Update files for OpenSSH-6.7p1 import.
authorPeter Avalos <pavalos@dragonflybsd.org>
Sat, 24 Jan 2015 05:38:03 +0000 (21:38 -0800)
committerPeter Avalos <pavalos@dragonflybsd.org>
Sat, 24 Jan 2015 10:50:54 +0000 (02:50 -0800)
This also updates the HPN patch to the most recent, which brings in the
multi-threaded cipher for improved performance.

35 files changed:
crypto/openssh/HPN-README
crypto/openssh/channels.c
crypto/openssh/channels.h
crypto/openssh/cipher-ctr-mt.c [new file with mode: 0644]
crypto/openssh/cipher.c
crypto/openssh/cipher.h
crypto/openssh/clientloop.c
crypto/openssh/kex.c
crypto/openssh/kex.h
crypto/openssh/openbsd-compat/blowfish.c
crypto/openssh/packet.c
crypto/openssh/packet.h
crypto/openssh/readconf.c
crypto/openssh/readconf.h
crypto/openssh/servconf.c
crypto/openssh/serverloop.c
crypto/openssh/ssh.c
crypto/openssh/ssh_namespace.h
crypto/openssh/sshconnect.c
crypto/openssh/sshconnect2.c
crypto/openssh/sshd.c
crypto/openssh/umac128.c [new file with mode: 0644]
crypto/openssh/version.h
lib/pam_module/pam_ssh/Makefile
secure/Makefile.ssh.common
secure/lib/libssh/Makefile
secure/lib/libssh/config.h
secure/lib/libssh/version.c [deleted file]
secure/lib/libssh/version.h [deleted file]
secure/libexec/sftp-server/Makefile
secure/libexec/ssh-keysign/Makefile
secure/usr.bin/sftp/Makefile
secure/usr.bin/ssh/Makefile
secure/usr.sbin/sshd/Makefile
share/initrd/bin/Makefile

index 333cdc8..7cb3b97 100644 (file)
@@ -123,6 +123,7 @@ is 2MB.
 Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
          The majority of the actual coding for versions up to HPN12v1 was performed
          by Michael Stevens (mstevens@andrew.cmu.edu). The MT-AES-CTR cipher was 
-        implemented by Ben Bennet (ben@psc.edu). This work was financed, in part,
-         by Cisco System, Inc., the National Library of Medicine, 
-        and the National Science Foundation. 
+        implemented by Ben Bennet (ben@psc.edu) and improved by Mike Tasota 
+        (tasota@gmail.com) an NSF REU grant recipient for 2013. 
+        This work was financed, in part, by Cisco System, Inc., the National 
+         Library of Medicine, and the National Science Foundation. 
index e45e730..4521837 100644 (file)
@@ -851,8 +851,8 @@ int channel_tcpwinsz () {
        ret = getsockopt(packet_get_connection_in(),
                         SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
        /* return no more than 64MB */
-       if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN)
-           tcpwinsz = BUFFER_MAX_LEN_HPN;
+       if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX)
+           tcpwinsz = SSHBUF_SIZE_MAX;
        debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
               packet_get_connection_in());
        return(tcpwinsz);
index 0d8a146..cf4c480 100644 (file)
@@ -172,10 +172,10 @@ struct Channel {
 
 /* default window/packet sizes for tcp/x11-fwd-channel */
 #define CHAN_SES_PACKET_DEFAULT        (32*1024)
-#define CHAN_SES_WINDOW_DEFAULT        (4*CHAN_SES_PACKET_DEFAULT)
+#define CHAN_SES_WINDOW_DEFAULT        (64*CHAN_SES_PACKET_DEFAULT)
 
 #define CHAN_TCP_PACKET_DEFAULT        (32*1024)
-#define CHAN_TCP_WINDOW_DEFAULT        (4*CHAN_TCP_PACKET_DEFAULT)
+#define CHAN_TCP_WINDOW_DEFAULT        (64*CHAN_TCP_PACKET_DEFAULT)
 
