lx", e); - } - if ((rsa_e = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - if (!BN_set_word(rsa_e, e)) { - BN_clear_free(rsa_e); - sshbuf_free(b); - sshkey_free(key); - return NULL; - } - if ((rsa_n = BN_new()) == NULL || - (rsa_d = BN_new()) == NULL || - (rsa_p = BN_new()) == NULL || - (rsa_q = BN_new()) == NULL || - (rsa_iqmp = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - buffer_get_bignum_bits(b, rsa_d); - buffer_get_bignum_bits(b, rsa_n); - buffer_get_bignum_bits(b, rsa_iqmp); - buffer_get_bignum_bits(b, rsa_q); - buffer_get_bignum_bits(b, rsa_p); - if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d)) - fatal("%s: RSA_set0_key failed", __func__); - rsa_n = rsa_e = rsa_d = NULL; /* transferred */ - if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q)) - fatal("%s: RSA_set0_factors failed", __func__); - rsa_p = rsa_q = NULL; /* transferred */ - if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) - fatal("generate RSA parameters failed: %s", ssh_err(r)); - BN_clear_free(rsa_iqmp); - break; - } - rlen = sshbuf_len(b); - if (rlen != 0) - error("do_convert_private_ssh2_from_blob: " - "remaining bytes in key blob %d", rlen); - sshbuf_free(b); - - /* try the key */ - if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || - sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) { - sshkey_free(key); - free(sig); - return NULL; - } - free(sig); - return key; -} - -static int -get_line(FILE *fp, char *line, size_t len) -{ - int c; - size_t pos = 0; - - line[0] = '\0'; - while ((c = fgetc(fp)) != EOF) { - if (pos >= len - 1) - fatal("input line too long."); - switch (c) { - case '\r': - c = fgetc(fp); - if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) - fatal("unget: %s", strerror(errno)); - return pos; - case '\n': - return pos; - } - line[pos++] = c; - line[pos] = '\0'; - } - /* We reached EOF */ - return -1; -} - -static void -do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private) -{ - int r, blen, escaped = 0; - u_int len; - char line[1024]; - u_char blob[8096]; - char encoded[8096]; - FILE *fp; - - if ((fp = fopen(identity_file, "r")) == NULL) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); - encoded[0] = '\0'; - while ((blen = get_line(fp, line, sizeof(line))) != -1) { - if (blen > 0 && line[blen - 1] == '\\') - escaped++; - if (strncmp(line, "----", 4) == 0 || - strstr(line, ": ") != NULL) { - if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL) - *private = 1; - if (strstr(line, " END ") != NULL) { - break; - } - /* fprintf(stderr, "ignore: %s", line); */ - continue; - } - if (escaped) { - escaped--; - /* fprintf(stderr, "escaped: %s", line); */ - continue; - } - strlcat(encoded, line, sizeof(encoded)); - } - len = strlen(encoded); - if (((len % 4) == 3) && - (encoded[len-1] == '=') && - (encoded[len-2] == '=') && - (encoded[len-3] == '=')) - encoded[len-3] = '\0'; - blen = uudecode(encoded, blob, sizeof(blob)); - if (blen < 0) - fatal("uudecode failed."); - if (*private) - *k = do_convert_private_ssh2_from_blob(blob, blen); - else if ((r = sshkey_from_blob(blob, blen, k)) != 0) - fatal("decode blob failed: %s", ssh_err(r)); - fclose(fp); -} - -static void -do_convert_from_pkcs8(struct sshkey **k, int *private) -{ - EVP_PKEY *pubkey; - FILE *fp; - - if ((fp = fopen(identity_file, "r")) == NULL) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); - if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) { - fatal("%s: %s is not a recognised public key format", __func__, - identity_file); - } - fclose(fp); - switch (EVP_PKEY_base_id(pubkey)) { - case EVP_PKEY_RSA: - if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - (*k)->type = KEY_RSA; - (*k)->rsa = EVP_PKEY_get1_RSA(pubkey); - break; - case EVP_PKEY_DSA: - if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - (*k)->type = KEY_DSA; - (*k)->dsa = EVP_PKEY_get1_DSA(pubkey); - break; -#ifdef OPENSSL_HAS_ECC - case EVP_PKEY_EC: - if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - (*k)->type = KEY_ECDSA; - (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); - (*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((*k)->ecdsa); - break; -#endif - default: - fatal("%s: unsupported pubkey type %d", __func__, - EVP_PKEY_base_id(pubkey)); - } - EVP_PKEY_free(pubkey); - return; -} - -static void -do_convert_from_pem(struct sshkey **k, int *private) -{ - FILE *fp; - RSA *rsa; - - if ((fp = fopen(identity_file, "r")) == NULL) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); - if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) { - if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - (*k)->type = KEY_RSA; - (*k)->rsa = rsa; - fclose(fp); - return; - } - fatal("%s: unrecognised raw private key format", __func__); -} - -static void -do_convert_from(struct passwd *pw) -{ - struct sshkey *k = NULL; - int r, private = 0, ok = 0; - struct stat st; - - if (!have_identity) - ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); - - switch (convert_format) { - case FMT_RFC4716: - do_convert_from_ssh2(pw, &k, &private); - break; - case FMT_PKCS8: - do_convert_from_pkcs8(&k, &private); - break; - case FMT_PEM: - do_convert_from_pem(&k, &private); - break; - default: - fatal("%s: unknown key format %d", __func__, convert_format); - } - - if (!private) { - if ((r = sshkey_write(k, stdout)) == 0) - ok = 1; - if (ok) - fprintf(stdout, "\n"); - } else { - switch (k->type) { - case KEY_DSA: - ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, - NULL, 0, NULL, NULL); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL, - NULL, 0, NULL, NULL); - break; -#endif - case KEY_RSA: - ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, - NULL, 0, NULL, NULL); - break; - default: - fatal("%s: unsupported key type %s", __func__, - sshkey_type(k)); - } - } - - if (!ok) - fatal("key write failed"); - sshkey_free(k); - sshkeygen_cleanup(); - exit(0); -} -#endif - -static void -do_print_public(struct passwd *pw) -{ - struct sshkey *prv; - struct stat st; - int r; - - if (!have_identity) - ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) - fatal("%s: %s", identity_file, strerror(errno)); - prv = load_identity(identity_file); - if ((r = sshkey_write(prv, stdout)) != 0) - error("sshkey_write failed: %s", ssh_err(r)); - sshkey_free(prv); - fprintf(thread_stdout, "\n"); - sshkeygen_cleanup(); - exit(0); -} - -static void -do_download(struct passwd *pw) -{ -#ifdef ENABLE_PKCS11 - struct sshkey **keys = NULL; - int i, nkeys; - enum sshkey_fp_rep rep; - int fptype; - char *fp, *ra; - - fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; - rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; - - pkcs11_init(0); - nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); - if (nkeys <= 0) - fatal("cannot read public key from pkcs11"); - for (i = 0; i < nkeys; i++) { - if (print_fingerprint) { - fp = sshkey_fingerprint(keys[i], fptype, rep); - ra = sshkey_fingerprint(keys[i], fingerprint_hash, - SSH_FP_RANDOMART); - if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); - printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), - fp, sshkey_type(keys[i])); - if (log_level >= SYSLOG_LEVEL_VERBOSE) - printf("%s\n", ra); - free(ra); - free(fp); - } else { - (void) sshkey_write(keys[i], stdout); /* XXX check */ - fprintf(stdout, "\n"); - } - sshkey_free(keys[i]); - } - free(keys); - pkcs11_terminate(); - sshkeygen_cleanup(); - exit(0); -#else - fatal("no pkcs11 support"); -#endif /* ENABLE_PKCS11 */ -} - -static struct sshkey * -try_read_key(char **cpp) -{ - struct sshkey *ret; - int r; - - if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - if ((r = sshkey_read(ret, cpp)) == 0) - return ret; - /* Not a key */ - sshkey_free(ret); - return NULL; -} - -static void -fingerprint_one_key(const struct sshkey *public, const char *comment) -{ - char *fp = NULL, *ra = NULL; - enum sshkey_fp_rep rep; - int fptype; - - fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; - rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; - fp = sshkey_fingerprint(public, fptype, rep); - ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); - if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); - mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, - comment ? comment : "no comment", sshkey_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) - printf("%s\n", ra); - free(ra); - free(fp); -} - -static void -fingerprint_private(const char *path) -{ - struct stat st; - char *comment = NULL; - struct sshkey *public = NULL; - int r; - - if (stat(identity_file, &st) < 0) - fatal("%s: %s", path, strerror(errno)); - if ((r = sshkey_load_public(path, &public, &comment)) != 0) { - debug("load public \"%s\": %s", path, ssh_err(r)); - if ((r = sshkey_load_private(path, NULL, - &public, &comment)) != 0) { - debug("load private \"%s\": %s", path, ssh_err(r)); - fatal("%s is not a key file.", path); - } - } - - fingerprint_one_key(public, comment); - sshkey_free(public); - free(comment); -} - -static void -do_fingerprint(struct passwd *pw) -{ - FILE *f; - struct sshkey *public = NULL; - char *comment = NULL, *cp, *ep, *line = NULL; - size_t linesize = 0; - int i, invalid = 1; - const char *path; - u_long lnum = 0; - - if (!have_identity) - ask_filename(pw, "Enter file in which the key is"); - path = identity_file; - - if (strcmp(identity_file, "-") == 0) { - f = stdin; - path = "(stdin)"; - } else if ((f = fopen(path, "r")) == NULL) - fatal("%s: %s: %s", __progname, path, strerror(errno)); - - while (getline(&line, &linesize, f) != -1) { - lnum++; - cp = line; - cp[strcspn(cp, "\n")] = '\0'; - /* Trim leading space and comments */ - cp = line + strspn(line, " \t"); - if (*cp == '#' || *cp == '\0') - continue; - - /* - * Input may be plain keys, private keys, authorized_keys - * or known_hosts. - */ - - /* - * Try private keys first. Assume a key is private if - * "SSH PRIVATE KEY" appears on the first line and we're - * not reading from stdin (XXX support private keys on stdin). - */ - if (lnum == 1 && strcmp(identity_file, "-") != 0 && - strstr(cp, "PRIVATE KEY") != NULL) { - free(line); - fclose(f); - fingerprint_private(path); - sshkeygen_cleanup(); - exit(0); - } - - /* - * If it's not a private key, then this must be prepared to - * accept a public key prefixed with a hostname or options. - * Try a bare key first, otherwise skip the leading stuff. - */ - if ((public = try_read_key(&cp)) == NULL) { - i = strtol(cp, &ep, 10); - if (i == 0 || ep == NULL || - (*ep != ' ' && *ep != '\t')) { - int quoted = 0; - - comment = cp; - for (; *cp && (quoted || (*cp != ' ' && - *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - if (!*cp) - continue; - *cp++ = '\0'; - } - } - /* Retry after parsing leading hostname/key options */ - if (public == NULL && (public = try_read_key(&cp)) == NULL) { - debug("%s:%lu: not a public key", path, lnum); - continue; - } - - /* Find trailing comment, if any */ - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - if (*cp != '\0' && *cp != '#') - comment = cp; - - fingerprint_one_key(public, comment); - sshkey_free(public); - invalid = 0; /* One good key in the file is sufficient */ - } - fclose(f); - free(line); - - if (invalid) - fprintf(thread_stderr, "%s is not a public key file.", path); - sshkeygen_cleanup(); - exit(0); -} - -static void -do_gen_all_hostkeys(struct passwd *pw) -{ - struct { - char *key_type; - char *key_type_display; - char *path; - } key_types[] = { -#ifdef WITH_OPENSSL - { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, - { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, -#ifdef OPENSSL_HAS_ECC - { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, -#endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, -#ifdef WITH_XMSS - { "xmss", "XMSS",_PATH_HOST_XMSS_KEY_FILE }, -#endif /* WITH_XMSS */ - { NULL, NULL, NULL } - }; - - int first = 0; - struct stat st; - struct sshkey *private, *public; - char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file; - int i, type, fd, r; - FILE *f; - - for (i = 0; key_types[i].key_type; i++) { - public = private = NULL; - prv_tmp = pub_tmp = prv_file = pub_file = NULL; - - xasprintf(&prv_file, "%s%s", - identity_file, key_types[i].path); - - /* Check whether private key exists and is not zero-length */ - if (stat(prv_file, &st) == 0) { - if (st.st_size != 0) - goto next; - } else if (errno != ENOENT) { - error("Could not stat %s: %s", key_types[i].path, - strerror(errno)); - goto failnext; - } - - /* - * Private key doesn't exist or is invalid; proceed with - * key generation. - */ - xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX", - identity_file, key_types[i].path); - xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX", - identity_file, key_types[i].path); - xasprintf(&pub_file, "%s%s.pub", - identity_file, key_types[i].path); - - if (first == 0) { - first = 1; - printf("%s: generating new host keys: ", __progname); - } - printf("%s ", key_types[i].key_type_display); - fflush(stdout); - type = sshkey_type_from_name(key_types[i].key_type); - if ((fd = mkstemp(prv_tmp)) == -1) { - error("Could not save your public key in %s: %s", - prv_tmp, strerror(errno)); - goto failnext; - } - close(fd); /* just using mkstemp() to generate/reserve a name */ - bits = 0; - type_bits_valid(type, NULL, &bits); - if ((r = sshkey_generate(type, bits, &private)) != 0) { - error("sshkey_generate failed: %s", ssh_err(r)); - goto failnext; - } - if ((r = sshkey_from_private(private, &public)) != 0) - fatal("sshkey_from_private failed: %s", ssh_err(r)); - snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, - hostname); - if ((r = sshkey_save_private(private, prv_tmp, "", - comment, use_new_format, new_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s", - prv_tmp, ssh_err(r)); - goto failnext; - } - if ((fd = mkstemp(pub_tmp)) == -1) { - error("Could not save your public key in %s: %s", - pub_tmp, strerror(errno)); - goto failnext; - } - (void)fchmod(fd, 0644); - f = fdopen(fd, "w"); - if (f == NULL) { - error("fdopen %s failed: %s", pub_tmp, strerror(errno)); - close(fd); - goto failnext; - } - if ((r = sshkey_write(public, f)) != 0) { - error("write key failed: %s", ssh_err(r)); - fclose(f); - goto failnext; - } - fprintf(f, " %s\n", comment); - if (ferror(f) != 0) { - error("write key failed: %s", strerror(errno)); - fclose(f); - goto failnext; - } - if (fclose(f) != 0) { - error("key close failed: %s", strerror(errno)); - goto failnext; - } - - /* Rename temporary files to their permanent locations. */ - if (rename(pub_tmp, pub_file) != 0) { - error("Unable to move %s into position: %s", - pub_file, strerror(errno)); - goto failnext; - } - if (rename(prv_tmp, prv_file) != 0) { - error("Unable to move %s into position: %s", - key_types[i].path, strerror(errno)); - failnext: - first = 0; - goto next; - } - next: - sshkey_free(private); - sshkey_free(public); - free(prv_tmp); - free(pub_tmp); - free(prv_file); - free(pub_file); - } - if (first != 0) - printf("\n"); -} - -struct known_hosts_ctx { - const char *host; /* Hostname searched for in find/delete case */ - FILE *out; /* Output file, stdout for find_hosts case */ - int has_unhashed; /* When hashing, original had unhashed hosts */ - int found_key; /* For find/delete, host was found */ - int invalid; /* File contained invalid items; don't delete */ -}; - -static int -known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) -{ - struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; - char *hashed, *cp, *hosts, *ohosts; - int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); - int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM; - - switch (l->status) { - case HKF_STATUS_OK: - case HKF_STATUS_MATCHED: - /* - * Don't hash hosts already already hashed, with wildcard - * characters or a CA/revocation marker. - */ - if (was_hashed || has_wild || l->marker != MRK_NONE) { - fprintf(ctx->out, "%s\n", l->line); - if (has_wild && !find_host) { - logit("%s:%lu: ignoring host name " - "with wildcard: %.64s", l->path, - l->linenum, l->hosts); - } - return 0; - } - /* - * Split any comma-separated hostnames from the host list, - * hash and store separately. - */ - ohosts = hosts = xstrdup(l->hosts); - while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { - lowercase(cp); - if ((hashed = host_hash(cp, NULL, 0)) == NULL) - fatal("hash_host failed"); - fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); - ctx->has_unhashed = 1; - } - free(ohosts); - return 0; - case HKF_STATUS_INVALID: - /* Retain invalid lines, but mark file as invalid. */ - ctx->invalid = 1; - logit("%s:%lu: invalid line", l->path, l->linenum); - /* FALLTHROUGH */ - default: - fprintf(ctx->out, "%s\n", l->line); - return 0; - } - /* NOTREACHED */ - return -1; -} - -static int -known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) -{ - struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; - enum sshkey_fp_rep rep; - int fptype; - char *fp; - - fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; - rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; - - if (l->status == HKF_STATUS_MATCHED) { - if (delete_host) { - if (l->marker != MRK_NONE) { - /* Don't remove CA and revocation lines */ - fprintf(ctx->out, "%s\n", l->line); - } else { - /* - * Hostname matches and has no CA/revoke - * marker, delete it by *not* writing the - * line to ctx->out. - */ - ctx->found_key = 1; - if (!quiet) - printf("# Host %s found: line %lu\n", - ctx->host, l->linenum); - } - return 0; - } else if (find_host) { - ctx->found_key = 1; - if (!quiet) { - printf("# Host %s found: line %lu %s\n", - ctx->host, - l->linenum, l->marker == MRK_CA ? "CA" : - (l->marker == MRK_REVOKE ? "REVOKED" : "")); - } - if (hash_hosts) - known_hosts_hash(l, ctx); - else if (print_fingerprint) { - fp = sshkey_fingerprint(l->key, fptype, rep); - mprintf("%s %s %s %s\n", ctx->host, - sshkey_type(l->key), fp, l->comment); - free(fp); - } else - fprintf(ctx->out, "%s\n", l->line); - return 0; - } - } else if (delete_host) { - /* Retain non-matching hosts when deleting */ - if (l->status == HKF_STATUS_INVALID) { - ctx->invalid = 1; - logit("%s:%lu: invalid line", l->path, l->linenum); - } - fprintf(ctx->out, "%s\n", l->line); - } - return 0; -} - -static void -do_known_hosts(struct passwd *pw, const char *name) -{ - char *cp, tmp[PATH_MAX], old[PATH_MAX]; - int r, fd, oerrno, inplace = 0; - struct known_hosts_ctx ctx; - u_int foreach_options; - - if (!have_identity) { - cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); - if (strlcpy(identity_file, cp, sizeof(identity_file)) >= - sizeof(identity_file)) - fatal("Specified known hosts path too long"); - free(cp); - have_identity = 1; - } - - memset(&ctx, 0, sizeof(ctx)); - ctx.out = stdout; - ctx.host = name; - - /* - * Find hosts goes to stdout, hash and deletions happen in-place - * A corner case is ssh-keygen -HF foo, which should go to stdout - */ - if (!find_host && (hash_hosts || delete_host)) { - if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) || - strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) || - strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) || - strlcat(old, ".old", sizeof(old)) >= sizeof(old)) - fatal("known_hosts path too long"); - umask(077); - if ((fd = mkstemp(tmp)) == -1) - fatal("mkstemp: %s", strerror(errno)); - if ((ctx.out = fdopen(fd, "w")) == NULL) { - oerrno = errno; - unlink(tmp); - fatal("fdopen: %s", strerror(oerrno)); - } - inplace = 1; - } - /* XXX support identity_file == "-" for stdin */ - foreach_options = find_host ? HKF_WANT_MATCH : 0; - foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; - if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ? - known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL, - foreach_options)) != 0) { - if (inplace) - unlink(tmp); - fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); - } - - if (inplace) - fclose(ctx.out); - - if (ctx.invalid) { - error("%s is not a valid known_hosts file.", identity_file); - if (inplace) { - error("Not replacing existing known_hosts " - "file because of errors"); - unlink(tmp); - } - sshkeygen_cleanup(); - exit(1); - } else if (delete_host && !ctx.found_key) { - logit("Host %s not found in %s", name, identity_file); - if (inplace) - unlink(tmp); - } else if (inplace) { - /* Backup existing file */ - if (unlink(old) == -1 && errno != ENOENT) - fatal("unlink %.100s: %s", old, strerror(errno)); - if (link(identity_file, old) == -1) - fatal("link %.100s to %.100s: %s", identity_file, old, - strerror(errno)); - /* Move new one into place */ - if (rename(tmp, identity_file) == -1) { - error("rename\"%s\" to \"%s\": %s", tmp, identity_file, - strerror(errno)); - unlink(tmp); - unlink(old); - sshkeygen_cleanup(); - exit(1); - } - - printf("%s updated.\n", identity_file); - printf("Original contents retained as %s\n", old); - if (ctx.has_unhashed) { - logit("WARNING: %s contains unhashed entries", old); - logit("Delete this file to ensure privacy " - "of hostnames"); - } - } - - exit (find_host && !ctx.found_key); -} - -/* - * Perform changing a passphrase. The argument is the passwd structure - * for the current user. - */ -static void -do_change_passphrase(struct passwd *pw) -{ - char *comment; - char *old_passphrase, *passphrase1, *passphrase2; - struct stat st; - struct sshkey *private; - int r; - - if (!have_identity) - ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) - fatal("%s: %s", identity_file, strerror(errno)); - /* Try to load the file with empty passphrase. */ - r = sshkey_load_private(identity_file, "", &private, &comment); - if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) { - if (identity_passphrase) - old_passphrase = xstrdup(identity_passphrase); - else - old_passphrase = - read_passphrase("Enter old passphrase: ", - RP_ALLOW_STDIN); - r = sshkey_load_private(identity_file, old_passphrase, - &private, &comment); - explicit_bzero(old_passphrase, strlen(old_passphrase)); - free(old_passphrase); - if (r != 0) - goto badkey; - } else if (r != 0) { - badkey: - fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); - } - if (comment) - mprintf("Key has comment '%s'\n", comment); - - /* Ask the new passphrase (twice). */ - if (identity_new_passphrase) { - passphrase1 = xstrdup(identity_new_passphrase); - passphrase2 = NULL; - } else { - passphrase1 = - read_passphrase("Enter new passphrase (empty for no " - "passphrase): ", RP_ALLOW_STDIN); - passphrase2 = read_passphrase("Enter same passphrase again: ", - RP_ALLOW_STDIN); - - /* Verify that they are the same. */ - if (strcmp(passphrase1, passphrase2) != 0) { - explicit_bzero(passphrase1, strlen(passphrase1)); - explicit_bzero(passphrase2, strlen(passphrase2)); - free(passphrase1); - free(passphrase2); - fprintf(thread_stdout, "Pass phrases do not match. Try again.\n"); - sshkeygen_cleanup(); - exit(1); - } - /* Destroy the other copy. */ - explicit_bzero(passphrase2, strlen(passphrase2)); - free(passphrase2); - } - - /* Save the file using the new passphrase. */ - if ((r = sshkey_save_private(private, identity_file, passphrase1, - comment, use_new_format, new_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s.", - identity_file, ssh_err(r)); - explicit_bzero(passphrase1, strlen(passphrase1)); - free(passphrase1); - sshkey_free(private); - free(comment); - sshkeygen_cleanup(); - exit(1); - } - /* Destroy the passphrase and the copy of the key in memory. */ - explicit_bzero(passphrase1, strlen(passphrase1)); - free(passphrase1); - sshkey_free(private); /* Destroys contents */ - free(comment); - - fprintf(thread_stdout, "Your identification has been saved with the new passphrase.\n"); - sshkeygen_cleanup(); - exit(0); -} - -/* - * Print the SSHFP RR. - */ -static int -do_print_resource_record(struct passwd *pw, char *fname, char *hname) -{ - struct sshkey *public; - char *comment = NULL; - struct stat st; - int r; - - if (fname == NULL) - fatal("%s: no filename", __func__); - if (stat(fname, &st) < 0) { - if (errno == ENOENT) - return 0; - fatal("%s: %s", fname, strerror(errno)); - } - if ((r = sshkey_load_public(fname, &public, &comment)) != 0) - fatal("Failed to read v2 public key from \"%s\": %s.", - fname, ssh_err(r)); - export_dns_rr(hname, public, stdout, print_generic); - sshkey_free(public); - free(comment); - return 1; -} - -/* - * Change the comment of a private key file. - */ -static void -do_change_comment(struct passwd *pw) -{ - char new_comment[1024], *comment, *passphrase; - struct sshkey *private; - struct sshkey *public; - struct stat st; - FILE *f; - int r, fd; - - if (!have_identity) - ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) - fatal("%s: %s", identity_file, strerror(errno)); - if ((r = sshkey_load_private(identity_file, "", - &private, &comment)) == 0) - passphrase = xstrdup(""); - else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) - fatal("Cannot load private key \"%s\": %s.", - identity_file, ssh_err(r)); - else { - if (identity_passphrase) - passphrase = xstrdup(identity_passphrase); - else if (identity_new_passphrase) - passphrase = xstrdup(identity_new_passphrase); - else - passphrase = read_passphrase("Enter passphrase: ", - RP_ALLOW_STDIN); - /* Try to load using the passphrase. */ - if ((r = sshkey_load_private(identity_file, passphrase, - &private, &comment)) != 0) { - explicit_bzero(passphrase, strlen(passphrase)); - free(passphrase); - fatal("Cannot load private key \"%s\": %s.", - identity_file, ssh_err(r)); - } - } - - if (private->type != KEY_ED25519 && private->type != KEY_XMSS && - !use_new_format) { - error("Comments are only supported for keys stored in " - "the new format (-o)."); - explicit_bzero(passphrase, strlen(passphrase)); - sshkey_free(private); - sshkeygen_cleanup(); - exit(1); - } - if (comment) - printf("Key now has comment '%s'\n", comment); - else - printf("Key now has no comment\n"); - - if (identity_comment) { - strlcpy(new_comment, identity_comment, sizeof(new_comment)); - } else { - printf("Enter new comment: "); - fflush(stdout); - if (!fgets(new_comment, sizeof(new_comment), stdin)) { - explicit_bzero(passphrase, strlen(passphrase)); - sshkey_free(private); - sshkeygen_cleanup(); - exit(1); - } - new_comment[strcspn(new_comment, "\n")] = '\0'; - } - - /* Save the file using the new passphrase. */ - if ((r = sshkey_save_private(private, identity_file, passphrase, - new_comment, use_new_format, new_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s", - identity_file, ssh_err(r)); - explicit_bzero(passphrase, strlen(passphrase)); - free(passphrase); - sshkey_free(private); - free(comment); - sshkeygen_cleanup(); - exit(1); - } - explicit_bzero(passphrase, strlen(passphrase)); - free(passphrase); - if ((r = sshkey_from_private(private, &public)) != 0) - fatal("sshkey_from_private failed: %s", ssh_err(r)); - sshkey_free(private); - - strlcat(identity_file, ".pub", sizeof(identity_file)); - fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); - if (fd == -1) - fatal("Could not save your public key in %s", identity_file); - f = fdopen(fd, "w"); - if (f == NULL) - fatal("fdopen %s failed: %s", identity_file, strerror(errno)); - if ((r = sshkey_write(public, f)) != 0) - fatal("write key failed: %s", ssh_err(r)); - sshkey_free(public); - fprintf(f, " %s\n", new_comment); - fclose(f); - - free(comment); - - fprintf(thread_stdout, "The comment in your key file has been changed.\n"); - sshkeygen_cleanup(); - exit(0); -} - -static void -add_flag_option(struct sshbuf *c, const char *name) -{ - int r; - - debug3("%s: %s", __func__, name); - if ((r = sshbuf_put_cstring(c, name)) != 0 || - (r = sshbuf_put_string(c, NULL, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); -} - -static void -add_string_option(struct sshbuf *c, const char *name, const char *value) -{ - struct sshbuf *b; - int r; - - debug3("%s: %s=%s", __func__, name, value); - if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - if ((r = sshbuf_put_cstring(b, value)) != 0 || - (r = sshbuf_put_cstring(c, name)) != 0 || - (r = sshbuf_put_stringb(c, b)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - sshbuf_free(b); -} - -#define OPTIONS_CRITICAL 1 -#define OPTIONS_EXTENSIONS 2 -static void -prepare_options_buf(struct sshbuf *c, int which) -{ - size_t i; - - sshbuf_reset(c); - if ((which & OPTIONS_CRITICAL) != 0 && - certflags_command != NULL) - add_string_option(c, "force-command", certflags_command); - if ((which & OPTIONS_EXTENSIONS) != 0 && - (certflags_flags & CERTOPT_X_FWD) != 0) - add_flag_option(c, "permit-X11-forwarding"); - if ((which & OPTIONS_EXTENSIONS) != 0 && - (certflags_flags & CERTOPT_AGENT_FWD) != 0) - add_flag_option(c, "permit-agent-forwarding"); - if ((which & OPTIONS_EXTENSIONS) != 0 && - (certflags_flags & CERTOPT_PORT_FWD) != 0) - add_flag_option(c, "permit-port-forwarding"); - if ((which & OPTIONS_EXTENSIONS) != 0 && - (certflags_flags & CERTOPT_PTY) != 0) - add_flag_option(c, "permit-pty"); - if ((which & OPTIONS_EXTENSIONS) != 0 && - (certflags_flags & CERTOPT_USER_RC) != 0) - add_flag_option(c, "permit-user-rc"); - if ((which & OPTIONS_CRITICAL) != 0 && - certflags_src_addr != NULL) - add_string_option(c, "source-address", certflags_src_addr); - for (i = 0; i < ncert_userext; i++) { - if ((cert_userext[i].crit && (which & OPTIONS_EXTENSIONS)) || - (!cert_userext[i].crit && (which & OPTIONS_CRITICAL))) - continue; - if (cert_userext[i].val == NULL) - add_flag_option(c, cert_userext[i].key); - else { - add_string_option(c, cert_userext[i].key, - cert_userext[i].val); - } - } -} - -static struct sshkey * -load_pkcs11_key(char *path) -{ -#ifdef ENABLE_PKCS11 - struct sshkey **keys = NULL, *public, *private = NULL; - int r, i, nkeys; - - if ((r = sshkey_load_public(path, &public, NULL)) != 0) - fatal("Couldn't load CA public key \"%s\": %s", - path, ssh_err(r)); - - nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys); - debug3("%s: %d keys", __func__, nkeys); - if (nkeys <= 0) - fatal("cannot read public key from pkcs11"); - for (i = 0; i < nkeys; i++) { - if (sshkey_equal_public(public, keys[i])) { - private = keys[i]; - continue; - } - sshkey_free(keys[i]); - } - free(keys); - sshkey_free(public); - return private; -#else - fatal("no pkcs11 support"); -#endif /* ENABLE_PKCS11 */ -} - -/* Signer for sshkey_certify_custom that uses the agent */ -static int -agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, - const char *alg, u_int compat, void *ctx) -{ - int *agent_fdp = (int *)ctx; - - return ssh_agent_sign(*agent_fdp, key, sigp, lenp, - data, datalen, alg, compat); -} - -static void -do_ca_sign(struct passwd *pw, int argc, char **argv) -{ - int r, i, fd, found, agent_fd = -1; - u_int n; - struct sshkey *ca, *public; - char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL; - FILE *f; - struct ssh_identitylist *agent_ids; - size_t j; - -#ifdef ENABLE_PKCS11 - pkcs11_init(1); -#endif - tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); - if (pkcs11provider != NULL) { - /* If a PKCS#11 token was specified then try to use it */ - if ((ca = load_pkcs11_key(tmp)) == NULL) - fatal("No PKCS#11 key matching %s found", ca_key_path); - } else if (prefer_agent) { - /* - * Agent signature requested. Try to use agent after making - * sure the public key specified is actually present in the - * agent. - */ - if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) - fatal("Cannot load CA public key %s: %s", - tmp, ssh_err(r)); - if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) - fatal("Cannot use public key for CA signature: %s", - ssh_err(r)); - if ((r = ssh_fetch_identitylist(agent_fd, &agent_ids)) != 0) - fatal("Retrieve agent key list: %s", ssh_err(r)); - found = 0; - for (j = 0; j < agent_ids->nkeys; j++) { - if (sshkey_equal(ca, agent_ids->keys[j])) { - found = 1; - break; - } - } - if (!found) - fatal("CA key %s not found in agent", tmp); - ssh_free_identitylist(agent_ids); - ca->flags |= SSHKEY_FLAG_EXT; - } else { - /* CA key is assumed to be a private key on the filesystem */ - ca = load_identity(tmp); - } - free(tmp); - - if (key_type_name != NULL && - sshkey_type_from_name(key_type_name) != ca->type) { - fatal("CA key type %s doesn't match specified %s", - sshkey_ssh_name(ca), key_type_name); - } - - for (i = 0; i < argc; i++) { - /* Split list of principals */ - n = 0; - if (cert_principals != NULL) { - otmp = tmp = xstrdup(cert_principals); - plist = NULL; - for (; (cp = strsep(&tmp, ",")) != NULL; n++) { - plist = xreallocarray(plist, n + 1, sizeof(*plist)); - if (*(plist[n] = xstrdup(cp)) == '\0') - fatal("Empty principal name"); - } - free(otmp); - } - if (n > SSHKEY_CERT_MAX_PRINCIPALS) - fatal("Too many certificate principals specified"); - - tmp = tilde_expand_filename(argv[i], pw->pw_uid); - if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) - fatal("%s: unable to open \"%s\": %s", - __func__, tmp, ssh_err(r)); - if (public->type != KEY_RSA && public->type != KEY_DSA && - public->type != KEY_ECDSA && public->type != KEY_ED25519 && - public->type != KEY_XMSS) - fatal("%s: key \"%s\" type %s cannot be certified", - __func__, tmp, sshkey_type(public)); - - /* Prepare certificate to sign */ - if ((r = sshkey_to_certified(public)) != 0) - fatal("Could not upgrade key %s to certificate: %s", - tmp, ssh_err(r)); - public->cert->type = cert_key_type; - public->cert->serial = (u_int64_t)cert_serial; - public->cert->key_id = xstrdup(cert_key_id); - public->cert->nprincipals = n; - public->cert->principals = plist; - public->cert->valid_after = cert_valid_from; - public->cert->valid_before = cert_valid_to; - prepare_options_buf(public->cert->critical, OPTIONS_CRITICAL); - prepare_options_buf(public->cert->extensions, - OPTIONS_EXTENSIONS); - if ((r = sshkey_from_private(ca, - &public->cert->signature_key)) != 0) - fatal("sshkey_from_private (ca key): %s", ssh_err(r)); - - if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { - if ((r = sshkey_certify_custom(public, ca, - key_type_name, agent_signer, &agent_fd)) != 0) - fatal("Couldn't certify key %s via agent: %s", - tmp, ssh_err(r)); - } else { - if ((sshkey_certify(public, ca, key_type_name)) != 0) - fatal("Couldn't certify key %s: %s", - tmp, ssh_err(r)); - } - - if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) - *cp = '\0'; - xasprintf(&out, "%s-cert.pub", tmp); - free(tmp); - - if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) - fatal("Could not open \"%s\" for writing: %s", out, - strerror(errno)); - if ((f = fdopen(fd, "w")) == NULL) - fatal("%s: fdopen: %s", __func__, strerror(errno)); - if ((r = sshkey_write(public, f)) != 0) - fatal("Could not write certified key to %s: %s", - out, ssh_err(r)); - fprintf(f, " %s\n", comment); - fclose(f); - - if (!quiet) { - sshkey_format_cert_validity(public->cert, - valid, sizeof(valid)); - logit("Signed %s key %s: id \"%s\" serial %llu%s%s " - "valid %s", sshkey_cert_type(public), - out, public->cert->key_id, - (unsigned long long)public->cert->serial, - cert_principals != NULL ? " for " : "", - cert_principals != NULL ? cert_principals : "", - valid); - } - - sshkey_free(public); - free(out); - } -#ifdef ENABLE_PKCS11 - pkcs11_terminate(); -#endif - sshkeygen_cleanup(); - exit(0); -} - -static u_int64_t -parse_relative_time(const char *s, time_t now) -{ - int64_t mul, secs; - - mul = *s == '-' ? -1 : 1; - - if ((secs = convtime(s + 1)) == -1) - fatal("Invalid relative certificate time %s", s); - if (mul == -1 && secs > now) - fatal("Certificate time %s cannot be represented", s); - return now + (u_int64_t)(secs * mul); -} - -static void -parse_cert_times(char *timespec) -{ - char *from, *to; - time_t now = time(NULL); - int64_t secs; - - /* +timespec relative to now */ - if (*timespec == '+' && strchr(timespec, ':') == NULL) { - if ((secs = convtime(timespec + 1)) == -1) - fatal("Invalid relative certificate life %s", timespec); - cert_valid_to = now + secs; - /* - * Backdate certificate one minute to avoid problems on hosts - * with poorly-synchronised clocks. - */ - cert_valid_from = ((now - 59)/ 60) * 60; - return; - } - - /* - * from:to, where - * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "always" - * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "forever" - */ - from = xstrdup(timespec); - to = strchr(from, ':'); - if (to == NULL || from == to || *(to + 1) == '\0') - fatal("Invalid certificate life specification %s", timespec); - *to++ = '\0'; - - if (*from == '-' || *from == '+') - cert_valid_from = parse_relative_time(from, now); - else if (strcmp(from, "always") == 0) - cert_valid_from = 0; - else if (parse_absolute_time(from, &cert_valid_from) != 0) - fatal("Invalid from time \"%s\"", from); - - if (*to == '-' || *to == '+') - cert_valid_to = parse_relative_time(to, now); - else if (strcmp(to, "forever") == 0) - cert_valid_to = ~(u_int64_t)0; - else if (parse_absolute_time(to, &cert_valid_to) != 0) - fatal("Invalid to time \"%s\"", to); - - if (cert_valid_to <= cert_valid_from) - fatal("Empty certificate validity interval"); - free(from); -} - -static void -add_cert_option(char *opt) -{ - char *val, *cp; - int iscrit = 0; - - if (strcasecmp(opt, "clear") == 0) - certflags_flags = 0; - else if (strcasecmp(opt, "no-x11-forwarding") == 0) - certflags_flags &= ~CERTOPT_X_FWD; - else if (strcasecmp(opt, "permit-x11-forwarding") == 0) - certflags_flags |= CERTOPT_X_FWD; - else if (strcasecmp(opt, "no-agent-forwarding") == 0) - certflags_flags &= ~CERTOPT_AGENT_FWD; - else if (strcasecmp(opt, "permit-agent-forwarding") == 0) - certflags_flags |= CERTOPT_AGENT_FWD; - else if (strcasecmp(opt, "no-port-forwarding") == 0) - certflags_flags &= ~CERTOPT_PORT_FWD; - else if (strcasecmp(opt, "permit-port-forwarding") == 0) - certflags_flags |= CERTOPT_PORT_FWD; - else if (strcasecmp(opt, "no-pty") == 0) - certflags_flags &= ~CERTOPT_PTY; - else if (strcasecmp(opt, "permit-pty") == 0) - certflags_flags |= CERTOPT_PTY; - else if (strcasecmp(opt, "no-user-rc") == 0) - certflags_flags &= ~CERTOPT_USER_RC; - else if (strcasecmp(opt, "permit-user-rc") == 0) - certflags_flags |= CERTOPT_USER_RC; - else if (strncasecmp(opt, "force-command=", 14) == 0) { - val = opt + 14; - if (*val == '\0') - fatal("Empty force-command option"); - if (certflags_command != NULL) - fatal("force-command already specified"); - certflags_command = xstrdup(val); - } else if (strncasecmp(opt, "source-address=", 15) == 0) { - val = opt + 15; - if (*val == '\0') - fatal("Empty source-address option"); - if (certflags_src_addr != NULL) - fatal("source-address already specified"); - if (addr_match_cidr_list(NULL, val) != 0) - fatal("Invalid source-address list"); - certflags_src_addr = xstrdup(val); - } else if (strncasecmp(opt, "extension:", 10) == 0 || - (iscrit = (strncasecmp(opt, "critical:", 9) == 0))) { - val = xstrdup(strchr(opt, ':') + 1); - if ((cp = strchr(val, '=')) != NULL) - *cp++ = '\0'; - cert_userext = xreallocarray(cert_userext, ncert_userext + 1, - sizeof(*cert_userext)); - cert_userext[ncert_userext].key = val; - cert_userext[ncert_userext].val = cp == NULL ? - NULL : xstrdup(cp); - cert_userext[ncert_userext].crit = iscrit; - ncert_userext++; - } else - fatal("Unsupported certificate option \"%s\"", opt); -} - -static void -show_options(struct sshbuf *optbuf, int in_critical) -{ - char *name, *arg; - struct sshbuf *options, *option = NULL; - int r; - - if ((options = sshbuf_fromb(optbuf)) == NULL) - fatal("%s: sshbuf_fromb failed", __func__); - while (sshbuf_len(options) != 0) { - sshbuf_free(option); - option = NULL; - if ((r = sshbuf_get_cstring(options, &name, NULL)) != 0 || - (r = sshbuf_froms(options, &option)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - printf(" %s", name); - if (!in_critical && - (strcmp(name, "permit-X11-forwarding") == 0 || - strcmp(name, "permit-agent-forwarding") == 0 || - strcmp(name, "permit-port-forwarding") == 0 || - strcmp(name, "permit-pty") == 0 || - strcmp(name, "permit-user-rc") == 0)) - printf("\n"); - else if (in_critical && - (strcmp(name, "force-command") == 0 || - strcmp(name, "source-address") == 0)) { - if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - printf(" %s\n", arg); - free(arg); - } else { - printf(" UNKNOWN OPTION (len %zu)\n", - sshbuf_len(option)); - sshbuf_reset(option); - } - free(name); - if (sshbuf_len(option) != 0) - fatal("Option corrupt: extra data at end"); - } - sshbuf_free(option); - sshbuf_free(options); -} - -static void -print_cert(struct sshkey *key) -{ - char valid[64], *key_fp, *ca_fp; - u_int i; - - key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); - ca_fp = sshkey_fingerprint(key->cert->signature_key, - fingerprint_hash, SSH_FP_DEFAULT); - if (key_fp == NULL || ca_fp == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); - sshkey_format_cert_validity(key->cert, valid, sizeof(valid)); - - printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), - sshkey_cert_type(key)); - printf(" Public key: %s %s\n", sshkey_type(key), key_fp); - printf(" Signing CA: %s %s\n", - sshkey_type(key->cert->signature_key), ca_fp); - printf(" Key ID: \"%s\"\n", key->cert->key_id); - printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); - printf(" Valid: %s\n", valid); - printf(" Principals: "); - if (key->cert->nprincipals == 0) - printf("(none)\n"); - else { - for (i = 0; i < key->cert->nprincipals; i++) - printf("\n %s", - key->cert->principals[i]); - printf("\n"); - } - printf(" Critical Options: "); - if (sshbuf_len(key->cert->critical) == 0) - printf("(none)\n"); - else { - printf("\n"); - show_options(key->cert->critical, 1); - } - printf(" Extensions: "); - if (sshbuf_len(key->cert->extensions) == 0) - printf("(none)\n"); - else { - printf("\n"); - show_options(key->cert->extensions, 0); - } -} - -static void -do_show_cert(struct passwd *pw) -{ - struct sshkey *key = NULL; - struct stat st; - int r, is_stdin = 0, ok = 0; - FILE *f; - char *cp, *line = NULL; - const char *path; - size_t linesize = 0; - u_long lnum = 0; - - if (!have_identity) - ask_filename(pw, "Enter file in which the key is"); - if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); - - path = identity_file; - if (strcmp(path, "-") == 0) { - f = stdin; - path = "(stdin)"; - is_stdin = 1; - } else if ((f = fopen(identity_file, "r")) == NULL) - fatal("fopen %s: %s", identity_file, strerror(errno)); - - while (getline(&line, &linesize, f) != -1) { - lnum++; - sshkey_free(key); - key = NULL; - /* Trim leading space and comments */ - cp = line + strspn(line, " \t"); - if (*cp == '#' || *cp == '\0') - continue; - if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new"); - if ((r = sshkey_read(key, &cp)) != 0) { - error("%s:%lu: invalid key: %s", path, - lnum, ssh_err(r)); - continue; - } - if (!sshkey_is_cert(key)) { - error("%s:%lu is not a certificate", path, lnum); - continue; - } - ok = 1; - if (!is_stdin && lnum == 1) - printf("%s:\n", path); - else - printf("%s:%lu:\n", path, lnum); - print_cert(key); - } - free(line); - sshkey_free(key); - fclose(f); - sshkeygen_cleanup(); - exit(ok ? 0 : 1); -} - -static void -load_krl(const char *path, struct ssh_krl **krlp) -{ - struct sshbuf *krlbuf; - int r, fd; - - if ((krlbuf = sshbuf_new()) == NULL) - fatal("sshbuf_new failed"); - if ((fd = open(path, O_RDONLY)) == -1) - fatal("open %s: %s", path, strerror(errno)); - if ((r = sshkey_load_file(fd, krlbuf)) != 0) - fatal("Unable to load KRL: %s", ssh_err(r)); - close(fd); - /* XXX check sigs */ - if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || - *krlp == NULL) - fatal("Invalid KRL file: %s", ssh_err(r)); - sshbuf_free(krlbuf); -} - -static void -hash_to_blob(const char *cp, u_char **blobp, size_t *lenp, - const char *file, u_long lnum) -{ - char *tmp; - size_t tlen; - struct sshbuf *b; - int r; - - if (strncmp(cp, "SHA256:", 7) != 0) - fatal("%s:%lu: unsupported hash algorithm", file, lnum); - cp += 7; - - /* - * OpenSSH base64 hashes omit trailing '=' - * characters; put them back for decode. - */ - tlen = strlen(cp); - tmp = xmalloc(tlen + 4 + 1); - strlcpy(tmp, cp, tlen + 1); - while ((tlen % 4) != 0) { - tmp[tlen++] = '='; - tmp[tlen] = '\0'; - } - if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - if ((r = sshbuf_b64tod(b, tmp)) != 0) - fatal("%s:%lu: decode hash failed: %s", file, lnum, ssh_err(r)); - free(tmp); - *lenp = sshbuf_len(b); - *blobp = xmalloc(*lenp); - memcpy(*blobp, sshbuf_ptr(b), *lenp); - sshbuf_free(b); -} - -static void -update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, - const struct sshkey *ca, struct ssh_krl *krl) -{ - struct sshkey *key = NULL; - u_long lnum = 0; - char *path, *cp, *ep, *line = NULL; - u_char *blob = NULL; - size_t blen = 0, linesize = 0; - unsigned long long serial, serial2; - int i, was_explicit_key, was_sha1, was_sha256, was_hash, r; - FILE *krl_spec; - - path = tilde_expand_filename(file, pw->pw_uid); - if (strcmp(path, "-") == 0) { - krl_spec = stdin; - free(path); - path = xstrdup("(standard input)"); - } else if ((krl_spec = fopen(path, "r")) == NULL) - fatal("fopen %s: %s", path, strerror(errno)); - - if (!quiet) - printf("Revoking from %s\n", path); - while (getline(&line, &linesize, krl_spec) != -1) { - lnum++; - was_explicit_key = was_sha1 = was_sha256 = was_hash = 0; - cp = line + strspn(line, " \t"); - /* Trim trailing space, comments and strip \n */ - for (i = 0, r = -1; cp[i] != '\0'; i++) { - if (cp[i] == '#' || cp[i] == '\n') { - cp[i] = '\0'; - break; - } - if (cp[i] == ' ' || cp[i] == '\t') { - /* Remember the start of a span of whitespace */ - if (r == -1) - r = i; - } else - r = -1; - } - if (r != -1) - cp[r] = '\0'; - if (*cp == '\0') - continue; - if (strncasecmp(cp, "serial:", 7) == 0) { - if (ca == NULL && !wild_ca) { - fatal("revoking certificates by serial number " - "requires specification of a CA key"); - } - cp += 7; - cp = cp + strspn(cp, " \t"); - errno = 0; - serial = strtoull(cp, &ep, 0); - if (*cp == '\0' || (*ep != '\0' && *ep != '-')) - fatal("%s:%lu: invalid serial \"%s\"", - path, lnum, cp); - if (errno == ERANGE && serial == ULLONG_MAX) - fatal("%s:%lu: serial out of range", - path, lnum); - serial2 = serial; - if (*ep == '-') { - cp = ep + 1; - errno = 0; - serial2 = strtoull(cp, &ep, 0); - if (*cp == '\0' || *ep != '\0') - fatal("%s:%lu: invalid serial \"%s\"", - path, lnum, cp); - if (errno == ERANGE && serial2 == ULLONG_MAX) - fatal("%s:%lu: serial out of range", - path, lnum); - if (serial2 <= serial) - fatal("%s:%lu: invalid serial range " - "%llu:%llu", path, lnum, - (unsigned long long)serial, - (unsigned long long)serial2); - } - if (ssh_krl_revoke_cert_by_serial_range(krl, - ca, serial, serial2) != 0) { - fatal("%s: revoke serial failed", - __func__); - } - } else if (strncasecmp(cp, "id:", 3) == 0) { - if (ca == NULL && !wild_ca) { - fatal("revoking certificates by key ID " - "requires specification of a CA key"); - } - cp += 3; - cp = cp + strspn(cp, " \t"); - if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0) - fatal("%s: revoke key ID failed", __func__); - } else if (strncasecmp(cp, "hash:", 5) == 0) { - cp += 5; - cp = cp + strspn(cp, " \t"); - hash_to_blob(cp, &blob, &blen, file, lnum); - r = ssh_krl_revoke_key_sha256(krl, blob, blen); - } else { - if (strncasecmp(cp, "key:", 4) == 0) { - cp += 4; - cp = cp + strspn(cp, " \t"); - was_explicit_key = 1; - } else if (strncasecmp(cp, "sha1:", 5) == 0) { - cp += 5; - cp = cp + strspn(cp, " \t"); - was_sha1 = 1; - } else if (strncasecmp(cp, "sha256:", 7) == 0) { - cp += 7; - cp = cp + strspn(cp, " \t"); - was_sha256 = 1; - /* - * Just try to process the line as a key. - * Parsing will fail if it isn't. - */ - } - if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new"); - if ((r = sshkey_read(key, &cp)) != 0) - fatal("%s:%lu: invalid key: %s", - path, lnum, ssh_err(r)); - if (was_explicit_key) - r = ssh_krl_revoke_key_explicit(krl, key); - else if (was_sha1) { - if (sshkey_fingerprint_raw(key, - SSH_DIGEST_SHA1, &blob, &blen) != 0) { - fatal("%s:%lu: fingerprint failed", - file, lnum); - } - r = ssh_krl_revoke_key_sha1(krl, blob, blen); - } else if (was_sha256) { - if (sshkey_fingerprint_raw(key, - SSH_DIGEST_SHA256, &blob, &blen) != 0) { - fatal("%s:%lu: fingerprint failed", - file, lnum); - } - r = ssh_krl_revoke_key_sha256(krl, blob, blen); - } else - r = ssh_krl_revoke_key(krl, key); - if (r != 0) - fatal("%s: revoke key failed: %s", - __func__, ssh_err(r)); - freezero(blob, blen); - blob = NULL; - blen = 0; - sshkey_free(key); - } - } - if (strcmp(path, "-") != 0) - fclose(krl_spec); - free(line); - free(path); -} - -static void -do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) -{ - struct ssh_krl *krl; - struct stat sb; - struct sshkey *ca = NULL; - int fd, i, r, wild_ca = 0; - char *tmp; - struct sshbuf *kbuf; - - if (*identity_file == '\0') - fatal("KRL generation requires an output file"); - if (stat(identity_file, &sb) == -1) { - if (errno != ENOENT) - fatal("Cannot access KRL \"%s\": %s", - identity_file, strerror(errno)); - if (updating) - fatal("KRL \"%s\" does not exist", identity_file); - } - if (ca_key_path != NULL) { - if (strcasecmp(ca_key_path, "none") == 0) - wild_ca = 1; - else { - tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); - if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) - fatal("Cannot load CA public key %s: %s", - tmp, ssh_err(r)); - free(tmp); - } - } - - if (updating) - load_krl(identity_file, &krl); - else if ((krl = ssh_krl_init()) == NULL) - fatal("couldn't create KRL"); - - if (cert_serial != 0) - ssh_krl_set_version(krl, cert_serial); - if (identity_comment != NULL) - ssh_krl_set_comment(krl, identity_comment); - - for (i = 0; i < argc; i++) - update_krl_from_file(pw, argv[i], wild_ca, ca, krl); - - if ((kbuf = sshbuf_new()) == NULL) - fatal("sshbuf_new failed"); - if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) - fatal("Couldn't generate KRL"); - if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) - fatal("open %s: %s", identity_file, strerror(errno)); - if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) != - sshbuf_len(kbuf)) - fatal("write %s: %s", identity_file, strerror(errno)); - close(fd); - sshbuf_free(kbuf); - ssh_krl_free(krl); - sshkey_free(ca); -} - -static void -do_check_krl(struct passwd *pw, int argc, char **argv) -{ - int i, r, ret = 0; - char *comment; - struct ssh_krl *krl; - struct sshkey *k; - - if (*identity_file == '\0') - fatal("KRL checking requires an input file"); - load_krl(identity_file, &krl); - for (i = 0; i < argc; i++) { - if ((r = sshkey_load_public(argv[i], &k, &comment)) != 0) - fatal("Cannot load public key %s: %s", - argv[i], ssh_err(r)); - r = ssh_krl_check_key(krl, k); - printf("%s%s%s%s: %s\n", argv[i], - *comment ? " (" : "", comment, *comment ? ")" : "", - r == 0 ? "ok" : "REVOKED"); - if (r != 0) - ret = 1; - sshkey_free(k); - free(comment); - } - ssh_krl_free(krl); - sshkeygen_cleanup(); - exit(ret); -} - -static void -usage(void) -{ - fprintf(stderr, - "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n" - " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" - " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" - " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" - " ssh-keygen -e [-m key_format] [-f input_keyfile]\n" - " ssh-keygen -y [-f input_keyfile]\n" - " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" - " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" - " ssh-keygen -B [-f input_keyfile]\n"); -#ifdef ENABLE_PKCS11 - fprintf(stderr, - " ssh-keygen -D pkcs11\n"); -#endif - fprintf(stderr, - " ssh-keygen -F hostname [-f known_hosts_file] [-l]\n" - " ssh-keygen -H [-f known_hosts_file]\n" - " ssh-keygen -R hostname [-f known_hosts_file]\n" - " ssh-keygen -r hostname [-f input_keyfile] [-g]\n" -#ifdef WITH_OPENSSL - " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" - " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" - " [-j start_line] [-K checkpt] [-W generator]\n" -#endif - " ssh-keygen -s ca_key -I certificate_identity [-h] [-U]\n" - " [-D pkcs11_provider] [-n principals] [-O option]\n" - " [-V validity_interval] [-z serial_number] file ...\n" - " ssh-keygen -L [-f input_keyfile]\n" - " ssh-keygen -A\n" - " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" - " file ...\n" - " ssh-keygen -Q -f krl_file file ...\n"); - sshkeygen_cleanup(); - exit(1); -} - -/* - * Main program for key management. - */ -int -main(int argc, char **argv) -{ - char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; - char *rr_hostname = NULL, *ep, *fp, *ra; - struct sshkey *private, *public; - struct passwd *pw; - struct stat st; - int r, opt, type, fd; - int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; - FILE *f; - const char *errstr; -#ifdef WITH_OPENSSL - /* Moduli generation/screening */ - char out_file[PATH_MAX], *checkpoint = NULL; - u_int32_t memory = 0, generator_wanted = 0; - int do_gen_candidates = 0, do_screen_candidates = 0; - unsigned long start_lineno = 0, lines_to_process = 0; - BIGNUM *start = NULL; -#endif - - extern int optind; - extern char *optarg; - - ssh_malloc_init(); /* must be called before any mallocs */ - /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ - sanitise_stdfd(); - - __progname = ssh_get_progname(argv[0]); - -#ifdef WITH_OPENSSL - OpenSSL_add_all_algorithms(); -#endif - log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - - seed_rng(); - - msetlocale(); - - /* we need this for the home * directory. */ - pw = getpwuid(getuid()); - if (!pw) - fatal("No user exists for uid %lu", (u_long)getuid()); - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %s", strerror(errno)); - - /* Remaining characters: Ydw */ - while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" - "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:" - "a:b:f:g:j:m:n:r:s:t:z:")) != -1) { - switch (opt) { - case 'A': - gen_all_hostkeys = 1; - break; - case 'b': - bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr); - if (errstr) - fatal("Bits has bad value %s (%s)", - optarg, errstr); - break; - case 'E': - fingerprint_hash = ssh_digest_alg_by_name(optarg); - if (fingerprint_hash == -1) - fatal("Invalid hash algorithm \"%s\"", optarg); - break; - case 'F': - find_host = 1; - rr_hostname = optarg; - break; - case 'H': - hash_hosts = 1; - break; - case 'I': - cert_key_id = optarg; - break; - case 'R': - delete_host = 1; - rr_hostname = optarg; - break; - case 'L': - show_cert = 1; - break; - case 'l': - print_fingerprint = 1; - break; - case 'B': - print_bubblebabble = 1; - break; - case 'm': - if (strcasecmp(optarg, "RFC4716") == 0 || - strcasecmp(optarg, "ssh2") == 0) { - convert_format = FMT_RFC4716; - break; - } - if (strcasecmp(optarg, "PKCS8") == 0) { - convert_format = FMT_PKCS8; - break; - } - if (strcasecmp(optarg, "PEM") == 0) { - convert_format = FMT_PEM; - use_new_format = 0; - break; - } - fatal("Unsupported conversion format \"%s\"", optarg); - case 'n': - cert_principals = optarg; - break; - case 'o': - /* no-op; new format is already the default */ - break; - case 'p': - change_passphrase = 1; - break; - case 'c': - change_comment = 1; - break; - case 'f': - if (strlcpy(identity_file, optarg, - sizeof(identity_file)) >= sizeof(identity_file)) - fatal("Identity filename too long"); - have_identity = 1; - break; - case 'g': - print_generic = 1; - break; - case 'P': - identity_passphrase = optarg; - break; - case 'N': - identity_new_passphrase = optarg; - break; - case 'Q': - check_krl = 1; - break; - case 'O': - add_cert_option(optarg); - break; - case 'Z': - new_format_cipher = optarg; - break; - case 'C': - identity_comment = optarg; - break; - case 'q': - quiet = 1; - break; - case 'e': - case 'x': - /* export key */ - convert_to = 1; - break; - case 'h': - cert_key_type = SSH2_CERT_TYPE_HOST; - certflags_flags = 0; - break; - case 'k': - gen_krl = 1; - break; - case 'i': - case 'X': - /* import key */ - convert_from = 1; - break; - case 'y': - print_public = 1; - break; - case 's': - ca_key_path = optarg; - break; - case 't': - key_type_name = optarg; - break; - case 'D': - pkcs11provider = optarg; - break; - case 'U': - prefer_agent = 1; - break; - case 'u': - update_krl = 1; - break; - case 'v': - if (log_level == SYSLOG_LEVEL_INFO) - log_level = SYSLOG_LEVEL_DEBUG1; - else { - if (log_level >= SYSLOG_LEVEL_DEBUG1 && - log_level < SYSLOG_LEVEL_DEBUG3) - log_level++; - } - break; - case 'r': - rr_hostname = optarg; - break; - case 'a': - rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); - if (errstr) - fatal("Invalid number: %s (%s)", - optarg, errstr); - break; - case 'V': - parse_cert_times(optarg); - break; - case 'z': - errno = 0; - cert_serial = strtoull(optarg, &ep, 10); - if (*optarg < '0' || *optarg > '9' || *ep != '\0' || - (errno == ERANGE && cert_serial == ULLONG_MAX)) - fatal("Invalid serial number \"%s\"", optarg); - break; -#ifdef WITH_OPENSSL - /* Moduli generation/screening */ - case 'G': - do_gen_candidates = 1; - if (strlcpy(out_file, optarg, sizeof(out_file)) >= - sizeof(out_file)) - fatal("Output filename too long"); - break; - case 'J': - lines_to_process = strtoul(optarg, NULL, 10); - break; - case 'j': - start_lineno = strtoul(optarg, NULL, 10); - break; - case 'K': - if (strlen(optarg) >= PATH_MAX) - fatal("Checkpoint filename too long"); - checkpoint = xstrdup(optarg); - break; - case 'M': - memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, - &errstr); - if (errstr) - fatal("Memory limit is %s: %s", errstr, optarg); - break; - case 'S': - /* XXX - also compare length against bits */ - if (BN_hex2bn(&start, optarg) == 0) - fatal("Invalid start point."); - break; - case 'T': - do_screen_candidates = 1; - if (strlcpy(out_file, optarg, sizeof(out_file)) >= - sizeof(out_file)) - fatal("Output filename too long"); - break; - case 'W': - generator_wanted = (u_int32_t)strtonum(optarg, 1, - UINT_MAX, &errstr); - if (errstr != NULL) - fatal("Desired generator invalid: %s (%s)", - optarg, errstr); - break; -#endif /* WITH_OPENSSL */ - case '?': - default: - usage(); - } - } - - /* reinit */ - log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1); - - argv += optind; - argc -= optind; - - if (ca_key_path != NULL) { - if (argc < 1 && !gen_krl) { - error("Too few arguments."); - usage(); - } - } else if (argc > 0 && !gen_krl && !check_krl) { - error("Too many arguments."); - usage(); - } - if (change_passphrase && change_comment) { - error("Can only have one of -p and -c."); - usage(); - } - if (print_fingerprint && (delete_host || hash_hosts)) { - error("Cannot use -l with -H or -R."); - usage(); - } - if (gen_krl) { - do_gen_krl(pw, update_krl, argc, argv); - return (0); - } - if (check_krl) { - do_check_krl(pw, argc, argv); - return (0); - } - if (ca_key_path != NULL) { - if (cert_key_id == NULL) - fatal("Must specify key id (-I) when certifying"); - do_ca_sign(pw, argc, argv); - } - if (show_cert) - do_show_cert(pw); - if (delete_host || hash_hosts || find_host) - do_known_hosts(pw, rr_hostname); - if (pkcs11provider != NULL) - do_download(pw); - if (print_fingerprint || print_bubblebabble) - do_fingerprint(pw); - if (change_passphrase) - do_change_passphrase(pw); - if (change_comment) - do_change_comment(pw); -#ifdef WITH_OPENSSL - if (convert_to) - do_convert_to(pw); - if (convert_from) - do_convert_from(pw); -#endif - if (print_public) - do_print_public(pw); - if (rr_hostname != NULL) { - unsigned int n = 0; - - if (have_identity) { - n = do_print_resource_record(pw, - identity_file, rr_hostname); - if (n == 0) - fprintf(thread_stderr, "%s: %s", identity_file, strerror(errno)); - sshkeygen_cleanup(); - exit(0); - } else { - - n += do_print_resource_record(pw, - _PATH_HOST_RSA_KEY_FILE, rr_hostname); - n += do_print_resource_record(pw, - _PATH_HOST_DSA_KEY_FILE, rr_hostname); - n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); - n += do_print_resource_record(pw, - _PATH_HOST_ED25519_KEY_FILE, rr_hostname); - n += do_print_resource_record(pw, - _PATH_HOST_XMSS_KEY_FILE, rr_hostname); - if (n == 0) - fprintf(thread_stderr, "no keys found."); - sshkeygen_cleanup(); - exit(0); - } - } - -#ifdef WITH_OPENSSL - if (do_gen_candidates) { - FILE *out = fopen(out_file, "w"); - - if (out == NULL) { - error("Couldn't open modulus candidate file \"%s\": %s", - out_file, strerror(errno)); - return (1); - } - if (bits == 0) - bits = DEFAULT_BITS; - if (gen_candidates(out, memory, bits, start) != 0) - fatal("modulus candidate generation failed"); - - return (0); - } - - if (do_screen_candidates) { - FILE *in; - FILE *out = fopen(out_file, "a"); - - if (have_identity && strcmp(identity_file, "-") != 0) { - if ((in = fopen(identity_file, "r")) == NULL) { - fatal("Couldn't open modulus candidate " - "file \"%s\": %s", identity_file, - strerror(errno)); - } - } else - in = stdin; - - if (out == NULL) { - fatal("Couldn't open moduli file \"%s\": %s", - out_file, strerror(errno)); - } - if (prime_test(in, out, rounds == 0 ? 100 : rounds, - generator_wanted, checkpoint, - start_lineno, lines_to_process) != 0) - fatal("modulus screening failed"); - return (0); - } -#endif - - if (gen_all_hostkeys) { - do_gen_all_hostkeys(pw); - return (0); - } - - if (key_type_name == NULL) - key_type_name = DEFAULT_KEY_TYPE_NAME; - - type = sshkey_type_from_name(key_type_name); - type_bits_valid(type, key_type_name, &bits); - - if (!quiet) - printf("Generating public/private %s key pair.\n", - key_type_name); - if ((r = sshkey_generate(type, bits, &private)) != 0) - fatal("sshkey_generate failed"); - if ((r = sshkey_from_private(private, &public)) != 0) - fatal("sshkey_from_private failed: %s\n", ssh_err(r)); - - if (!have_identity) - ask_filename(pw, "Enter file in which to save the key"); - - /* Create ~/.ssh directory if it doesn't already exist. */ - snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", - pw->pw_dir, _PATH_SSH_USER_DIR); - if (strstr(identity_file, dotsshdir) != NULL) { - if (stat(dotsshdir, &st) < 0) { - if (errno != ENOENT) { - error("Could not stat %s: %s", dotsshdir, - strerror(errno)); - } else if (mkdir(dotsshdir, 0700) < 0) { - error("Could not create directory '%s': %s", - dotsshdir, strerror(errno)); - } else if (!quiet) - printf("Created directory '%s'.\n", dotsshdir); - } - } - /* If the file already exists, ask the user to confirm. */ - if (stat(identity_file, &st) >= 0) { - char yesno[3]; - fprintf(thread_stdout, "%s already exists.\n", identity_file); - fprintf(thread_stdout, "Overwrite (y/n)? "); - fflush(thread_stdout); - if (fgets(yesno, sizeof(yesno), thread_stdin) == NULL) { - sshkeygen_cleanup(); - exit(1); - } - if (yesno[0] != 'y' && yesno[0] != 'Y') { - sshkeygen_cleanup(); - exit(1); - } - } - /* Ask for a passphrase (twice). */ - if (identity_passphrase) - passphrase1 = xstrdup(identity_passphrase); - else if (identity_new_passphrase) - passphrase1 = xstrdup(identity_new_passphrase); - else { -passphrase_again: - passphrase1 = - read_passphrase("Enter passphrase (empty for no " - "passphrase): ", RP_ALLOW_STDIN); - passphrase2 = read_passphrase("Enter same passphrase again: ", - RP_ALLOW_STDIN); - if (strcmp(passphrase1, passphrase2) != 0) { - /* - * The passphrases do not match. Clear them and - * retry. - */ - explicit_bzero(passphrase1, strlen(passphrase1)); - explicit_bzero(passphrase2, strlen(passphrase2)); - free(passphrase1); - free(passphrase2); - systemAlert("Passphrases do not match. Try again."); - // fprintf(thread_stdout, "Passphrases do not match. Try again.\n"); - goto passphrase_again; - } - /* Clear the other copy of the passphrase. */ - explicit_bzero(passphrase2, strlen(passphrase2)); - free(passphrase2); passphrase2 = NULL; - } - - if (identity_comment) { - strlcpy(comment, identity_comment, sizeof(comment)); - } else { - /* Create default comment field for the passphrase. */ - snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); - } - - /* Save the key with the given passphrase and comment. */ - if ((r = sshkey_save_private(private, identity_file, passphrase1, - comment, use_new_format, new_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s", - identity_file, ssh_err(r)); - explicit_bzero(passphrase1, strlen(passphrase1)); - free(passphrase1); - sshkeygen_cleanup(); - exit(1); - } - /* Clear the passphrase. */ - explicit_bzero(passphrase1, strlen(passphrase1)); - free(passphrase1); - - /* Clear the private key and the random number generator. */ - sshkey_free(private); - - if (!quiet) - printf("Your identification has been saved in %s.\n", identity_file); - - strlcat(identity_file, ".pub", sizeof(identity_file)); - if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) - fatal("Unable to save public key to %s: %s", - identity_file, strerror(errno)); - if ((f = fdopen(fd, "w")) == NULL) - fatal("fdopen %s failed: %s", identity_file, strerror(errno)); - if ((r = sshkey_write(public, f)) != 0) - error("write key failed: %s", ssh_err(r)); - fprintf(f, " %s\n", comment); - if (ferror(f) || fclose(f) != 0) - fatal("write public failed: %s", strerror(errno)); - - if (!quiet) { - fp = sshkey_fingerprint(public, fingerprint_hash, - SSH_FP_DEFAULT); - ra = sshkey_fingerprint(public, fingerprint_hash, - SSH_FP_RANDOMART); - if (fp == NULL || ra == NULL) - fatal("sshkey_fingerprint failed"); - printf("Your public key has been saved in %s.