system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-08 20:26:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
fc773115fa
freebsd-src/crypto/openssh/ed25519.sh
Ed Maste f374ba41f5 ssh: update to OpenSSH 9.2p1 
Release notes are available at https://www.openssh.com/txt/release-9.2

OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem.  The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.

Some other notable items from the release notes:

 * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
   controls whether the client-side ~C escape sequence that provides a
   command-line is available. Among other things, the ~C command-line
   could be used to add additional port-forwards at runtime.

 * sshd(8): add support for channel inactivity timeouts via a new
   sshd_config(5) ChannelTimeout directive. This allows channels that
   have not seen traffic in a configurable interval to be
   automatically closed. Different timeouts may be applied to session,
   X11, agent and TCP forwarding channels.

 * sshd(8): add a sshd_config UnusedConnectionTimeout option to
   terminate client connections that have no open channels for a
   length of time. This complements the ChannelTimeout option above.
    
 * sshd(8): add a -V (version) option to sshd like the ssh client has.

 * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
   allow control over some SFTP protocol parameters: the copy buffer
   length and the number of in-flight requests, both of which are used
   during upload/download. Previously these could be controlled in
   sftp(1) only. This makes them available in both SFTP protocol
   clients using the same option character sequence.
    
 * ssh-keyscan(1): allow scanning of complete CIDR address ranges,
   e.g.  "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
   it will be expanded to all possible addresses in the range
   including the all-0s and all-1s addresses. bz#976

 * ssh(1): support dynamic remote port forwarding in escape
   command-line's -R processing. bz#3499

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2023-02-06 16:54:56 -05:00

120 lines
4.1 KiB
Bash
Raw Blame History

#!/bin/sh
# $OpenBSD: ed25519.sh,v 1.1 2023/01/15 23:05:32 djm Exp $
# Placed in the Public Domain.
#
AUTHOR="supercop-20221122/crypto_sign/ed25519/ref/implementors"
FILES="
supercop-20221122/crypto_verify/32/ref/verify.c
supercop-20221122/crypto_sign/ed25519/ref/fe25519.h
supercop-20221122/crypto_sign/ed25519/ref/fe25519.c
supercop-20221122/crypto_sign/ed25519/ref/sc25519.h
supercop-20221122/crypto_sign/ed25519/ref/sc25519.c
supercop-20221122/crypto_sign/ed25519/ref/ge25519.h
supercop-20221122/crypto_sign/ed25519/ref/ge25519.c
supercop-20221122/crypto_sign/ed25519/ref/keypair.c
supercop-20221122/crypto_sign/ed25519/ref/sign.c
supercop-20221122/crypto_sign/ed25519/ref/open.c
"
###
DATA="supercop-20221122/crypto_sign/ed25519/ref/ge25519_base.data"
set -e
cd $1
echo -n '/* $'
echo 'OpenBSD: $ */'
echo
echo '/*'
echo ' * Public Domain, Authors:'
sed -e '/Alphabetical order:/d' -e 's/^/ * - /' < $AUTHOR
echo ' */'
echo
echo '#include <string.h>'
echo
echo '#include "crypto_api.h"'
echo
# Map the types used in this code to the ones in crypto_api.h. We use #define
# instead of typedef since some systems have existing intXX types and do not
# permit multiple typedefs even if they do not conflict.
for t in int8 uint8 int16 uint16 int32 uint32 int64 uint64; do
echo "#define $t crypto_${t}"
done
echo
for i in $FILES; do
echo "/* from $i */"
# Changes to all files:
# - inline ge25519_base.data where it is included
# - expand CRYPTO_NAMESPACE() namespacing define
# - remove all includes, we inline everything required.
# - make functions not required elsewhere static.
# - rename the functions we do use.
sed \
-e "/#include \"ge25519_base.data\"/r $DATA" \
-e "/#include/d" \
-e "s/^void /static void /g" \
-e 's/CRYPTO_NAMESPACE[(]\([a-zA-Z0-9_]*\)[)]/crypto_sign_ed25519_ref_\1/g' \
$i | \
case "$i" in
*/crypto_verify/32/ref/verify.c)
# rename crypto_verify() to the name that the ed25519 code expects.
sed -e "/^#include.*/d" \
-e "s/crypto_verify/crypto_verify_32/g" \
-e "s/^int /static int /g"
;;
*/crypto_sign/ed25519/ref/sign.c)
# rename signing function to the name OpenSSH expects
sed -e "s/crypto_sign/crypto_sign_ed25519/g"
;;
*/crypto_sign/ed25519/ref/keypair.c)
# rename key generation function to the name OpenSSH expects
sed -e "s/crypto_sign_keypair/crypto_sign_ed25519_keypair/g"
;;
*/crypto_sign/ed25519/ref/open.c)
# rename verification function to the name OpenSSH expects
sed -e "s/crypto_sign_open/crypto_sign_ed25519_open/g"
;;
*/crypto_sign/ed25519/ref/fe25519.*)
# avoid a couple of name collions with other files
sed -e "s/reduce_add_sub/fe25519_reduce_add_sub/g" \
-e "s/ equal[(]/ fe25519_equal(/g" \
-e "s/^int /static int /g"
;;
*/crypto_sign/ed25519/ref/sc25519.h)
# Lots of unused prototypes to remove
sed -e "s/^int /static int /g" \
-e '/shortsc25519_from16bytes/d' \
-e '/sc25519_iszero_vartime/d' \
-e '/sc25519_isshort_vartime/d' \
-e '/sc25519_lt_vartime/d' \
-e '/sc25519_sub_nored/d' \
-e '/sc25519_mul_shortsc/d' \
-e '/sc25519_from_shortsc/d' \
-e '/sc25519_window5/d'
;;
*/crypto_sign/ed25519/ref/sc25519.c)
# Lots of unused code to remove, some name collisions to avoid
sed -e "s/reduce_add_sub/sc25519_reduce_add_sub/g" \
-e "s/ equal[(]/ sc25519_equal(/g" \
-e "s/^int /static int /g" \
-e "s/m[[]/sc25519_m[/g" \
-e "s/mu[[]/sc25519_mu[/g" \
-e '/shortsc25519_from16bytes/,/^}$/d' \
-e '/sc25519_iszero_vartime/,/^}$/d' \
-e '/sc25519_isshort_vartime/,/^}$/d' \
-e '/sc25519_lt_vartime/,/^}$/d' \
-e '/sc25519_sub_nored/,/^}$/d' \
-e '/sc25519_mul_shortsc/,/^}$/d' \
-e '/sc25519_from_shortsc/,/^}$/d' \
-e '/sc25519_window5/,/^}$/d'
;;
*/crypto_sign/ed25519/ref//ge25519.*)
sed -e "s/^int /static int /g"
;;
# Default: pass through.
*)
cat
;;
esac | \
sed -e 's/[ ]*$//'
done
Reference in New Issue View Git Blame Copy Permalink