 #define CHAN_X11_PACKET_DEFAULT        (16*1024)
 #define CHAN_X11_WINDOW_DEFAULT        (4*CHAN_X11_PACKET_DEFAULT)
diff --git a/crypto/openssh/cipher-ctr-mt.c b/crypto/openssh/cipher-ctr-mt.c
new file mode 100644 (file)
index 0000000..c13ddf0
--- /dev/null
@@ -0,0 +1,507 @@
+/*
+ * OpenSSH Multi-threaded AES-CTR Cipher
+ *
+ * Author: Benjamin Bennett <ben@psc.edu>
+ * Author: Mike Tasota <tasota@gmail.com>
+ * Author: Chris Rapier <rapier@psc.edu>
+ * Copyright (c) 2008-2013 Pittsburgh Supercomputing Center. All rights reserved.
+ *
+ * Based on original OpenSSH AES-CTR cipher. Small portions remain unchanged,
+ * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+
+#include "xmalloc.h"
+#include "log.h"
+
+/* compatibility with old or broken OpenSSL versions */
+#include "openbsd-compat/openssl-compat.h"
+
+#ifndef USE_BUILTIN_RIJNDAEL
+#include <openssl/aes.h>
+#endif
+
+#include <pthread.h>
+
+/*-------------------- TUNABLES --------------------*/
+/* Number of pregen threads to use */
+#define CIPHER_THREADS 2
+
+/* Number of keystream queues */
+#define NUMKQ          (CIPHER_THREADS + 2)
+
+/* Length of a keystream queue */
+#define KQLEN          4096
+
+/* Processor cacheline length */
+#define CACHELINE_LEN  64
+
+/* Collect thread stats and print at cancellation when in debug mode */
+/* #define CIPHER_THREAD_STATS */
+
+/* Use single-byte XOR instead of 8-byte XOR */
+/* #define CIPHER_BYTE_XOR */
+/*-------------------- END TUNABLES --------------------*/
+
+
+const EVP_CIPHER *evp_aes_ctr_mt(void);
+
+#ifdef CIPHER_THREAD_STATS
+/*
+ * Struct to collect thread stats
+ */
+struct thread_stats {
+       u_int   fills;
+       u_int   skips;
+       u_int   waits;
+       u_int   drains;
+};
+
+/*
+ * Debug print the thread stats
+ * Use with pthread_cleanup_push for displaying at thread cancellation
+ */
+static void
+thread_loop_stats(void *x)
+{
+       struct thread_stats *s = x;
+
+       debug("tid %lu - %u fills, %u skips, %u waits", pthread_self(),
+                       s->fills, s->skips, s->waits);
+}
+
+ #define STATS_STRUCT(s)       struct thread_stats s
+ #define STATS_INIT(s)         { memset(&s, 0, sizeof(s)); }
+ #define STATS_FILL(s)         { s.fills++; }
+ #define STATS_SKIP(s)         { s.skips++; }
+ #define STATS_WAIT(s)         { s.waits++; }
+ #define STATS_DRAIN(s)                { s.drains++; }
+#else
+ #define STATS_STRUCT(s)
+ #define STATS_INIT(s)
+ #define STATS_FILL(s)
+ #define STATS_SKIP(s)
+ #define STATS_WAIT(s)
+ #define STATS_DRAIN(s)
+#endif
+
+/* Keystream Queue state */
+enum {
+       KQINIT,
+       KQEMPTY,
+       KQFILLING,
+       KQFULL,
+       KQDRAINING
+};
+
+/* Keystream Queue struct */
+struct kq {
+       u_char          keys[KQLEN][AES_BLOCK_SIZE];
+       u_char          ctr[AES_BLOCK_SIZE];
+       u_char          pad0[CACHELINE_LEN];
+       volatile int    qstate;
+       pthread_mutex_t lock;
+       pthread_cond_t  cond;
+       u_char          pad1[CACHELINE_LEN];
+};
+
+/* Context struct */
+struct ssh_aes_ctr_ctx
+{
+       struct kq       q[NUMKQ];
+       AES_KEY         aes_ctx;
+       STATS_STRUCT(stats);
+       u_char          aes_counter[AES_BLOCK_SIZE];
+       pthread_t       tid[CIPHER_THREADS];
+       int             state;
+       int             qidx;
+       int             ridx;
+};
+
+/* <friedl>
+ * increment counter 'ctr',
+ * the counter is of size 'len' bytes and stored in network-byte-order.
+ * (LSB at ctr[len-1], MSB at ctr[0])
+ */
+static void
+ssh_ctr_inc(u_char *ctr, u_int len)
+{
+       int i;
+
+       for (i = len - 1; i >= 0; i--)
+               if (++ctr[i])   /* continue on overflow */
+                       return;
+}
+
+/*
+ * Add num to counter 'ctr'
+ */
+static void
+ssh_ctr_add(u_char *ctr, uint32_t num, u_int len)
+{
+       int i;
+       uint16_t n;
+
+       for (n = 0, i = len - 1; i >= 0 && (num || n); i--) {
+               n = ctr[i] + (num & 0xff) + n;
+               num >>= 8;
+               ctr[i] = n & 0xff;
+               n >>= 8;
+       }
+}
+
+/*
+ * Threads may be cancelled in a pthread_cond_wait, we must free the mutex
+ */
+static void
+thread_loop_cleanup(void *x)
+{
+       pthread_mutex_unlock((pthread_mutex_t *)x);
+}
+
+/*
+ * The life of a pregen thread:
+ *    Find empty keystream queues and fill them using their counter.
+ *    When done, update counter for the next fill.
+ */
+static void *
+thread_loop(void *x)
+{
+       AES_KEY key;
+       STATS_STRUCT(stats);
+       struct ssh_aes_ctr_ctx *c = x;
+       struct kq *q;
+       int i;
+       int qidx;
+
+       /* Threads stats on cancellation */
+       STATS_INIT(stats);
+#ifdef CIPHER_THREAD_STATS
+       pthread_cleanup_push(thread_loop_stats, &stats);
+#endif
+
+       /* Thread local copy of AES key */
+       memcpy(&key, &c->aes_ctx, sizeof(key));
+
+       /*
+        * Handle the special case of startup, one thread must fill
+        * the first KQ then mark it as draining. Lock held throughout.
+        */
+       if (pthread_equal(pthread_self(), c->tid[0])) {
+               q = &c->q[0];
+               pthread_mutex_lock(&q->lock);
+               if (q->qstate == KQINIT) {
+                       for (i = 0; i < KQLEN; i++) {
+                               AES_encrypt(q->ctr, q->keys[i], &key);
+                               ssh_ctr_inc(q->ctr, AES_BLOCK_SIZE);
+                       }
+                       ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
+                       q->qstate = KQDRAINING;
+                       STATS_FILL(stats);
+                       pthread_cond_broadcast(&q->cond);
+               }
+               pthread_mutex_unlock(&q->lock);
+       }
+       else 
+               STATS_SKIP(stats);
+
+       /*
+        * Normal case is to find empty queues and fill them, skipping over
+        * queues already filled by other threads and stopping to wait for
+        * a draining queue to become empty.
+        *
+        * Multiple threads may be waiting on a draining queue and awoken
+        * when empty.  The first thread to wake will mark it as filling,
+        * others will move on to fill, skip, or wait on the next queue.
+        */
+       for (qidx = 1;; qidx = (qidx + 1) % NUMKQ) {
+               /* Check if I was cancelled, also checked in cond_wait */
+               pthread_testcancel();
+
+               /* Lock queue and block if its draining */
+               q = &c->q[qidx];
+               pthread_mutex_lock(&q->lock);
+               pthread_cleanup_push(thread_loop_cleanup, &q->lock);
+               while (q->qstate == KQDRAINING || q->qstate == KQINIT) {
+                       STATS_WAIT(stats);
+                       pthread_cond_wait(&q->cond, &q->lock);
+               }
+               pthread_cleanup_pop(0);
+
+               /* If filling or full, somebody else got it, skip */
+               if (q->qstate != KQEMPTY) {
+                       pthread_mutex_unlock(&q->lock);
+                       STATS_SKIP(stats);
+                       continue;
+               }
+
+               /*
+                * Empty, let's fill it.
+                * Queue lock is relinquished while we do this so others
+                * can see that it's being filled.
+                */
+               q->qstate = KQFILLING;
+               pthread_mutex_unlock(&q->lock);
+               for (i = 0; i < KQLEN; i++) {
+                       AES_encrypt(q->ctr, q->keys[i], &key);
+                       ssh_ctr_inc(q->ctr, AES_BLOCK_SIZE);
+               }
+
+               /* Re-lock, mark full and signal consumer */
+               pthread_mutex_lock(&q->lock);
+               ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
+               q->qstate = KQFULL;
+               STATS_FILL(stats);
+               pthread_cond_signal(&q->cond);
+               pthread_mutex_unlock(&q->lock);
+       }
+
+#ifdef CIPHER_THREAD_STATS
+       /* Stats */
+       pthread_cleanup_pop(1);
+#endif
+
+       return NULL;
+}
+
+static int
+ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
+    u_int len)
+{
+       struct ssh_aes_ctr_ctx *c;
+       struct kq *q, *oldq;
+       int ridx;
+       u_char *buf;
+
+       if (len == 0)
+               return (1);
+       if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
+               return (0);
+
+       q = &c->q[c->qidx];
+       ridx = c->ridx;
+
+       /* src already padded to block multiple */
+       while (len > 0) {
+               buf = q->keys[ridx];
+
+#ifdef CIPHER_BYTE_XOR
+               dest[0] = src[0] ^ buf[0];
+               dest[1] = src[1] ^ buf[1];
+               dest[2] = src[2] ^ buf[2];
+               dest[3] = src[3] ^ buf[3];
+               dest[4] = src[4] ^ buf[4];
+               dest[5] = src[5] ^ buf[5];
+               dest[6] = src[6] ^ buf[6];
+               dest[7] = src[7] ^ buf[7];
+               dest[8] = src[8] ^ buf[8];
+               dest[9] = src[9] ^ buf[9];
+               dest[10] = src[10] ^ buf[10];
+               dest[11] = src[11] ^ buf[11];
+               dest[12] = src[12] ^ buf[12];
+               dest[13] = src[13] ^ buf[13];
+               dest[14] = src[14] ^ buf[14];
+               dest[15] = src[15] ^ buf[15];
+#else
+               *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf;
+               *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^
+                                               *(uint64_t *)(buf + 8);
+#endif
+
+               dest += 16;
+               src += 16;
+               len -= 16;
+               ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
+
+               /* Increment read index, switch queues on rollover */
+               if ((ridx = (ridx + 1) % KQLEN) == 0) {
+                       oldq = q;
+
+                       /* Mark next queue draining, may need to wait */
+                       c->qidx = (c->qidx + 1) % NUMKQ;
+                       q = &c->q[c->qidx];
+                       pthread_mutex_lock(&q->lock);
+                       while (q->qstate != KQFULL) {
+                               STATS_WAIT(c->stats);
+                               pthread_cond_wait(&q->cond, &q->lock);
+                       }
+                       q->qstate = KQDRAINING;
+                       pthread_mutex_unlock(&q->lock);
+
+                       /* Mark consumed queue empty and signal producers */
+                       pthread_mutex_lock(&oldq->lock);
+                       oldq->qstate = KQEMPTY;
+                       STATS_DRAIN(c->stats);
+                       pthread_cond_broadcast(&oldq->cond);
+                       pthread_mutex_unlock(&oldq->lock);
+               }
+       }
+       c->ridx = ridx;
+       return (1);
+}
+
+#define HAVE_NONE       0
+#define HAVE_KEY        1
+#define HAVE_IV         2
+static int
+ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+    int enc)
+{
+       struct ssh_aes_ctr_ctx *c;
+       int i;
+
+       if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+               c = xmalloc(sizeof(*c));
+
+               c->state = HAVE_NONE;
+               for (i = 0; i < NUMKQ; i++) {
+                       pthread_mutex_init(&c->q[i].lock, NULL);
+                       pthread_cond_init(&c->q[i].cond, NULL);
+               }
+
+               STATS_INIT(c->stats);
+               
+               EVP_CIPHER_CTX_set_app_data(ctx, c);
+       }
+
+       if (c->state == (HAVE_KEY | HAVE_IV)) {
+               /* Cancel pregen threads */
+               for (i = 0; i < CIPHER_THREADS; i++)
+                       pthread_cancel(c->tid[i]);
+               for (i = 0; i < CIPHER_THREADS; i++)
+                       pthread_join(c->tid[i], NULL);
+               /* Start over getting key & iv */
+               c->state = HAVE_NONE;
+       }
+
+       if (key != NULL) {
+               AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                   &c->aes_ctx);
+               c->state |= HAVE_KEY;
+       }
+
+       if (iv != NULL) {
+               memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+               c->state |= HAVE_IV;
+       }
+
+       if (c->state == (HAVE_KEY | HAVE_IV)) {
+               /* Clear queues */
+               memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE);
+               c->q[0].qstate = KQINIT;
+               for (i = 1; i < NUMKQ; i++) {
+                       memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE);
+                       ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE);
+                       c->q[i].qstate = KQEMPTY;
+               }
+               c->qidx = 0;
+               c->ridx = 0;
+
+               /* Start threads */
+               for (i = 0; i < CIPHER_THREADS; i++) {
+                       debug("spawned a thread");
+                       pthread_create(&c->tid[i], NULL, thread_loop, c);
+               }
+               pthread_mutex_lock(&c->q[0].lock);
+               while (c->q[0].qstate != KQDRAINING)
+                       pthread_cond_wait(&c->q[0].cond, &c->q[0].lock);
+               pthread_mutex_unlock(&c->q[0].lock);
+               
+       }
+       return (1);
+}
+
+/* this function is no longer used but might prove handy in the future
+ * this comment also applies to ssh_aes_ctr_thread_reconstruction
+ */
+void
+ssh_aes_ctr_thread_destroy(EVP_CIPHER_CTX *ctx)
+{
+       struct ssh_aes_ctr_ctx *c;
+       int i;
+       c = EVP_CIPHER_CTX_get_app_data(ctx);
+       /* destroy threads */
+       for (i = 0; i < CIPHER_THREADS; i++) {
+               pthread_cancel(c->tid[i]);
+       }
+       for (i = 0; i < CIPHER_THREADS; i++) {
+               pthread_join(c->tid[i], NULL);
+       }
+}
+
+void
+ssh_aes_ctr_thread_reconstruction(EVP_CIPHER_CTX *ctx)
+{
+       struct ssh_aes_ctr_ctx *c;
+       int i;
+       c = EVP_CIPHER_CTX_get_app_data(ctx);
+       /* reconstruct threads */
+       for (i = 0; i < CIPHER_THREADS; i++) {
+               debug("spawned a thread");
+               pthread_create(&c->tid[i], NULL, thread_loop, c);
+       }
+}
+
+static int
+ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
+{
+       struct ssh_aes_ctr_ctx *c;
+       int i;
+
+       if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
+#ifdef CIPHER_THREAD_STATS
+               debug("main thread: %u drains, %u waits", c->stats.drains,
+                               c->stats.waits);
+#endif
+               /* Cancel pregen threads */
+               for (i = 0; i < CIPHER_THREADS; i++)
+                       pthread_cancel(c->tid[i]);
+               for (i = 0; i < CIPHER_THREADS; i++)
+                       pthread_join(c->tid[i], NULL);
+
+               memset(c, 0, sizeof(*c));
+               free(c);
+               EVP_CIPHER_CTX_set_app_data(ctx, NULL);
+       }
+       return (1);
+}
+
+/* <friedl> */
+const EVP_CIPHER *
+evp_aes_ctr_mt(void)
+{
+       static EVP_CIPHER aes_ctr;
+
+       memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
+       aes_ctr.nid = NID_undef;
+       aes_ctr.block_size = AES_BLOCK_SIZE;
+       aes_ctr.iv_len = AES_BLOCK_SIZE;
+       aes_ctr.key_len = 16;
+       aes_ctr.init = ssh_aes_ctr_init;
+       aes_ctr.cleanup = ssh_aes_ctr_cleanup;
+       aes_ctr.do_cipher = ssh_aes_ctr;
+#ifndef SSH_OLD_EVP
+       aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+           EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+#endif
+       return (&aes_ctr);
+}
index aeb55b4..19ff3ad 100644 (file)
@@ -57,6 +57,13 @@ extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
 #endif
 