\n", - identity_file); - printf("The key fingerprint is:\n"); - printf("%s %s\n", fp, comment); - printf("The key's randomart image is:\n"); - printf("%s\n", ra); - free(ra); - free(fp); - } - - sshkey_free(public); - sshkeygen_cleanup(); - exit(0); -} diff --git a/ssh_keygen_110/ssh-pkcs11.c b/ssh_keygen_110/ssh-pkcs11.c deleted file mode 100644 index 775de964..00000000 --- a/ssh_keygen_110/ssh-pkcs11.c +++ /dev/null @@ -1,732 +0,0 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */ -/* - * Copyright (c) 2010 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#ifdef ENABLE_PKCS11 - -#include -#ifdef HAVE_SYS_TIME_H -# include -#endif -#include -#include - -#include -#include - -#include "openbsd-compat/sys-queue.h" -#include "openbsd-compat/openssl-compat.h" - -#include - -#define CRYPTOKI_COMPAT -#include "pkcs11.h" - -#include "log.h" -#include "misc.h" -#include "sshkey.h" -#include "ssh-pkcs11.h" -#include "xmalloc.h" - -struct pkcs11_slotinfo { - CK_TOKEN_INFO token; - CK_SESSION_HANDLE session; - int logged_in; -}; - -struct pkcs11_provider { - char *name; - void *handle; - CK_FUNCTION_LIST *function_list; - CK_INFO info; - CK_ULONG nslots; - CK_SLOT_ID *slotlist; - struct pkcs11_slotinfo *slotinfo; - int valid; - int refcount; - TAILQ_ENTRY(pkcs11_provider) next; -}; - -TAILQ_HEAD(, pkcs11_provider) pkcs11_providers; - -struct pkcs11_key { - struct pkcs11_provider *provider; - CK_ULONG slotidx; - int (*orig_finish)(RSA *rsa); - RSA_METHOD *rsa_method; - char *keyid; - int keyid_len; -}; - -int pkcs11_interactive = 0; - -int -pkcs11_init(int interactive) -{ - pkcs11_interactive = interactive; - TAILQ_INIT(&pkcs11_providers); - return (0); -} - -/* - * finalize a provider shared libarary, it's no longer usable. - * however, there might still be keys referencing this provider, - * so the actuall freeing of memory is handled by pkcs11_provider_unref(). - * this is called when a provider gets unregistered. - */ -static void -pkcs11_provider_finalize(struct pkcs11_provider *p) -{ - CK_RV rv; - CK_ULONG i; - - debug("pkcs11_provider_finalize: %p refcount %d valid %d", - p, p->refcount, p->valid); - if (!p->valid) - return; - for (i = 0; i < p->nslots; i++) { - if (p->slotinfo[i].session && - (rv = p->function_list->C_CloseSession( - p->slotinfo[i].session)) != CKR_OK) - error("C_CloseSession failed: %lu", rv); - } - if ((rv = p->function_list->C_Finalize(NULL)) != CKR_OK) - error("C_Finalize failed: %lu", rv); - p->valid = 0; - p->function_list = NULL; - dlclose(p->handle); -} - -/* - * remove a reference to the provider. - * called when a key gets destroyed or when the provider is unregistered. - */ -static void -pkcs11_provider_unref(struct pkcs11_provider *p) -{ - debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount); - if (--p->refcount <= 0) { - if (p->valid) - error("pkcs11_provider_unref: %p still valid", p); - free(p->slotlist); - free(p->slotinfo); - free(p); - } -} - -/* unregister all providers, keys might still point to the providers */ -void -pkcs11_terminate(void) -{ - struct pkcs11_provider *p; - - while ((p = TAILQ_FIRST(&pkcs11_providers)) != NULL) { - TAILQ_REMOVE(&pkcs11_providers, p, next); - pkcs11_provider_finalize(p); - pkcs11_provider_unref(p); - } -} - -/* lookup provider by name */ -static struct pkcs11_provider * -pkcs11_provider_lookup(char *provider_id) -{ - struct pkcs11_provider *p; - - TAILQ_FOREACH(p, &pkcs11_providers, next) { - debug("check %p %s", p, p->name); - if (!strcmp(provider_id, p->name)) - return (p); - } - return (NULL); -} - -/* unregister provider by name */ -int -pkcs11_del_provider(char *provider_id) -{ - struct pkcs11_provider *p; - - if ((p = pkcs11_provider_lookup(provider_id)) != NULL) { - TAILQ_REMOVE(&pkcs11_providers, p, next); - pkcs11_provider_finalize(p); - pkcs11_provider_unref(p); - return (0); - } - return (-1); -} - -/* openssl callback for freeing an RSA key */ -static int -pkcs11_rsa_finish(RSA *rsa) -{ - struct pkcs11_key *k11; - int rv = -1; - - if ((k11 = RSA_get_app_data(rsa)) != NULL) { - if (k11->orig_finish) - rv = k11->orig_finish(rsa); - if (k11->provider) - pkcs11_provider_unref(k11->provider); - RSA_meth_free(k11->rsa_method); - free(k11->keyid); - free(k11); - } - return (rv); -} - -/* find a single 'obj' for given attributes */ -static int -pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, - CK_ULONG nattr, CK_OBJECT_HANDLE *obj) -{ - CK_FUNCTION_LIST *f; - CK_SESSION_HANDLE session; - CK_ULONG nfound = 0; - CK_RV rv; - int ret = -1; - - f = p->function_list; - session = p->slotinfo[slotidx].session; - if ((rv = f->C_FindObjectsInit(session, attr, nattr)) != CKR_OK) { - error("C_FindObjectsInit failed (nattr %lu): %lu", nattr, rv); - return (-1); - } - if ((rv = f->C_FindObjects(session, obj, 1, &nfound)) != CKR_OK || - nfound != 1) { - debug("C_FindObjects failed (nfound %lu nattr %lu): %lu", - nfound, nattr, rv); - } else - ret = 0; - if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) - error("C_FindObjectsFinal failed: %lu", rv); - return (ret); -} - -/* openssl callback doing the actual signing operation */ -static int -pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, - int padding) -{ - struct pkcs11_key *k11; - struct pkcs11_slotinfo *si; - CK_FUNCTION_LIST *f; - CK_OBJECT_HANDLE obj; - CK_ULONG tlen = 0; - CK_RV rv; - CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; - CK_BBOOL true_val = CK_TRUE; - CK_MECHANISM mech = { - CKM_RSA_PKCS, NULL_PTR, 0 - }; - CK_ATTRIBUTE key_filter[] = { - {CKA_CLASS, NULL, sizeof(private_key_class) }, - {CKA_ID, NULL, 0}, - {CKA_SIGN, NULL, sizeof(true_val) } - }; - char *pin = NULL, prompt[1024]; - int rval = -1; - - key_filter[0].pValue = &private_key_class; - key_filter[2].pValue = &true_val; - - if ((k11 = RSA_get_app_data(rsa)) == NULL) { - error("RSA_get_app_data failed for rsa %p", rsa); - return (-1); - } - if (!k11->provider || !k11->provider->valid) { - error("no pkcs11 (valid) provider for rsa %p", rsa); - return (-1); - } - f = k11->provider->function_list; - si = &k11->provider->slotinfo[k11->slotidx]; - if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { - if (!pkcs11_interactive) { - error("need pin entry%s", (si->token.flags & - CKF_PROTECTED_AUTHENTICATION_PATH) ? - " on reader keypad" : ""); - return (-1); - } - if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) - verbose("Deferring PIN entry to reader keypad."); - else { - snprintf(prompt, sizeof(prompt), - "Enter PIN for '%s': ", si->token.label); - pin = read_passphrase(prompt, RP_ALLOW_EOF); - if (pin == NULL) - return (-1); /* bail out */ - } - rv = f->C_Login(si->session, CKU_USER, (u_char *)pin, - (pin != NULL) ? strlen(pin) : 0); - if (pin != NULL) { - explicit_bzero(pin, strlen(pin)); - free(pin); - } - if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { - error("C_Login failed: %lu", rv); - return (-1); - } - si->logged_in = 1; - } - key_filter[1].pValue = k11->keyid; - key_filter[1].ulValueLen = k11->keyid_len; - /* try to find object w/CKA_SIGN first, retry w/o */ - if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 && - pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) { - error("cannot find private key"); - } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { - error("C_SignInit failed: %lu", rv); - } else { - /* XXX handle CKR_BUFFER_TOO_SMALL */ - tlen = RSA_size(rsa); - rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen); - if (rv == CKR_OK) - rval = tlen; - else - error("C_Sign failed: %lu", rv); - } - return (rval); -} - -static int -pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, - int padding) -{ - return (-1); -} - -/* redirect private key operations for rsa key to pkcs11 token */ -static int -pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, - CK_ATTRIBUTE *keyid_attrib, RSA *rsa) -{ - struct pkcs11_key *k11; - const RSA_METHOD *def = RSA_get_default_method(); - - k11 = xcalloc(1, sizeof(*k11)); - k11->provider = provider; - provider->refcount++; /* provider referenced by RSA key */ - k11->slotidx = slotidx; - /* identify key object on smartcard */ - k11->keyid_len = keyid_attrib->ulValueLen; - if (k11->keyid_len > 0) { - k11->keyid = xmalloc(k11->keyid_len); - memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); - } - k11->rsa_method = RSA_meth_dup(def); - if (k11->rsa_method == NULL) - fatal("%s: RSA_meth_dup failed", __func__); - k11->orig_finish = RSA_meth_get_finish(def); - if (!RSA_meth_set1_name(k11->rsa_method, "pkcs11") || - !RSA_meth_set_priv_enc(k11->rsa_method, - pkcs11_rsa_private_encrypt) || - !RSA_meth_set_priv_dec(k11->rsa_method, - pkcs11_rsa_private_decrypt) || - !RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish)) - fatal("%s: setup pkcs11 method failed", __func__); - RSA_set_method(rsa, k11->rsa_method); - RSA_set_app_data(rsa, k11); - return (0); -} - -/* remove trailing spaces */ -static void -rmspace(u_char *buf, size_t len) -{ - size_t i; - - if (!len) - return; - for (i = len - 1; i > 0; i--) - if (i == len - 1 || buf[i] == ' ') - buf[i] = '\0'; - else - break; -} - -/* - * open a pkcs11 session and login if required. - * if pin == NULL we delay login until key use - */ -static int -pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) -{ - CK_RV rv; - CK_FUNCTION_LIST *f; - CK_SESSION_HANDLE session; - int login_required; - - f = p->function_list; - login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED; - if (pin && login_required && !strlen(pin)) { - error("pin required"); - return (-1); - } - if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| - CKF_SERIAL_SESSION, NULL, NULL, &session)) - != CKR_OK) { - error("C_OpenSession failed: %lu", rv); - return (-1); - } - if (login_required && pin) { - rv = f->C_Login(session, CKU_USER, - (u_char *)pin, strlen(pin)); - if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { - error("C_Login failed: %lu", rv); - if ((rv = f->C_CloseSession(session)) != CKR_OK) - error("C_CloseSession failed: %lu", rv); - return (-1); - } - p->slotinfo[slotidx].logged_in = 1; - } - p->slotinfo[slotidx].session = session; - return (0); -} - -/* - * lookup public keys for token in slot identified by slotidx, - * add 'wrapped' public keys to the 'keysp' array and increment nkeys. - * keysp points to an (possibly empty) array with *nkeys keys. - */ -static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG, - CK_ATTRIBUTE [], CK_ATTRIBUTE [3], struct sshkey ***, int *) - __attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE)))); - -static int -pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, - struct sshkey ***keysp, int *nkeys) -{ - CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; - CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; - CK_ATTRIBUTE pubkey_filter[] = { - { CKA_CLASS, NULL, sizeof(pubkey_class) } - }; - CK_ATTRIBUTE cert_filter[] = { - { CKA_CLASS, NULL, sizeof(cert_class) } - }; - CK_ATTRIBUTE pubkey_attribs[] = { - { CKA_ID, NULL, 0 }, - { CKA_MODULUS, NULL, 0 }, - { CKA_PUBLIC_EXPONENT, NULL, 0 } - }; - CK_ATTRIBUTE cert_attribs[] = { - { CKA_ID, NULL, 0 }, - { CKA_SUBJECT, NULL, 0 }, - { CKA_VALUE, NULL, 0 } - }; - pubkey_filter[0].pValue = &pubkey_class; - cert_filter[0].pValue = &cert_class; - - if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, pubkey_attribs, - keysp, nkeys) < 0 || - pkcs11_fetch_keys_filter(p, slotidx, cert_filter, cert_attribs, - keysp, nkeys) < 0) - return (-1); - return (0); -} - -static int -pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) -{ - int i; - - for (i = 0; i < *nkeys; i++) - if (sshkey_equal(key, (*keysp)[i])) - return (1); - return (0); -} - -static int -have_rsa_key(const RSA *rsa) -{ - const BIGNUM *rsa_n, *rsa_e; - - RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL); - return rsa_n != NULL && rsa_e != NULL; -} - -static int -pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, - CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3], - struct sshkey ***keysp, int *nkeys) -{ - struct sshkey *key; - RSA *rsa; - X509 *x509; - EVP_PKEY *evp; - int i; - const u_char *cp; - CK_RV rv; - CK_OBJECT_HANDLE obj; - CK_ULONG nfound; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *f; - - f = p->function_list; - session = p->slotinfo[slotidx].session; - /* setup a filter the looks for public keys */ - if ((rv = f->C_FindObjectsInit(session, filter, 1)) != CKR_OK) { - error("C_FindObjectsInit failed: %lu", rv); - return (-1); - } - while (1) { - /* XXX 3 attributes in attribs[] */ - for (i = 0; i < 3; i++) { - attribs[i].pValue = NULL; - attribs[i].ulValueLen = 0; - } - if ((rv = f->C_FindObjects(session, &obj, 1, &nfound)) != CKR_OK - || nfound == 0) - break; - /* found a key, so figure out size of the attributes */ - if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) - != CKR_OK) { - error("C_GetAttributeValue failed: %lu", rv); - continue; - } - /* - * Allow CKA_ID (always first attribute) to be empty, but - * ensure that none of the others are zero length. - * XXX assumes CKA_ID is always first. - */ - if (attribs[1].ulValueLen == 0 || - attribs[2].ulValueLen == 0) { - continue; - } - /* allocate buffers for attributes */ - for (i = 0; i < 3; i++) { - if (attribs[i].ulValueLen > 0) { - attribs[i].pValue = xmalloc( - attribs[i].ulValueLen); - } - } - - /* - * retrieve ID, modulus and public exponent of RSA key, - * or ID, subject and value for certificates. - */ - rsa = NULL; - if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) - != CKR_OK) { - error("C_GetAttributeValue failed: %lu", rv); - } else if (attribs[1].type == CKA_MODULUS ) { - if ((rsa = RSA_new()) == NULL) { - error("RSA_new failed"); - } else { - BIGNUM *rsa_n, *rsa_e; - - rsa_n = BN_bin2bn(attribs[1].pValue, - attribs[1].ulValueLen, NULL); - rsa_e = BN_bin2bn(attribs[2].pValue, - attribs[2].ulValueLen, NULL); - if (rsa_n != NULL && rsa_e != NULL) { - if (!RSA_set0_key(rsa, - rsa_n, rsa_e, NULL)) - fatal("%s: set key", __func__); - rsa_n = rsa_e = NULL; /* transferred */ - } - BN_free(rsa_n); - BN_free(rsa_e); - } - } else { - cp = attribs[2].pValue; - if ((x509 = X509_new()) == NULL) { - error("X509_new failed"); - } else if (d2i_X509(&x509, &cp, attribs[2].ulValueLen) - == NULL) { - error("d2i_X509 failed"); - } else if ((evp = X509_get_pubkey(x509)) == NULL || - EVP_PKEY_base_id(evp) != EVP_PKEY_RSA || - EVP_PKEY_get0_RSA(evp) == NULL) { - debug("X509_get_pubkey failed or no rsa"); - } else if ((rsa = RSAPublicKey_dup( - EVP_PKEY_get0_RSA(evp))) == NULL) { - error("RSAPublicKey_dup"); - } - X509_free(x509); - } - if (rsa && have_rsa_key(rsa) && - pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { - if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - key->rsa = rsa; - key->type = KEY_RSA; - key->flags |= SSHKEY_FLAG_EXT; - if (pkcs11_key_included(keysp, nkeys, key)) { - sshkey_free(key); - } else { - /* expand key array and add key */ - *keysp = xrecallocarray(*keysp, *nkeys, - *nkeys + 1, sizeof(struct sshkey *)); - (*keysp)[*nkeys] = key; - *nkeys = *nkeys + 1; - debug("have %d keys", *nkeys); - } - } else if (rsa) { - RSA_free(rsa); - } - for (i = 0; i < 3; i++) - free(attribs[i].pValue); - } - if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) - error("C_FindObjectsFinal failed: %lu", rv); - return (0); -} - -/* register a new provider, fails if provider already exists */ -int -pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) -{ - int nkeys, need_finalize = 0; - struct pkcs11_provider *p = NULL; - void *handle = NULL; - CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **); - CK_RV rv; - CK_FUNCTION_LIST *f = NULL; - CK_TOKEN_INFO *token; - CK_ULONG i; - - *keyp = NULL; - if (pkcs11_provider_lookup(provider_id) != NULL) { - debug("%s: provider already registered: %s", - __func__, provider_id); - goto fail; - } - /* open shared pkcs11-libarary */ - if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) { - error("dlopen %s failed: %s", provider_id, dlerror()); - goto fail; - } - if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { - error("dlsym(C_GetFunctionList) failed: %s", dlerror()); - goto fail; - } - p = xcalloc(1, sizeof(*p)); - p->name = xstrdup(provider_id); - p->handle = handle; - /* setup the pkcs11 callbacks */ - if ((rv = (*getfunctionlist)(&f)) != CKR_OK) { - error("C_GetFunctionList for provider %s failed: %lu", - provider_id, rv); - goto fail; - } - p->function_list = f; - if ((rv = f->C_Initialize(NULL)) != CKR_OK) { - error("C_Initialize for provider %s failed: %lu", - provider_id, rv); - goto fail; - } - need_finalize = 1; - if ((rv = f->C_GetInfo(&p->info)) != CKR_OK) { - error("C_GetInfo for provider %s failed: %lu", - provider_id, rv); - goto fail; - } - rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID)); - rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription)); - debug("provider %s: manufacturerID <%s> cryptokiVersion %d.%d" - " libraryDescription <%s> libraryVersion %d.%d", - provider_id, - p->info.manufacturerID, - p->info.cryptokiVersion.major, - p->info.cryptokiVersion.minor, - p->info.libraryDescription, - p->info.libraryVersion.major, - p->info.libraryVersion.minor); - if ((rv = f->C_GetSlotList(CK_TRUE, NULL, &p->nslots)) != CKR_OK) { - error("C_GetSlotList failed: %lu", rv); - goto fail; - } - if (p->nslots == 0) { - debug("%s: provider %s returned no slots", __func__, - provider_id); - goto fail; - } - p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID)); - if ((rv = f->C_GetSlotList(CK_TRUE, p->slotlist, &p->nslots)) - != CKR_OK) { - error("C_GetSlotList for provider %s failed: %lu", - provider_id, rv); - goto fail; - } - p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo)); - p->valid = 1; - nkeys = 0; - for (i = 0; i < p->nslots; i++) { - token = &p->slotinfo[i].token; - if ((rv = f->C_GetTokenInfo(p->slotlist[i], token)) - != CKR_OK) { - error("C_GetTokenInfo for provider %s slot %lu " - "failed: %lu", provider_id, (unsigned long)i, rv); - continue; - } - if ((token->flags & CKF_TOKEN_INITIALIZED) == 0) { - debug2("%s: ignoring uninitialised token in " - "provider %s slot %lu", __func__, - provider_id, (unsigned long)i); - continue; - } - rmspace(token->label, sizeof(token->label)); - rmspace(token->manufacturerID, sizeof(token->manufacturerID)); - rmspace(token->model, sizeof(token->model)); - rmspace(token->serialNumber, sizeof(token->serialNumber)); - debug("provider %s slot %lu: label <%s> manufacturerID <%s> " - "model <%s> serial <%s> flags 0x%lx", - provider_id, (unsigned long)i, - token->label, token->manufacturerID, token->model, - token->serialNumber, token->flags); - /* open session, login with pin and retrieve public keys */ - if (pkcs11_open_session(p, i, pin) == 0) - pkcs11_fetch_keys(p, i, keyp, &nkeys); - } - if (nkeys > 0) { - TAILQ_INSERT_TAIL(&pkcs11_providers, p, next); - p->refcount++; /* add to provider list */ - return (nkeys); - } - debug("%s: provider %s returned no keys", __func__, provider_id); - /* don't add the provider, since it does not have any keys */ -fail: - if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) - error("C_Finalize for provider %s failed: %lu", - provider_id, rv); - if (p) { - free(p->slotlist); - free(p->slotinfo); - free(p); - } - if (handle) - dlclose(handle); - return (-1); -} - -#else - -int -pkcs11_init(int interactive) -{ - return (0); -} - -void -pkcs11_terminate(void) -{ - return; -} - -#endif /* ENABLE_PKCS11 */ diff --git a/ssh_keygen_110/ssh-pkcs11.h b/ssh_keygen_110/ssh-pkcs11.h deleted file mode 100644 index 0ced74f2..00000000 --- a/ssh_keygen_110/ssh-pkcs11.h +++ /dev/null @@ -1,24 +0,0 @@ -/* $OpenBSD: ssh-pkcs11.h,v 1.4 2015/01/15 09:40:00 djm Exp $ */ -/* - * Copyright (c) 2010 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -int pkcs11_init(int); -void pkcs11_terminate(void); -int pkcs11_add_provider(char *, char *, struct sshkey ***); -int pkcs11_del_provider(char *); - -#if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11) -#undef ENABLE_PKCS11 -#endif diff --git a/ssh_keygen_110/ssh-rsa.c b/ssh_keygen_110/ssh-rsa.c deleted file mode 100644 index 9b14f9a9..00000000 --- a/ssh_keygen_110/ssh-rsa.c +++ /dev/null @@ -1,449 +0,0 @@ -/* $OpenBSD: ssh-rsa.c,v 1.67 2018/07/03 11:39:54 djm Exp $ */ -/* - * Copyright (c) 2000, 2003 Markus Friedl - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include - -#include -#include - -#include -#include - -#include "sshbuf.h" -#include "compat.h" -#include "ssherr.h" -#define SSHKEY_INTERNAL -#include "sshkey.h" -#include "digest.h" -#include "log.h" - -#include "openbsd-compat/openssl-compat.h" - -static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); - -static const char * -rsa_hash_alg_ident(int hash_alg) -{ - switch (hash_alg) { - case SSH_DIGEST_SHA1: - return "ssh-rsa"; - case SSH_DIGEST_SHA256: - return "rsa-sha2-256"; - case SSH_DIGEST_SHA512: - return "rsa-sha2-512"; - } - return NULL; -} - -/* - * Returns the hash algorithm ID for a given algorithm identifier as used - * inside the signature blob, - */ -static int -rsa_hash_id_from_ident(const char *ident) -{ - if (strcmp(ident, "ssh-rsa") == 0) - return SSH_DIGEST_SHA1; - if (strcmp(ident, "rsa-sha2-256") == 0) - return SSH_DIGEST_SHA256; - if (strcmp(ident, "rsa-sha2-512") == 0) - return SSH_DIGEST_SHA512; - return -1; -} - -/* - * Return the hash algorithm ID for the specified key name. This includes - * all the cases of rsa_hash_id_from_ident() but also the certificate key - * types. - */ -static int -rsa_hash_id_from_keyname(const char *alg) -{ - int r; - - if ((r = rsa_hash_id_from_ident(alg)) != -1) - return r; - if (strcmp(alg, "ssh-rsa-cert-v01@openssh.com") == 0) - return SSH_DIGEST_SHA1; - if (strcmp(alg, "rsa-sha2-256-cert-v01@openssh.com") == 0) - return SSH_DIGEST_SHA256; - if (strcmp(alg, "rsa-sha2-512-cert-v01@openssh.com") == 0) - return SSH_DIGEST_SHA512; - return -1; -} - -static int -rsa_hash_alg_nid(int type) -{ - switch (type) { - case SSH_DIGEST_SHA1: - return NID_sha1; - case SSH_DIGEST_SHA256: - return NID_sha256; - case SSH_DIGEST_SHA512: - return NID_sha512; - default: - return -1; - } -} - -int -ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp) -{ - const BIGNUM *rsa_p, *rsa_q, *rsa_d; - BIGNUM *aux = NULL, *d_consttime = NULL; - BIGNUM *rsa_dmq1 = NULL, *rsa_dmp1 = NULL, *rsa_iqmp = NULL; - BN_CTX *ctx = NULL; - int r; - - if (key == NULL || key->rsa == NULL || - sshkey_type_plain(key->type) != KEY_RSA) - return SSH_ERR_INVALID_ARGUMENT; - - RSA_get0_key(key->rsa, NULL, NULL, &rsa_d); - RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); - - if ((ctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((aux = BN_new()) == NULL || - (rsa_dmq1 = BN_new()) == NULL || - (rsa_dmp1 = BN_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((d_consttime = BN_dup(rsa_d)) == NULL || - (rsa_iqmp = BN_dup(iqmp)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - BN_set_flags(aux, BN_FLG_CONSTTIME); - BN_set_flags(d_consttime, BN_FLG_CONSTTIME); - - if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) || - (BN_mod(rsa_dmq1, d_consttime, aux, ctx) == 0) || - (BN_sub(aux, rsa_p, BN_value_one()) == 0) || - (BN_mod(rsa_dmp1, d_consttime, aux, ctx) == 0)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (!RSA_set0_crt_params(key->rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_dmp1 = rsa_dmq1 = rsa_iqmp = NULL; /* transferred */ - /* success */ - r = 0; - out: - BN_clear_free(aux); - BN_clear_free(d_consttime); - BN_clear_free(rsa_dmp1); - BN_clear_free(rsa_dmq1); - BN_clear_free(rsa_iqmp); - BN_CTX_free(ctx); - return r; -} - -/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ -int -ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *alg_ident) -{ - const BIGNUM *rsa_n; - u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; - size_t slen = 0; - u_int dlen, len; - int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL; - - if (lenp != NULL) - *lenp = 0; - if (sigp != NULL) - *sigp = NULL; - - if (alg_ident == NULL || strlen(alg_ident) == 0) - hash_alg = SSH_DIGEST_SHA1; - else - hash_alg = rsa_hash_id_from_keyname(alg_ident); - if (key == NULL || key->rsa == NULL || hash_alg == -1 || - sshkey_type_plain(key->type) != KEY_RSA) - return SSH_ERR_INVALID_ARGUMENT; - RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); - if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) - return SSH_ERR_KEY_LENGTH; - slen = RSA_size(key->rsa); - if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) - return SSH_ERR_INVALID_ARGUMENT; - - /* hash the data */ - nid = rsa_hash_alg_nid(hash_alg); - if ((dlen = ssh_digest_bytes(hash_alg)) == 0) - return SSH_ERR_INTERNAL_ERROR; - if ((ret = ssh_digest_memory(hash_alg, data, datalen, - digest, sizeof(digest))) != 0) - goto out; - - if ((sig = malloc(slen)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - - if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (len < slen) { - size_t diff = slen - len; - memmove(sig + diff, sig, len); - explicit_bzero(sig, diff); - } else if (len > slen) { - ret = SSH_ERR_INTERNAL_ERROR; - goto out; - } - /* encode signature */ - if ((b = sshbuf_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((ret = sshbuf_put_cstring(b, rsa_hash_alg_ident(hash_alg))) != 0 || - (ret = sshbuf_put_string(b, sig, slen)) != 0) - goto out; - len = sshbuf_len(b); - if (sigp != NULL) { - if ((*sigp = malloc(len)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*sigp, sshbuf_ptr(b), len); - } - if (lenp != NULL) - *lenp = len; - ret = 0; - out: - explicit_bzero(digest, sizeof(digest)); - freezero(sig, slen); - sshbuf_free(b); - return ret; -} - -int -ssh_rsa_verify(const struct sshkey *key, - const u_char *sig, size_t siglen, const u_char *data, size_t datalen, - const char *alg) -{ - const BIGNUM *rsa_n; - char *sigtype = NULL; - int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; - size_t len = 0, diff, modlen, dlen; - struct sshbuf *b = NULL; - u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; - - if (key == NULL || key->rsa == NULL || - sshkey_type_plain(key->type) != KEY_RSA || - sig == NULL || siglen == 0) - return SSH_ERR_INVALID_ARGUMENT; - RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); - if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) - return SSH_ERR_KEY_LENGTH; - - if ((b = sshbuf_from(sig, siglen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((hash_alg = rsa_hash_id_from_ident(sigtype)) == -1) { - ret = SSH_ERR_KEY_TYPE_MISMATCH; - goto out; - } - /* - * Allow ssh-rsa-cert-v01 certs to generate SHA2 signatures for - * legacy reasons, but otherwise the signature type should match. - */ - if (alg != NULL && strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { - if ((want_alg = rsa_hash_id_from_keyname(alg)) == -1) { - ret = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if (hash_alg != want_alg) { - ret = SSH_ERR_SIGNATURE_INVALID; - goto out; - } - } - if (sshbuf_get_string(b, &sigblob, &len) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (sshbuf_len(b) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; - } - /* RSA_verify expects a signature of RSA_size */ - modlen = RSA_size(key->rsa); - if (len > modlen) { - ret = SSH_ERR_KEY_BITS_MISMATCH; - goto out; - } else if (len < modlen) { - diff = modlen - len; - osigblob = sigblob; - if ((sigblob = realloc(sigblob, modlen)) == NULL) { - sigblob = osigblob; /* put it back for clear/free */ - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memmove(sigblob + diff, sigblob, len); - explicit_bzero(sigblob, diff); - len = modlen; - } - if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { - ret = SSH_ERR_INTERNAL_ERROR; - goto out; - } - if ((ret = ssh_digest_memory(hash_alg, data, datalen, - digest, sizeof(digest))) != 0) - goto out; - - ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, - key->rsa); - out: - freezero(sigblob, len); - free(sigtype); - sshbuf_free(b); - explicit_bzero(digest, sizeof(digest)); - return ret; -} - -/* - * See: - * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ - * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn - */ - -/* - * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) - * oiw(14) secsig(3) algorithms(2) 26 } - */ -static const u_char id_sha1[] = { - 0x30, 0x21, /* type Sequence, length 0x21 (33) */ - 0x30, 0x09, /* type Sequence, length 0x09 */ - 0x06, 0x05, /* type OID, length 0x05 */ - 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */ - 0x05, 0x00, /* NULL */ - 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ -}; - -/* - * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html - * id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) - * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) - * id-sha256(1) } - */ -static const u_char id_sha256[] = { - 0x30, 0x31, /* type Sequence, length 0x31 (49) */ - 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ - 0x06, 0x09, /* type OID, length 0x09 */ - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */ - 0x05, 0x00, /* NULL */ - 0x04, 0x20 /* Octet string, length 0x20 (32), followed by sha256 hash */ -}; - -/* - * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html - * id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) - * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) - * id-sha256(3) } - */ -static const u_char id_sha512[] = { - 0x30, 0x51, /* type Sequence, length 0x51 (81) */ - 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ - 0x06, 0x09, /* type OID, length 0x09 */ - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */ - 0x05, 0x00, /* NULL */ - 0x04, 0x40 /* Octet string, length 0x40 (64), followed by sha512 hash */ -}; - -static int -rsa_hash_alg_oid(int hash_alg, const u_char **oidp, size_t *oidlenp) -{ - switch (hash_alg) { - case SSH_DIGEST_SHA1: - *oidp = id_sha1; - *oidlenp = sizeof(id_sha1); - break; - case SSH_DIGEST_SHA256: - *oidp = id_sha256; - *oidlenp = sizeof(id_sha256); - break; - case SSH_DIGEST_SHA512: - *oidp = id_sha512; - *oidlenp = sizeof(id_sha512); - break; - default: - return SSH_ERR_INVALID_ARGUMENT; - } - return 0; -} - -static int -openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, - u_char *sigbuf, size_t siglen, RSA *rsa) -{ - size_t rsasize = 0, oidlen = 0, hlen = 0; - int ret, len, oidmatch, hashmatch; - const u_char *oid = NULL; - u_char *decrypted = NULL; - - if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0) - return ret; - ret = SSH_ERR_INTERNAL_ERROR; - hlen = ssh_digest_bytes(hash_alg); - if (hashlen != hlen) { - ret = SSH_ERR_INVALID_ARGUMENT; - goto done; - } - rsasize = RSA_size(rsa); - if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM || - siglen == 0 || siglen > rsasize) { - ret = SSH_ERR_INVALID_ARGUMENT; - goto done; - } - if ((decrypted = malloc(rsasize)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto done; - } - if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, - RSA_PKCS1_PADDING)) < 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto done; - } - if (len < 0 || (size_t)len != hlen + oidlen) { - ret = SSH_ERR_INVALID_FORMAT; - goto done; - } - oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; - hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; - if (!oidmatch || !hashmatch) { - ret = SSH_ERR_SIGNATURE_INVALID; - goto done; - } - ret = 0; -done: - freezero(decrypted, rsasize); - return ret; -} -#endif /* WITH_OPENSSL */ diff --git a/ssh_keygen_110/ssh.h b/ssh_keygen_110/ssh.h deleted file mode 100644 index 5abfd7a6..00000000 --- a/ssh_keygen_110/ssh.h +++ /dev/null @@ -1,95 +0,0 @@ -/* $OpenBSD: ssh.h,v 1.88 2018/06/06 18:29:18 markus Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -/* Cipher used for encrypting authentication files. */ -#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES - -/* Default port number. */ -#define SSH_DEFAULT_PORT 22 - -/* - * Maximum number of certificate files that can be specified - * in configuration files or on the command line. - */ -#define SSH_MAX_CERTIFICATE_FILES 100 - -/* - * Maximum number of RSA authentication identity files that can be specified - * in configuration files or on the command line. - */ -#define SSH_MAX_IDENTITY_FILES 100 - -/* - * Major protocol version. Different version indicates major incompatibility - * that prevents communication. - * - * Minor protocol version. Different version indicates minor incompatibility - * that does not prevent interoperation. - */ -#define PROTOCOL_MAJOR_1 1 -#define PROTOCOL_MINOR_1 5 - -/* We support only SSH2 */ -#define PROTOCOL_MAJOR_2 2 -#define PROTOCOL_MINOR_2 0 - -/* - * Name for the service. The port named by this service overrides the - * default port if present. - */ -#define SSH_SERVICE_NAME "ssh" - -/* - * Name of the environment variable containing the process ID of the - * authentication agent. - */ -#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" - -/* - * Name of the environment variable containing the pathname of the - * authentication socket. - */ -#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" - -/* - * Environment variable for overwriting the default location of askpass - */ -#define SSH_ASKPASS_ENV "SSH_ASKPASS" - -/* - * Force host key length and server key length to differ by at least this - * many bits. This is to make double encryption with rsaref work. - */ -#define SSH_KEY_BITS_RESERVED 128 - -/* - * Length of the session key in bytes. (Specified as 256 bits in the - * protocol.) - */ -#define SSH_SESSION_KEY_LENGTH 32 - -/* Used to identify ``EscapeChar none'' */ -#define SSH_ESCAPECHAR_NONE -2 - -/* - * unprivileged user when UsePrivilegeSeparation=yes; - * sshd will change its privileges to this user and its - * primary group. - */ -#ifndef SSH_PRIVSEP_USER -#define SSH_PRIVSEP_USER "sshd" -#endif - -/* Listen backlog for sshd, ssh-agent and forwarding sockets */ -#define SSH_LISTEN_BACKLOG 128 diff --git a/ssh_keygen_110/ssh2.h b/ssh_keygen_110/ssh2.h deleted file mode 100644 index f2e37c96..00000000 --- a/ssh_keygen_110/ssh2.h +++ /dev/null @@ -1,174 +0,0 @@ -/* $OpenBSD: ssh2.h,v 1.18 2016/05/04 14:22:33 markus Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * draft-ietf-secsh-architecture-05.txt - * - * Transport layer protocol: - * - * 1-19 Transport layer generic (e.g. disconnect, ignore, debug, - * etc) - * 20-29 Algorithm negotiation - * 30-49 Key exchange method specific (numbers can be reused for - * different authentication methods) - * - * User authentication protocol: - * - * 50-59 User authentication generic - * 60-79 User authentication method specific (numbers can be reused - * for different authentication methods) - * - * Connection protocol: - * - * 80-89 Connection protocol generic - * 90-127 Channel related messages - * - * Reserved for client protocols: - * - * 128-191 Reserved - * - * Local extensions: - * - * 192-255 Local extensions - */ - -/* special marker for no message */ - -#define SSH_MSG_NONE 0 - -/* ranges */ - -#define SSH2_MSG_TRANSPORT_MIN 1 -#define SSH2_MSG_TRANSPORT_MAX 49 -#define SSH2_MSG_USERAUTH_MIN 50 -#define SSH2_MSG_USERAUTH_MAX 79 -#define SSH2_MSG_USERAUTH_PER_METHOD_MIN 60 -#define SSH2_MSG_USERAUTH_PER_METHOD_MAX SSH2_MSG_USERAUTH_MAX -#define SSH2_MSG_CONNECTION_MIN 80 -#define SSH2_MSG_CONNECTION_MAX 127 -#define SSH2_MSG_RESERVED_MIN 128 -#define SSH2_MSG_RESERVED_MAX 191 -#define SSH2_MSG_LOCAL_MIN 192 -#define SSH2_MSG_LOCAL_MAX 255 -#define SSH2_MSG_MIN 1 -#define SSH2_MSG_MAX 255 - -/* transport layer: generic */ - -#define SSH2_MSG_DISCONNECT 1 -#define SSH2_MSG_IGNORE 2 -#define SSH2_MSG_UNIMPLEMENTED 3 -#define SSH2_MSG_DEBUG 4 -#define SSH2_MSG_SERVICE_REQUEST 5 -#define SSH2_MSG_SERVICE_ACCEPT 6 -#define SSH2_MSG_EXT_INFO 7 - -/* transport layer: alg negotiation */ - -#define SSH2_MSG_KEXINIT 20 -#define SSH2_MSG_NEWKEYS 21 - -/* transport layer: kex specific messages, can be reused */ - -#define SSH2_MSG_KEXDH_INIT 30 -#define SSH2_MSG_KEXDH_REPLY 31 - -/* dh-group-exchange */ -#define SSH2_MSG_KEX_DH_GEX_REQUEST_OLD 30 -#define SSH2_MSG_KEX_DH_GEX_GROUP 31 -#define SSH2_MSG_KEX_DH_GEX_INIT 32 -#define SSH2_MSG_KEX_DH_GEX_REPLY 33 -#define SSH2_MSG_KEX_DH_GEX_REQUEST 34 - -/* ecdh */ -#define SSH2_MSG_KEX_ECDH_INIT 30 -#define SSH2_MSG_KEX_ECDH_REPLY 31 - -/* user authentication: generic */ - -#define SSH2_MSG_USERAUTH_REQUEST 50 -#define SSH2_MSG_USERAUTH_FAILURE 51 -#define SSH2_MSG_USERAUTH_SUCCESS 52 -#define SSH2_MSG_USERAUTH_BANNER 53 - -/* user authentication: method specific, can be reused */ - -#define SSH2_MSG_USERAUTH_PK_OK 60 -#define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 -#define SSH2_MSG_USERAUTH_INFO_REQUEST 60 -#define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 - -/* connection protocol: generic */ - -#define SSH2_MSG_GLOBAL_REQUEST 80 -#define SSH2_MSG_REQUEST_SUCCESS 81 -#define SSH2_MSG_REQUEST_FAILURE 82 - -/* channel related messages */ - -#define SSH2_MSG_CHANNEL_OPEN 90 -#define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 -#define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 -#define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 -#define SSH2_MSG_CHANNEL_DATA 94 -#define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 -#define SSH2_MSG_CHANNEL_EOF 96 -#define SSH2_MSG_CHANNEL_CLOSE 97 -#define SSH2_MSG_CHANNEL_REQUEST 98 -#define SSH2_MSG_CHANNEL_SUCCESS 99 -#define SSH2_MSG_CHANNEL_FAILURE 