+/* for multi-threaded aes-ctr cipher */
+extern const EVP_CIPHER *evp_aes_ctr_mt(void);
+
+/* no longer needed. replaced by evp pointer swap */
+/* extern void ssh_aes_ctr_thread_destroy(EVP_CIPHER_CTX *ctx); */
+/* extern void ssh_aes_ctr_thread_reconstruction(EVP_CIPHER_CTX *ctx); */
+
 struct sshcipher {
        char    *name;
        int     number;         /* for ssh1 only */
@@ -77,7 +84,7 @@ struct sshcipher {
 #endif
 };
 
-static const struct sshcipher ciphers[] = {
+static struct sshcipher ciphers[] = {
 #ifdef WITH_SSH1
        { "des",        SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
        { "3des",       SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
@@ -121,6 +128,29 @@ static const struct sshcipher ciphers[] = {
 
 /*--*/
 
+/* used to get the cipher name so when force rekeying to handle the 
+ * single to multithreaded ctr cipher swap we only rekey when appropriate
+*/
+char *
+cipher_return_name(const struct sshcipher *c)
+{
+        return (c->name);
+}
+
+/* in order to get around sandbox and forking issues with a threaded cipher
+ * we set the initial pre-auth aes-ctr cipher to the default OpenSSH cipher
+ * post auth we set them to the new evp as defined by cipher-ctr-mt
+*/
+
+void
+cipher_reset_multithreaded()
+{
+  (cipher_by_name("aes128-ctr"))->evptype = evp_aes_ctr_mt;
+  (cipher_by_name("aes192-ctr"))->evptype = evp_aes_ctr_mt;
+  (cipher_by_name("aes256-ctr"))->evptype = evp_aes_ctr_mt;
+}
+
+
 /* Returns a comma-separated list of supported ciphers. */
 char *
 cipher_alg_list(char sep, int auth_only)
@@ -209,10 +239,10 @@ cipher_mask_ssh1(int client)
        return mask;
 }
 
-const struct sshcipher *
+struct sshcipher *
 cipher_by_name(const char *name)
 {
-       const struct sshcipher *c;
+       struct sshcipher *c;
        for (c = ciphers; c->name != NULL; c++)
                if (strcmp(c->name, name) == 0)
                        return c;
@@ -222,7 +252,7 @@ cipher_by_name(const char *name)
 const struct sshcipher *
 cipher_by_number(int id)
 {
-       const struct sshcipher *c;
+       struct sshcipher *c;
        for (c = ciphers; c->name != NULL; c++)
                if (c->number == id)
                        return c;
@@ -245,7 +275,7 @@ ciphers_valid(const char *names)
            (p = strsep(&cp, CIPHER_SEP))) {
                c = cipher_by_name(p);
                if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
-c->number != SSH_CIPHER_NONE)) {
+                                 c->number != SSH_CIPHER_NONE)) {
                        free(cipher_list);
                        return 0;
                }
index de74c1e..b5e468a 100644 (file)
@@ -75,8 +75,11 @@ struct sshcipher_ctx {
 typedef struct sshcipher Cipher ;
 typedef struct sshcipher_ctx CipherContext ;
 
+void ssh_aes_ctr_thread_destroy(EVP_CIPHER_CTX *ctx); // defined in cipher-ctr-mt.c
+void ssh_aes_ctr_thread_reconstruction(EVP_CIPHER_CTX *ctx);
+
 u_int   cipher_mask_ssh1(int);
-const struct sshcipher *cipher_by_name(const char *);
+struct sshcipher *cipher_by_name(const char *);
 const struct sshcipher *cipher_by_number(int);
 int     cipher_number(const char *);
 char   *cipher_name(int);
@@ -98,6 +101,8 @@ u_int         cipher_seclen(const struct sshcipher *);
 u_int   cipher_authlen(const struct sshcipher *);
 u_int   cipher_ivlen(const struct sshcipher *);
 u_int   cipher_is_cbc(const struct sshcipher *);
+void    cipher_reset_multithreaded(void);
+char   *cipher_return_name(const struct sshcipher *);
 
 u_int   cipher_get_number(const struct sshcipher *);
 int     cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int);
index d465dd6..1595ba5 100644 (file)
@@ -1932,10 +1932,10 @@ client_request_agent(const char *request_type, int rchan)
            SSH_CHANNEL_OPEN, sock, sock, -1,
                    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
                    "authentication agent connection", 1);
-       else
+       else
        c = channel_new("authentication agent connection",
            SSH_CHANNEL_OPEN, sock, sock, -1,
-                   options.hpn_buffer_size, options.hpn_buffer_size, 0,
+           options.hpn_buffer_size, options.hpn_buffer_size, 0,
            "authentication agent connection", 1);
        c->force_drain = 1;
        return c;
index 7da1495..d611517 100644 (file)
@@ -467,11 +467,9 @@ kex_choose_conf(Kex *kex)
        u_int mode, ctos, need, dh_need, authlen;
        int first_kex_follows, type;
        int log_flag = 0;
-
        int auth_flag;
 
        auth_flag = packet_authentication_state();
-
        debug ("AUTH STATE IS %d", auth_flag);
 
        my   = kex_buf2prop(&kex->my, NULL);
@@ -512,7 +510,7 @@ kex_choose_conf(Kex *kex)
                choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
                debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
                if (strcmp(newkeys->enc.name, "none") == 0) {
-                               debug("Requesting NONE. Authflag is %d", auth_flag);
+                       debug("Requesting NONE. Authflag is %d", auth_flag);
                        if (auth_flag == 1) {
                                debug("None requested post authentication.");
                        } else {
index 4abf673..6b00da0 100644 (file)
@@ -148,7 +148,7 @@ struct Kex {
 int     kex_names_valid(const char *);
 char   *kex_alg_list(char);
 
-void kex_prop2buf(Buffer *, char *proposal[PROPOSAL_MAX]);
+void    kex_prop2buf(Buffer *, char *proposal[PROPOSAL_MAX]);
 
 Kex    *kex_setup(char *[PROPOSAL_MAX]);
 void    kex_finish(Kex *);
index 6c41954..06288e8 100644 (file)
@@ -50,7 +50,7 @@
 #endif
 
 #include <sys/types.h>
-#include <blf.h>
+#include "blf.h"
 
 #undef inline
 #ifdef __GNUC__
index 24e2b7e..d00377b 100644 (file)
@@ -992,7 +992,7 @@ packet_send2_wrapped(void)
                set_newkeys(MODE_OUT);
        else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side)
                packet_enable_delayed_compress();
-       return(packet_length);
+       return (len-4);
 }
 
 static int
@@ -1740,9 +1740,12 @@ packet_disconnect(const char *fmt,...)
 int
 packet_write_poll(void)
 {
-       int len = buffer_len(&active_state->output);
+
+       int len = 0;
        int cont;
 
+       len = buffer_len(&active_state->output);
+
        if (len > 0) {
                cont = 0;
                len = roaming_write(active_state->connection_out,
@@ -1958,6 +1961,7 @@ packet_send_ignore(int nbytes)
        }
 }
 
+/* this supports the forced rekeying required for the NONE cipher */
 int rekey_requested = 0;
 void
 packet_request_rekeying(void)
@@ -2047,6 +2051,18 @@ packet_get_newkeys(int mode)
        return (void *)active_state->newkeys[mode];
 }
 
+void *
+packet_get_receive_context(void)
+{
+  return (void*)&(active_state->receive_context);
+}
+
+void *
+packet_get_send_context(void)
+{
+  return (void*)&(active_state->send_context);
+}
+
 /*
  * Save the state for the real connection, and use a separate state when
  * resuming a suspended connection.
index 1bbca0c..793b886 100644 (file)
@@ -23,9 +23,7 @@
 #include <openssl/ec.h>
 #endif
 
-void
-packet_request_rekeying(void);
-
+void    packet_request_rekeying(void);
 void     packet_set_connection(int, int);
 void     packet_set_timeout(int, int);
 void     packet_set_nonblocking(void);
@@ -41,7 +39,8 @@ void     packet_set_interactive(int, int, int);
 int      packet_is_interactive(void);
 void     packet_set_server(void);
 void     packet_set_authenticated(void);
-int     packet_authentication_state(void);
+void*   packet_get_receive_context(void);
+void*   packet_get_send_context(void);
 
 void     packet_start(u_char);
 void     packet_put_char(int ch);
@@ -107,6 +106,10 @@ int         packet_inc_alive_timeouts(void);
 int     packet_set_maxsize(u_int);
 u_int   packet_get_maxsize(void);
 
+/* for forced packet rekeying post auth */
+void   packet_request_rekeying(void);
+int    packet_authentication_state(void);
+
 /* don't allow remaining bytes after the end of the message */
 #define packet_check_eom() \
 do { \
index b47499f..9c24952 100644 (file)
@@ -888,25 +888,6 @@ parse_time:
                intptr = &options->check_host_ip;
                goto parse_flag;
 