100 - -/* disconnect reason code */ - -#define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 -#define SSH2_DISCONNECT_PROTOCOL_ERROR 2 -#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 -#define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 -#define SSH2_DISCONNECT_RESERVED 4 -#define SSH2_DISCONNECT_MAC_ERROR 5 -#define SSH2_DISCONNECT_COMPRESSION_ERROR 6 -#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 -#define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 -#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 -#define SSH2_DISCONNECT_CONNECTION_LOST 10 -#define SSH2_DISCONNECT_BY_APPLICATION 11 -#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 -#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 -#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 -#define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 - -/* misc */ - -#define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 -#define SSH2_OPEN_CONNECT_FAILED 2 -#define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 -#define SSH2_OPEN_RESOURCE_SHORTAGE 4 - -#define SSH2_EXTENDED_DATA_STDERR 1 - -/* Certificate types for OpenSSH certificate keys extension */ -#define SSH2_CERT_TYPE_USER 1 -#define SSH2_CERT_TYPE_HOST 2 diff --git a/ssh_keygen_110/sshbuf-getput-basic.c b/ssh_keygen_110/sshbuf-getput-basic.c deleted file mode 100644 index 50648258..00000000 --- a/ssh_keygen_110/sshbuf-getput-basic.c +++ /dev/null @@ -1,464 +0,0 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.7 2017/06/01 04:51:58 djm Exp $ */ -/* - * Copyright (c) 2011 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define SSHBUF_INTERNAL -#include "includes.h" - -#include - -#include -#include -#include -#include - -#include "ssherr.h" -#include "sshbuf.h" - -int -sshbuf_get(struct sshbuf *buf, void *v, size_t len) -{ - const u_char *p = sshbuf_ptr(buf); - int r; - - if ((r = sshbuf_consume(buf, len)) < 0) - return r; - if (v != NULL && len != 0) - memcpy(v, p, len); - return 0; -} - -int -sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp) -{ - const u_char *p = sshbuf_ptr(buf); - int r; - - if ((r = sshbuf_consume(buf, 8)) < 0) - return r; - if (valp != NULL) - *valp = PEEK_U64(p); - return 0; -} - -int -sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp) -{ - const u_char *p = sshbuf_ptr(buf); - int r; - - if ((r = sshbuf_consume(buf, 4)) < 0) - return r; - if (valp != NULL) - *valp = PEEK_U32(p); - return 0; -} - -int -sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp) -{ - const u_char *p = sshbuf_ptr(buf); - int r; - - if ((r = sshbuf_consume(buf, 2)) < 0) - return r; - if (valp != NULL) - *valp = PEEK_U16(p); - return 0; -} - -int -sshbuf_get_u8(struct sshbuf *buf, u_char *valp) -{ - const u_char *p = sshbuf_ptr(buf); - int r; - - if ((r = sshbuf_consume(buf, 1)) < 0) - return r; - if (valp != NULL) - *valp = (u_int8_t)*p; - return 0; -} - -int -sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp) -{ - const u_char *val; - size_t len; - int r; - - if (valp != NULL) - *valp = NULL; - if (lenp != NULL) - *lenp = 0; - if ((r = sshbuf_get_string_direct(buf, &val, &len)) < 0) - return r; - if (valp != NULL) { - if ((*valp = malloc(len + 1)) == NULL) { - SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); - return SSH_ERR_ALLOC_FAIL; - } - if (len != 0) - memcpy(*valp, val, len); - (*valp)[len] = '\0'; - } - if (lenp != NULL) - *lenp = len; - return 0; -} - -int -sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp) -{ - size_t len; - const u_char *p; - int r; - - if (valp != NULL) - *valp = NULL; - if (lenp != NULL) - *lenp = 0; - if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0) - return r; - if (valp != NULL) - *valp = p; - if (lenp != NULL) - *lenp = len; - if (sshbuf_consume(buf, len + 4) != 0) { - /* Shouldn't happen */ - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - SSHBUF_ABORT(); - return SSH_ERR_INTERNAL_ERROR; - } - return 0; -} - -int -sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, - size_t *lenp) -{ - u_int32_t len; - const u_char *p = sshbuf_ptr(buf); - - if (valp != NULL) - *valp = NULL; - if (lenp != NULL) - *lenp = 0; - if (sshbuf_len(buf) < 4) { - SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); - return SSH_ERR_MESSAGE_INCOMPLETE; - } - len = PEEK_U32(p); - if (len > SSHBUF_SIZE_MAX - 4) { - SSHBUF_DBG(("SSH_ERR_STRING_TOO_LARGE")); - return SSH_ERR_STRING_TOO_LARGE; - } - if (sshbuf_len(buf) - 4 < len) { - SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); - return SSH_ERR_MESSAGE_INCOMPLETE; - } - if (valp != NULL) - *valp = p + 4; - if (lenp != NULL) - *lenp = len; - return 0; -} - -int -sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp) -{ - size_t len; - const u_char *p, *z; - int r; - - if (valp != NULL) - *valp = NULL; - if (lenp != NULL) - *lenp = 0; - if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0) - return r; - /* Allow a \0 only at the end of the string */ - if (len > 0 && - (z = memchr(p , '\0', len)) != NULL && z < p + len - 1) { - SSHBUF_DBG(("SSH_ERR_INVALID_FORMAT")); - return SSH_ERR_INVALID_FORMAT; - } - if ((r = sshbuf_skip_string(buf)) != 0) - return -1; - if (valp != NULL) { - if ((*valp = malloc(len + 1)) == NULL) { - SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); - return SSH_ERR_ALLOC_FAIL; - } - if (len != 0) - memcpy(*valp, p, len); - (*valp)[len] = '\0'; - } - if (lenp != NULL) - *lenp = (size_t)len; - return 0; -} - -int -sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v) -{ - u_int32_t len; - u_char *p; - int r; - - /* - * Use sshbuf_peek_string_direct() to figure out if there is - * a complete string in 'buf' and copy the string directly - * into 'v'. - */ - if ((r = sshbuf_peek_string_direct(buf, NULL, NULL)) != 0 || - (r = sshbuf_get_u32(buf, &len)) != 0 || - (r = sshbuf_reserve(v, len, &p)) != 0 || - (r = sshbuf_get(buf, p, len)) != 0) - return r; - return 0; -} - -int -sshbuf_put(struct sshbuf *buf, const void *v, size_t len) -{ - u_char *p; - int r; - - if ((r = sshbuf_reserve(buf, len, &p)) < 0) - return r; - if (len != 0) - memcpy(p, v, len); - return 0; -} - -int -sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v) -{ - return sshbuf_put(buf, sshbuf_ptr(v), sshbuf_len(v)); -} - -int -sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) -{ - va_list ap; - int r; - - va_start(ap, fmt); - r = sshbuf_putfv(buf, fmt, ap); - va_end(ap); - return r; -} - -int -sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap) -{ - va_list ap2; - int r, len; - u_char *p; - - VA_COPY(ap2, ap); - if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if (len == 0) { - r = 0; - goto out; /* Nothing to do */ - } - va_end(ap2); - VA_COPY(ap2, ap); - if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0) - goto out; - if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; /* Shouldn't happen */ - } - /* Consume terminating \0 */ - if ((r = sshbuf_consume_end(buf, 1)) != 0) - goto out; - r = 0; - out: - va_end(ap2); - return r; -} - -int -sshbuf_put_u64(struct sshbuf *buf, u_int64_t val) -{ - u_char *p; - int r; - - if ((r = sshbuf_reserve(buf, 8, &p)) < 0) - return r; - POKE_U64(p, val); - return 0; -} - -int -sshbuf_put_u32(struct sshbuf *buf, u_int32_t val) -{ - u_char *p; - int r; - - if ((r = sshbuf_reserve(buf, 4, &p)) < 0) - return r; - POKE_U32(p, val); - return 0; -} - -int -sshbuf_put_u16(struct sshbuf *buf, u_int16_t val) -{ - u_char *p; - int r; - - if ((r = sshbuf_reserve(buf, 2, &p)) < 0) - return r; - POKE_U16(p, val); - return 0; -} - -int -sshbuf_put_u8(struct sshbuf *buf, u_char val) -{ - u_char *p; - int r; - - if ((r = sshbuf_reserve(buf, 1, &p)) < 0) - return r; - p[0] = val; - return 0; -} - -int -sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) -{ - u_char *d; - int r; - - if (len > SSHBUF_SIZE_MAX - 4) { - SSHBUF_DBG(("SSH_ERR_NO_BUFFER_SPACE")); - return SSH_ERR_NO_BUFFER_SPACE; - } - if ((r = sshbuf_reserve(buf, len + 4, &d)) < 0) - return r; - POKE_U32(d, len); - if (len != 0) - memcpy(d + 4, v, len); - return 0; -} - -int -sshbuf_put_cstring(struct sshbuf *buf, const char *v) -{ - return sshbuf_put_string(buf, v, v == NULL ? 0 : strlen(v)); -} - -int -sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v) -{ - return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v)); -} - -int -sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp) -{ - const u_char *p; - size_t len; - struct sshbuf *ret; - int r; - - if (buf == NULL || bufp == NULL) - return SSH_ERR_INVALID_ARGUMENT; - *bufp = NULL; - if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0) - return r; - if ((ret = sshbuf_from(p, len)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_consume(buf, len + 4)) != 0 || /* Shouldn't happen */ - (r = sshbuf_set_parent(ret, buf)) != 0) { - sshbuf_free(ret); - return r; - } - *bufp = ret; - return 0; -} - -int -sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len) -{ - u_char *d; - const u_char *s = (const u_char *)v; - int r, prepend; - - if (len > SSHBUF_SIZE_MAX - 5) { - SSHBUF_DBG(("SSH_ERR_NO_BUFFER_SPACE")); - return SSH_ERR_NO_BUFFER_SPACE; - } - /* Skip leading zero bytes */ - for (; len > 0 && *s == 0; len--, s++) - ; - /* - * If most significant bit is set then prepend a zero byte to - * avoid interpretation as a negative number. - */ - prepend = len > 0 && (s[0] & 0x80) != 0; - if ((r = sshbuf_reserve(buf, len + 4 + prepend, &d)) < 0) - return r; - POKE_U32(d, len + prepend); - if (prepend) - d[4] = 0; - if (len != 0) - memcpy(d + 4 + prepend, s, len); - return 0; -} - -int -sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, - const u_char **valp, size_t *lenp) -{ - const u_char *d; - size_t len, olen; - int r; - - if ((r = sshbuf_peek_string_direct(buf, &d, &olen)) < 0) - return r; - len = olen; - /* Refuse negative (MSB set) bignums */ - if ((len != 0 && (*d & 0x80) != 0)) - return SSH_ERR_BIGNUM_IS_NEGATIVE; - /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ - if (len > SSHBUF_MAX_BIGNUM + 1 || - (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) - return SSH_ERR_BIGNUM_TOO_LARGE; - /* Trim leading zeros */ - while (len > 0 && *d == 0x00) { - d++; - len--; - } - if (valp != NULL) - *valp = d; - if (lenp != NULL) - *lenp = len; - if (sshbuf_consume(buf, olen + 4) != 0) { - /* Shouldn't happen */ - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - SSHBUF_ABORT(); - return SSH_ERR_INTERNAL_ERROR; - } - return 0; -} diff --git a/ssh_keygen_110/sshbuf-getput-crypto.c b/ssh_keygen_110/sshbuf-getput-crypto.c deleted file mode 100644 index d0d791b5..00000000 --- a/ssh_keygen_110/sshbuf-getput-crypto.c +++ /dev/null @@ -1,224 +0,0 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $ */ -/* - * Copyright (c) 2011 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define SSHBUF_INTERNAL -#include "includes.h" - -#include -#include -#include -#include - -#include -#ifdef OPENSSL_HAS_ECC -# include -#endif /* OPENSSL_HAS_ECC */ - -#include "ssherr.h" -#include "sshbuf.h" - -int -sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) -{ - const u_char *d; - size_t len; - int r; - - if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0) - return r; - if (v != NULL && BN_bin2bn(d, len, v) == NULL) - return SSH_ERR_ALLOC_FAIL; - return 0; -} - -int -sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v) -{ - const u_char *d = sshbuf_ptr(buf); - u_int16_t len_bits; - size_t len_bytes; - - /* Length in bits */ - if (sshbuf_len(buf) < 2) - return SSH_ERR_MESSAGE_INCOMPLETE; - len_bits = PEEK_U16(d); - len_bytes = (len_bits + 7) >> 3; - if (len_bytes > SSHBUF_MAX_BIGNUM) - return SSH_ERR_BIGNUM_TOO_LARGE; - if (sshbuf_len(buf) < 2 + len_bytes) - return SSH_ERR_MESSAGE_INCOMPLETE; - if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (sshbuf_consume(buf, 2 + len_bytes) != 0) { - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - SSHBUF_ABORT(); - return SSH_ERR_INTERNAL_ERROR; - } - return 0; -} - -#ifdef OPENSSL_HAS_ECC -static int -get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g) -{ - /* Refuse overlong bignums */ - if (len == 0 || len > SSHBUF_MAX_ECPOINT) - return SSH_ERR_ECPOINT_TOO_LARGE; - /* Only handle uncompressed points */ - if (*d != POINT_CONVERSION_UNCOMPRESSED) - return SSH_ERR_INVALID_FORMAT; - if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1) - return SSH_ERR_INVALID_FORMAT; /* XXX assumption */ - return 0; -} - -int -sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g) -{ - const u_char *d; - size_t len; - int r; - - if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) - return r; - if ((r = get_ec(d, len, v, g)) != 0) - return r; - /* Skip string */ - if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { - /* Shouldn't happen */ - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - SSHBUF_ABORT(); - return SSH_ERR_INTERNAL_ERROR; - } - return 0; -} - -int -sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) -{ - EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v)); - int r; - const u_char *d; - size_t len; - - if (pt == NULL) { - SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); - return SSH_ERR_ALLOC_FAIL; - } - if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) { - EC_POINT_free(pt); - return r; - } - if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) { - EC_POINT_free(pt); - return r; - } - if (EC_KEY_set_public_key(v, pt) != 1) { - EC_POINT_free(pt); - return SSH_ERR_ALLOC_FAIL; /* XXX assumption */ - } - EC_POINT_free(pt); - /* Skip string */ - if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { - /* Shouldn't happen */ - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - SSHBUF_ABORT(); - return SSH_ERR_INTERNAL_ERROR; - } - return 0; -} -#endif /* OPENSSL_HAS_ECC */ - -int -sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) -{ - u_char d[SSHBUF_MAX_BIGNUM + 1]; - int len = BN_num_bytes(v), prepend = 0, r; - - if (len < 0 || len > SSHBUF_MAX_BIGNUM) - return SSH_ERR_INVALID_ARGUMENT; - *d = '\0'; - if (BN_bn2bin(v, d + 1) != len) - return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ - /* If MSB is set, prepend a \0 */ - if (len > 0 && (d[1] & 0x80) != 0) - prepend = 1; - if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) { - explicit_bzero(d, sizeof(d)); - return r; - } - explicit_bzero(d, sizeof(d)); - return 0; -} - -int -sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) -{ - int r, len_bits = BN_num_bits(v); - size_t len_bytes = (len_bits + 7) / 8; - u_char d[SSHBUF_MAX_BIGNUM], *dp; - - if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM) - return SSH_ERR_INVALID_ARGUMENT; - if (BN_bn2bin(v, d) != (int)len_bytes) - return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ - if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) { - explicit_bzero(d, sizeof(d)); - return r; - } - POKE_U16(dp, len_bits); - if (len_bytes != 0) - memcpy(dp + 2, d, len_bytes); - explicit_bzero(d, sizeof(d)); - return 0; -} - -#ifdef OPENSSL_HAS_ECC -int -sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) -{ - u_char d[SSHBUF_MAX_ECPOINT]; - BN_CTX *bn_ctx; - size_t len; - int ret; - - if ((bn_ctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) { - BN_CTX_free(bn_ctx); - return SSH_ERR_INVALID_ARGUMENT; - } - if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, - d, len, bn_ctx) != len) { - BN_CTX_free(bn_ctx); - return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ - } - BN_CTX_free(bn_ctx); - ret = sshbuf_put_string(buf, d, len); - explicit_bzero(d, len); - return ret; -} - -int -sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v) -{ - return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v), - EC_KEY_get0_group(v)); -} -#endif /* OPENSSL_HAS_ECC */ - diff --git a/ssh_keygen_110/sshbuf-misc.c b/ssh_keygen_110/sshbuf-misc.c deleted file mode 100644 index 15dcfbc7..00000000 --- a/ssh_keygen_110/sshbuf-misc.c +++ /dev/null @@ -1,161 +0,0 @@ -/* $OpenBSD: sshbuf-misc.c,v 1.6 2016/05/02 08:49:03 djm Exp $ */ -/* - * Copyright (c) 2011 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include -#include -#include -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include -#include -#include -#include -#include - -#include "ssherr.h" -#define SSHBUF_INTERNAL -#include "sshbuf.h" - -void -sshbuf_dump_data(const void *s, size_t len, FILE *f) -{ - size_t i, j; - const u_char *p = (const u_char *)s; - - for (i = 0; i < len; i += 16) { - fprintf(f, "%.4zu: ", i); - for (j = i; j < i + 16; j++) { - if (j < len) - fprintf(f, "%02x ", p[j]); - else - fprintf(f, " "); - } - fprintf(f, " "); - for (j = i; j < i + 16; j++) { - if (j < len) { - if (isascii(p[j]) && isprint(p[j])) - fprintf(f, "%c", p[j]); - else - fprintf(f, "."); - } - } - fprintf(f, "\n"); - } -} - -void -sshbuf_dump(struct sshbuf *buf, FILE *f) -{ - fprintf(f, "buffer %p len = %zu\n", buf, sshbuf_len(buf)); - sshbuf_dump_data(sshbuf_ptr(buf), sshbuf_len(buf), f); -} - -char * -sshbuf_dtob16(struct sshbuf *buf) -{ - size_t i, j, len = sshbuf_len(buf); - const u_char *p = sshbuf_ptr(buf); - char *ret; - const char hex[] = "0123456789abcdef"; - - if (len == 0) - return strdup(""); - if (SIZE_MAX / 2 <= len || (ret = malloc(len * 2 + 1)) == NULL) - return NULL; - for (i = j = 0; i < len; i++) { - ret[j++] = hex[(p[i] >> 4) & 0xf]; - ret[j++] = hex[p[i] & 0xf]; - } - ret[j] = '\0'; - return ret; -} - -char * -sshbuf_dtob64(struct sshbuf *buf) -{ - size_t len = sshbuf_len(buf), plen; - const u_char *p = sshbuf_ptr(buf); - char *ret; - int r; - - if (len == 0) - return strdup(""); - plen = ((len + 2) / 3) * 4 + 1; - if (SIZE_MAX / 2 <= len || (ret = malloc(plen)) == NULL) - return NULL; - if ((r = b64_ntop(p, len, ret, plen)) == -1) { - explicit_bzero(ret, plen); - free(ret); - return NULL; - } - return ret; -} - -int -sshbuf_b64tod(struct sshbuf *buf, const char *b64) -{ - size_t plen = strlen(b64); - int nlen, r; - u_char *p; - - if (plen == 0) - return 0; - if ((p = malloc(plen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((nlen = b64_pton(b64, p, plen)) < 0) { - explicit_bzero(p, plen); - free(p); - return SSH_ERR_INVALID_FORMAT; - } - if ((r = sshbuf_put(buf, p, nlen)) < 0) { - explicit_bzero(p, plen); - free(p); - return r; - } - explicit_bzero(p, plen); - free(p); - return 0; -} - -char * -sshbuf_dup_string(struct sshbuf *buf) -{ - const u_char *p = NULL, *s = sshbuf_ptr(buf); - size_t l = sshbuf_len(buf); - char *r; - - if (s == NULL || l > SIZE_MAX) - return NULL; - /* accept a nul only as the last character in the buffer */ - if (l > 0 && (p = memchr(s, '\0', l)) != NULL) { - if (p != s + l - 1) - return NULL; - l--; /* the nul is put back below */ - } - if ((r = malloc(l + 1)) == NULL) - return NULL; - if (l > 0) - memcpy(r, s, l); - r[l] = '\0'; - return r; -} - diff --git a/ssh_keygen_110/sshbuf.c b/ssh_keygen_110/sshbuf.c deleted file mode 100644 index 294ce2f2..00000000 --- a/ssh_keygen_110/sshbuf.c +++ /dev/null @@ -1,399 +0,0 @@ -/* $OpenBSD: sshbuf.c,v 1.12 2018/07/09 21:56:06 markus Exp $ */ -/* - * Copyright (c) 2011 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define SSHBUF_INTERNAL -#include "includes.h" - -#include -#include -#include -#include -#include - -#include "ssherr.h" -#include "sshbuf.h" -#include "misc.h" - -static inline int -sshbuf_check_sanity(const struct sshbuf *buf) -{ - SSHBUF_TELL("sanity"); - if (__predict_false(buf == NULL || - (!buf->readonly && buf->d != buf->cd) || - buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX || - buf->cd == NULL || - buf->max_size > SSHBUF_SIZE_MAX || - buf->alloc > buf->max_size || - buf->size > buf->alloc || - buf->off > buf->size)) { - /* Do not try to recover from corrupted buffer internals */ - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - // signal(SIGSEGV, SIG_DFL); - // raise(SIGSEGV); - return SSH_ERR_INTERNAL_ERROR; - } - return 0; -} - -static void -sshbuf_maybe_pack(struct sshbuf *buf, int force) -{ - SSHBUF_DBG(("force %d", force)); - SSHBUF_TELL("pre-pack"); - if (buf->off == 0 || buf->readonly || buf->refcount > 1) - return; - if (force || - (buf->off >= SSHBUF_PACK_MIN && buf->off >= buf->size / 2)) { - memmove(buf->d, buf->d + buf->off, buf->size - buf->off); - buf->size -= buf->off; - buf->off = 0; - SSHBUF_TELL("packed"); - } -} - -struct sshbuf * -sshbuf_new(void) -{ - struct sshbuf *ret; - - if ((ret = calloc(sizeof(*ret), 1)) == NULL) - return NULL; - ret->alloc = SSHBUF_SIZE_INIT; - ret->max_size = SSHBUF_SIZE_MAX; - ret->readonly = 0; - ret->refcount = 1; - ret->parent = NULL; - if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) { - free(ret); - return NULL; - } - return ret; -} - -struct sshbuf * -sshbuf_from(const void *blob, size_t len) -{ - struct sshbuf *ret; - - if (blob == NULL || len > SSHBUF_SIZE_MAX || - (ret = calloc(sizeof(*ret), 1)) == NULL) - return NULL; - ret->alloc = ret->size = ret->max_size = len; - ret->readonly = 1; - ret->refcount = 1; - ret->parent = NULL; - ret->cd = blob; - ret->d = NULL; - return ret; -} - -int -sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent) -{ - int r; - - if ((r = sshbuf_check_sanity(child)) != 0 || - (r = sshbuf_check_sanity(parent)) != 0) - return r; - child->parent = parent; - child->parent->refcount++; - return 0; -} - -struct sshbuf * -sshbuf_fromb(struct sshbuf *buf) -{ - struct sshbuf *ret; - - if (sshbuf_check_sanity(buf) != 0) - return NULL; - if ((ret = sshbuf_from(sshbuf_ptr(buf), sshbuf_len(buf))) == NULL) - return NULL; - if (sshbuf_set_parent(ret, buf) != 0) { - sshbuf_free(ret); - return NULL; - } - return ret; -} - -void -sshbuf_free(struct sshbuf *buf) -{ - if (buf == NULL) - return; - /* - * The following will leak on insane buffers, but this is the safest - * course of action - an invalid pointer or already-freed pointer may - * have been passed to us and continuing to scribble over memory would - * be bad. - */ - if (sshbuf_check_sanity(buf) != 0) - return; - /* - * If we are a child, the free our parent to decrement its reference - * count and possibly free it. - */ - sshbuf_free(buf->parent); - buf->parent = NULL; - /* - * If we are a parent with still-extant children, then don't free just - * yet. The last child's call to sshbuf_free should decrement our - * refcount to 0 and trigger the actual free. - */ - buf->refcount--; - if (buf->refcount > 0) - return; - if (!buf->readonly) { - explicit_bzero(buf->d, buf->alloc); - free(buf->d); - } - explicit_bzero(buf, sizeof(*buf)); - free(buf); -} - -void -sshbuf_reset(struct sshbuf *buf) -{ - u_char *d; - - if (buf->readonly || buf->refcount > 1) { - /* Nonsensical. Just make buffer appear empty */ - buf->off = buf->size; - return; - } - (void) sshbuf_check_sanity(buf); - buf->off = buf->size = 0; - if (buf->alloc != SSHBUF_SIZE_INIT) { - if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT, - 1)) != NULL) { - buf->cd = buf->d = d; - buf->alloc = SSHBUF_SIZE_INIT; - } - } - explicit_bzero(buf->d, SSHBUF_SIZE_INIT); -} - -size_t -sshbuf_max_size(const struct sshbuf *buf) -{ - return buf->max_size; -} - -size_t -sshbuf_alloc(const struct sshbuf *buf) -{ - return buf->alloc; -} - -const struct sshbuf * -sshbuf_parent(const struct sshbuf *buf) -{ - return buf->parent; -} - -u_int -sshbuf_refcount(const struct sshbuf *buf) -{ - return buf->refcount; -} - -int -sshbuf_set_max_size(struct sshbuf *buf, size_t max_size) -{ - size_t rlen; - u_char *dp; - int r; - - SSHBUF_DBG(("set max buf = %p len = %zu", buf, max_size)); - if ((r = sshbuf_check_sanity(buf)) != 0) - return r; - if (max_size == buf->max_size) - return 0; - if (buf->readonly || buf->refcount > 1) - return SSH_ERR_BUFFER_READ_ONLY; - if (max_size > SSHBUF_SIZE_MAX) - return SSH_ERR_NO_BUFFER_SPACE; - /* pack and realloc if necessary */ - sshbuf_maybe_pack(buf, max_size < buf->size); - if (max_size < buf->alloc && max_size > buf->size) { - if (buf->size < SSHBUF_SIZE_INIT) - rlen = SSHBUF_SIZE_INIT; - else - rlen = ROUNDUP(buf->size, SSHBUF_SIZE_INC); - if (rlen > max_size) - rlen = max_size; - SSHBUF_DBG(("new alloc = %zu", rlen)); - if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - buf->cd = buf->d = dp; - buf->alloc = rlen; - } - SSHBUF_TELL("new-max"); - if (max_size < buf->alloc) - return SSH_ERR_NO_BUFFER_SPACE; - buf->max_size = max_size; - return 0; -} - -size_t -sshbuf_len(const struct sshbuf *buf) -{ - if (sshbuf_check_sanity(buf) != 0) - return 0; - return buf->size - buf->off; -} - -size_t -sshbuf_avail(const struct sshbuf *buf) -{ - if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) - return 0; - return buf->max_size - (buf->size - buf->off); -} - -const u_char * -sshbuf_ptr(const struct sshbuf *buf) -{ - if (sshbuf_check_sanity(buf) != 0) - return NULL; - return buf->cd + buf->off; -} - -u_char * -sshbuf_mutable_ptr(const struct sshbuf *buf) -{ - if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) - return NULL; - return buf->d + buf->off; -} - -int -sshbuf_check_reserve(const struct sshbuf *buf, size_t len) -{ - int r; - - if ((r = sshbuf_check_sanity(buf)) != 0) - return r; - if (buf->readonly || buf->refcount > 1) - return SSH_ERR_BUFFER_READ_ONLY; - SSHBUF_TELL("check"); - /* Check that len is reasonable and that max_size + available < len */ - if (len > buf->max_size || buf->max_size - len < buf->size - buf->off) - return SSH_ERR_NO_BUFFER_SPACE; - return 0; -} - -int -sshbuf_allocate(struct sshbuf *buf, size_t len) -{ - size_t rlen, need; - u_char *dp; - int r; - - SSHBUF_DBG(("allocate buf = %p len = %zu", buf, len)); - if ((r = sshbuf_check_reserve(buf, len)) != 0) - return r; - /* - * If the requested allocation appended would push us past max_size - * then pack the buffer, zeroing buf->off. - */ - sshbuf_maybe_pack(buf, buf->size + len > buf->max_size); - SSHBUF_TELL("allocate"); - if (len + buf->size <= buf->alloc) - return 0; /* already have it. */ - - /* - * Prefer to alloc in SSHBUF_SIZE_INC units, but - * allocate less if doing so would overflow max_size. - */ - need = len + buf->size - buf->alloc; - rlen = ROUNDUP(buf->alloc + need, SSHBUF_SIZE_INC); - SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen)); - if (rlen > buf->max_size) - rlen = buf->alloc + need; - SSHBUF_DBG(("adjusted rlen %zu", rlen)); - if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL) { - SSHBUF_DBG(("realloc fail")); - return SSH_ERR_ALLOC_FAIL; - } - buf->alloc = rlen; - buf->cd = buf->d = dp; - if ((r = sshbuf_check_reserve(buf, len)) < 0) { - /* shouldn't fail */ - return r; - } - SSHBUF_TELL("done"); - return 0; -} - -int -sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) -{ - u_char *dp; - int r; - - if (dpp != NULL) - *dpp = NULL; - - SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len)); - if ((r = sshbuf_allocate(buf, len)) != 0) - return r; - - dp = buf->d + buf->size; - buf->size += len; - if (dpp != NULL) - *dpp = dp; - return 0; -} - -int -sshbuf_consume(struct sshbuf *buf, size_t len) -{ - int r; - - SSHBUF_DBG(("len = %zu", len)); - if ((r = sshbuf_check_sanity(buf)) != 0) - return r; - if (len == 0) - return 0; - if (len > sshbuf_len(buf)) - return SSH_ERR_MESSAGE_INCOMPLETE; - buf->off += len; - /* deal with empty buffer */ - if (buf->off == buf->size) - buf->off = buf->size = 0; - SSHBUF_TELL("done"); - return 0; -} - -int -sshbuf_consume_end(struct sshbuf *buf, size_t len) -{ - int r; - - SSHBUF_DBG(("len = %zu", len)); - if ((r = sshbuf_check_sanity(buf)) != 0) - return r; - if (len == 0) - return 0; - if (len > sshbuf_len(buf)) - return SSH_ERR_MESSAGE_INCOMPLETE; - buf->size -= len; - SSHBUF_TELL("done"); - return 0; -} - diff --git a/ssh_keygen_110/sshbuf.h b/ssh_keygen_110/sshbuf.h deleted file mode 100644 index a43598ca..00000000 --- a/ssh_keygen_110/sshbuf.h +++ /dev/null @@ -1,348 +0,0 @@ -/* $OpenBSD: sshbuf.h,v 1.11 2018/07/09 21:56:06 markus Exp $ */ -/* - * Copyright (c) 2011 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _SSHBUF_H -#define _SSHBUF_H - -#include -#include -#include -#ifdef WITH_OPENSSL -# include -# ifdef OPENSSL_HAS_ECC -# include -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - -#define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ -#define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ -#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ -#define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ - -/* - * NB. do not depend on the internals of this. It will be made opaque - * one day. - */ -struct sshbuf { - u_char *d; /* Data */ - const u_char *cd; /* Const data */ - size_t off; /* First available byte is buf->d + buf->off */ - size_t size; /* Last byte is buf->d + buf->size - 1 */ - size_t max_size; /* Maximum size of buffer */ - size_t alloc; /* Total bytes allocated to buf->d */ - int readonly; /* Refers to external, const data */ - int dont_free; /* Kludge to support sshbuf_init */ - u_int refcount; /* Tracks self and number of child buffers */ - struct sshbuf *parent; /* If child, pointer to parent */ -}; - -/* - * Create a new sshbuf buffer. - * Returns pointer to buffer on success, or NULL on allocation failure. - */ -struct sshbuf *sshbuf_new(void); - -/* - * Create a new, read-only sshbuf buffer from existing data. - * Returns pointer to buffer on success, or NULL on allocation failure. - */ -struct sshbuf *sshbuf_from(const void *blob, size_t len); - -/* - * Create a new, read-only sshbuf buffer from the contents of an existing - * buffer. The contents of "buf" must not change in the lifetime of the - * resultant buffer. - * Returns pointer to buffer on success, or NULL on allocation failure. - */ -struct sshbuf *sshbuf_fromb(struct sshbuf *buf); - -/* - * Create a new, read-only sshbuf buffer from the contents of a string in - * an existing buffer (the string is consumed in the process). - * The contents of "buf" must not change in the lifetime of the resultant - * buffer. - * Returns pointer to buffer on success, or NULL on allocation failure. - */ -int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp); - -/* - * Clear and free buf - */ -void sshbuf_free(struct sshbuf *buf); - -/* - * Reset buf, clearing its contents. NB. max_size is preserved. - */ -void sshbuf_reset(struct sshbuf *buf); - -/* - * Return the maximum size of buf - */ -size_t sshbuf_max_size(const struct sshbuf *buf); - -/* - * Set the maximum size of buf - * Returns 0 on success, or a negative SSH_ERR_* error code on failure. - */ -int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size); - -/* - * Returns the length of data in buf - */ -size_t sshbuf_len(const struct sshbuf *buf); - -/* - * Returns number of bytes left in buffer before hitting max_size. - */ -size_t sshbuf_avail(const struct sshbuf *buf); - -/* - * Returns a read-only pointer to the start of the data in buf - */ -const u_char *sshbuf_ptr(const struct sshbuf *buf); - -/* - * Returns a mutable pointer to the start of the data in buf, or - * NULL if the buffer is read-only. - */ -u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); - -/* - * Check whether a reservation of size len will succeed in buf - * Safer to use than direct comparisons again sshbuf_avail as it copes - * with unsigned overflows correctly. - * Returns 0 on success, or a negative SSH_ERR_* error code on failure. - */ -int sshbuf_check_reserve(const struct sshbuf *buf, size_t len); - -/* - * Preallocates len additional bytes in buf. - * Useful for cases where the caller knows how many bytes will ultimately be - * required to avoid realloc in the buffer code. - * Returns 0 on success, or a negative SSH_ERR_* error code on failure. - */ -int sshbuf_allocate(struct sshbuf *buf, size_t len); - -/* - * Reserve len bytes in buf. - * Returns 0 on success and a pointer to the first reserved byte via the - * optional dpp parameter or a negative * SSH_ERR_* error code on failure. - */ -int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp); - -/* - * Consume len bytes from the start of buf - * Returns 0 on success, or a negative SSH_ERR_* error code on failure. - */ -int sshbuf_consume(struct sshbuf *buf, size_t len); - -/* - * Consume len bytes from the end of buf - * Returns 0 on success, or a negative SSH_ERR_* error code on failure. - */ -int sshbuf_consume_end(struct sshbuf *buf, size_t len); - -/* Extract or deposit some bytes */ -int sshbuf_get(struct sshbuf *buf, void *v, size_t len); -int sshbuf_put(struct sshbuf *buf, const void *v, size_t len); -int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v); - -/* Append using a printf(3) format */ -int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) - __attribute__((format(printf, 2, 3))); -int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap); - -/* Functions to extract or store big-endian words of various sizes */ -int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp); -int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp); -int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp); -int sshbuf_get_u8(struct sshbuf *buf, u_char *valp); -int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val); -int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val); -int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val); -int sshbuf_put_u8(struct sshbuf *buf, u_char val); - -/* - * Functions to extract or store SSH wire encoded strings (u32 len || data) - * The "cstring" variants admit no \0 characters in the string contents. - * Caller must free *valp. - */ -int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp); -int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp); -int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v); -int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len); -int sshbuf_put_cstring(struct sshbuf *buf, const char *v); -int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v); - -/* - * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to - * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the - * next sshbuf-modifying function call. Caller does not free. - */ -int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, - size_t *lenp); - -/* Skip past a string */ -#define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL) - -/* Another variant: "peeks" into the buffer without modifying it */ -int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, - size_t *lenp); -/* XXX peek_u8 / peek_u32 */ - -/* - * Functions to extract or store SSH wire encoded bignums and elliptic - * curve points. - */ -int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); -int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, - const u_char **valp, size_t *lenp); -#ifdef WITH_OPENSSL -int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); -int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); -int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); -int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); -# ifdef OPENSSL_HAS_ECC -int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); -int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v); -int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g); -int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v); -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - -/* Dump the contents of the buffer in a human-readable format */ -void sshbuf_dump(struct sshbuf *buf, FILE *f); - -/* Dump specified memory in a human-readable format */ -void sshbuf_dump_data(const void *s, size_t len, FILE *f); - -/* Return the hexadecimal representation of the contents of the buffer */ -char *sshbuf_dtob16(struct sshbuf *buf); - -/* Encode the contents of the buffer as base64 */ -char *sshbuf_dtob64(struct sshbuf *buf); - -/* Decode base64 data and append it to the buffer */ -int sshbuf_b64tod(struct sshbuf *buf, const char *b64); - -/* - * Duplicate the contents of a buffer to a string (caller to free). - * Returns NULL on buffer error, or if the buffer contains a premature - * nul character. - */ -char *sshbuf_dup_string(struct sshbuf *buf); - -/* Macros for decoding/encoding integers */ -#define PEEK_U64(p) \ - (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ - ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \ - ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \ - ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \ - ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \ - ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \ - ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \ - (u_int64_t)(((const u_char *)(p))[7])) -#define PEEK_U32(p) \ - (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \ - ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \ - ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \ - (u_int32_t)(((const u_char *)(p))[3])) -#define PEEK_U16(p) \ - (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \ - (u_int16_t)(((const u_char *)(p))[1])) - -#define POKE_U64(p, v) \ - do { \ - const u_int64_t __v = (v); \ - ((u_char *)(p))[0] = (__v >> 56) & 0xff; \ - ((u_char *)(p))[1] = (__v >> 48) & 0xff; \ - ((u_char *)(p))[2] = (__v >> 40) & 0xff; \ - ((u_char *)(p))[3] = (__v >> 32) & 0xff; \ - ((u_char *)(p))[4] = (__v >> 24) & 0xff; \ - ((u_char *)(p))[5] = (__v >> 16) & 0xff; \ - ((u_char *)(p))[6] = (__v >> 8) & 0xff; \ - ((u_char *)(p))[7] = __v & 0xff; \ - } while (0) -#define POKE_U32(p, v) \ - do { \ - const u_int32_t __v = (v); \ - ((u_char *)(p))[0] = (__v >> 24) & 0xff; \ - ((u_char *)(p))[1] = (__v >> 16) & 0xff; \ - ((u_char *)(p))[2] = (__v >> 8) & 0xff; \ - ((u_char *)(p))[3] = __v & 0xff; \ - } while (0) -#define POKE_U16(p, v) \ - do { \ - const u_int16_t __v = (v); \ - ((u_char *)(p))[0] = (__v >> 8) & 0xff; \ - ((u_char *)(p))[1] = __v & 0xff; \ - } while (0) - -/* Internal definitions follow. Exposed for regress tests */ -#ifdef SSHBUF_INTERNAL - -/* - * Return the allocation size of buf - */ -size_t sshbuf_alloc(const struct sshbuf *buf); - -/* - * Increment the reference count of buf. - */ -int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent); - -/* - * Return the parent buffer of buf, or NULL if it has no parent. - */ -const struct sshbuf *sshbuf_parent(const struct sshbuf *buf); - -/* - * Return the reference count of buf - */ -u_int sshbuf_refcount(const struct sshbuf *buf); - -# define SSHBUF_SIZE_INIT 256 /* Initial allocation */ -# define SSHBUF_SIZE_INC 256 /* Preferred increment length */ -# define SSHBUF_PACK_MIN 8192 /* Minimim packable offset */ - -/* # define SSHBUF_ABORT abort */ -/* # define SSHBUF_DEBUG */ - -# ifndef SSHBUF_ABORT -# define SSHBUF_ABORT() -# endif - -# ifdef SSHBUF_DEBUG -# define SSHBUF_TELL(what) do { \ - printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \ - __FILE__, __LINE__, __func__, what, \ - buf->size, buf->alloc, buf->off, buf->max_size); \ - fflush(stdout); \ - } while (0) -# define SSHBUF_DBG(x) do { \ - printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \ - printf x; \ - printf("\n"); \ - fflush(stdout); \ - } while (0) -# else -# define SSHBUF_TELL(what) -# define SSHBUF_DBG(x) -# endif -#endif /* SSHBUF_INTERNAL */ - -#endif /* _SSHBUF_H */ diff --git a/ssh_keygen_110/ssherr.c b/ssh_keygen_110/ssherr.c deleted file mode 100644 index 8ad3d575..00000000 --- a/ssh_keygen_110/ssherr.c +++ /dev/null @@ -1,147 +0,0 @@ -/* $OpenBSD: ssherr.c,v 1.8 2018/07/03 11:39:54 djm Exp $ */ -/* - * Copyright (c) 2011 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include "ssherr.h" - -const char * -ssh_err(int n) -{ - switch (n) { - case SSH_ERR_SUCCESS: - return "success"; - case SSH_ERR_INTERNAL_ERROR: - return "unexpected internal error"; - case SSH_ERR_ALLOC_FAIL: - return "memory allocation failed"; - case SSH_ERR_MESSAGE_INCOMPLETE: - return "incomplete message"; - case SSH_ERR_INVALID_FORMAT: - return "invalid format"; - case SSH_ERR_BIGNUM_IS_NEGATIVE: - return "bignum is negative"; - case SSH_ERR_STRING_TOO_LARGE: - return "string is too large"; - case SSH_ERR_BIGNUM_TOO_LARGE: - return "bignum is too large"; - case SSH_ERR_ECPOINT_TOO_LARGE: - return "elliptic curve point is too large"; - case SSH_ERR_NO_BUFFER_SPACE: - return "insufficient buffer space"; - case SSH_ERR_INVALID_ARGUMENT: - return "invalid argument"; - case SSH_ERR_KEY_BITS_MISMATCH: - return "key bits do not match"; - case SSH_ERR_EC_CURVE_INVALID: - return "invalid elliptic curve"; - case SSH_ERR_KEY_TYPE_MISMATCH: - return "key type does not match"; - case SSH_ERR_KEY_TYPE_UNKNOWN: - return "unknown or unsupported key type"; - case SSH_ERR_EC_CURVE_MISMATCH: - return "elliptic curve does not match"; - case SSH_ERR_EXPECTED_CERT: - return "plain key provided where certificate required"; - case SSH_ERR_KEY_LACKS_CERTBLOB: - return "key lacks certificate data"; - case SSH_ERR_KEY_CERT_UNKNOWN_TYPE: - return "unknown/unsupported certificate type"; - case SSH_ERR_KEY_CERT_INVALID_SIGN_KEY: - return "invalid certificate signing key"; - case SSH_ERR_KEY_INVALID_EC_VALUE: - return "invalid elliptic curve value"; - case SSH_ERR_SIGNATURE_INVALID: - return "incorrect signature"; - case SSH_ERR_LIBCRYPTO_ERROR: - return "error in libcrypto"; /* XXX fetch and return */ - case SSH_ERR_UNEXPECTED_TRAILING_DATA: - return "unexpected bytes remain after decoding"; - case SSH_ERR_SYSTEM_ERROR: - return strerror(errno); - case SSH_ERR_KEY_CERT_INVALID: - return "invalid certificate"; - case SSH_ERR_AGENT_COMMUNICATION: - return "communication with agent failed"; - case SSH_ERR_AGENT_FAILURE: - return "agent refused operation"; - case SSH_ERR_DH_GEX_OUT_OF_RANGE: - return "DH GEX group out of range"; - case SSH_ERR_DISCONNECTED: - return "disconnected"; - case SSH_ERR_MAC_INVALID: - return "message authentication code incorrect"; - case SSH_ERR_NO_CIPHER_ALG_MATCH: - return "no matching cipher found"; - case SSH_ERR_NO_MAC_ALG_MATCH: - return "no matching MAC found"; - case SSH_ERR_NO_COMPRESS_ALG_MATCH: - return "no matching compression method found"; - case SSH_ERR_NO_KEX_ALG_MATCH: - return "no matching key exchange method found"; - case SSH_ERR_NO_HOSTKEY_ALG_MATCH: - return "no matching host key type found"; - case SSH_ERR_PROTOCOL_MISMATCH: - return "protocol version mismatch"; - case SSH_ERR_NO_PROTOCOL_VERSION: - return "could not read protocol version"; - case SSH_ERR_NO_HOSTKEY_LOADED: - return "could not load host key"; - case SSH_ERR_NEED_REKEY: - return "rekeying not supported by peer"; - case SSH_ERR_PASSPHRASE_TOO_SHORT: - return "passphrase is too short (minimum five characters)"; - case SSH_ERR_FILE_CHANGED: - return "file changed while reading"; - case SSH_ERR_KEY_UNKNOWN_CIPHER: - return "key encrypted using unsupported cipher"; - case SSH_ERR_KEY_WRONG_PASSPHRASE: - return "incorrect passphrase supplied to decrypt private key"; - case SSH_ERR_KEY_BAD_PERMISSIONS: - return "bad permissions"; - case SSH_ERR_KEY_CERT_MISMATCH: - return "certificate does not match key"; - case SSH_ERR_KEY_NOT_FOUND: - return "key not found"; - case SSH_ERR_AGENT_NOT_PRESENT: - return "agent not present"; - case SSH_ERR_AGENT_NO_IDENTITIES: - return "agent contains no identities"; - case SSH_ERR_BUFFER_READ_ONLY: - return "internal error: buffer is read-only"; - case SSH_ERR_KRL_BAD_MAGIC: - return "KRL file has invalid magic number"; - case SSH_ERR_KEY_REVOKED: - return "Key is revoked"; - case SSH_ERR_CONN_CLOSED: - return "Connection closed"; - case SSH_ERR_CONN_TIMEOUT: - return "Connection timed out"; - case SSH_ERR_CONN_CORRUPT: - return "Connection corrupted"; - case SSH_ERR_PROTOCOL_ERROR: - return "Protocol error"; - case SSH_ERR_KEY_LENGTH: - return "Invalid key length"; - case SSH_ERR_NUMBER_TOO_LARGE: - return "number is too large"; - case SSH_ERR_SIGN_ALG_UNSUPPORTED: - return "signature algorithm not supported"; - default: - return "unknown error"; - } -} diff --git a/ssh_keygen_110/ssherr.h b/ssh_keygen_110/ssherr.h deleted file mode 100644 index 348da5a2..00000000 --- a/ssh_keygen_110/ssherr.h +++ /dev/null @@ -1,87 +0,0 @@ -/* $OpenBSD: ssherr.h,v 1.6 2018/07/03 11:39:54 djm Exp $ */ -/* - * Copyright (c) 2011 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _SSHERR_H -#define _SSHERR_H - -/* XXX are these too granular? not granular enough? I can't decide - djm */ - -/* Error codes */ -#define SSH_ERR_SUCCESS 0 -#define SSH_ERR_INTERNAL_ERROR -1 -#define SSH_ERR_ALLOC_FAIL -2 -#define SSH_ERR_MESSAGE_INCOMPLETE -3 -#define SSH_ERR_INVALID_FORMAT -4 -#define SSH_ERR_BIGNUM_IS_NEGATIVE -5 -#define SSH_ERR_STRING_TOO_LARGE -6 -#define SSH_ERR_BIGNUM_TOO_LARGE -7 -#define SSH_ERR_ECPOINT_TOO_LARGE -8 -#define SSH_ERR_NO_BUFFER_SPACE -9 -#define SSH_ERR_INVALID_ARGUMENT -10 -#define SSH_ERR_KEY_BITS_MISMATCH -11 -#define SSH_ERR_EC_CURVE_INVALID -12 -#define SSH_ERR_KEY_TYPE_MISMATCH -13 -#define SSH_ERR_KEY_TYPE_UNKNOWN -14 /* XXX UNSUPPORTED? */ -#define SSH_ERR_EC_CURVE_MISMATCH -15 -#define SSH_ERR_EXPECTED_CERT -16 -#define SSH_ERR_KEY_LACKS_CERTBLOB -17 -#define SSH_ERR_KEY_CERT_UNKNOWN_TYPE -18 -#define SSH_ERR_KEY_CERT_INVALID_SIGN_KEY -19 -#define SSH_ERR_KEY_INVALID_EC_VALUE -20 -#define SSH_ERR_SIGNATURE_INVALID -21 -#define SSH_ERR_LIBCRYPTO_ERROR -22 -#define SSH_ERR_UNEXPECTED_TRAILING_DATA -23 -#define SSH_ERR_SYSTEM_ERROR -24 -#define SSH_ERR_KEY_CERT_INVALID -25 -#define SSH_ERR_AGENT_COMMUNICATION -26 -#define SSH_ERR_AGENT_FAILURE -27 -#define SSH_ERR_DH_GEX_OUT_OF_RANGE -28 -#define SSH_ERR_DISCONNECTED -29 -#define SSH_ERR_MAC_INVALID -30 -#define SSH_ERR_NO_CIPHER_ALG_MATCH -31 -#define SSH_ERR_NO_MAC_ALG_MATCH -32 -#define SSH_ERR_NO_COMPRESS_ALG_MATCH -33 -#define SSH_ERR_NO_KEX_ALG_MATCH -34 -#define SSH_ERR_NO_HOSTKEY_ALG_MATCH -35 -#define SSH_ERR_NO_HOSTKEY_LOADED -36 -#define SSH_ERR_PROTOCOL_MISMATCH -37 -#define SSH_ERR_NO_PROTOCOL_VERSION -38 -#define SSH_ERR_NEED_REKEY -39 -#define SSH_ERR_PASSPHRASE_TOO_SHORT -40 -#define SSH_ERR_FILE_CHANGED -41 -#define SSH_ERR_KEY_UNKNOWN_CIPHER -42 -#define SSH_ERR_KEY_WRONG_PASSPHRASE -43 -#define SSH_ERR_KEY_BAD_PERMISSIONS -44 -#define SSH_ERR_KEY_CERT_MISMATCH -45 -#define SSH_ERR_KEY_NOT_FOUND -46 -#define SSH_ERR_AGENT_NOT_PRESENT -47 -#define SSH_ERR_AGENT_NO_IDENTITIES -48 -#define SSH_ERR_BUFFER_READ_ONLY -49 -#define SSH_ERR_KRL_BAD_MAGIC -50 -#define SSH_ERR_KEY_REVOKED -51 -#define SSH_ERR_CONN_CLOSED -52 -#define SSH_ERR_CONN_TIMEOUT -53 -#define SSH_ERR_CONN_CORRUPT -54 -#define SSH_ERR_PROTOCOL_ERROR -55 -#define SSH_ERR_KEY_LENGTH -56 -#define SSH_ERR_NUMBER_TOO_LARGE -57 -#define SSH_ERR_SIGN_ALG_UNSUPPORTED -58 - -/* Translate a numeric error code to a human-readable error string */ -const char *ssh_err(int n); - -#endif /* _SSHERR_H */ diff --git a/ssh_keygen_110/sshkey-xmss.h b/ssh_keygen_110/sshkey-xmss.h deleted file mode 100644 index b9f8ead1..00000000 --- a/ssh_keygen_110/sshkey-xmss.h +++ /dev/null @@ -1,56 +0,0 @@ -/* $OpenBSD: sshkey-xmss.h,v 1.1 2018/02/23 15:58:38 markus Exp $ */ -/* - * Copyright (c) 2017 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef SSHKEY_XMSS_H -#define SSHKEY_XMSS_H - -#define XMSS_SHA2_256_W16_H10_NAME "XMSS_SHA2-256_W16_H10" -#define XMSS_SHA2_256_W16_H16_NAME "XMSS_SHA2-256_W16_H16" -#define XMSS_SHA2_256_W16_H20_NAME "XMSS_SHA2-256_W16_H20" -#define XMSS_DEFAULT_NAME XMSS_SHA2_256_W16_H10_NAME - -size_t sshkey_xmss_pklen(const struct sshkey *); -size_t sshkey_xmss_sklen(const struct sshkey *); -int sshkey_xmss_init(struct sshkey *, const char *); -void sshkey_xmss_free_state(struct sshkey *); -int sshkey_xmss_generate_private_key(struct sshkey *, u_int); -int sshkey_xmss_serialize_state(const struct sshkey *, struct sshbuf *); -int sshkey_xmss_serialize_state_opt(const struct sshkey *, struct sshbuf *, - enum sshkey_serialize_rep); -int sshkey_xmss_serialize_pk_info(const struct sshkey *, struct sshbuf *, - enum sshkey_serialize_rep); -int sshkey_xmss_deserialize_state(struct sshkey *, struct sshbuf *); -int sshkey_xmss_deserialize_state_opt(struct sshkey *, struct sshbuf *); -int sshkey_xmss_deserialize_pk_info(struct sshkey *, struct sshbuf *); - -int sshkey_xmss_siglen(const struct sshkey *, size_t *); -void *sshkey_xmss_params(const struct sshkey *); -void *sshkey_xmss_bds_state(const struct sshkey *); -int sshkey_xmss_get_state(const struct sshkey *, sshkey_printfn *); -int sshkey_xmss_enable_maxsign(struct sshkey *, u_int32_t); -int sshkey_xmss_forward_state(const struct sshkey *, u_int32_t); -int sshkey_xmss_update_state(const struct sshkey *, sshkey_printfn *); -u_int32_t sshkey_xmss_signatures_left(const struct sshkey *); - -#endif /* SSHKEY_XMSS_H */ diff --git a/ssh_keygen_110/sshkey.c b/ssh_keygen_110/sshkey.c deleted file mode 100644 index 5098a3eb..00000000 --- a/ssh_keygen_110/sshkey.c +++ /dev/null @@ -1,4163 +0,0 @@ -/* $OpenBSD: sshkey.c,v 1.72 2018/10/11 00:52:46 djm Exp $ */ -/* - * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. - * Copyright (c) 2008 Alexander von Gernler. All rights reserved. - * Copyright (c) 2010,2011 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include - -#ifdef WITH_OPENSSL -#include -#include -#include -#endif - -#include "crypto_api.h" - -#include -#include -#include -#include -#include -#ifdef HAVE_UTIL_H -#include -#endif /* HAVE_UTIL_H */ - -#include "ssh2.h" -#include "ssherr.h" -#include "misc.h" -#include "sshbuf.h" -#include "cipher.h" -#include "digest.h" -#define SSHKEY_INTERNAL -#include "sshkey.h" -#include "sshkey-xmss.h" -#include "match.h" - -#include "xmss_fast.h" - -#include "openbsd-compat/openssl-compat.h" - -/* openssh private key file format */ -#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n" -#define MARK_END "-----END OPENSSH PRIVATE KEY-----\n" -#define MARK_BEGIN_LEN (sizeof(MARK_BEGIN) - 1) -#define MARK_END_LEN (sizeof(MARK_END) - 1) -#define KDFNAME "bcrypt" -#define AUTH_MAGIC "openssh-key-v1" -#define SALT_LEN 16 -#define DEFAULT_CIPHERNAME "aes256-ctr" -#define DEFAULT_ROUNDS 16 - -/* Version identification string for SSH v1 identity files. */ -#define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n" - -int sshkey_private_serialize_opt(const struct sshkey *key, - struct sshbuf *buf, enum sshkey_serialize_rep); -static int sshkey_from_blob_internal(struct sshbuf *buf, - struct sshkey **keyp, int allow_cert); -static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep); - -/* Supported key types */ -struct keytype { - const char *name; - const char *shortname; - const char *sigalg; - int type; - int nid; - int cert; - int sigonly; -}; -static const struct keytype keytypes[] = { - { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 }, - { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL, - KEY_ED25519_CERT, 0, 1, 0 }, -#ifdef WITH_XMSS - { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 }, - { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL, - KEY_XMSS_CERT, 0, 1, 0 }, -#endif /* WITH_XMSS */ -#ifdef WITH_OPENSSL - { "ssh-rsa", "RSA", NULL, KEY_RSA, 0, 0, 0 }, - { "rsa-sha2-256", "RSA", NULL, KEY_RSA, 0, 0, 1 }, - { "rsa-sha2-512", "RSA", NULL, KEY_RSA, 0, 0, 1 }, - { "ssh-dss", "DSA", NULL, KEY_DSA, 0, 0, 0 }, -# ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256", "ECDSA", NULL, - KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, - { "ecdsa-sha2-nistp384", "ECDSA", NULL, - KEY_ECDSA, NID_secp384r1, 0, 0 }, -# ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521", "ECDSA", NULL, - KEY_ECDSA, NID_secp521r1, 0, 0 }, -# endif /* OPENSSL_HAS_NISTP521 */ -# endif /* OPENSSL_HAS_ECC */ - { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, - KEY_RSA_CERT, 0, 1, 0 }, - { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT", - "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, - { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT", - "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, - { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL, - KEY_DSA_CERT, 0, 1, 0 }, -# ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, - { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, -# ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, -# endif /* OPENSSL_HAS_NISTP521 */ -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - { NULL, NULL, NULL, -1, -1, 0, 0 } -}; - -const char * -sshkey_type(const struct sshkey *k) -{ - const struct keytype *kt; - - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == k->type) - return kt->shortname; - } - return "unknown"; -} - -static const char * -sshkey_ssh_name_from_type_nid(int type, int nid) -{ - const struct keytype *kt; - - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == type && (kt->nid == 0 || kt->nid == nid)) - return kt->name; - } - return "ssh-unknown"; -} - -int -sshkey_type_is_cert(int type) -{ - const struct keytype *kt; - - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == type) - return kt->cert; - } - return 0; -} - -const char * -sshkey_ssh_name(const struct sshkey *k) -{ - return sshkey_ssh_name_from_type_nid(k->type, k->ecdsa_nid); -} - -const char * -sshkey_ssh_name_plain(const struct sshkey *k) -{ - return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type), - k->ecdsa_nid); -} - -int -sshkey_type_from_name(const char *name) -{ - const struct keytype *kt; - - for (kt = keytypes; kt->type != -1; kt++) { - /* Only allow shortname matches for plain key types */ - if ((kt->name != NULL && strcmp(name, kt->name) == 0) || - (!kt->cert && strcasecmp(kt->shortname, name) == 0)) - return kt->type; - } - return KEY_UNSPEC; -} - -int -sshkey_ecdsa_nid_from_name(const char *name) -{ - const struct keytype *kt; - - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT) - continue; - if (kt->name != NULL && strcmp(name, kt->name) == 0) - return kt->nid; - } - return -1; -} - -char * -sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) -{ - char *tmp, *ret = NULL; - size_t nlen, rlen = 0; - const struct keytype *kt; - - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL) - continue; - if (!include_sigonly && kt->sigonly) - continue; - if ((certs_only && !kt->cert) || (plain_only && kt->cert)) - continue; - if (ret != NULL) - ret[rlen++] = sep; - nlen = strlen(kt->name); - if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { - free(ret); - return NULL; - } - ret = tmp; - memcpy(ret + rlen, kt->name, nlen + 1); - rlen += nlen; - } - return ret; -} - -int -sshkey_names_valid2(const char *names, int allow_wildcard) -{ - char *s, *cp, *p; - const struct keytype *kt; - int type; - - if (names == NULL || strcmp(names, "") == 0) - return 0; - if ((s = cp = strdup(names)) == NULL) - return 0; - for ((p = strsep(&cp, ",")); p && *p != '\0'; - (p = strsep(&cp, ","))) { - type = sshkey_type_from_name(p); - if (type == KEY_UNSPEC) { - if (allow_wildcard) { - /* - * Try matching key types against the string. - * If any has a positive or negative match then - * the component is accepted. - */ - for (kt = keytypes; kt->type != -1; kt++) { - if (match_pattern_list(kt->name, - p, 0) != 0) - break; - } - if (kt->type != -1) - continue; - } - free(s); - return 0; - } - } - free(s); - return 1; -} - -u_int -sshkey_size(const struct sshkey *k) -{ -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *dsa_p; -#endif /* WITH_OPENSSL */ - - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: - if (k->rsa == NULL) - return 0; - RSA_get0_key(k->rsa, &rsa_n, NULL, NULL); - return BN_num_bits(rsa_n); - case KEY_DSA: - case KEY_DSA_CERT: - if (k->dsa == NULL) - return 0; - DSA_get0_pqg(k->dsa, &dsa_p, NULL, NULL); - return BN_num_bits(dsa_p); - case KEY_ECDSA: - case KEY_ECDSA_CERT: - return sshkey_curve_nid_to_bits(k->ecdsa_nid); -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - case KEY_XMSS: - case KEY_XMSS_CERT: - return 256; /* XXX */ - } - return 0; -} - -static int -sshkey_type_is_valid_ca(int type) -{ - switch (type) { - case KEY_RSA: - case KEY_DSA: - case KEY_ECDSA: - case KEY_ED25519: - case KEY_XMSS: - return 1; - default: - return 0; - } -} - -int -sshkey_is_cert(const struct sshkey *k) -{ - if (k == NULL) - return 0; - return sshkey_type_is_cert(k->type); -} - -/* Return the cert-less equivalent to a certified key type */ -int -sshkey_type_plain(int type) -{ - switch (type) { - case KEY_RSA_CERT: - return KEY_RSA; - case KEY_DSA_CERT: - return KEY_DSA; - case KEY_ECDSA_CERT: - return KEY_ECDSA; - case KEY_ED25519_CERT: - return KEY_ED25519; - case KEY_XMSS_CERT: - return KEY_XMSS; - default: - return type; - } -} - -#ifdef WITH_OPENSSL -/* XXX: these are really begging for a table-driven approach */ -int -sshkey_curve_name_to_nid(const char *name) -{ - if (strcmp(name, "nistp256") == 0) - return NID_X9_62_prime256v1; - else if (strcmp(name, "nistp384") == 0) - return NID_secp384r1; -# ifdef OPENSSL_HAS_NISTP521 - else if (strcmp(name, "nistp521") == 0) - return NID_secp521r1; -# endif /* OPENSSL_HAS_NISTP521 */ - else - return -1; -} - -u_int -sshkey_curve_nid_to_bits(int nid) -{ - switch (nid) { - case NID_X9_62_prime256v1: - return 256; - case NID_secp384r1: - return 384; -# ifdef OPENSSL_HAS_NISTP521 - case NID_secp521r1: - return 521; -# endif /* OPENSSL_HAS_NISTP521 */ - default: - return 0; - } -} - -int -sshkey_ecdsa_bits_to_nid(int bits) -{ - switch (bits) { - case 256: - return NID_X9_62_prime256v1; - case 384: - return NID_secp384r1; -# ifdef OPENSSL_HAS_NISTP521 - case 521: - return NID_secp521r1; -# endif /* OPENSSL_HAS_NISTP521 */ - default: - return -1; - } -} - -const char * -sshkey_curve_nid_to_name(int nid) -{ - switch (nid) { - case NID_X9_62_prime256v1: - return "nistp256"; - case NID_secp384r1: - return "nistp384"; -# ifdef OPENSSL_HAS_NISTP521 - case NID_secp521r1: - return "nistp521"; -# endif /* OPENSSL_HAS_NISTP521 */ - default: - return NULL; - } -} - -int -sshkey_ec_nid_to_hash_alg(int nid) -{ - int kbits = sshkey_curve_nid_to_bits(nid); - - if (kbits <= 0) - return -1; - - /* RFC5656 section 6.2.1 */ - if (kbits <= 256) - return SSH_DIGEST_SHA256; - else if (kbits <= 384) - return SSH_DIGEST_SHA384; - else - return SSH_DIGEST_SHA512; -} -#endif /* WITH_OPENSSL */ - -static void -cert_free(struct sshkey_cert *cert) -{ - u_int i; - - if (cert == NULL) - return; - sshbuf_free(cert->certblob); - sshbuf_free(cert->critical); - sshbuf_free(cert->extensions); - free(cert->key_id); - for (i = 0; i < cert->nprincipals; i++) - free(cert->principals[i]); - free(cert->principals); - sshkey_free(cert->signature_key); - free(cert->signature_type); - freezero(cert, sizeof(*cert)); -} - -static struct sshkey_cert * -cert_new(void) -{ - struct sshkey_cert *cert; - - if ((cert = calloc(1, sizeof(*cert))) == NULL) - return NULL; - if ((cert->certblob = sshbuf_new()) == NULL || - (cert->critical = sshbuf_new()) == NULL || - (cert->extensions = sshbuf_new()) == NULL) { - cert_free(cert); - return NULL; - } - cert->key_id = NULL; - cert->principals = NULL; - cert->signature_key = NULL; - cert->signature_type = NULL; - return cert; -} - -struct sshkey * -sshkey_new(int type) -{ - struct sshkey *k; -#ifdef WITH_OPENSSL - RSA *rsa; - DSA *dsa; -#endif /* WITH_OPENSSL */ - - if ((k = calloc(1, sizeof(*k))) == NULL) - return NULL; - k->type = type; - k->ecdsa = NULL; - k->ecdsa_nid = -1; - k->dsa = NULL; - k->rsa = NULL; - k->cert = NULL; - k->ed25519_sk = NULL; - k->ed25519_pk = NULL; - k->xmss_sk = NULL; - k->xmss_pk = NULL; - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: - if ((rsa = RSA_new()) == NULL) { - free(k); - return NULL; - } - k->rsa = rsa; - break; - case KEY_DSA: - case KEY_DSA_CERT: - if ((dsa = DSA_new()) == NULL) { - free(k); - return NULL; - } - k->dsa = dsa; - break; - case KEY_ECDSA: - case KEY_ECDSA_CERT: - /* Cannot do anything until we know the group */ - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - case KEY_XMSS: - case KEY_XMSS_CERT: - /* no need to prealloc */ - break; - case KEY_UNSPEC: - break; - default: - free(k); - return NULL; - } - - if (sshkey_is_cert(k)) { - if ((k->cert = cert_new()) == NULL) { - sshkey_free(k); - return NULL; - } - } - - return k; -} - -void -sshkey_free(struct sshkey *k) -{ - if (k == NULL) - return; - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: - RSA_free(k->rsa); - k->rsa = NULL; - break; - case KEY_DSA: - case KEY_DSA_CERT: - DSA_free(k->dsa); - k->dsa = NULL; - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - EC_KEY_free(k->ecdsa); - k->ecdsa = NULL; - break; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - freezero(k->ed25519_pk, ED25519_PK_SZ); - k->ed25519_pk = NULL; - freezero(k->ed25519_sk, ED25519_SK_SZ); - k->ed25519_sk = NULL; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - freezero(k->xmss_pk, sshkey_xmss_pklen(k)); - k->xmss_pk = NULL; - freezero(k->xmss_sk, sshkey_xmss_sklen(k)); - k->xmss_sk = NULL; - sshkey_xmss_free_state(k); - free(k->xmss_name); - k->xmss_name = NULL; - free(k->xmss_filename); - k->xmss_filename = NULL; - break; -#endif /* WITH_XMSS */ - case KEY_UNSPEC: - break; - default: - break; - } - if (sshkey_is_cert(k)) - cert_free(k->cert); - freezero(k, sizeof(*k)); -} - -static int -cert_compare(struct sshkey_cert *a, struct sshkey_cert *b) -{ - if (a == NULL && b == NULL) - return 1; - if (a == NULL || b == NULL) - return 0; - if (sshbuf_len(a->certblob) != sshbuf_len(b->certblob)) - return 0; - if (timingsafe_bcmp(sshbuf_ptr(a->certblob), sshbuf_ptr(b->certblob), - sshbuf_len(a->certblob)) != 0) - return 0; - return 1; -} - -/* - * Compare public portions of key only, allowing comparisons between - * certificates and plain keys too. - */ -int -sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) -{ -#if defined(WITH_OPENSSL) - const BIGNUM *rsa_e_a, *rsa_n_a; - const BIGNUM *rsa_e_b, *rsa_n_b; - const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a; - const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b; -# if defined(OPENSSL_HAS_ECC) - BN_CTX *bnctx; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - - if (a == NULL || b == NULL || - sshkey_type_plain(a->type) != sshkey_type_plain(b->type)) - return 0; - - switch (a->type) { -#ifdef WITH_OPENSSL - case KEY_RSA_CERT: - case KEY_RSA: - if (a->rsa == NULL || b->rsa == NULL) - return 0; - RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL); - RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL); - return BN_cmp(rsa_e_a, rsa_e_b) == 0 && - BN_cmp(rsa_n_a, rsa_n_b) == 0; - case KEY_DSA_CERT: - case KEY_DSA: - if (a->dsa == NULL || b->dsa == NULL) - return 0; - DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a); - DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b); - DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL); - DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL); - return BN_cmp(dsa_p_a, dsa_p_b) == 0 && - BN_cmp(dsa_q_a, dsa_q_b) == 0 && - BN_cmp(dsa_g_a, dsa_g_b) == 0 && - BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - if (a->ecdsa == NULL || b->ecdsa == NULL || - EC_KEY_get0_public_key(a->ecdsa) == NULL || - EC_KEY_get0_public_key(b->ecdsa) == NULL) - return 0; - if ((bnctx = BN_CTX_new()) == NULL) - return 0; - if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa), - EC_KEY_get0_group(b->ecdsa), bnctx) != 0 || - EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa), - EC_KEY_get0_public_key(a->ecdsa), - EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) { - BN_CTX_free(bnctx); - return 0; - } - BN_CTX_free(bnctx); - return 1; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - return a->ed25519_pk != NULL && b->ed25519_pk != NULL && - memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - return a->xmss_pk != NULL && b->xmss_pk != NULL && - sshkey_xmss_pklen(a) == sshkey_xmss_pklen(b) && - memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) == 0; -#endif /* WITH_XMSS */ - default: - return 0; - } - /* NOTREACHED */ -} - -int -sshkey_equal(const struct sshkey *a, const struct sshkey *b) -{ - if (a == NULL || b == NULL || a->type != b->type) - return 0; - if (sshkey_is_cert(a)) { - if (!cert_compare(a->cert, b->cert)) - return 0; - } - return sshkey_equal_public(a, b); -} - -static int -to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, - enum sshkey_serialize_rep opts) -{ - int type, ret = SSH_ERR_INTERNAL_ERROR; - const char *typename; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; -#endif /* WITH_OPENSSL */ - - if (key == NULL) - return SSH_ERR_INVALID_ARGUMENT; - - if (sshkey_is_cert(key)) { - if (key->cert == NULL) - return SSH_ERR_EXPECTED_CERT; - if (sshbuf_len(key->cert->certblob) == 0) - return SSH_ERR_KEY_LACKS_CERTBLOB; - } - type = force_plain ? sshkey_type_plain(key->type) : key->type; - typename = sshkey_ssh_name_from_type_nid(type, key->ecdsa_nid); - - switch (type) { -#ifdef WITH_OPENSSL - case KEY_DSA_CERT: - case KEY_ECDSA_CERT: - case KEY_RSA_CERT: -#endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: -#ifdef WITH_XMSS - case KEY_XMSS_CERT: -#endif /* WITH_XMSS */ - /* Use the existing blob */ - /* XXX modified flag? */ - if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0) - return ret; - break; -#ifdef WITH_OPENSSL - case KEY_DSA: - if (key->dsa == NULL) - return SSH_ERR_INVALID_ARGUMENT; - DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(key->dsa, &dsa_pub_key, NULL); - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_bignum2(b, dsa_p)) != 0 || - (ret = sshbuf_put_bignum2(b, dsa_q)) != 0 || - (ret = sshbuf_put_bignum2(b, dsa_g)) != 0 || - (ret = sshbuf_put_bignum2(b, dsa_pub_key)) != 0) - return ret; - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - if (key->ecdsa == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_cstring(b, - sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || - (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0) - return ret; - break; -# endif - case KEY_RSA: - if (key->rsa == NULL) - return SSH_ERR_INVALID_ARGUMENT; - RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL); - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_bignum2(b, rsa_e)) != 0 || - (ret = sshbuf_put_bignum2(b, rsa_n)) != 0) - return ret; - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - if (key->ed25519_pk == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_string(b, - key->ed25519_pk, ED25519_PK_SZ)) != 0) - return ret; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - if (key->xmss_name == NULL || key->xmss_pk == NULL || - sshkey_xmss_pklen(key) == 0) - return SSH_ERR_INVALID_ARGUMENT; - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_cstring(b, key->xmss_name)) != 0 || - (ret = sshbuf_put_string(b, - key->xmss_pk, sshkey_xmss_pklen(key))) != 0 || - (ret = sshkey_xmss_serialize_pk_info(key, b, opts)) != 0) - return ret; - break; -#endif /* WITH_XMSS */ - default: - return SSH_ERR_KEY_TYPE_UNKNOWN; - } - return 0; -} - -int -sshkey_putb(const struct sshkey *key, struct sshbuf *b) -{ - return to_blob_buf(key, b, 0, SSHKEY_SERIALIZE_DEFAULT); -} - -int -sshkey_puts_opts(const struct sshkey *key, struct sshbuf *b, - enum sshkey_serialize_rep opts) -{ - struct sshbuf *tmp; - int r; - - if ((tmp = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - r = to_blob_buf(key, tmp, 0, opts); - if (r == 0) - r = sshbuf_put_stringb(b, tmp); - sshbuf_free(tmp); - return r; -} - -int -sshkey_puts(const struct sshkey *key, struct sshbuf *b) -{ - return sshkey_puts_opts(key, b, SSHKEY_SERIALIZE_DEFAULT); -} - -int -sshkey_putb_plain(const struct sshkey *key, struct sshbuf *b) -{ - return to_blob_buf(key, b, 1, SSHKEY_SERIALIZE_DEFAULT); -} - -static int -to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain, - enum sshkey_serialize_rep opts) -{ - int ret = SSH_ERR_INTERNAL_ERROR; - size_t len; - struct sshbuf *b = NULL; - - if (lenp != NULL) - *lenp = 0; - if (blobp != NULL) - *blobp = NULL; - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((ret = to_blob_buf(key, b, force_plain, opts)) != 0) - goto out; - len = sshbuf_len(b); - if (lenp != NULL) - *lenp = len; - if (blobp != NULL) { - if ((*blobp = malloc(len)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*blobp, sshbuf_ptr(b), len); - } - ret = 0; - out: - sshbuf_free(b); - return ret; -} - -int -sshkey_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) -{ - return to_blob(key, blobp, lenp, 0, SSHKEY_SERIALIZE_DEFAULT); -} - -int -sshkey_plain_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) -{ - return to_blob(key, blobp, lenp, 1, SSHKEY_SERIALIZE_DEFAULT); -} - -int -sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, - u_char **retp, size_t *lenp) -{ - u_char *blob = NULL, *ret = NULL; - size_t blob_len = 0; - int r = SSH_ERR_INTERNAL_ERROR; - - if (retp != NULL) - *retp = NULL; - if (lenp != NULL) - *lenp = 0; - if (ssh_digest_bytes(dgst_alg) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = to_blob(k, &blob, &blob_len, 1, SSHKEY_SERIALIZE_DEFAULT)) - != 0) - goto out; - if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = ssh_digest_memory(dgst_alg, blob, blob_len, - ret, SSH_DIGEST_MAX_LENGTH)) != 0) - goto out; - /* success */ - if (retp != NULL) { - *retp = ret; - ret = NULL; - } - if (lenp != NULL) - *lenp = ssh_digest_bytes(dgst_alg); - r = 0; - out: - free(ret); - if (blob != NULL) { - explicit_bzero(blob, blob_len); - free(blob); - } - return r; -} - -static char * -fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) -{ - char *ret; - size_t plen = strlen(alg) + 1; - size_t rlen = ((dgst_raw_len + 2) / 3) * 4 + plen + 1; - int r; - - if (dgst_raw_len > 65536 || (ret = calloc(1, rlen)) == NULL) - return NULL; - strlcpy(ret, alg, rlen); - strlcat(ret, ":", rlen); - if (dgst_raw_len == 0) - return ret; - if ((r = b64_ntop(dgst_raw, dgst_raw_len, - ret + plen, rlen - plen)) == -1) { - freezero(ret, rlen); - return NULL; - } - /* Trim padding characters from end */ - ret[strcspn(ret, "=")] = '\0'; - return ret; -} - -static char * -fingerprint_hex(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) -{ - char *retval, hex[5]; - size_t i, rlen = dgst_raw_len * 3 + strlen(alg) + 2; - - if (dgst_raw_len > 65536 || (retval = calloc(1, rlen)) == NULL) - return NULL; - strlcpy(retval, alg, rlen); - strlcat(retval, ":", rlen); - for (i = 0; i < dgst_raw_len; i++) { - snprintf(hex, sizeof(hex), "%s%02x", - i > 0 ? ":" : "", dgst_raw[i]); - strlcat(retval, hex, rlen); - } - return retval; -} - -static char * -fingerprint_bubblebabble(u_char *dgst_raw, size_t dgst_raw_len) -{ - char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; - char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', - 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; - u_int i, j = 0, rounds, seed = 1; - char *retval; - - rounds = (dgst_raw_len / 2) + 1; - if ((retval = calloc(rounds, 6)) == NULL) - return NULL; - retval[j++] = 'x'; - for (i = 0; i < rounds; i++) { - u_int idx0, idx1, idx2, idx3, idx4; - if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) { - idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) + - seed) % 6; - idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15; - idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) + - (seed / 6)) % 6; - retval[j++] = vowels[idx0]; - retval[j++] = consonants[idx1]; - retval[j++] = vowels[idx2]; - if ((i + 1) < rounds) { - idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15; - idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15; - retval[j++] = consonants[idx3]; - retval[j++] = '-'; - retval[j++] = consonants[idx4]; - seed = ((seed * 5) + - ((((u_int)(dgst_raw[2 * i])) * 7) + - ((u_int)(dgst_raw[(2 * i) + 1])))) % 36; - } - } else { - idx0 = seed % 6; - idx1 = 16; - idx2 = seed / 6; - retval[j++] = vowels[idx0]; - retval[j++] = consonants[idx1]; - retval[j++] = vowels[idx2]; - } - } - retval[j++] = 'x'; - retval[j++] = '\0'; - return retval; -} - -/* - * Draw an ASCII-Art representing the fingerprint so human brain can - * profit from its built-in pattern recognition ability. - * This technique is called "random art" and can be found in some - * scientific publications like this original paper: - * - * "Hash Visualization: a New Technique to improve Real-World Security", - * Perrig A. and Song D., 1999, International Workshop on Cryptographic - * Techniques and E-Commerce (CrypTEC '99) - * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf - * - * The subject came up in a talk by Dan Kaminsky, too. - * - * If you see the picture is different, the key is different. - * If the picture looks the same, you still know nothing. - * - * The algorithm used here is a worm crawling over a discrete plane, - * leaving a trace (augmenting the field) everywhere it goes. - * Movement is taken from dgst_raw 2bit-wise. Bumping into walls - * makes the respective movement vector be ignored for this turn. - * Graphs are not unambiguous, because circles in graphs can be - * walked in either direction. - */ - -/* - * Field sizes for the random art. Have to be odd, so the starting point - * can be in the exact middle of the picture, and FLDBASE should be >=8 . - * Else pictures would be too dense, and drawing the frame would - * fail, too, because the key type would not fit in anymore. - */ -#define FLDBASE 8 -#define FLDSIZE_Y (FLDBASE + 1) -#define FLDSIZE_X (FLDBASE * 2 + 1) -static char * -fingerprint_randomart(const char *alg, u_char *dgst_raw, size_t dgst_raw_len, - const struct sshkey *k) -{ - /* - * Chars to be used after each other every time the worm - * intersects with itself. Matter of taste. - */ - char *augmentation_string = " .o+=*BOX@%&#/^SE"; - char *retval, *p, title[FLDSIZE_X], hash[FLDSIZE_X]; - u_char field[FLDSIZE_X][FLDSIZE_Y]; - size_t i, tlen, hlen; - u_int b; - int x, y, r; - size_t len = strlen(augmentation_string) - 1; - - if ((retval = calloc((FLDSIZE_X + 3), (FLDSIZE_Y + 2))) == NULL) - return NULL; - - /* initialize field */ - memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char)); - x = FLDSIZE_X / 2; - y = FLDSIZE_Y / 2; - - /* process raw key */ - for (i = 0; i < dgst_raw_len; i++) { - int input; - /* each byte conveys four 2-bit move commands */ - input = dgst_raw[i]; - for (b = 0; b < 4; b++) { - /* evaluate 2 bit, rest is shifted later */ - x += (input & 0x1) ? 1 : -1; - y += (input & 0x2) ? 1 : -1; - - /* assure we are still in bounds */ - x = MAXIMUM(x, 0); - y = MAXIMUM(y, 0); - x = MINIMUM(x, FLDSIZE_X - 1); - y = MINIMUM(y, FLDSIZE_Y - 1); - - /* augment the field */ - if (field[x][y] < len - 2) - field[x][y]++; - input = input >> 2; - } - } - - /* mark starting point and end point*/ - field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1; - field[x][y] = len; - - /* assemble title */ - r = snprintf(title, sizeof(title), "[%s %u]", - sshkey_type(k), sshkey_size(k)); - /* If [type size] won't fit, then try [type]; fits "[ED25519-CERT]" */ - if (r < 0 || r > (int)sizeof(title)) - r = snprintf(title, sizeof(title), "[%s]", sshkey_type(k)); - tlen = (r <= 0) ? 0 : strlen(title); - - /* assemble hash ID. */ - r = snprintf(hash, sizeof(hash), "[%s]", alg); - hlen = (r <= 0) ? 0 : strlen(hash); - - /* output upper border */ - p = retval; - *p++ = '+'; - for (i = 0; i < (FLDSIZE_X - tlen) / 2; i++) - *p++ = '-'; - memcpy(p, title, tlen); - p += tlen; - for (i += tlen; i < FLDSIZE_X; i++) - *p++ = '-'; - *p++ = '+'; - *p++ = '\n'; - - /* output content */ - for (y = 0; y < FLDSIZE_Y; y++) { - *p++ = '|'; - for (x = 0; x < FLDSIZE_X; x++) - *p++ = augmentation_string[MINIMUM(field[x][y], len)]; - *p++ = '|'; - *p++ = '\n'; - } - - /* output lower border */ - *p++ = '+'; - for (i = 0; i < (FLDSIZE_X - hlen) / 2; i++) - *p++ = '-'; - memcpy(p, hash, hlen); - p += hlen; - for (i += hlen; i < FLDSIZE_X; i++) - *p++ = '-'; - *p++ = '+'; - - return retval; -} - -char * -sshkey_fingerprint(const struct sshkey *k, int dgst_alg, - enum sshkey_fp_rep dgst_rep) -{ - char *retval = NULL; - u_char *dgst_raw; - size_t dgst_raw_len; - - if (sshkey_fingerprint_raw(k, dgst_alg, &dgst_raw, &dgst_raw_len) != 0) - return NULL; - switch (dgst_rep) { - case SSH_FP_DEFAULT: - if (dgst_alg == SSH_DIGEST_MD5) { - retval = fingerprint_hex(ssh_digest_alg_name(dgst_alg), - dgst_raw, dgst_raw_len); - } else { - retval = fingerprint_b64(ssh_digest_alg_name(dgst_alg), - dgst_raw, dgst_raw_len); - } - break; - case SSH_FP_HEX: - retval = fingerprint_hex(ssh_digest_alg_name(dgst_alg), - dgst_raw, dgst_raw_len); - break; - case SSH_FP_BASE64: - retval = fingerprint_b64(ssh_digest_alg_name(dgst_alg), - dgst_raw, dgst_raw_len); - break; - case SSH_FP_BUBBLEBABBLE: - retval = fingerprint_bubblebabble(dgst_raw, dgst_raw_len); - break; - case SSH_FP_RANDOMART: - retval = fingerprint_randomart(ssh_digest_alg_name(dgst_alg), - dgst_raw, dgst_raw_len, k); - break; - default: - explicit_bzero(dgst_raw, dgst_raw_len); - free(dgst_raw); - return NULL; - } - explicit_bzero(dgst_raw, dgst_raw_len); - free(dgst_raw); - return retval; -} - -static int -peek_type_nid(const char *s, size_t l, int *nid) -{ - const struct keytype *kt; - - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || strlen(kt->name) != l) - continue; - if (memcmp(s, kt->name, l) == 0) { - *nid = -1; - if (kt->type == KEY_ECDSA || kt->type == KEY_ECDSA_CERT) - *nid = kt->nid; - return kt->type; - } - } - return KEY_UNSPEC; -} - -/* XXX this can now be made const char * */ -int -sshkey_read(struct sshkey *ret, char **cpp) -{ - struct sshkey *k; - char *cp, *blobcopy; - size_t space; - int r, type, curve_nid = -1; - struct sshbuf *blob; - - if (ret == NULL) - return SSH_ERR_INVALID_ARGUMENT; - - switch (ret->type) { - case KEY_UNSPEC: - case KEY_RSA: - case KEY_DSA: - case KEY_ECDSA: - case KEY_ED25519: - case KEY_DSA_CERT: - case KEY_ECDSA_CERT: - case KEY_RSA_CERT: - case KEY_ED25519_CERT: -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: -#endif /* WITH_XMSS */ - break; /* ok */ - default: - return SSH_ERR_INVALID_ARGUMENT; - } - - /* Decode type */ - cp = *cpp; - space = strcspn(cp, " \t"); - if (space == strlen(cp)) - return SSH_ERR_INVALID_FORMAT; - if ((type = peek_type_nid(cp, space, &curve_nid)) == KEY_UNSPEC) - return SSH_ERR_INVALID_FORMAT; - - /* skip whitespace */ - for (cp += space; *cp == ' ' || *cp == '\t'; cp++) - ; - if (*cp == '\0') - return SSH_ERR_INVALID_FORMAT; - if (ret->type != KEY_UNSPEC && ret->type != type) - return SSH_ERR_KEY_TYPE_MISMATCH; - if ((blob = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - /* find end of keyblob and decode */ - space = strcspn(cp, " \t"); - if ((blobcopy = strndup(cp, space)) == NULL) { - sshbuf_free(blob); - return SSH_ERR_ALLOC_FAIL; - } - if ((r = sshbuf_b64tod(blob, blobcopy)) != 0) { - free(blobcopy); - sshbuf_free(blob); - return r; - } - free(blobcopy); - if ((r = sshkey_fromb(blob, &k)) != 0) { - sshbuf_free(blob); - return r; - } - sshbuf_free(blob); - - /* skip whitespace and leave cp at start of comment */ - for (cp += space; *cp == ' ' || *cp == '\t'; cp++) - ; - - /* ensure type of blob matches type at start of line */ - if (k->type != type) { - sshkey_free(k); - return SSH_ERR_KEY_TYPE_MISMATCH; - } - if (sshkey_type_plain(type) == KEY_ECDSA && curve_nid != k->ecdsa_nid) { - sshkey_free(k); - return SSH_ERR_EC_CURVE_MISMATCH; - } - - /* Fill in ret from parsed key */ - ret->type = type; - if (sshkey_is_cert(ret)) { - if (!sshkey_is_cert(k)) { - sshkey_free(k); - return SSH_ERR_EXPECTED_CERT; - } - if (ret->cert != NULL) - cert_free(ret->cert); - ret->cert = k->cert; - k->cert = NULL; - } - switch (sshkey_type_plain(ret->type)) { -#ifdef WITH_OPENSSL - case KEY_RSA: - RSA_free(ret->rsa); - ret->rsa = k->rsa; - k->rsa = NULL; -#ifdef DEBUG_PK - RSA_print_fp(stderr, ret->rsa, 8); -#endif - break; - case KEY_DSA: - DSA_free(ret->dsa); - ret->dsa = k->dsa; - k->dsa = NULL; -#ifdef DEBUG_PK - DSA_print_fp(stderr, ret->dsa, 8); -#endif - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - EC_KEY_free(ret->ecdsa); - ret->ecdsa = k->ecdsa; - ret->ecdsa_nid = k->ecdsa_nid; - k->ecdsa = NULL; - k->ecdsa_nid = -1; -#ifdef DEBUG_PK - sshkey_dump_ec_key(ret->ecdsa); -#endif - break; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - freezero(ret->ed25519_pk, ED25519_PK_SZ); - ret->ed25519_pk = k->ed25519_pk; - k->ed25519_pk = NULL; -#ifdef DEBUG_PK - /* XXX */ -#endif - break; -#ifdef WITH_XMSS - case KEY_XMSS: - free(ret->xmss_pk); - ret->xmss_pk = k->xmss_pk; - k->xmss_pk = NULL; - free(ret->xmss_state); - ret->xmss_state = k->xmss_state; - k->xmss_state = NULL; - free(ret->xmss_name); - ret->xmss_name = k->xmss_name; - k->xmss_name = NULL; - free(ret->xmss_filename); - ret->xmss_filename = k->xmss_filename; - k->xmss_filename = NULL; -#ifdef DEBUG_PK - /* XXX */ -#endif - break; -#endif /* WITH_XMSS */ - default: - sshkey_free(k); - return SSH_ERR_INTERNAL_ERROR; - } - sshkey_free(k); - - /* success */ - *cpp = cp; - return 0; -} - - -int -sshkey_to_base64(const struct sshkey *key, char **b64p) -{ - int r = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL; - char *uu = NULL; - - if (b64p != NULL) - *b64p = NULL; - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_putb(key, b)) != 0) - goto out; - if ((uu = sshbuf_dtob64(b)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - /* Success */ - if (b64p != NULL) { - *b64p = uu; - uu = NULL; - } - r = 0; - out: - sshbuf_free(b); - free(uu); - return r; -} - -int -sshkey_format_text(const struct sshkey *key, struct sshbuf *b) -{ - int r = SSH_ERR_INTERNAL_ERROR; - char *uu = NULL; - - if ((r = sshkey_to_base64(key, &uu)) != 0) - goto out; - if ((r = sshbuf_putf(b, "%s %s", - sshkey_ssh_name(key), uu)) != 0) - goto out; - r = 0; - out: - free(uu); - return r; -} - -int -sshkey_write(const struct sshkey *key, FILE *f) -{ - struct sshbuf *b = NULL; - int r = SSH_ERR_INTERNAL_ERROR; - - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_format_text(key, b)) != 0) - goto out; - if (fwrite(sshbuf_ptr(b), sshbuf_len(b), 1, f) != 1) { - if (feof(f)) - errno = EPIPE; - r = SSH_ERR_SYSTEM_ERROR; - goto out; - } - /* Success */ - r = 0; - out: - sshbuf_free(b); - return r; -} - -const char * -sshkey_cert_type(const struct sshkey *k) -{ - switch (k->cert->type) { - case SSH2_CERT_TYPE_USER: - return "user"; - case SSH2_CERT_TYPE_HOST: - return "host"; - default: - return "unknown"; - } -} - -#ifdef WITH_OPENSSL -static int -rsa_generate_private_key(u_int bits, RSA **rsap) -{ - RSA *private = NULL; - BIGNUM *f4 = NULL; - int ret = SSH_ERR_INTERNAL_ERROR; - - if (rsap == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || - bits > SSHBUF_MAX_BIGNUM * 8) - return SSH_ERR_KEY_LENGTH; - *rsap = NULL; - if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (!BN_set_word(f4, RSA_F4) || - !RSA_generate_key_ex(private, bits, f4, NULL)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - *rsap = private; - private = NULL; - ret = 0; - out: - RSA_free(private); - BN_free(f4); - return ret; -} - -static int -dsa_generate_private_key(u_int bits, DSA **dsap) -{ - DSA *private; - int ret = SSH_ERR_INTERNAL_ERROR; - - if (dsap == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (bits != 1024) - return SSH_ERR_KEY_LENGTH; - if ((private = DSA_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - *dsap = NULL; - if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, - NULL, NULL) || !DSA_generate_key(private)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - *dsap = private; - private = NULL; - ret = 0; - out: - DSA_free(private); - return ret; -} - -# ifdef OPENSSL_HAS_ECC -int -sshkey_ecdsa_key_to_nid(EC_KEY *k) -{ - EC_GROUP *eg; - int nids[] = { - NID_X9_62_prime256v1, - NID_secp384r1, -# ifdef OPENSSL_HAS_NISTP521 - NID_secp521r1, -# endif /* OPENSSL_HAS_NISTP521 */ - -1 - }; - int nid; - u_int i; - BN_CTX *bnctx; - const EC_GROUP *g = EC_KEY_get0_group(k); - - /* - * The group may be stored in a ASN.1 encoded private key in one of two - * ways: as a "named group", which is reconstituted by ASN.1 object ID - * or explicit group parameters encoded into the key blob. Only the - * "named group" case sets the group NID for us, but we can figure - * it out for the other case by comparing against all the groups that - * are supported. - */ - if ((nid = EC_GROUP_get_curve_name(g)) > 0) - return nid; - if ((bnctx = BN_CTX_new()) == NULL) - return -1; - for (i = 0; nids[i] != -1; i++) { - if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) { - BN_CTX_free(bnctx); - return -1; - } - if (EC_GROUP_cmp(g, eg, bnctx) == 0) - break; - EC_GROUP_free(eg); - } - BN_CTX_free(bnctx); - if (nids[i] != -1) { - /* Use the group with the NID attached */ - EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); - if (EC_KEY_set_group(k, eg) != 1) { - EC_GROUP_free(eg); - return -1; - } - } - return nids[i]; -} - -static int -ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) -{ - EC_KEY *private; - int ret = SSH_ERR_INTERNAL_ERROR; - - if (nid == NULL || ecdsap == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) - return SSH_ERR_KEY_LENGTH; - *ecdsap = NULL; - if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EC_KEY_generate_key(private) != 1) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); - *ecdsap = private; - private = NULL; - ret = 0; - out: - EC_KEY_free(private); - return ret; -} -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - -int -sshkey_generate(int type, u_int bits, struct sshkey **keyp) -{ - struct sshkey *k; - int ret = SSH_ERR_INTERNAL_ERROR; - - if (keyp == NULL) - return SSH_ERR_INVALID_ARGUMENT; - *keyp = NULL; - if ((k = sshkey_new(KEY_UNSPEC)) == NULL) - return SSH_ERR_ALLOC_FAIL; - switch (type) { - case KEY_ED25519: - if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL || - (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - break; - } - crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); - ret = 0; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - ret = sshkey_xmss_generate_private_key(k, bits); - break; -#endif /* WITH_XMSS */ -#ifdef WITH_OPENSSL - case KEY_DSA: - ret = dsa_generate_private_key(bits, &k->dsa); - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - ret = ecdsa_generate_private_key(bits, &k->ecdsa_nid, - &k->ecdsa); - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - ret = rsa_generate_private_key(bits, &k->rsa); - break; -#endif /* WITH_OPENSSL */ - default: - ret = SSH_ERR_INVALID_ARGUMENT; - } - if (ret == 0) { - k->type = type; - *keyp = k; - } else - sshkey_free(k); - return ret; -} - -int -sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) -{ - u_int i; - const struct sshkey_cert *from; - struct sshkey_cert *to; - int r = SSH_ERR_INTERNAL_ERROR; - - if (to_key == NULL || (from = from_key->cert) == NULL) - return SSH_ERR_INVALID_ARGUMENT; - - if ((to = cert_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - if ((r = sshbuf_putb(to->certblob, from->certblob)) != 0 || - (r = sshbuf_putb(to->critical, from->critical)) != 0 || - (r = sshbuf_putb(to->extensions, from->extensions)) != 0) - goto out; - - to->serial = from->serial; - to->type = from->type; - if (from->key_id == NULL) - to->key_id = NULL; - else if ((to->key_id = strdup(from->key_id)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - to->valid_after = from->valid_after; - to->valid_before = from->valid_before; - if (from->signature_key == NULL) - to->signature_key = NULL; - else if ((r = sshkey_from_private(from->signature_key, - &to->signature_key)) != 0) - goto out; - if (from->signature_type != NULL && - (to->signature_type = strdup(from->signature_type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if (from->nprincipals > 0) { - if ((to->principals = calloc(from->nprincipals, - sizeof(*to->principals))) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - for (i = 0; i < from->nprincipals; i++) { - to->principals[i] = strdup(from->principals[i]); - if (to->principals[i] == NULL) { - to->nprincipals = i; - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - } - } - to->nprincipals = from->nprincipals; - - /* success */ - cert_free(to_key->cert); - to_key->cert = to; - to = NULL; - r = 0; - out: - cert_free(to); - return r; -} - -int -sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) -{ - struct sshkey *n = NULL; - int r = SSH_ERR_INTERNAL_ERROR; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e; - BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL; - const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; - BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL; - BIGNUM *dsa_pub_key_dup = NULL; -#endif /* WITH_OPENSSL */ - - *pkp = NULL; - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_DSA: - case KEY_DSA_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(k->dsa, &dsa_pub_key, NULL); - if ((dsa_p_dup = BN_dup(dsa_p)) == NULL || - (dsa_q_dup = BN_dup(dsa_q)) == NULL || - (dsa_g_dup = BN_dup(dsa_g)) == NULL || - (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (!DSA_set0_pqg(n->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */ - if (!DSA_set0_key(n->dsa, dsa_pub_key_dup, NULL)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_pub_key_dup = NULL; /* transferred */ - - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - n->ecdsa_nid = k->ecdsa_nid; - n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); - if (n->ecdsa == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EC_KEY_set_public_key(n->ecdsa, - EC_KEY_get0_public_key(k->ecdsa)) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - case KEY_RSA_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); - if ((rsa_n_dup = BN_dup(rsa_n)) == NULL || - (rsa_e_dup = BN_dup(rsa_e)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (!RSA_set0_key(n->rsa, rsa_n_dup, rsa_e_dup, NULL)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_n_dup = rsa_e_dup = NULL; /* transferred */ - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (k->ed25519_pk != NULL) { - if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); - } - break; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0) - goto out; - if (k->xmss_pk != NULL) { - size_t pklen = sshkey_xmss_pklen(k); - if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } - if ((n->xmss_pk = malloc(pklen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(n->xmss_pk, k->xmss_pk, pklen); - } - break; -#endif /* WITH_XMSS */ - default: - r = SSH_ERR_KEY_TYPE_UNKNOWN; - goto out; - } - if (sshkey_is_cert(k) && (r = sshkey_cert_copy(k, n)) != 0) - goto out; - /* success */ - *pkp = n; - n = NULL; - r = 0; - out: - sshkey_free(n); -#ifdef WITH_OPENSSL - BN_clear_free(rsa_n_dup); - BN_clear_free(rsa_e_dup); - BN_clear_free(dsa_p_dup); - BN_clear_free(dsa_q_dup); - BN_clear_free(dsa_g_dup); - BN_clear_free(dsa_pub_key_dup); -#endif - - return r; -} - -static int -cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) -{ - struct sshbuf *principals = NULL, *crit = NULL; - struct sshbuf *exts = NULL, *ca = NULL; - u_char *sig = NULL; - size_t signed_len = 0, slen = 0, kidlen = 0; - int ret = SSH_ERR_INTERNAL_ERROR; - - /* Copy the entire key blob for verification and later serialisation */ - if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0) - return ret; - - /* Parse body of certificate up to signature */ - if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 || - (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 || - (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 || - (ret = sshbuf_froms(b, &principals)) != 0 || - (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 || - (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 || - (ret = sshbuf_froms(b, &crit)) != 0 || - (ret = sshbuf_froms(b, &exts)) != 0 || - (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 || - (ret = sshbuf_froms(b, &ca)) != 0) { - /* XXX debug print error for ret */ - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - - /* Signature is left in the buffer so we can calculate this length */ - signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b); - - if ((ret = sshbuf_get_string(b, &sig, &slen)) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - - if (key->cert->type != SSH2_CERT_TYPE_USER && - key->cert->type != SSH2_CERT_TYPE_HOST) { - ret = SSH_ERR_KEY_CERT_UNKNOWN_TYPE; - goto out; - } - - /* Parse principals section */ - while (sshbuf_len(principals) > 0) { - char *principal = NULL; - char **oprincipals = NULL; - - if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((ret = sshbuf_get_cstring(principals, &principal, - NULL)) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - oprincipals = key->cert->principals; - key->cert->principals = recallocarray(key->cert->principals, - key->cert->nprincipals, key->cert->nprincipals + 1, - sizeof(*key->cert->principals)); - if (key->cert->principals == NULL) { - free(principal); - key->cert->principals = oprincipals; - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - key->cert->principals[key->cert->nprincipals++] = principal; - } - - /* - * Stash a copies of the critical options and extensions sections - * for later use. - */ - if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 || - (exts != NULL && - (ret = sshbuf_putb(key->cert->extensions, exts)) != 0)) - goto out; - - /* - * Validate critical options and extensions sections format. - */ - while (sshbuf_len(crit) != 0) { - if ((ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0 || - (ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0) { - sshbuf_reset(key->cert->critical); - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - while (exts != NULL && sshbuf_len(exts) != 0) { - if ((ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0 || - (ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0) { - sshbuf_reset(key->cert->extensions); - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - - /* Parse CA key and check signature */ - if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) { - ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; - goto out; - } - if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) { - ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; - goto out; - } - if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, - sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) - goto out; - if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0) - goto out; - - /* Success */ - ret = 0; - out: - sshbuf_free(ca); - sshbuf_free(crit); - sshbuf_free(exts); - sshbuf_free(principals); - free(sig); - return ret; -} - -#ifdef WITH_OPENSSL -static int -check_rsa_length(const RSA *rsa) -{ - const BIGNUM *rsa_n; - - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) - return SSH_ERR_KEY_LENGTH; - return 0; -} -#endif - -static int -sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, - int allow_cert) -{ - int type, ret = SSH_ERR_INTERNAL_ERROR; - char *ktype = NULL, *curve = NULL, *xmss_name = NULL; - struct sshkey *key = NULL; - size_t len; - u_char *pk = NULL; - struct sshbuf *copy; -#if defined(WITH_OPENSSL) - BIGNUM *rsa_n = NULL, *rsa_e = NULL; - BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL; -# if defined(OPENSSL_HAS_ECC) - EC_POINT *q = NULL; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - -#ifdef DEBUG_PK /* XXX */ - sshbuf_dump(b, stderr); -#endif - if (keyp != NULL) - *keyp = NULL; - if ((copy = sshbuf_fromb(b)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - - type = sshkey_type_from_name(ktype); - if (!allow_cert && sshkey_type_is_cert(type)) { - ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; - goto out; - } - switch (type) { -#ifdef WITH_OPENSSL - case KEY_RSA_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ - case KEY_RSA: - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((rsa_e = BN_new()) == NULL || - (rsa_n = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_bignum2(b, rsa_e) != 0 || - sshbuf_get_bignum2(b, rsa_n) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_n = rsa_e = NULL; /* transferred */ - if ((ret = check_rsa_length(key->rsa)) != 0) - goto out; -#ifdef DEBUG_PK - RSA_print_fp(stderr, key->rsa, 8); -#endif - break; - case KEY_DSA_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ - case KEY_DSA: - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((dsa_p = BN_new()) == NULL || - (dsa_q = BN_new()) == NULL || - (dsa_g = BN_new()) == NULL || - (dsa_pub_key = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_bignum2(b, dsa_p) != 0 || - sshbuf_get_bignum2(b, dsa_q) != 0 || - sshbuf_get_bignum2(b, dsa_g) != 0 || - sshbuf_get_bignum2(b, dsa_pub_key) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_p = dsa_q = dsa_g = NULL; /* transferred */ - if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_pub_key = NULL; /* transferred */ -#ifdef DEBUG_PK - DSA_print_fp(stderr, key->dsa, 8); -#endif - break; - case KEY_ECDSA_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - key->ecdsa_nid = sshkey_ecdsa_nid_from_name(ktype); - if (sshbuf_get_cstring(b, &curve, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (key->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { - ret = SSH_ERR_EC_CURVE_MISMATCH; - goto out; - } - EC_KEY_free(key->ecdsa); - if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) - == NULL) { - ret = SSH_ERR_EC_CURVE_INVALID; - goto out; - } - if ((q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa)) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), - q) != 0) { - ret = SSH_ERR_KEY_INVALID_EC_VALUE; - goto out; - } - if (EC_KEY_set_public_key(key->ecdsa, q) != 1) { - /* XXX assume it is a allocation error */ - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -#ifdef DEBUG_PK - sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); -#endif - break; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ - case KEY_ED25519: - if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) - goto out; - if (len != ED25519_PK_SZ) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - key->ed25519_pk = pk; - pk = NULL; - break; -#ifdef WITH_XMSS - case KEY_XMSS_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ - case KEY_XMSS: - if ((ret = sshbuf_get_cstring(b, &xmss_name, NULL)) != 0) - goto out; - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((ret = sshkey_xmss_init(key, xmss_name)) != 0) - goto out; - if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) - goto out; - if (len == 0 || len != sshkey_xmss_pklen(key)) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - key->xmss_pk = pk; - pk = NULL; - if (type != KEY_XMSS_CERT && - (ret = sshkey_xmss_deserialize_pk_info(key, b)) != 0) - goto out; - break; -#endif /* WITH_XMSS */ - case KEY_UNSPEC: - default: - ret = SSH_ERR_KEY_TYPE_UNKNOWN; - goto out; - } - - /* Parse certificate potion */ - if (sshkey_is_cert(key) && (ret = cert_parse(b, key, copy)) != 0) - goto out; - - if (key != NULL && sshbuf_len(b) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - ret = 0; - if (keyp != NULL) { - *keyp = key; - key = NULL; - } - out: - sshbuf_free(copy); - sshkey_free(key); - free(xmss_name); - free(ktype); - free(curve); - free(pk); -#if defined(WITH_OPENSSL) - BN_clear_free(rsa_n); - BN_clear_free(rsa_e); - BN_clear_free(dsa_p); - BN_clear_free(dsa_q); - BN_clear_free(dsa_g); - BN_clear_free(dsa_pub_key); -# if defined(OPENSSL_HAS_ECC) - EC_POINT_free(q); -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - return ret; -} - -int -sshkey_from_blob(const u_char *blob, size_t blen, struct sshkey **keyp) -{ - struct sshbuf *b; - int r; - - if ((b = sshbuf_from(blob, blen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - r = sshkey_from_blob_internal(b, keyp, 1); - sshbuf_free(b); - return r; -} - -int -sshkey_fromb(struct sshbuf *b, struct sshkey **keyp) -{ - return sshkey_from_blob_internal(b, keyp, 1); -} - -int -sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) -{ - struct sshbuf *b; - int r; - - if ((r = sshbuf_froms(buf, &b)) != 0) - return r; - r = sshkey_from_blob_internal(b, keyp, 1); - sshbuf_free(b); - return r; -} - -static int -get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) -{ - int r; - struct sshbuf *b = NULL; - char *sigtype = NULL; - - if (sigtypep != NULL) - *sigtypep = NULL; - if ((b = sshbuf_from(sig, siglen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_get_cstring(b, &sigtype, NULL)) != 0) - goto out; - /* success */ - if (sigtypep != NULL) { - *sigtypep = sigtype; - sigtype = NULL; - } - r = 0; - out: - free(sigtype); - sshbuf_free(b); - return r; -} - -/* - * - * Checks whether a certificate's signature type is allowed. - * Returns 0 (success) if the certificate signature type appears in the - * "allowed" pattern-list, or the key is not a certificate to begin with. - * Otherwise returns a ssherr.h code. - */ -int -sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed) -{ - if (key == NULL || allowed == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (!sshkey_type_is_cert(key->type)) - return 0; - if (key->cert == NULL || key->cert->signature_type == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1) - return SSH_ERR_SIGN_ALG_UNSUPPORTED; - return 0; -} - -/* - * Returns the expected signature algorithm for a given public key algorithm. - */ -const char * -sshkey_sigalg_by_name(const char *name) -{ - const struct keytype *kt; - - for (kt = keytypes; kt->type != -1; kt++) { - if (strcmp(kt->name, name) != 0) - continue; - if (kt->sigalg != NULL) - return kt->sigalg; - if (!kt->cert) - return kt->name; - return sshkey_ssh_name_from_type_nid( - sshkey_type_plain(kt->type), kt->nid); - } - return NULL; -} - -/* - * Verifies that the signature algorithm appearing inside the signature blob - * matches that which was requested. - */ -int -sshkey_check_sigtype(const u_char *sig, size_t siglen, - const char *requested_alg) -{ - const char *expected_alg; - char *sigtype = NULL; - int r; - - if (requested_alg == NULL) - return 0; - if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if ((r = get_sigtype(sig, siglen, &sigtype)) != 0) - return r; - r = strcmp(expected_alg, sigtype) == 0; - free(sigtype); - return r ? 