-       case oNoneEnabled:
-               intptr = &options->none_enabled;
-               goto parse_flag;
-
-       /* we check to see if the command comes from the */
-       /* command line or not. If it does then enable it */
-       /* otherwise fail. NONE should never be a default configuration */
-       case oNoneSwitch:
-               if(strcmp(filename,"command-line")==0)
-               {
-                   intptr = &options->none_switch;
-                   goto parse_flag;
-               } else {
-                   error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
-                   error("Continuing...");
-                   debug("NoneSwitch directive found in %.200s.", filename);
-                   return 0;
-               }
-
        case oHPNDisabled:
                intptr = &options->hpn_disabled;
                goto parse_flag;
@@ -919,6 +900,24 @@ parse_time:
                intptr = &options->tcp_rcv_buf_poll;
                goto parse_flag;
 
+       case oNoneEnabled:
+               intptr = &options->none_enabled;
+               goto parse_flag;
+
+       /* we check to see if the command comes from the */
+       /* command line or not. If it does then enable it */
+       /* otherwise fail. NONE should never be a default configuration */
+       case oNoneSwitch:
+               if(strcmp(filename,"command-line") == 0) {
+                       intptr = &options->none_switch;
+                       goto parse_flag;
+               } else {
+                       error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
+                       error("Continuing...");
+                       debug("NoneSwitch directive found in %.200s.", filename);
+                       return 0;
+               }
+
        case oVerifyHostKeyDNS:
                intptr = &options->verify_host_key_dns;
                multistate_ptr = multistate_yesnoask;
@@ -1293,11 +1292,20 @@ parse_int:
                goto parse_int;
 
        case oVersionAddendum:
-               ssh_version_set_addendum(strtok(s, "\n"));
-               do {
-                       arg = strdelim(&s);
-               } while (arg != NULL && *arg != '\0');
-               break;
+               if (s == NULL)
+                       fatal("%.200s line %d: Missing argument.", filename,
+                           linenum);
+               len = strspn(s, WHITESPACE);
+               if (*activep && options->version_addendum == NULL) {
+                       if (strcasecmp(s + len, "none") == 0)
+                               options->version_addendum = xstrdup("");
+                       else if (strchr(s + len, '\r') != NULL)
+                               fatal("%.200s line %d: Invalid argument",
+                                   filename, linenum);
+                       else
+                               options->version_addendum = xstrdup(s + len);
+               }
+               return 0;
 
        case oSendEnv:
                while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
@@ -1655,6 +1663,7 @@ initialize_options(Options * options)
        options->ip_qos_interactive = -1;
        options->ip_qos_bulk = -1;
        options->request_tty = -1;
+       options->version_addendum = NULL;
        options->none_switch = -1;
        options->none_enabled = -1;
        options->hpn_disabled = -1;
@@ -1811,21 +1820,26 @@ fill_default_options(Options * options)
                options->server_alive_interval = 0;
        if (options->server_alive_count_max == -1)
                options->server_alive_count_max = 3;
+       if (options->version_addendum == NULL)
+               options->version_addendum = xstrdup(SSH_VERSION_DRAGONFLY);
        if (options->none_switch == -1)
                options->none_switch = 0;
+       if (options->none_enabled == -1)
+               options->none_enabled = 0;
        if (options->hpn_disabled == -1)
                options->hpn_disabled = 0;
        if (options->hpn_buffer_size > -1)
        {
          /* if a user tries to set the size to 0 set it to 1KB */
                if (options->hpn_buffer_size == 0)
-               options->hpn_buffer_size = 1024;
+               options->hpn_buffer_size = 1;
                /*limit the buffer to 64MB*/
-               if (options->hpn_buffer_size > 65536)
+               if (options->hpn_buffer_size > 64*1024)
                {
-                       options->hpn_buffer_size = 65536*1024;
+                       options->hpn_buffer_size = 64*1024*1024;
                        debug("User requested buffer larger than 64MB. Request reverted to 64MB");
                }
+               else options->hpn_buffer_size *= 1024;
                debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
        }
        if (options->tcp_rcv_buf == 0)
index 83352e8..dfc01fd 100644 (file)
@@ -61,6 +61,7 @@ typedef struct {
        int     tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */
        int     hpn_disabled;    /* Switch to disable HPN buffer management */
        int     hpn_buffer_size; /* User definable size for HPN buffer window */
+       char    *version_addendum;      /* Appended to SSH banner */
        int     ip_qos_interactive;     /* IP ToS/DSCP/class for interactive */
        int     ip_qos_bulk;            /* IP ToS/DSCP/class for bulk traffic */
        LogLevel log_level;     /* Level for logging. */
index 899bbc0..1f6abb6 100644 (file)
@@ -54,6 +54,7 @@
 #include "packet.h"
 #include "hostfile.h"
 #include "auth.h"
+#include "version.h"
 
 static void add_listen_addr(ServerOptions *, char *, int);
 static void add_one_listen_addr(ServerOptions *, char *, int);
@@ -314,12 +315,9 @@ fill_default_server_options(ServerOptions *options)
        }
        if (options->permit_tun == -1)
                options->permit_tun = SSH_TUNMODE_NO;
-       if (options->ip_qos_interactive == -1)
-               options->ip_qos_interactive = IPTOS_LOWDELAY;
-       if (options->ip_qos_bulk == -1)
-               options->ip_qos_bulk = IPTOS_THROUGHPUT;
-
-       if (options->hpn_disabled == -1)
+       if (options->none_enabled == -1) 
+               options->none_enabled = 0;
+       if (options->hpn_disabled == -1) 
                options->hpn_disabled = 0;
 
        if (options->hpn_buffer_size == -1) {
@@ -332,13 +330,13 @@ fill_default_server_options(ServerOptions *options)
                        /*create a socket but don't connect it */
                        /* we use that the get the rcv socket size */
                        sock = socket(AF_INET, SOCK_STREAM, 0);
-                       getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+                       getsockopt(sock, SOL_SOCKET, SO_RCVBUF, 
                                   &socksize, &socksizelen);
                        close(sock);
                        options->hpn_buffer_size = socksize;
                        debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
-
-               }
+                       
+               } 
        } else {
                /* we have to do this incase the user sets both values in a contradictory */
                /* manner. hpn_disabled overrrides hpn_buffer_size*/
@@ -355,8 +353,12 @@ fill_default_server_options(ServerOptions *options)
                        options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
        }
 
+       if (options->ip_qos_interactive == -1)
+               options->ip_qos_interactive = IPTOS_LOWDELAY;
+       if (options->ip_qos_bulk == -1)
+               options->ip_qos_bulk = IPTOS_THROUGHPUT;
        if (options->version_addendum == NULL)
-               options->version_addendum = xstrdup("");
+               options->version_addendum = xstrdup(SSH_VERSION_DRAGONFLY);
        if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
                options->fwd_opts.streamlocal_bind_mask = 0177;
        if (options->fwd_opts.streamlocal_bind_unlink == -1)
@@ -534,10 +536,10 @@ static struct {
        { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
        { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
        { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
-       { "noneenabled", sNoneEnabled },
-       { "hpndisabled", sHPNDisabled },
-       { "hpnbuffersize", sHPNBufferSize },
-       { "tcprcvbufpoll", sTcpRcvBufPoll },
+       { "noneenabled", sNoneEnabled, SSHCFG_ALL },
+       { "hpndisabled", sHPNDisabled, SSHCFG_ALL },
+       { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
+       { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
        { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
        { "ipqos", sIPQoS, SSHCFG_ALL },
        { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
index 725263b..af9456d 100644 (file)
@@ -840,8 +840,8 @@ void
 server_loop2(Authctxt *authctxt)
 {
        fd_set *readset = NULL, *writeset = NULL;
-       int rekeying = 0, max_fd;
        double start_time, total_time;
+       int rekeying = 0, max_fd;
        u_int nalloc = 0;
        u_int64_t rekey_timeout_ms = 0;
 
index 3e1f219..b6a0cb1 100644 (file)
@@ -636,14 +636,22 @@ main(int ac, char **av)
                        }
                        break;
                case 'V':
-                       fprintf(stderr, "%s, %s\n",
-                           SSH_RELEASE,
+                       if (options.version_addendum &&
+                           *options.version_addendum != '\0')
+                               fprintf(stderr, "%s%s %s, %s\n", SSH_RELEASE,
+                                   options.hpn_disabled ? "" : SSH_VERSION_HPN,
+                                   options.version_addendum,
+                                   SSLeay_version(SSLEAY_VERSION));
+                       else
+                               fprintf(stderr, "%s%s, %s\n",
+                                   SSH_RELEASE,
+                                   options.hpn_disabled ? "" : SSH_VERSION_HPN,
 #ifdef WITH_OPENSSL
-                           SSLeay_version(SSLEAY_VERSION)
+                                   SSLeay_version(SSLEAY_VERSION)
 #else
-                           "without OpenSSL"
+                                   "without OpenSSL"
 #endif
-                       );
+                               );
                        if (opt == 'V')
                                exit(0);
                        break;
@@ -1293,6 +1301,8 @@ control_persist_detach(void)
        setproctitle("%s [mux]", options.control_path);
 }
 
+extern const EVP_CIPHER *evp_aes_ctr_mt(void);
+
 /* Do fork() after authentication. Used by "ssh -f" */
 static void
 fork_postauth(void)
@@ -1766,7 +1776,6 @@ ssh_session2_open(void)
                                debug ("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size);
                        }
                }
-
        }
 
        debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
@@ -1785,9 +1794,10 @@ ssh_session2_open(void)
            "session", SSH_CHANNEL_OPENING, in, out, err,
            window, packetmax, CHAN_EXTENDED_WRITE,
            "client-session", /*nonblock*/0);
+
        if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) {
                c->dynamic_window = 1;
-               debug ("Enabled Dynamic Window Scaling\n");
+               debug ("Enabled Dynamic Window Scaling");
        }
        debug3("ssh_session2_open: channel_new: %d", c->self);
 