0 : SSH_ERR_SIGN_ALG_UNSUPPORTED; -} - -int -sshkey_sign(const struct sshkey *key, - u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *alg, u_int compat) -{ - if (sigp != NULL) - *sigp = NULL; - if (lenp != NULL) - *lenp = 0; - if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) - return SSH_ERR_INVALID_ARGUMENT; - switch (key->type) { -#ifdef WITH_OPENSSL - case KEY_DSA_CERT: - case KEY_DSA: - return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA_CERT: - case KEY_RSA: - return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - return ssh_xmss_sign(key, sigp, lenp, data, datalen, compat); -#endif /* WITH_XMSS */ - default: - return SSH_ERR_KEY_TYPE_UNKNOWN; - } -} - -/* - * ssh_key_verify returns 0 for a correct signature and < 0 on error. - * If "alg" specified, then the signature must use that algorithm. - */ -int -sshkey_verify(const struct sshkey *key, - const u_char *sig, size_t siglen, - const u_char *data, size_t dlen, const char *alg, u_int compat) -{ - if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) - return SSH_ERR_INVALID_ARGUMENT; - switch (key->type) { -#ifdef WITH_OPENSSL - case KEY_DSA_CERT: - case KEY_DSA: - return ssh_dss_verify(key, sig, siglen, data, dlen, compat); -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA_CERT: - case KEY_RSA: - return ssh_rsa_verify(key, sig, siglen, data, dlen, alg); -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - return ssh_xmss_verify(key, sig, siglen, data, dlen, compat); -#endif /* WITH_XMSS */ - default: - return SSH_ERR_KEY_TYPE_UNKNOWN; - } -} - -/* Convert a plain key to their _CERT equivalent */ -int -sshkey_to_certified(struct sshkey *k) -{ - int newtype; - - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - newtype = KEY_RSA_CERT; - break; - case KEY_DSA: - newtype = KEY_DSA_CERT; - break; - case KEY_ECDSA: - newtype = KEY_ECDSA_CERT; - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - newtype = KEY_ED25519_CERT; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - newtype = KEY_XMSS_CERT; - break; -#endif /* WITH_XMSS */ - default: - return SSH_ERR_INVALID_ARGUMENT; - } - if ((k->cert = cert_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - k->type = newtype; - return 0; -} - -/* Convert a certificate to its raw key equivalent */ -int -sshkey_drop_cert(struct sshkey *k) -{ - if (!sshkey_type_is_cert(k->type)) - return SSH_ERR_KEY_TYPE_UNKNOWN; - cert_free(k->cert); - k->cert = NULL; - k->type = sshkey_type_plain(k->type); - return 0; -} - -/* Sign a certified key, (re-)generating the signed certblob. */ -int -sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, - sshkey_certify_signer *signer, void *signer_ctx) -{ - struct sshbuf *principals = NULL; - u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; - size_t i, ca_len, sig_len; - int ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *cert = NULL; - char *sigtype = NULL; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; -#endif /* WITH_OPENSSL */ - - if (k == NULL || k->cert == NULL || - k->cert->certblob == NULL || ca == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (!sshkey_is_cert(k)) - return SSH_ERR_KEY_TYPE_UNKNOWN; - if (!sshkey_type_is_valid_ca(ca->type)) - return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; - - /* - * If no alg specified as argument but a signature_type was set, - * then prefer that. If both were specified, then they must match. - */ - if (alg == NULL) - alg = k->cert->signature_type; - else if (k->cert->signature_type != NULL && - strcmp(alg, k->cert->signature_type) != 0) - return SSH_ERR_INVALID_ARGUMENT; - - if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0) - return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; - - cert = k->cert->certblob; /* for readability */ - sshbuf_reset(cert); - if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0) - goto out; - - /* -v01 certs put nonce first */ - arc4random_buf(&nonce, sizeof(nonce)); - if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) - goto out; - - /* XXX this substantially duplicates to_blob(); refactor */ - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_DSA_CERT: - DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(k->dsa, &dsa_pub_key, NULL); - if ((ret = sshbuf_put_bignum2(cert, dsa_p)) != 0 || - (ret = sshbuf_put_bignum2(cert, dsa_q)) != 0 || - (ret = sshbuf_put_bignum2(cert, dsa_g)) != 0 || - (ret = sshbuf_put_bignum2(cert, dsa_pub_key)) != 0) - goto out; - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - if ((ret = sshbuf_put_cstring(cert, - sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 || - (ret = sshbuf_put_ec(cert, - EC_KEY_get0_public_key(k->ecdsa), - EC_KEY_get0_group(k->ecdsa))) != 0) - goto out; - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA_CERT: - RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); - if ((ret = sshbuf_put_bignum2(cert, rsa_e)) != 0 || - (ret = sshbuf_put_bignum2(cert, rsa_n)) != 0) - goto out; - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: - if ((ret = sshbuf_put_string(cert, - k->ed25519_pk, ED25519_PK_SZ)) != 0) - goto out; - break; -#ifdef WITH_XMSS - case KEY_XMSS_CERT: - if (k->xmss_name == NULL) { - ret = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((ret = sshbuf_put_cstring(cert, k->xmss_name)) || - (ret = sshbuf_put_string(cert, - k->xmss_pk, sshkey_xmss_pklen(k))) != 0) - goto out; - break; -#endif /* WITH_XMSS */ - default: - ret = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - - if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 || - (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || - (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0) - goto out; - - if ((principals = sshbuf_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - for (i = 0; i < k->cert->nprincipals; i++) { - if ((ret = sshbuf_put_cstring(principals, - k->cert->principals[i])) != 0) - goto out; - } - if ((ret = sshbuf_put_stringb(cert, principals)) != 0 || - (ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 || - (ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 || - (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 || - (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 || - (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ - (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) - goto out; - - /* Sign the whole mess */ - if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), - sshbuf_len(cert), alg, 0, signer_ctx)) != 0) - goto out; - /* Check and update signature_type against what was actually used */ - if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0) - goto out; - if (alg != NULL && strcmp(alg, sigtype) != 0) { - ret = SSH_ERR_SIGN_ALG_UNSUPPORTED; - goto out; - } - if (k->cert->signature_type == NULL) { - k->cert->signature_type = sigtype; - sigtype = NULL; - } - /* Append signature and we are done */ - if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0) - goto out; - ret = 0; - out: - if (ret != 0) - sshbuf_reset(cert); - free(sig_blob); - free(ca_blob); - free(sigtype); - sshbuf_free(principals); - return ret; -} - -static int -default_key_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, - const char *alg, u_int compat, void *ctx) -{ - if (ctx != NULL) - return SSH_ERR_INVALID_ARGUMENT; - return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat); -} - -int -sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) -{ - return sshkey_certify_custom(k, ca, alg, default_key_sign, NULL); -} - -int -sshkey_cert_check_authority(const struct sshkey *k, - int want_host, int require_principal, - const char *name, const char **reason) -{ - u_int i, principal_matches; - time_t now = time(NULL); - - if (reason != NULL) - *reason = NULL; - - if (want_host) { - if (k->cert->type != SSH2_CERT_TYPE_HOST) { - *reason = "Certificate invalid: not a host certificate"; - return SSH_ERR_KEY_CERT_INVALID; - } - } else { - if (k->cert->type != SSH2_CERT_TYPE_USER) { - *reason = "Certificate invalid: not a user certificate"; - return SSH_ERR_KEY_CERT_INVALID; - } - } - if (now < 0) { - /* yikes - system clock before epoch! */ - *reason = "Certificate invalid: not yet valid"; - return SSH_ERR_KEY_CERT_INVALID; - } - if ((u_int64_t)now < k->cert->valid_after) { - *reason = "Certificate invalid: not yet valid"; - return SSH_ERR_KEY_CERT_INVALID; - } - if ((u_int64_t)now >= k->cert->valid_before) { - *reason = "Certificate invalid: expired"; - return SSH_ERR_KEY_CERT_INVALID; - } - if (k->cert->nprincipals == 0) { - if (require_principal) { - *reason = "Certificate lacks principal list"; - return SSH_ERR_KEY_CERT_INVALID; - } - } else if (name != NULL) { - principal_matches = 0; - for (i = 0; i < k->cert->nprincipals; i++) { - if (strcmp(name, k->cert->principals[i]) == 0) { - principal_matches = 1; - break; - } - } - if (!principal_matches) { - *reason = "Certificate invalid: name is not a listed " - "principal"; - return SSH_ERR_KEY_CERT_INVALID; - } - } - return 0; -} - -size_t -sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) -{ - char from[32], to[32], ret[64]; - time_t tt; - struct tm *tm; - - *from = *to = '\0'; - if (cert->valid_after == 0 && - cert->valid_before == 0xffffffffffffffffULL) - return strlcpy(s, "forever", l); - - if (cert->valid_after != 0) { - /* XXX revisit INT_MAX in 2038 :) */ - tt = cert->valid_after > INT_MAX ? - INT_MAX : cert->valid_after; - tm = localtime(&tt); - strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); - } - if (cert->valid_before != 0xffffffffffffffffULL) { - /* XXX revisit INT_MAX in 2038 :) */ - tt = cert->valid_before > INT_MAX ? - INT_MAX : cert->valid_before; - tm = localtime(&tt); - strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); - } - - if (cert->valid_after == 0) - snprintf(ret, sizeof(ret), "before %s", to); - else if (cert->valid_before == 0xffffffffffffffffULL) - snprintf(ret, sizeof(ret), "after %s", from); - else - snprintf(ret, sizeof(ret), "from %s to %s", from, to); - - return strlcpy(s, ret, l); -} - -int -sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b, - enum sshkey_serialize_rep opts) -{ - int r = SSH_ERR_INTERNAL_ERROR; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q; - const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key; -#endif /* WITH_OPENSSL */ - - if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) - goto out; - switch (key->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - RSA_get0_key(key->rsa, &rsa_n, &rsa_e, &rsa_d); - RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); - RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); - if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_e)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_d)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_p)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_q)) != 0) - goto out; - break; - case KEY_RSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - RSA_get0_key(key->rsa, NULL, NULL, &rsa_d); - RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); - RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_d)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_p)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_q)) != 0) - goto out; - break; - case KEY_DSA: - DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(key->dsa, &dsa_pub_key, &dsa_priv_key); - if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_q)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_g)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0) - goto out; - break; - case KEY_DSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - DSA_get0_key(key->dsa, NULL, &dsa_priv_key); - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0) - goto out; - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - if ((r = sshbuf_put_cstring(b, - sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || - (r = sshbuf_put_eckey(b, key->ecdsa)) != 0 || - (r = sshbuf_put_bignum2(b, - EC_KEY_get0_private_key(key->ecdsa))) != 0) - goto out; - break; - case KEY_ECDSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, - EC_KEY_get0_private_key(key->ecdsa))) != 0) - goto out; - break; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - if ((r = sshbuf_put_string(b, key->ed25519_pk, - ED25519_PK_SZ)) != 0 || - (r = sshbuf_put_string(b, key->ed25519_sk, - ED25519_SK_SZ)) != 0) - goto out; - break; - case KEY_ED25519_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_string(b, key->ed25519_pk, - ED25519_PK_SZ)) != 0 || - (r = sshbuf_put_string(b, key->ed25519_sk, - ED25519_SK_SZ)) != 0) - goto out; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - if (key->xmss_name == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || - (r = sshbuf_put_string(b, key->xmss_pk, - sshkey_xmss_pklen(key))) != 0 || - (r = sshbuf_put_string(b, key->xmss_sk, - sshkey_xmss_sklen(key))) != 0 || - (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) - goto out; - break; - case KEY_XMSS_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0 || - key->xmss_name == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || - (r = sshbuf_put_string(b, key->xmss_pk, - sshkey_xmss_pklen(key))) != 0 || - (r = sshbuf_put_string(b, key->xmss_sk, - sshkey_xmss_sklen(key))) != 0 || - (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) - goto out; - break; -#endif /* WITH_XMSS */ - default: - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - /* success */ - r = 0; - out: - return r; -} - -int -sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) -{ - return sshkey_private_serialize_opt(key, b, - SSHKEY_SERIALIZE_DEFAULT); -} - -int -sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) -{ - char *tname = NULL, *curve = NULL, *xmss_name = NULL; - struct sshkey *k = NULL; - size_t pklen = 0, sklen = 0; - int type, r = SSH_ERR_INTERNAL_ERROR; - u_char *ed25519_pk = NULL, *ed25519_sk = NULL; - u_char *xmss_pk = NULL, *xmss_sk = NULL; -#ifdef WITH_OPENSSL - BIGNUM *exponent = NULL; - BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; - BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL; - BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; - BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; -#endif /* WITH_OPENSSL */ - - if (kp != NULL) - *kp = NULL; - if ((r = sshbuf_get_cstring(buf, &tname, NULL)) != 0) - goto out; - type = sshkey_type_from_name(tname); - switch (type) { -#ifdef WITH_OPENSSL - case KEY_DSA: - if ((k = sshkey_new(type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((dsa_p = BN_new()) == NULL || - (dsa_q = BN_new()) == NULL || - (dsa_g = BN_new()) == NULL || - (dsa_pub_key = BN_new()) == NULL || - (dsa_priv_key = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_bignum2(buf, dsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_q)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_g)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_pub_key)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0) - goto out; - if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_p = dsa_q = dsa_g = NULL; /* transferred */ - if (!DSA_set0_key(k->dsa, dsa_pub_key, dsa_priv_key)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_pub_key = dsa_priv_key = NULL; /* transferred */ - break; - case KEY_DSA_CERT: - if ((dsa_priv_key = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0) - goto out; - if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_priv_key = NULL; /* transferred */ - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - if ((k = sshkey_new(type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0) - goto out; - if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { - r = SSH_ERR_EC_CURVE_MISMATCH; - goto out; - } - k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); - if (k->ecdsa == NULL || (exponent = BN_new()) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || - (r = sshbuf_get_bignum2(buf, exponent))) - goto out; - if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa))) != 0 || - (r = sshkey_ec_validate_private(k->ecdsa)) != 0) - goto out; - break; - case KEY_ECDSA_CERT: - if ((exponent = BN_new()) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_bignum2(buf, exponent)) != 0) - goto out; - if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa))) != 0 || - (r = sshkey_ec_validate_private(k->ecdsa)) != 0) - goto out; - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - if ((k = sshkey_new(type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((rsa_n = BN_new()) == NULL || - (rsa_e = BN_new()) == NULL || - (rsa_d = BN_new()) == NULL || - (rsa_iqmp = BN_new()) == NULL || - (rsa_p = BN_new()) == NULL || - (rsa_q = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_bignum2(buf, rsa_n)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_e)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_q)) != 0) - goto out; - if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_n = rsa_e = rsa_d = NULL; /* transferred */ - if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_p = rsa_q = NULL; /* transferred */ - if ((r = check_rsa_length(k->rsa)) != 0) - goto out; - if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0) - goto out; - break; - case KEY_RSA_CERT: - if ((rsa_d = BN_new()) == NULL || - (rsa_iqmp = BN_new()) == NULL || - (rsa_p = BN_new()) == NULL || - (rsa_q = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_q)) != 0) - goto out; - if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_d = NULL; /* transferred */ - if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_p = rsa_q = NULL; /* transferred */ - if ((r = check_rsa_length(k->rsa)) != 0) - goto out; - if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0) - goto out; - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - if ((k = sshkey_new(type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || - (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) - goto out; - if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - k->ed25519_pk = ed25519_pk; - k->ed25519_sk = ed25519_sk; - ed25519_pk = ed25519_sk = NULL; - break; - case KEY_ED25519_CERT: - if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || - (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) - goto out; - if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - k->ed25519_pk = ed25519_pk; - k->ed25519_sk = ed25519_sk; - ed25519_pk = ed25519_sk = NULL; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - if ((k = sshkey_new(type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || - (r = sshkey_xmss_init(k, xmss_name)) != 0 || - (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || - (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) - goto out; - if (pklen != sshkey_xmss_pklen(k) || - sklen != sshkey_xmss_sklen(k)) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - k->xmss_pk = xmss_pk; - k->xmss_sk = xmss_sk; - xmss_pk = xmss_sk = NULL; - /* optional internal state */ - if ((r = sshkey_xmss_deserialize_state_opt(k, buf)) != 0) - goto out; - break; - case KEY_XMSS_CERT: - if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || - (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || - (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) - goto out; - if (strcmp(xmss_name, k->xmss_name)) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (pklen != sshkey_xmss_pklen(k) || - sklen != sshkey_xmss_sklen(k)) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - k->xmss_pk = xmss_pk; - k->xmss_sk = xmss_sk; - xmss_pk = xmss_sk = NULL; - /* optional internal state */ - if ((r = sshkey_xmss_deserialize_state_opt(k, buf)) != 0) - goto out; - break; -#endif /* WITH_XMSS */ - default: - r = SSH_ERR_KEY_TYPE_UNKNOWN; - goto out; - } -#ifdef WITH_OPENSSL - /* enable blinding */ - switch (k->type) { - case KEY_RSA: - case KEY_RSA_CERT: - if (RSA_blinding_on(k->rsa, NULL) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - break; - } -#endif /* WITH_OPENSSL */ - /* success */ - r = 0; - if (kp != NULL) { - *kp = k; - k = NULL; - } - out: - free(tname); - free(curve); -#ifdef WITH_OPENSSL - BN_clear_free(exponent); - BN_clear_free(dsa_p); - BN_clear_free(dsa_q); - BN_clear_free(dsa_g); - BN_clear_free(dsa_pub_key); - BN_clear_free(dsa_priv_key); - BN_clear_free(rsa_n); - BN_clear_free(rsa_e); - BN_clear_free(rsa_d); - BN_clear_free(rsa_p); - BN_clear_free(rsa_q); - BN_clear_free(rsa_iqmp); -#endif /* WITH_OPENSSL */ - sshkey_free(k); - freezero(ed25519_pk, pklen); - freezero(ed25519_sk, sklen); - free(xmss_name); - freezero(xmss_pk, pklen); - freezero(xmss_sk, sklen); - return r; -} - -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) -int -sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) -{ - BN_CTX *bnctx; - EC_POINT *nq = NULL; - BIGNUM *order, *x, *y, *tmp; - int ret = SSH_ERR_KEY_INVALID_EC_VALUE; - - /* - * NB. This assumes OpenSSL has already verified that the public - * point lies on the curve. This is done by EC_POINT_oct2point() - * implicitly calling EC_POINT_is_on_curve(). If this code is ever - * reachable with public points not unmarshalled using - * EC_POINT_oct2point then the caller will need to explicitly check. - */ - - if ((bnctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - BN_CTX_start(bnctx); - - /* - * We shouldn't ever hit this case because bignum_get_ecpoint() - * refuses to load GF2m points. - */ - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != - NID_X9_62_prime_field) - goto out; - - /* Q != infinity */ - if (EC_POINT_is_at_infinity(group, public)) - goto out; - - if ((x = BN_CTX_get(bnctx)) == NULL || - (y = BN_CTX_get(bnctx)) == NULL || - (order = BN_CTX_get(bnctx)) == NULL || - (tmp = BN_CTX_get(bnctx)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - - /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ - if (EC_GROUP_get_order(group, order, bnctx) != 1 || - EC_POINT_get_affine_coordinates_GFp(group, public, - x, y, bnctx) != 1) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (BN_num_bits(x) <= BN_num_bits(order) / 2 || - BN_num_bits(y) <= BN_num_bits(order) / 2) - goto out; - - /* nQ == infinity (n == order of subgroup) */ - if ((nq = EC_POINT_new(group)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (EC_POINT_is_at_infinity(group, nq) != 1) - goto out; - - /* x < order - 1, y < order - 1 */ - if (!BN_sub(tmp, order, BN_value_one())) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (BN_cmp(x, tmp) >= 0 || BN_cmp(y, tmp) >= 0) - goto out; - ret = 0; - out: - BN_CTX_free(bnctx); - EC_POINT_free(nq); - return ret; -} - -int -sshkey_ec_validate_private(const EC_KEY *key) -{ - BN_CTX *bnctx; - BIGNUM *order, *tmp; - int ret = SSH_ERR_KEY_INVALID_EC_VALUE; - - if ((bnctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - BN_CTX_start(bnctx); - - if ((order = BN_CTX_get(bnctx)) == NULL || - (tmp = BN_CTX_get(bnctx)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - - /* log2(private) > log2(order)/2 */ - if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (BN_num_bits(EC_KEY_get0_private_key(key)) <= - BN_num_bits(order) / 2) - goto out; - - /* private < order - 1 */ - if (!BN_sub(tmp, order, BN_value_one())) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) - goto out; - ret = 0; - out: - BN_CTX_free(bnctx); - return ret; -} - -void -sshkey_dump_ec_point(const EC_GROUP *group, const EC_POINT *point) -{ - BIGNUM *x, *y; - BN_CTX *bnctx; - - if (point == NULL) { - fputs("point=(NULL)\n", stderr); - return; - } - if ((bnctx = BN_CTX_new()) == NULL) { - fprintf(stderr, "%s: BN_CTX_new failed\n", __func__); - return; - } - BN_CTX_start(bnctx); - if ((x = BN_CTX_get(bnctx)) == NULL || - (y = BN_CTX_get(bnctx)) == NULL) { - fprintf(stderr, "%s: BN_CTX_get failed\n", __func__); - return; - } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != - NID_X9_62_prime_field) { - fprintf(stderr, "%s: group is not a prime field\n", __func__); - return; - } - if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, - bnctx) != 1) { - fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n", - __func__); - return; - } - fputs("x=", stderr); - BN_print_fp(stderr, x); - fputs("\ny=", stderr); - BN_print_fp(stderr, y); - fputs("\n", stderr); - BN_CTX_free(bnctx); -} - -void -sshkey_dump_ec_key(const EC_KEY *key) -{ - const BIGNUM *exponent; - - sshkey_dump_ec_point(EC_KEY_get0_group(key), - EC_KEY_get0_public_key(key)); - fputs("exponent=", stderr); - if ((exponent = EC_KEY_get0_private_key(key)) == NULL) - fputs("(NULL)", stderr); - else - BN_print_fp(stderr, EC_KEY_get0_private_key(key)); - fputs("\n", stderr); -} -#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ - -static int -sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, - const char *passphrase, const char *comment, const char *ciphername, - int rounds) -{ - u_char *cp, *key = NULL, *pubkeyblob = NULL; - u_char salt[SALT_LEN]; - char *b64 = NULL; - size_t i, pubkeylen, keylen, ivlen, blocksize, authlen; - u_int check; - int r = SSH_ERR_INTERNAL_ERROR; - struct sshcipher_ctx *ciphercontext = NULL; - const struct sshcipher *cipher; - const char *kdfname = KDFNAME; - struct sshbuf *encoded = NULL, *encrypted = NULL, *kdf = NULL; - - if (rounds <= 0) - rounds = DEFAULT_ROUNDS; - if (passphrase == NULL || !strlen(passphrase)) { - ciphername = "none"; - kdfname = "none"; - } else if (ciphername == NULL) - ciphername = DEFAULT_CIPHERNAME; - if ((cipher = cipher_by_name(ciphername)) == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - - if ((kdf = sshbuf_new()) == NULL || - (encoded = sshbuf_new()) == NULL || - (encrypted = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - blocksize = cipher_blocksize(cipher); - keylen = cipher_keylen(cipher); - ivlen = cipher_ivlen(cipher); - authlen = cipher_authlen(cipher); - if ((key = calloc(1, keylen + ivlen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (strcmp(kdfname, "bcrypt") == 0) { - arc4random_buf(salt, SALT_LEN); - if (bcrypt_pbkdf(passphrase, strlen(passphrase), - salt, SALT_LEN, key, keylen + ivlen, rounds) < 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_string(kdf, salt, SALT_LEN)) != 0 || - (r = sshbuf_put_u32(kdf, rounds)) != 0) - goto out; - } else if (strcmp(kdfname, "none") != 0) { - /* Unsupported KDF type */ - r = SSH_ERR_KEY_UNKNOWN_CIPHER; - goto out; - } - if ((r = cipher_init(&ciphercontext, cipher, key, keylen, - key + keylen, ivlen, 1)) != 0) - goto out; - - if ((r = sshbuf_put(encoded, AUTH_MAGIC, sizeof(AUTH_MAGIC))) != 0 || - (r = sshbuf_put_cstring(encoded, ciphername)) != 0 || - (r = sshbuf_put_cstring(encoded, kdfname)) != 0 || - (r = sshbuf_put_stringb(encoded, kdf)) != 0 || - (r = sshbuf_put_u32(encoded, 1)) != 0 || /* number of keys */ - (r = sshkey_to_blob(prv, &pubkeyblob, &pubkeylen)) != 0 || - (r = sshbuf_put_string(encoded, pubkeyblob, pubkeylen)) != 0) - goto out; - - /* set up the buffer that will be encrypted */ - - /* Random check bytes */ - check = arc4random(); - if ((r = sshbuf_put_u32(encrypted, check)) != 0 || - (r = sshbuf_put_u32(encrypted, check)) != 0) - goto out; - - /* append private key and comment*/ - if ((r = sshkey_private_serialize_opt(prv, encrypted, - SSHKEY_SERIALIZE_FULL)) != 0 || - (r = sshbuf_put_cstring(encrypted, comment)) != 0) - goto out; - - /* padding */ - i = 0; - while (sshbuf_len(encrypted) % blocksize) { - if ((r = sshbuf_put_u8(encrypted, ++i & 0xff)) != 0) - goto out; - } - - /* length in destination buffer */ - if ((r = sshbuf_put_u32(encoded, sshbuf_len(encrypted))) != 0) - goto out; - - /* encrypt */ - if ((r = sshbuf_reserve(encoded, - sshbuf_len(encrypted) + authlen, &cp)) != 0) - goto out; - if ((r = cipher_crypt(ciphercontext, 0, cp, - sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0) - goto out; - - /* uuencode */ - if ((b64 = sshbuf_dtob64(encoded)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - sshbuf_reset(blob); - if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0) - goto out; - for (i = 0; i < strlen(b64); i++) { - if ((r = sshbuf_put_u8(blob, b64[i])) != 0) - goto out; - /* insert line breaks */ - if (i % 70 == 69 && (r = sshbuf_put_u8(blob, '\n')) != 0) - goto out; - } - if (i % 70 != 69 && (r = sshbuf_put_u8(blob, '\n')) != 0) - goto out; - if ((r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0) - goto out; - - /* success */ - r = 0; - - out: - sshbuf_free(kdf); - sshbuf_free(encoded); - sshbuf_free(encrypted); - cipher_free(ciphercontext); - explicit_bzero(salt, sizeof(salt)); - if (key != NULL) { - explicit_bzero(key, keylen + ivlen); - free(key); - } - if (pubkeyblob != NULL) { - explicit_bzero(pubkeyblob, pubkeylen); - free(pubkeyblob); - } - if (b64 != NULL) { - explicit_bzero(b64, strlen(b64)); - free(b64); - } - return r; -} - -static int -sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, - struct sshkey **keyp, char **commentp) -{ - char *comment = NULL, *ciphername = NULL, *kdfname = NULL; - const struct sshcipher *cipher = NULL; - const u_char *cp; - int r = SSH_ERR_INTERNAL_ERROR; - size_t encoded_len; - size_t i, keylen = 0, ivlen = 0, authlen = 0, slen = 0; - struct sshbuf *encoded = NULL, *decoded = NULL; - struct sshbuf *kdf = NULL, *decrypted = NULL; - struct sshcipher_ctx *ciphercontext = NULL; - struct sshkey *k = NULL; - u_char *key = NULL, *salt = NULL, *dp, pad, last; - u_int blocksize, rounds, nkeys, encrypted_len, check1, check2; - - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - if ((encoded = sshbuf_new()) == NULL || - (decoded = sshbuf_new()) == NULL || - (decrypted = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - /* check preamble */ - cp = sshbuf_ptr(blob); - encoded_len = sshbuf_len(blob); - if (encoded_len < (MARK_BEGIN_LEN + MARK_END_LEN) || - memcmp(cp, MARK_BEGIN, MARK_BEGIN_LEN) != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - cp += MARK_BEGIN_LEN; - encoded_len -= MARK_BEGIN_LEN; - - /* Look for end marker, removing whitespace as we go */ - while (encoded_len > 0) { - if (*cp != '\n' && *cp != '\r') { - if ((r = sshbuf_put_u8(encoded, *cp)) != 0) - goto out; - } - last = *cp; - encoded_len--; - cp++; - if (last == '\n') { - if (encoded_len >= MARK_END_LEN && - memcmp(cp, MARK_END, MARK_END_LEN) == 0) { - /* \0 terminate */ - if ((r = sshbuf_put_u8(encoded, 0)) != 0) - goto out; - break; - } - } - } - if (encoded_len == 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - - /* decode base64 */ - if ((r = sshbuf_b64tod(decoded, (char *)sshbuf_ptr(encoded))) != 0) - goto out; - - /* check magic */ - if (sshbuf_len(decoded) < sizeof(AUTH_MAGIC) || - memcmp(sshbuf_ptr(decoded), AUTH_MAGIC, sizeof(AUTH_MAGIC))) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* parse public portion of key */ - if ((r = sshbuf_consume(decoded, sizeof(AUTH_MAGIC))) != 0 || - (r = sshbuf_get_cstring(decoded, &ciphername, NULL)) != 0 || - (r = sshbuf_get_cstring(decoded, &kdfname, NULL)) != 0 || - (r = sshbuf_froms(decoded, &kdf)) != 0 || - (r = sshbuf_get_u32(decoded, &nkeys)) != 0 || - (r = sshbuf_skip_string(decoded)) != 0 || /* pubkey */ - (r = sshbuf_get_u32(decoded, &encrypted_len)) != 0) - goto out; - - if ((cipher = cipher_by_name(ciphername)) == NULL) { - r = SSH_ERR_KEY_UNKNOWN_CIPHER; - goto out; - } - if ((passphrase == NULL || strlen(passphrase) == 0) && - strcmp(ciphername, "none") != 0) { - /* passphrase required */ - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - goto out; - } - if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) { - r = SSH_ERR_KEY_UNKNOWN_CIPHER; - goto out; - } - if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (nkeys != 1) { - /* XXX only one key supported */ - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - - /* check size of encrypted key blob */ - blocksize = cipher_blocksize(cipher); - if (encrypted_len < blocksize || (encrypted_len % blocksize) != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - - /* setup key */ - keylen = cipher_keylen(cipher); - ivlen = cipher_ivlen(cipher); - authlen = cipher_authlen(cipher); - if ((key = calloc(1, keylen + ivlen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (strcmp(kdfname, "bcrypt") == 0) { - if ((r = sshbuf_get_string(kdf, &salt, &slen)) != 0 || - (r = sshbuf_get_u32(kdf, &rounds)) != 0) - goto out; - if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen, - key, keylen + ivlen, rounds) < 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - - /* check that an appropriate amount of auth data is present */ - if (sshbuf_len(decoded) < encrypted_len + authlen) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - - /* decrypt private portion of key */ - if ((r = sshbuf_reserve(decrypted, encrypted_len, &dp)) != 0 || - (r = cipher_init(&ciphercontext, cipher, key, keylen, - key + keylen, ivlen, 0)) != 0) - goto out; - if ((r = cipher_crypt(ciphercontext, 0, dp, sshbuf_ptr(decoded), - encrypted_len, 0, authlen)) != 0) { - /* an integrity error here indicates an incorrect passphrase */ - if (r == SSH_ERR_MAC_INVALID) - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - goto out; - } - if ((r = sshbuf_consume(decoded, encrypted_len + authlen)) != 0) - goto out; - /* there should be no trailing data */ - if (sshbuf_len(decoded) != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - - /* check check bytes */ - if ((r = sshbuf_get_u32(decrypted, &check1)) != 0 || - (r = sshbuf_get_u32(decrypted, &check2)) != 0) - goto out; - if (check1 != check2) { - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - goto out; - } - - /* Load the private key and comment */ - if ((r = sshkey_private_deserialize(decrypted, &k)) != 0 || - (r = sshbuf_get_cstring(decrypted, &comment, NULL)) != 0) - goto out; - - /* Check deterministic padding */ - i = 0; - while (sshbuf_len(decrypted)) { - if ((r = sshbuf_get_u8(decrypted, &pad)) != 0) - goto out; - if (pad != (++i & 0xff)) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - - /* XXX decode pubkey and check against private */ - - /* success */ - r = 0; - if (keyp != NULL) { - *keyp = k; - k = NULL; - } - if (commentp != NULL) { - *commentp = comment; - comment = NULL; - } - out: - pad = 0; - cipher_free(ciphercontext); - free(ciphername); - free(kdfname); - free(comment); - if (salt != NULL) { - explicit_bzero(salt, slen); - free(salt); - } - if (key != NULL) { - explicit_bzero(key, keylen + ivlen); - free(key); - } - sshbuf_free(encoded); - sshbuf_free(decoded); - sshbuf_free(kdf); - sshbuf_free(decrypted); - sshkey_free(k); - return r; -} - -#ifdef WITH_OPENSSL -/* convert SSH v2 key in OpenSSL PEM format */ -static int -sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, - const char *_passphrase, const char *comment) -{ - int success, r; - int blen, len = strlen(_passphrase); - u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; - const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; - char *bptr; - BIO *bio = NULL; - - if (len > 0 && len <= 4) - return SSH_ERR_PASSPHRASE_TOO_SHORT; - if ((bio = BIO_new(BIO_s_mem())) == NULL) - return SSH_ERR_ALLOC_FAIL; - - switch (key->type) { - case KEY_DSA: - success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, - cipher, passphrase, len, NULL, NULL); - break; -#ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, - cipher, passphrase, len, NULL, NULL); - break; -#endif - case KEY_RSA: - success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, - cipher, passphrase, len, NULL, NULL); - break; - default: - success = 0; - break; - } - if (success == 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } - if ((r = sshbuf_put(blob, bptr, blen)) != 0) - goto out; - r = 0; - out: - BIO_free(bio); - return r; -} -#endif /* WITH_OPENSSL */ - -/* Serialise "key" to buffer "blob" */ -int -sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, - const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds) -{ - switch (key->type) { -#ifdef WITH_OPENSSL - case KEY_DSA: - case KEY_ECDSA: - case KEY_RSA: - if (force_new_format) { - return sshkey_private_to_blob2(key, blob, passphrase, - comment, new_format_cipher, new_format_rounds); - } - return sshkey_private_pem_to_blob(key, blob, - passphrase, comment); -#endif /* WITH_OPENSSL */ - case KEY_ED25519: -#ifdef WITH_XMSS - case KEY_XMSS: -#endif /* WITH_XMSS */ - return sshkey_private_to_blob2(key, blob, passphrase, - comment, new_format_cipher, new_format_rounds); - default: - return SSH_ERR_KEY_TYPE_UNKNOWN; - } -} - -#ifdef WITH_OPENSSL -static int -translate_libcrypto_error(unsigned long pem_err) -{ - int pem_reason = ERR_GET_REASON(pem_err); - - switch (ERR_GET_LIB(pem_err)) { - case ERR_LIB_PEM: - switch (pem_reason) { - case PEM_R_BAD_PASSWORD_READ: - case PEM_R_PROBLEMS_GETTING_PASSWORD: - case PEM_R_BAD_DECRYPT: - return SSH_ERR_KEY_WRONG_PASSPHRASE; - default: - return SSH_ERR_INVALID_FORMAT; - } - case ERR_LIB_EVP: - switch (pem_reason) { - case EVP_R_BAD_DECRYPT: - return SSH_ERR_KEY_WRONG_PASSPHRASE; -#ifdef EVP_R_BN_DECODE_ERROR - case EVP_R_BN_DECODE_ERROR: -#endif - case EVP_R_DECODE_ERROR: -#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR - case EVP_R_PRIVATE_KEY_DECODE_ERROR: -#endif - return SSH_ERR_INVALID_FORMAT; - default: - return SSH_ERR_LIBCRYPTO_ERROR; - } - case ERR_LIB_ASN1: - return SSH_ERR_INVALID_FORMAT; - } - return SSH_ERR_LIBCRYPTO_ERROR; -} - -static void -clear_libcrypto_errors(void) -{ - while (ERR_get_error() != 0) - ; -} - -/* - * Translate OpenSSL error codes to determine whether - * passphrase is required/incorrect. - */ -static int -convert_libcrypto_error(void) -{ - /* - * Some password errors are reported at the beginning - * of the error queue. - */ - if (translate_libcrypto_error(ERR_peek_error()) == - SSH_ERR_KEY_WRONG_PASSPHRASE) - return SSH_ERR_KEY_WRONG_PASSPHRASE; - return translate_libcrypto_error(ERR_peek_last_error()); -} - -static int -pem_passphrase_cb(char *buf, int size, int rwflag, void *u) -{ - char *p = (char *)u; - size_t len; - - if (p == NULL || (len = strlen(p)) == 0) - return -1; - if (size < 0 || len > (size_t)size) - return -1; - memcpy(buf, p, len); - return (int)len; -} - -static int -sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, - const char *passphrase, struct sshkey **keyp) -{ - EVP_PKEY *pk = NULL; - struct sshkey *prv = NULL; - BIO *bio = NULL; - int r; - - if (keyp != NULL) - *keyp = NULL; - - if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX) - return SSH_ERR_ALLOC_FAIL; - if (BIO_write(bio, sshbuf_ptr(blob), sshbuf_len(blob)) != - (int)sshbuf_len(blob)) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - clear_libcrypto_errors(); - if ((pk = PEM_read_bio_PrivateKey(bio, NULL, pem_passphrase_cb, - (char *)passphrase)) == NULL) { - /* - * libcrypto may return various ASN.1 errors when attempting - * to parse a key with an incorrect passphrase. - * Treat all format errors as "incorrect passphrase" if a - * passphrase was supplied. - */ - if (passphrase != NULL && *passphrase != '\0') - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - else - r = convert_libcrypto_error(); - goto out; - } - if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA && - (type == KEY_UNSPEC || type == KEY_RSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - prv->rsa = EVP_PKEY_get1_RSA(pk); - prv->type = KEY_RSA; -#ifdef DEBUG_PK - RSA_print_fp(stderr, prv->rsa, 8); -#endif - if (RSA_blinding_on(prv->rsa, NULL) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = check_rsa_length(prv->rsa)) != 0) - goto out; - } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA && - (type == KEY_UNSPEC || type == KEY_DSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - prv->dsa = EVP_PKEY_get1_DSA(pk); - prv->type = KEY_DSA; -#ifdef DEBUG_PK - DSA_print_fp(stderr, prv->dsa, 8); -#endif -#ifdef OPENSSL_HAS_ECC - } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC && - (type == KEY_UNSPEC || type == KEY_ECDSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); - prv->type = KEY_ECDSA; - prv->ecdsa_nid = sshkey_ecdsa_key_to_nid(prv->ecdsa); - if (prv->ecdsa_nid == -1 || - sshkey_curve_nid_to_name(prv->ecdsa_nid) == NULL || - sshkey_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), - EC_KEY_get0_public_key(prv->ecdsa)) != 0 || - sshkey_ec_validate_private(prv->ecdsa) != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } -# ifdef DEBUG_PK - if (prv != NULL && prv->ecdsa != NULL) - sshkey_dump_ec_key(prv->ecdsa); -# endif -#endif /* OPENSSL_HAS_ECC */ - } else { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - r = 0; - if (keyp != NULL) { - *keyp = prv; - prv = NULL; - } - out: - BIO_free(bio); - EVP_PKEY_free(pk); - sshkey_free(prv); - return r; -} -#endif /* WITH_OPENSSL */ - -int -sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, - const char *passphrase, struct sshkey **keyp, char **commentp) -{ - int r = SSH_ERR_INTERNAL_ERROR; - - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - switch (type) { -#ifdef WITH_OPENSSL - case KEY_DSA: - case KEY_ECDSA: - case KEY_RSA: - return sshkey_parse_private_pem_fileblob(blob, type, - passphrase, keyp); -#endif /* WITH_OPENSSL */ - case KEY_ED25519: -#ifdef WITH_XMSS - case KEY_XMSS: -#endif /* WITH_XMSS */ - return sshkey_parse_private2(blob, type, passphrase, - keyp, commentp); - case KEY_UNSPEC: - r = sshkey_parse_private2(blob, type, passphrase, keyp, - commentp); - /* Do not fallback to PEM parser if only passphrase is wrong. */ - if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE) - return r; -#ifdef WITH_OPENSSL - return sshkey_parse_private_pem_fileblob(blob, type, - passphrase, keyp); -#else - return SSH_ERR_INVALID_FORMAT; -#endif /* WITH_OPENSSL */ - default: - return SSH_ERR_KEY_TYPE_UNKNOWN; - } -} - -int -sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, - struct sshkey **keyp, char **commentp) -{ - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, - passphrase, keyp, commentp); -} - -#ifdef WITH_XMSS -/* - * serialize the key with the current state and forward the state - * maxsign times. - */ -int -sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b, - u_int32_t maxsign, sshkey_printfn *pr) -{ - int r, rupdate; - - if (maxsign == 0 || - sshkey_type_plain(k->type) != KEY_XMSS) - return sshkey_private_serialize_opt(k, b, - SSHKEY_SERIALIZE_DEFAULT); - if ((r = sshkey_xmss_get_state(k, pr)) != 0 || - (r = sshkey_private_serialize_opt(k, b, - SSHKEY_SERIALIZE_STATE)) != 0 || - (r = sshkey_xmss_forward_state(k, maxsign)) != 0) - goto out; - r = 0; -out: - if ((rupdate = sshkey_xmss_update_state(k, pr)) != 0) { - if (r == 0) - r = rupdate; - } - return r; -} - -u_int32_t -sshkey_signatures_left(const struct sshkey *k) -{ - if (sshkey_type_plain(k->type) == KEY_XMSS) - return sshkey_xmss_signatures_left(k); - return 0; -} - -int -sshkey_enable_maxsign(struct sshkey *k, u_int32_t maxsign) -{ - if (sshkey_type_plain(k->type) != KEY_XMSS) - return SSH_ERR_INVALID_ARGUMENT; - return sshkey_xmss_enable_maxsign(k, maxsign); -} - -int -sshkey_set_filename(struct sshkey *k, const char *filename) -{ - if (k == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (sshkey_type_plain(k->type) != KEY_XMSS) - return 0; - if (filename == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if ((k->xmss_filename = strdup(filename)) == NULL) - return SSH_ERR_ALLOC_FAIL; - return 0; -} -#else -int -sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b, - u_int32_t maxsign, sshkey_printfn *pr) -{ - return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT); -} - -u_int32_t -sshkey_signatures_left(const struct sshkey *k) -{ - return 0; -} - -int -sshkey_enable_maxsign(struct sshkey *k, u_int32_t maxsign) -{ - return SSH_ERR_INVALID_ARGUMENT; -} - -int -sshkey_set_filename(struct sshkey *k, const char *filename) -{ - if (k == NULL) - return SSH_ERR_INVALID_ARGUMENT; - return 0; -} -#endif /* WITH_XMSS */ diff --git a/ssh_keygen_110/sshkey.h b/ssh_keygen_110/sshkey.h deleted file mode 100644 index f6a007fd..00000000 --- a/ssh_keygen_110/sshkey.h +++ /dev/null @@ -1,277 +0,0 @@ -/* $OpenBSD: sshkey.h,v 1.30 2018/09/14 04:17:44 djm Exp $ */ - -/* - * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef SSHKEY_H -#define SSHKEY_H - -#include - -#ifdef WITH_OPENSSL -#include -#include -# ifdef OPENSSL_HAS_ECC -# include -# else /* OPENSSL_HAS_ECC */ -# define EC_KEY void -# define EC_GROUP void -# define EC_POINT void -# endif /* OPENSSL_HAS_ECC */ -#else /* WITH_OPENSSL */ -# define BIGNUM void -# define RSA void -# define DSA void -# define EC_KEY void -# define EC_GROUP void -# define EC_POINT void -#endif /* WITH_OPENSSL */ - -#define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 -#define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) - -struct sshbuf; - -/* Key types */ -enum sshkey_types { - KEY_RSA, - KEY_DSA, - KEY_ECDSA, - KEY_ED25519, - KEY_RSA_CERT, - KEY_DSA_CERT, - KEY_ECDSA_CERT, - KEY_ED25519_CERT, - KEY_XMSS, - KEY_XMSS_CERT, - KEY_UNSPEC -}; - -/* Default fingerprint hash */ -#define SSH_FP_HASH_DEFAULT SSH_DIGEST_SHA256 - -/* Fingerprint representation formats */ -enum sshkey_fp_rep { - SSH_FP_DEFAULT = 0, - SSH_FP_HEX, - SSH_FP_BASE64, - SSH_FP_BUBBLEBABBLE, - SSH_FP_RANDOMART -}; - -/* Private key serialisation formats, used on the wire */ -enum sshkey_serialize_rep { - SSHKEY_SERIALIZE_DEFAULT = 0, - SSHKEY_SERIALIZE_STATE = 1, - SSHKEY_SERIALIZE_FULL = 2, - SSHKEY_SERIALIZE_INFO = 254, -}; - -/* key is stored in external hardware */ -#define SSHKEY_FLAG_EXT 0x0001 - -#define SSHKEY_CERT_MAX_PRINCIPALS 256 -/* XXX opaquify? */ -struct sshkey_cert { - struct sshbuf *certblob; /* Kept around for use on wire */ - u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ - u_int64_t serial; - char *key_id; - u_int nprincipals; - char **principals; - u_int64_t valid_after, valid_before; - struct sshbuf *critical; - struct sshbuf *extensions; - struct sshkey *signature_key; - char *signature_type; -}; - -/* XXX opaquify? */ -struct sshkey { - int type; - int flags; - RSA *rsa; - DSA *dsa; - int ecdsa_nid; /* NID of curve */ - EC_KEY *ecdsa; - u_char *ed25519_sk; - u_char *ed25519_pk; - char *xmss_name; - char *xmss_filename; /* for state file updates */ - void *xmss_state; /* depends on xmss_name, opaque */ - u_char *xmss_sk; - u_char *xmss_pk; - struct sshkey_cert *cert; -}; - -#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES -#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES - -struct sshkey *sshkey_new(int); -void sshkey_free(struct sshkey *); -int sshkey_equal_public(const struct sshkey *, - const struct sshkey *); -int sshkey_equal(const struct sshkey *, const struct sshkey *); -char *sshkey_fingerprint(const struct sshkey *, - int, enum sshkey_fp_rep); -int sshkey_fingerprint_raw(const struct sshkey *k, - int, u_char **retp, size_t *lenp); -const char *sshkey_type(const struct sshkey *); -const char *sshkey_cert_type(const struct sshkey *); -int sshkey_format_text(const struct sshkey *, struct sshbuf *); -int sshkey_write(const struct sshkey *, FILE *); -int sshkey_read(struct sshkey *, char **); -u_int sshkey_size(const struct sshkey *); - -int sshkey_generate(int type, u_int bits, struct sshkey **keyp); -int sshkey_from_private(const struct sshkey *, struct sshkey **); -int sshkey_type_from_name(const char *); -int sshkey_is_cert(const struct sshkey *); -int sshkey_type_is_cert(int); -int sshkey_type_plain(int); -int sshkey_to_certified(struct sshkey *); -int sshkey_drop_cert(struct sshkey *); -int sshkey_cert_copy(const struct sshkey *, struct sshkey *); -int sshkey_cert_check_authority(const struct sshkey *, int, int, - const char *, const char **); -size_t sshkey_format_cert_validity(const struct sshkey_cert *, - char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); -int sshkey_check_cert_sigtype(const struct sshkey *, const char *); - -int sshkey_certify(struct sshkey *, struct sshkey *, const char *); -/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ -typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int, void *); -int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, - sshkey_certify_signer *, void *); - -int sshkey_ecdsa_nid_from_name(const char *); -int sshkey_curve_name_to_nid(const char *); -const char * sshkey_curve_nid_to_name(int); -u_int sshkey_curve_nid_to_bits(int); -int sshkey_ecdsa_bits_to_nid(int); -int sshkey_ecdsa_key_to_nid(EC_KEY *); -int sshkey_ec_nid_to_hash_alg(int nid); -int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *); -int sshkey_ec_validate_private(const EC_KEY *); -const char *sshkey_ssh_name(const struct sshkey *); -const char *sshkey_ssh_name_plain(const struct sshkey *); -int sshkey_names_valid2(const char *, int); -char *sshkey_alg_list(int, int, int, char); - -int sshkey_from_blob(const u_char *, size_t, struct sshkey **); -int sshkey_fromb(struct sshbuf *, struct sshkey **); -int sshkey_froms(struct sshbuf *, struct sshkey **); -int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); -int sshkey_to_base64(const struct sshkey *, char **); -int sshkey_putb(const struct sshkey *, struct sshbuf *); -int sshkey_puts(const struct sshkey *, struct sshbuf *); -int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, - enum sshkey_serialize_rep); -int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); -int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); - -int sshkey_sign(const struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int); -int sshkey_verify(const struct sshkey *, const u_char *, size_t, - const u_char *, size_t, const char *, u_int); -int sshkey_check_sigtype(const u_char *, size_t, const char *); -const char *sshkey_sigalg_by_name(const char *); - -/* for debug */ -void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); -void sshkey_dump_ec_key(const EC_KEY *); - -/* private key parsing and serialisation */ -int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); -int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, - enum sshkey_serialize_rep); -int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); - -/* private key file format parsing and serialisation */ -int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, - const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds); -int sshkey_parse_private_fileblob(struct sshbuf *buffer, - const char *passphrase, struct sshkey **keyp, char **commentp); -int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, - const char *passphrase, struct sshkey **keyp, char **commentp); - -/* XXX should be internal, but used by ssh-keygen */ -int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *); - -/* stateful keys (e.g. XMSS) */ -#ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS -typedef void sshkey_printfn(const char *, ...); -#else -typedef void sshkey_printfn(const char *, ...) __attribute__((format(printf, 1, 2))); -#endif -int sshkey_set_filename(struct sshkey *, const char *); -int sshkey_enable_maxsign(struct sshkey *, u_int32_t); -u_int32_t sshkey_signatures_left(const struct sshkey *); -int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); -int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, - u_int32_t maxsign, sshkey_printfn *pr); - -#ifdef SSHKEY_INTERNAL -int ssh_rsa_sign(const struct sshkey *key, - u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *ident); -int ssh_rsa_verify(const struct sshkey *key, - const u_char *sig, size_t siglen, const u_char *data, size_t datalen, - const char *alg); -int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_dss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_ecdsa_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_ed25519_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_xmss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -#endif - -#if !defined(WITH_OPENSSL) -# undef RSA -# undef DSA -# undef EC_KEY -# undef EC_GROUP -# undef EC_POINT -#elif !defined(OPENSSL_HAS_ECC) -# undef EC_KEY -# undef EC_GROUP -# undef EC_POINT -#endif - -#endif /* SSHKEY_H */ diff --git a/ssh_keygen_110/utf8.c b/ssh_keygen_110/utf8.c deleted file mode 100644 index db7cb8f3..00000000 --- a/ssh_keygen_110/utf8.c +++ /dev/null @@ -1,340 +0,0 @@ -/* $OpenBSD: utf8.c,v 1.8 2018/08/21 13:56:27 schwarze Exp $ */ -/* - * Copyright (c) 2016 Ingo Schwarze - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Utility functions for multibyte-character handling, - * in particular to sanitize untrusted strings for terminal output. - */ - -#include "includes.h" - -#include -#ifdef HAVE_LANGINFO_H -# include -#endif -#include -#include -#include -#include -#include -#include -#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) -# include -#endif -#ifdef HAVE_WCHAR_H -# include -#endif - -#include "utf8.h" - -static int dangerous_locale(void); -static int grow_dst(char **, size_t *, size_t, char **, size_t); -static int vasnmprintf(char **, size_t, int *, const char *, va_list); - - -/* - * For US-ASCII and UTF-8 encodings, we can safely recover from - * encoding errors and from non-printable characters. For any - * other encodings, err to the side of caution and abort parsing: - * For state-dependent encodings, recovery is impossible. - * For arbitrary encodings, replacement of non-printable - * characters would be non-trivial and too fragile. - * The comments indicate what nl_langinfo(CODESET) - * returns for US-ASCII on various operating systems. - */ - -static int -dangerous_locale(void) { - char *loc; - - loc = nl_langinfo(CODESET); - return strcmp(loc, "UTF-8") != 0 && - strcmp(loc, "US-ASCII") != 0 && /* OpenBSD */ - strcmp(loc, "ANSI_X3.4-1968") != 0 && /* Linux */ - strcmp(loc, "ISO8859-1") != 0 && /* AIX */ - strcmp(loc, "646") != 0 && /* Solaris, NetBSD */ - strcmp(loc, "") != 0; /* Solaris 6 */ -} - -static int -grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need) -{ - char *tp; - size_t tsz; - - if (*dp + need < *dst + *sz) - return 0; - tsz = *sz + 128; - if (tsz > maxsz) - tsz = maxsz; - if ((tp = recallocarray(*dst, *sz, tsz, 1)) == NULL) - return -1; - *dp = tp + (*dp - *dst); - *dst = tp; - *sz = tsz; - return 0; -} - -/* - * The following two functions limit the number of bytes written, - * including the terminating '\0', to sz. Unless wp is NULL, - * they limit the number of display columns occupied to *wp. - * Whichever is reached first terminates the output string. - * To stay close to the standard interfaces, they return the number of - * non-NUL bytes that would have been written if both were unlimited. - * If wp is NULL, newline, carriage return, and tab are allowed; - * otherwise, the actual number of columns occupied by what was - * written is returned in *wp. - */ - -static int -vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap) -{ - char *src; /* Source string returned from vasprintf. */ - char *sp; /* Pointer into src. */ - char *dst; /* Destination string to be returned. */ - char *dp; /* Pointer into dst. */ - char *tp; /* Temporary pointer for dst. */ - size_t sz; /* Number of bytes allocated for dst. */ - wchar_t wc; /* Wide character at sp. */ - int len; /* Number of bytes in the character at sp. */ - int ret; /* Number of bytes needed to format src. */ - int width; /* Display width of the character wc. */ - int total_width, max_width, print; - - src = NULL; - if ((ret = vasprintf(&src, fmt, ap)) <= 0) - goto fail; - - sz = strlen(src) + 1; - if ((dst = malloc(sz)) == NULL) { - free(src); - ret = -1; - goto fail; - } - - if (maxsz > INT_MAX) - maxsz = INT_MAX; - - sp = src; - dp = dst; - ret = 0; - print = 1; - total_width = 0; - max_width = wp == NULL ? INT_MAX : *wp; - while (*sp != '\0') { - if ((len = mbtowc(&wc, sp, MB_CUR_MAX)) == -1) { - (void)mbtowc(NULL, NULL, MB_CUR_MAX); - if (dangerous_locale()) { - ret = -1; - break; - } - len = 1; - width = -1; - } else if (wp == NULL && - (wc == L'\n' || wc == L'\r' || wc == L'\t')) { - /* - * Don't use width uninitialized; the actual - * value doesn't matter because total_width - * is only returned for wp != NULL. - */ - width = 0; - } else if ((width = wcwidth(wc)) == -1 && - dangerous_locale()) { - ret = -1; - break; - } - - /* Valid, printable character. */ - - if (width >= 0) { - if (print && (dp - dst >= (int)maxsz - len || - total_width > max_width - width)) - print = 0; - if (print) { - if (grow_dst(&dst, &sz, maxsz, - &dp, len) == -1) { - ret = -1; - break; - } - total_width += width; - memcpy(dp, sp, len); - dp += len; - } - sp += len; - if (ret >= 0) - ret += len; - continue; - } - - /* Escaping required. */ - - while (len > 0) { - if (print && (dp - dst >= (int)maxsz - 4 || - total_width > max_width - 4)) - print = 0; - if (print) { - if (grow_dst(&dst, &sz, maxsz, - &dp, 4) == -1) { - ret = -1; - break; - } - tp = vis(dp, *sp, VIS_OCTAL | VIS_ALL, 0); - width = tp - dp; - total_width += width; - dp = tp; - } else - width = 4; - len--; - sp++; - if (ret >= 0) - ret += width; - } - if (len > 0) - break; - } - free(src); - *dp = '\0'; - *str = dst; - if (wp != NULL) - *wp = total_width; - - /* - * If the string was truncated by the width limit but - * would have fit into the size limit, the only sane way - * to report the problem is using the return value, such - * that the usual idiom "if (ret < 0 || ret >= sz) error" - * works as expected. - */ - - if (ret < (int)maxsz && !print) - ret = -1; - return ret; - -fail: - if (wp != NULL) - *wp = 0; - if (ret == 0) { - *str = src; - return 0; - } else { - *str = NULL; - return -1; - } -} - -int -snmprintf(char *str, size_t sz, int *wp, const char *fmt, ...) -{ - va_list ap; - char *cp; - int ret; - - va_start(ap, fmt); - ret = vasnmprintf(&cp, sz, wp, fmt, ap); - va_end(ap); - if (cp != NULL) { - (void)strlcpy(str, cp, sz); - free(cp); - } else - *str = '\0'; - return ret; -} - -/* - * To stay close to the standard interfaces, the following functions - * return the number of non-NUL bytes written. - */ - -int -vfmprintf(FILE *stream, const char *fmt, va_list ap) -{ - char *str; - int ret; - - if ((ret = vasnmprintf(&str, INT_MAX, NULL, fmt, ap)) < 0) - return -1; - if (fputs(str, stream) == EOF) - ret = -1; - free(str); - return ret; -} - -int -fmprintf(FILE *stream, const char *fmt, ...) -{ - va_list ap; - int ret; - - va_start(ap, fmt); - ret = vfmprintf(stream, fmt, ap); - va_end(ap); - return ret; -} - -int -mprintf(const char *fmt, ...) -{ - va_list ap; - int ret; - - va_start(ap, fmt); - ret = vfmprintf(stdout, fmt, ap); - va_end(ap); - return ret; -} - -/* - * Set up libc for multibyte output in the user's chosen locale. - * - * XXX: we are known to have problems with Turkish (i/I confusion) so we - * deliberately fall back to the C locale for now. Longer term we should - * always prefer to select C.[encoding] if possible, but there's no - * standardisation in locales between systems, so we'll need to survey - * what's out there first. - */ -void -msetlocale(void) -{ - const char *vars[] = { "LC_ALL", "LC_CTYPE", "LANG", NULL }; - char *cp; - int i; - - /* - * We can't yet cope with dotless/dotted I in Turkish locales, - * so fall back to the C locale for these. - */ - for (i = 0; vars[i] != NULL; i++) { - if ((cp = getenv(vars[i])) == NULL) - continue; - if (strncasecmp(cp, "TR", 2) != 0) - break; - /* - * If we're in a UTF-8 locale then prefer to use - * the C.UTF-8 locale (or equivalent) if it exists. - */ - if ((strcasestr(cp, "UTF-8") != NULL || - strcasestr(cp, "UTF8") != NULL) && - (setlocale(LC_CTYPE, "C.UTF-8") != NULL || - setlocale(LC_CTYPE, "POSIX.UTF-8") != NULL)) - return; - setlocale(LC_CTYPE, "C"); - return; - } - /* We can handle this locale */ - setlocale(LC_CTYPE, ""); -} diff --git a/ssh_keygen_110/utf8.h b/ssh_keygen_110/utf8.h deleted file mode 100644 index 88c5a34a..00000000 --- a/ssh_keygen_110/utf8.h +++ /dev/null @@ -1,25 +0,0 @@ -/* $OpenBSD: utf8.h,v 1.1 2016/05/25 23:48:45 schwarze Exp $ */ -/* - * Copyright (c) 2016 Ingo Schwarze - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -int mprintf(const char *, ...) - __attribute__((format(printf, 1, 2))); -int fmprintf(FILE *, const char *, ...) - __attribute__((format(printf, 2, 3))); -int vfmprintf(FILE *, const char *, va_list); -int snmprintf(char *, size_t, int *, const char *, ...) - __attribute__((format(printf, 4, 5))); -void msetlocale(void); diff --git a/ssh_keygen_110/uuencode.c b/ssh_keygen_110/uuencode.c deleted file mode 100644 index 7fc867a1..00000000 --- a/ssh_keygen_110/uuencode.c +++ /dev/null @@ -1,95 +0,0 @@ -/* $OpenBSD: uuencode.c,v 1.28 2015/04/24 01:36:24 deraadt Exp $ */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "uuencode.h" - -/* - * Encode binary 'src' of length 'srclength', writing base64-encoded text - * to 'target' of size 'targsize'. Will always nul-terminate 'target'. - * Returns the number of bytes stored in 'target' or -1 on error (inc. - * 'targsize' too small). - */ -int -uuencode(const u_char *src, u_int srclength, - char *target, size_t targsize) -{ - return __b64_ntop(src, srclength, target, targsize); -} - -/* - * Decode base64-encoded 'src' into buffer 'target' of 'targsize' bytes. - * Will skip leading and trailing whitespace. Returns the number of bytes - * stored in 'target' or -1 on error (inc. targsize too small). - */ -int -uudecode(const char *src, u_char *target, size_t targsize) -{ - int len; - char *encoded, *p; - - /* copy the 'readonly' source */ - encoded = xstrdup(src); - /* skip whitespace and data */ - for (p = encoded; *p == ' ' || *p == '\t'; p++) - ; - for (; *p != '\0' && *p != ' ' && *p != '\t'; p++) - ; - /* and remove trailing whitespace because __b64_pton needs this */ - *p = '\0'; - len = __b64_pton(encoded, target, targsize); - free(encoded); - return len; -} - -void -dump_base64(FILE *fp, const u_char *data, u_int len) -{ - char *buf; - int i, n; - - if (len > 65536) { - fprintf(fp, "dump_base64: len > 65536\n"); - return; - } - buf = xreallocarray(NULL, 2, len); - n = uuencode(data, len, buf, 2*len); - for (i = 0; i < n; i++) { - fprintf(fp, "%c", buf[i]); - if (i % 70 == 69) - fprintf(fp, "\n"); - } - if (i % 70 != 69) - fprintf(fp, "\n"); - free(buf); -} diff --git a/ssh_keygen_110/uuencode.h b/ssh_keygen_110/uuencode.h deleted file mode 100644 index 4d988812..00000000 --- a/ssh_keygen_110/uuencode.h +++ /dev/null @@ -1,29 +0,0 @@ -/* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -int uuencode(const u_char *, u_int, char *, size_t); -int uudecode(const char *, u_char *, size_t); -void dump_base64(FILE *, const u_char *, u_int); diff --git a/ssh_keygen_110/verify.c b/ssh_keygen_110/verify.c deleted file mode 100644 index 1671a413..00000000 --- a/ssh_keygen_110/verify.c +++ /dev/null @@ -1,49 +0,0 @@ -/* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Author: Daniel J. Bernstein - * Copied from nacl-20110221/crypto_verify/32/ref/verify.c - */ - -#include "includes.h" - -#include "crypto_api.h" - -int crypto_verify_32(const unsigned char *x,const unsigned char *y) -{ - unsigned int differentbits = 0; -#define F(i) differentbits |= x[i] ^ y[i]; - F(0) - F(1) - F(2) - F(3) - F(4) - F(5) - F(6) - F(7) - F(8) - F(9) - F(10) - F(11) - F(12) - F(13) - F(14) - F(15) - F(16) - F(17) - F(18) - F(19) - F(20) - F(21) - F(22) - F(23) - F(24) - F(25) - F(26) - F(27) - F(28) - F(29) - F(30) - F(31) - return (1 & ((differentbits - 1) >> 8)) - 1; -} diff --git a/ssh_keygen_110/xmalloc.c b/ssh_keygen_110/xmalloc.c deleted file mode 100644 index 5cc0310a..00000000 --- a/ssh_keygen_110/xmalloc.c +++ /dev/null @@ -1,118 +0,0 @@ -/* $OpenBSD: xmalloc.c,v 1.34 2017/05/31 09:15:42 deraadt Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Versions of malloc and friends that check their results, and never return - * failure (they call fatal if they encounter an error). - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" - -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include -#include -#include - -#include "xmalloc.h" -#include "log.h" - -void -ssh_malloc_init(void) -{ -#if defined(__OpenBSD__) - extern char *malloc_options; - - malloc_options = "S"; -#endif /* __OpenBSD__ */ -} - -void * -xmalloc(size_t size) -{ - void *ptr; - - if (size == 0) - fatal("xmalloc: zero size"); - ptr = malloc(size); - if (ptr == NULL) - fatal("xmalloc: out of memory (allocating %zu bytes)", size); - return ptr; -} - -void * -xcalloc(size_t nmemb, size_t size) -{ - void *ptr; - - if (size == 0 || nmemb == 0) - fatal("xcalloc: zero size"); - if (SIZE_MAX / nmemb < size) - fatal("xcalloc: nmemb * size > SIZE_MAX"); - ptr = calloc(nmemb, size); - if (ptr == NULL) - fatal("xcalloc: out of memory (allocating %zu bytes)", - size * nmemb); - return ptr; -} - -void * -xreallocarray(void *ptr, size_t nmemb, size_t size) -{ - void *new_ptr; - - new_ptr = reallocarray(ptr, nmemb, size); - if (new_ptr == NULL) - fatal("xreallocarray: out of memory (%zu elements of %zu bytes)", - nmemb, size); - return new_ptr; -} - -void * -xrecallocarray(void *ptr, size_t onmemb, size_t nmemb, size_t size) -{ - void *new_ptr; - - new_ptr = recallocarray(ptr, onmemb, nmemb, size); - if (new_ptr == NULL) - fatal("xrecallocarray: out of memory (%zu elements of %zu bytes)", - nmemb, size); - return new_ptr; -} - -char * -xstrdup(const char *str) -{ - size_t len; - char *cp; - - len = strlen(str) + 1; - cp = xmalloc(len); - strlcpy(cp, str, len); - return cp; -} - -int -xasprintf(char **ret, const char *fmt, ...) -{ - va_list ap; - int i; - - va_start(ap, fmt); - i = vasprintf(ret, fmt, ap); - va_end(ap); - - if (i < 0 || *ret == NULL) - fatal("xasprintf: could not allocate memory"); - - return (i); -} diff --git a/ssh_keygen_110/xmalloc.h b/ssh_keygen_110/xmalloc.h deleted file mode 100644 index cf38ddfa..00000000 --- a/ssh_keygen_110/xmalloc.h +++ /dev/null @@ -1,27 +0,0 @@ -/* $OpenBSD: xmalloc.h,v 1.17 2017/05/31 09:15:42 deraadt Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Created: Mon Mar 20 22:09:17 1995 ylo - * - * Versions of malloc and friends that check their results, and never return - * failure (they call fatal if they encounter an error). - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -void ssh_malloc_init(void); -void *xmalloc(size_t); -void *xcalloc(size_t, size_t); -void *xreallocarray(void *, size_t, size_t); -void *xrecallocarray(void *, size_t, size_t, size_t); -char *xstrdup(const char *); -int xasprintf(char **, const char *, ...) - __attribute__((__format__ (printf, 2, 3))) - __attribute__((__nonnull__ (2))); diff --git a/ssh_keygen_110/xmss_fast.h b/ssh_keygen_110/xmss_fast.h deleted file mode 100644 index 2ffba705..00000000 --- a/ssh_keygen_110/xmss_fast.h +++ /dev/null @@ -1,111 +0,0 @@ -#ifdef WITH_XMSS -/* $OpenBSD: xmss_fast.h,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ -/* -xmss_fast.h version 20160722 -Andreas Hülsing -Joost Rijneveld -Public domain. -*/ - -#include "xmss_wots.h" - -#ifndef XMSS_H -#define XMSS_H -typedef struct{ - unsigned int level; - unsigned long long subtree; - unsigned int subleaf; -} leafaddr; - -typedef struct{ - wots_params wots_par; - unsigned int n; - unsigned int h; - unsigned int k; -} xmss_params; - -typedef struct{ - xmss_params xmss_par; - unsigned int n; - unsigned int h; - unsigned int d; - unsigned int index_len; -} xmssmt_params; - -typedef struct{ - unsigned int h; - unsigned int next_idx; - unsigned int stackusage; - unsigned char completed; - unsigned char *node; -} treehash_inst; - -typedef struct { - unsigned char *stack; - unsigned int stackoffset; - unsigned char *stacklevels; - unsigned char *auth; - unsigned char *keep; - treehash_inst *treehash; - unsigned char *retain; - unsigned int next_leaf; -} bds_state; - -/** - * Initialize BDS state struct - * parameter names are the same as used in the description of the BDS traversal - */ -void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf); -/** - * Initializes parameter set. - * Needed, for any of the other methods. - */ -int xmss_set_params(xmss_params *params, int n, int h, int w, int k); -/** - * Initialize xmssmt_params struct - * parameter names are the same as in the draft - * - * Especially h is the total tree height, i.e. the XMSS trees have height h/d - */ -int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k); -/** - * Generates a XMSS key pair for a given parameter set. - * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] - * Format pk: [root || PUB_SEED] omitting algo oid. - */ -int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params); -/** - * Signs a message. - * Returns - * 1. an array containing the signature followed by the message AND - * 2. an updated secret key! - * - */ -int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg,unsigned long long msglen, const xmss_params *params); -/** - * Verifies a given message signature pair under a given public key. - * - * Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig||msg). - */ -int xmss_sign_open(unsigned char *msg,unsigned long long *msglen, const unsigned char *sig_msg,unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params); - -/* - * Generates a XMSSMT key pair for a given parameter set. - * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] - * Format pk: [root || PUB_SEED] omitting algo oid. - */ -int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params); -/** - * Signs a message. - * Returns - * 1. an array containing the signature followed by the message AND - * 2. an updated secret key! - * - */ -int xmssmt_sign(unsigned char *sk, bds_state *state, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params); -/** - * Verifies a given message signature pair under a given public key. - */ -int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params); -#endif -#endif /* WITH_XMSS */