index 575ed76..5abfa5a 100644 (file)
  *
  * $FreeBSD: src/crypto/openssh/ssh_namespace.h,v 1.4 2008/08/01 02:48:36 des Exp $
  */
-
-#define a2port                                 ssh_a2port
-#define a2tun                                  ssh_a2tun
-#define acss                                   ssh_acss
-#define acss_setkey                            ssh_acss_setkey
-#define acss_setsubkey                         ssh_acss_setsubkey
-#define add_host_to_hostfile                   ssh_add_host_to_hostfile
-#define addargs                                        ssh_addargs
-#define addr_match_cidr_list                   ssh_addr_match_cidr_list
-#define addr_match_list                                ssh_addr_match_list
-#define ask_permission                         ssh_ask_permission
-#define atomicio                               ssh_atomicio
-#define atomicio6                              ssh_atomicio6
-#define atomiciov                              ssh_atomiciov
-#define atomiciov6                             ssh_atomiciov6
-#define auth_request_forwarding                        ssh_auth_request_forwarding
-#define bandwidth_limit                                ssh_bandwidth_limit
-#define bandwidth_limit_init                   ssh_bandwidth_limit_init
-#define blacklist_filename                     ssh_blacklist_filename
-#define blacklisted_key                                ssh_blacklisted_key
-#define bn_rand_range_gt_one                   ssh_bn_rand_range_gt_one
-#define buffer_append                          ssh_buffer_append
-#define buffer_append_space                    ssh_buffer_append_space
-#define buffer_check_alloc                     ssh_buffer_check_alloc
-#define buffer_clear                           ssh_buffer_clear
-#define buffer_compress                                ssh_buffer_compress
-#define buffer_compress_init_recv              ssh_buffer_compress_init_recv
-#define buffer_compress_init_send              ssh_buffer_compress_init_send
-#define buffer_compress_uninit                 ssh_buffer_compress_uninit
-#define buffer_consume                         ssh_buffer_consume
-#define buffer_consume_end                     ssh_buffer_consume_end
-#define buffer_consume_end_ret                 ssh_buffer_consume_end_ret
-#define buffer_consume_ret                     ssh_buffer_consume_ret
-#define buffer_dump                            ssh_buffer_dump
-#define buffer_free                            ssh_buffer_free
-#define buffer_get                             ssh_buffer_get
-#define buffer_get_bignum                      ssh_buffer_get_bignum
-#define buffer_get_bignum2                     ssh_buffer_get_bignum2
-#define buffer_get_bignum2_ret                 ssh_buffer_get_bignum2_ret
-#define buffer_get_bignum_ret                  ssh_buffer_get_bignum_ret
-#define buffer_get_char                                ssh_buffer_get_char
-#define buffer_get_char_ret                    ssh_buffer_get_char_ret
-#define buffer_get_cstring                     ssh_buffer_get_cstring
-#define buffer_get_cstring_ret                 ssh_buffer_get_cstring_ret
-#define buffer_get_ecpoint                     ssh_buffer_get_ecpoint
-#define buffer_get_ecpoint_ret                 ssh_buffer_get_ecpoint_ret
-#define buffer_get_int                         ssh_buffer_get_int
-#define buffer_get_int64                       ssh_buffer_get_int64
-#define buffer_get_int64_ret                   ssh_buffer_get_int64_ret
-#define buffer_get_int_ret                     ssh_buffer_get_int_ret
-#define buffer_get_ret                         ssh_buffer_get_ret
-#define buffer_get_short                       ssh_buffer_get_short
-#define buffer_get_short_ret                   ssh_buffer_get_short_ret
-#define buffer_get_string                      ssh_buffer_get_string
-#define buffer_get_string_ptr                  ssh_buffer_get_string_ptr
-#define buffer_get_string_ptr_ret              ssh_buffer_get_string_ptr_ret
-#define buffer_get_string_ret                  ssh_buffer_get_string_ret
-#define buffer_init                            ssh_buffer_init
-#define buffer_len                             ssh_buffer_len
-#define buffer_ptr                             ssh_buffer_ptr
-#define buffer_put_bignum                      ssh_buffer_put_bignum
-#define buffer_put_bignum2                     ssh_buffer_put_bignum2
-#define buffer_put_bignum2_ret                 ssh_buffer_put_bignum2_ret
-#define buffer_put_bignum_ret                  ssh_buffer_put_bignum_ret
-#define buffer_put_char                                ssh_buffer_put_char
-#define buffer_put_cstring                     ssh_buffer_put_cstring
-#define buffer_put_ecpoint                     ssh_buffer_put_ecpoint
-#define buffer_put_ecpoint_ret                 ssh_buffer_put_ecpoint_ret
-#define buffer_put_int                         ssh_buffer_put_int
-#define buffer_put_int64                       ssh_buffer_put_int64
-#define buffer_put_short                       ssh_buffer_put_short
-#define buffer_put_string                      ssh_buffer_put_string
-#define buffer_uncompress                      ssh_buffer_uncompress
-#define chan_ibuf_empty                                ssh_chan_ibuf_empty
-#define chan_is_dead                           ssh_chan_is_dead
-#define chan_mark_dead                         ssh_chan_mark_dead
-#define chan_obuf_empty                                ssh_chan_obuf_empty
-#define chan_rcvd_eow                          ssh_chan_rcvd_eow
-#define chan_rcvd_ieof                         ssh_chan_rcvd_ieof
-#define chan_rcvd_oclose                       ssh_chan_rcvd_oclose
-#define chan_read_failed                       ssh_chan_read_failed
-#define chan_write_failed                      ssh_chan_write_failed
-#define channel_add_adm_permitted_opens                ssh_channel_add_adm_permitted_opens
-#define channel_add_permitted_opens            ssh_channel_add_permitted_opens
-#define channel_after_select                   ssh_channel_after_select
-#define channel_by_id                          ssh_channel_by_id
-#define channel_cancel_cleanup                 ssh_channel_cancel_cleanup
-#define channel_cancel_lport_listener          ssh_channel_cancel_lport_listener
-#define channel_cancel_rport_listener          ssh_channel_cancel_rport_listener
-#define channel_clear_adm_permitted_opens      ssh_channel_clear_adm_permitted_opens
-#define channel_clear_permitted_opens          ssh_channel_clear_permitted_opens
-#define channel_close_all                      ssh_channel_close_all
-#define channel_close_fd                       ssh_channel_close_fd
-#define channel_connect_by_listen_address      ssh_channel_connect_by_listen_address
-#define channel_connect_stdio_fwd              ssh_channel_connect_stdio_fwd
-#define channel_connect_to                     ssh_channel_connect_to
-#define channel_disable_adm_local_opens                ssh_channel_disable_adm_local_opens
-#define channel_find_open                      ssh_channel_find_open
-#define channel_free                           ssh_channel_free
-#define channel_free_all                       ssh_channel_free_all
-#define channel_input_close                    ssh_channel_input_close
-#define channel_input_close_confirmation       ssh_channel_input_close_confirmation
-#define channel_input_data                     ssh_channel_input_data
-#define channel_input_extended_data            ssh_channel_input_extended_data
-#define channel_input_ieof                     ssh_channel_input_ieof
-#define channel_input_oclose                   ssh_channel_input_oclose
-#define channel_input_open_confirmation                ssh_channel_input_open_confirmation
-#define channel_input_open_failure             ssh_channel_input_open_failure
-#define channel_input_port_forward_request     ssh_channel_input_port_forward_request
-#define channel_input_port_open                        ssh_channel_input_port_open
-#define channel_input_status_confirm           ssh_channel_input_status_confirm
-#define channel_input_window_adjust            ssh_channel_input_window_adjust
-#define channel_lookup                         ssh_channel_lookup
-#define channel_new                            ssh_channel_new
-#define channel_not_very_much_buffered_data    ssh_channel_not_very_much_buffered_data
-#define channel_open_message                   ssh_channel_open_message
-#define channel_output_poll                    ssh_channel_output_poll
-#define channel_permit_all_opens               ssh_channel_permit_all_opens
-#define channel_post                           ssh_channel_post
-#define channel_pre                            ssh_channel_pre
-#define channel_prepare_select                 ssh_channel_prepare_select
-#define channel_print_adm_permitted_opens      ssh_channel_print_adm_permitted_opens
-#define channel_register_cleanup               ssh_channel_register_cleanup
-#define channel_register_confirm               ssh_channel_register_confirm
-#define channel_register_filter                        ssh_channel_register_filter
-#define channel_register_open_confirm          ssh_channel_register_open_confirm
-#define channel_register_status_confirm                ssh_channel_register_status_confirm
-#define channel_request_remote_forwarding      ssh_channel_request_remote_forwarding
-#define channel_request_rforward_cancel                ssh_channel_request_rforward_cancel
-#define channel_request_start                  ssh_channel_request_start
-#define channel_send_open                      ssh_channel_send_open
-#define channel_send_window_changes            ssh_channel_send_window_changes
-#define channel_set_af                         ssh_channel_set_af
-#define channel_set_fds                                ssh_channel_set_fds
-#define channel_set_hpn                                ssh_channel_set_hpn
-#define channel_setup_local_fwd_listener       ssh_channel_setup_local_fwd_listener
-#define channel_setup_remote_fwd_listener      ssh_channel_setup_remote_fwd_listener
-#define channel_still_open                     ssh_channel_still_open
-#define channel_stop_listening                 ssh_channel_stop_listening
-#define channel_tcpwinsz                       ssh_channel_tcpwinsz
-#define channel_update_permitted_opens         ssh_channel_update_permitted_opens
-#define check_host_in_hostfile                 ssh_check_host_in_hostfile
-#define check_key_in_hostkeys                  ssh_check_key_in_hostkeys
-#define choose_dh                              ssh_choose_dh
-#define chop                                   ssh_chop
-#define cipher_blocksize                       ssh_cipher_blocksize
-#define cipher_by_name                         ssh_cipher_by_name
-#define cipher_by_number                       ssh_cipher_by_number
-#define cipher_cleanup                         ssh_cipher_cleanup
-#define cipher_crypt                           ssh_cipher_crypt
-#define cipher_get_keycontext                  ssh_cipher_get_keycontext
-#define cipher_get_keyiv                       ssh_cipher_get_keyiv
-#define cipher_get_keyiv_len                   ssh_cipher_get_keyiv_len
-#define cipher_get_number                      ssh_cipher_get_number
-#define cipher_init                            ssh_cipher_init
-#define cipher_is_cbc                          ssh_cipher_is_cbc
-#define cipher_keylen                          ssh_cipher_keylen
-#define cipher_mask_ssh1                       ssh_cipher_mask_ssh1
-#define cipher_name                            ssh_cipher_name
-#define cipher_number                          ssh_cipher_number
-#define cipher_set_key_string                  ssh_cipher_set_key_string
-#define cipher_set_keycontext                  ssh_cipher_set_keycontext
-#define cipher_set_keyiv                       ssh_cipher_set_keyiv
-#define ciphers                                        ssh_ciphers
-#define ciphers_valid                          ssh_ciphers_valid
-#define cleanhostname                          ssh_cleanhostname
-#define cleanup_exit                           ssh_cleanup_exit
-#define clear_cached_addr                      ssh_clear_cached_addr
-#define colon                                  ssh_colon
-#define compat13                               ssh_compat13
-#define compat20                               ssh_compat20
-#define compat_cipher_proposal                 ssh_compat_cipher_proposal
-#define compat_datafellows                     ssh_compat_datafellows
-#define convtime                               ssh_convtime
-#define current_keys                           ssh_current_keys
-#define datafellows                            ssh_datafellows
-#define debug                                  ssh_debug
-#define debug                                  ssh_debug
-#define debug2                                 ssh_debug2
-#define debug2                                 ssh_debug2
-#define debug3                                 ssh_debug3
-#define debug3                                 ssh_debug3
-#define debug3_bn                              ssh_debug3_bn
-#define debug3_buf                             ssh_debug3_buf
-#define decode_reply                           ssh_decode_reply
-#define deny_input_open                                ssh_deny_input_open
-#define derive_ssh1_session_id                 ssh_derive_ssh1_session_id
-#define detect_attack                          ssh_detect_attack
-#define dh_estimate                            ssh_dh_estimate
-#define dh_gen_key                             ssh_dh_gen_key
-#define dh_new_group                           ssh_dh_new_group
-#define dh_new_group1                          ssh_dh_new_group1
-#define dh_new_group14                         ssh_dh_new_group14
-#define dh_new_group_asc                       ssh_dh_new_group_asc
-#define dh_pub_is_valid                                ssh_dh_pub_is_valid
-#define dispatch                               ssh_dispatch
-#define dispatch_init                          ssh_dispatch_init
-#define dispatch_protocol_error                        ssh_dispatch_protocol_error
-#define dispatch_protocol_ignore               ssh_dispatch_protocol_ignore
-#define dispatch_range                         ssh_dispatch_range
-#define dispatch_run                           ssh_dispatch_run
-#define dispatch_set                           ssh_dispatch_set
-#define do_log                                 ssh_do_log
-#define do_log2                                        ssh_do_log2
-#define dump_base64                            ssh_dump_base64
-#define enable_compat13                                ssh_enable_compat13
-#define enable_compat20                                ssh_enable_compat20
-#define error                                  ssh_error
-#define error                                  ssh_error
-#define evp_acss                               ssh_evp_acss
-#define evp_aes_128_ctr                                ssh_evp_aes_128_ctr
-#define evp_rijndael                           ssh_evp_rijndael
-#define evp_ssh1_3des                          ssh_evp_ssh1_3des
-#define evp_ssh1_bf                            ssh_evp_ssh1_bf
-#define export_dns_rr                          ssh_export_dns_rr
-#define fatal                                  ssh_fatal
-#define fatal                                  ssh_fatal
-#define fmt_scaled                             ssh_fmt_scaled
-#define free_hostkeys                          ssh_free_hostkeys
-#define freeargs                               ssh_freeargs
-#define freerrset                              ssh_freerrset
-#define gen_candidates                         ssh_gen_candidates
-#define get_canonical_hostname                 ssh_get_canonical_hostname
-#define get_local_ipaddr                       ssh_get_local_ipaddr
-#define get_local_name                         ssh_get_local_name
-#define get_local_port                         ssh_get_local_port
-#define get_peer_ipaddr                                ssh_get_peer_ipaddr
-#define get_peer_port                          ssh_get_peer_port
-#define get_remote_ipaddr                      ssh_get_remote_ipaddr
-#define get_remote_name_or_ip                  ssh_get_remote_name_or_ip
-#define get_remote_port                                ssh_get_remote_port
-#define get_sock_port                          ssh_get_sock_port
-#define get_u16                                        ssh_get_u16
-#define get_u32                                        ssh_get_u32
-#define get_u64                                        ssh_get_u64
-#define getrrsetbyname                         ssh_getrrsetbyname
-#define glob                                   ssh_glob
-#define globfree                               ssh_globfree
-#define hash_buffer                            ssh_hash_buffer
-#define host_hash                              ssh_host_hash
-#define hostfile_read_key                      ssh_hostfile_read_key
-#define hpdelim                                        ssh_hpdelim
-#define incoming_stream                                ssh_incoming_stream
-#define init_hostkeys                          ssh_init_hostkeys
-#define init_rng                               ssh_init_rng
-#define iptos2str                              ssh_iptos2str
-#define ipv64_normalise_mapped                 ssh_ipv64_normalise_mapped
-#define key_curve_name_to_nid                  ssh_key_curve_name_to_nid
-#define key_curve_nid_to_bits                  ssh_key_curve_nid_to_bits
-#define key_curve_nid_to_name                  ssh_key_curve_nid_to_name
-#define kex_derive_keys                                ssh_kex_derive_keys
-#define kex_dh_hash                            ssh_kex_dh_hash
-#define key_ec_nid_to_evpmd                    ssh_key_ec_nid_to_evpmd
-#define key_ec_validate_private                        ssh_key_ec_validate_private
-#define key_ec_validate_public                 ssh_key_ec_validate_public
-#define kex_ecdh_hash                          ssh_kex_ecdh_hash
-#define kex_ecdh_name_to_evpmd                 ssh_kex_ecdh_name_to_evpmd
-#define kex_ecdh_name_to_nid                   ssh_kex_ecdh_name_to_nid
-#define key_ecdsa_bits_to_nid                  ssh_key_ecdsa_bits_to_nid
-#define key_ecdsa_key_to_nid                   ssh_key_ecdsa_key_to_nid
-#define key_ecdsa_nid_from_name                        ssh_key_ecdsa_nid_from_name
-#define kex_finish                             ssh_kex_finish
-#define kex_get_newkeys                                ssh_kex_get_newkeys
-#define kex_input_kexinit                      ssh_kex_input_kexinit
-#define kex_names_valid                                ssh_kex_names_valid
-#define packet_get_cstring                     ssh_packet_get_cstring
-#define packet_get_ecpoint                     ssh_packet_get_ecpoint
-#define packet_put_ecpoint                     ssh_packet_put_ecpoint
-#define kex_prop2buf                           ssh_kex_prop2buf
-#define kex_send_kexinit                       ssh_kex_send_kexinit
-#define kex_setup                              ssh_kex_setup
-#define key_ssh_name_plain                     ssh_key_ssh_name_plain
-#define kexdh_client                           ssh_kexdh_client
-#define kexecdh_client                         ssh_kexecdh_client
-#define kexgex_client                          ssh_kexgex_client
-#define kexgex_hash                            ssh_kexgex_hash
-#define key_add_private                                ssh_key_add_private
-#define key_cert_check_authority               ssh_key_cert_check_authority
-#define key_cert_copy                          ssh_key_cert_copy
-#define key_cert_is_legacy                     ssh_key_cert_is_legacy
-#define key_cert_type                          ssh_key_cert_type
-#define key_certify                            ssh_key_certify
-#define key_demote                             ssh_key_demote
-#define key_drop_cert                          ssh_key_drop_cert
-#define key_equal                              ssh_key_equal
-#define key_equal_public                       ssh_key_equal_public
-#define key_fingerprint                                ssh_key_fingerprint
-#define key_fingerprint_raw                    ssh_key_fingerprint_raw
-#define key_free                               ssh_key_free
-#define key_from_blob                          ssh_key_from_blob
-#define key_from_private                       ssh_key_from_private
-#define key_generate                           ssh_key_generate
-#define key_in_file                            ssh_key_in_file
-#define key_is_cert                            ssh_key_is_cert
-#define key_load_cert                          ssh_key_load_cert
-#define key_load_file                          ssh_key_load_file
-#define key_load_private                       ssh_key_load_private
-#define key_load_private_cert                  ssh_key_load_private_cert
-#define key_load_private_pem                   ssh_key_load_private_pem
-#define key_load_private_type                  ssh_key_load_private_type
-#define key_load_public                                ssh_key_load_public
-#define key_load_public_type                   ssh_key_load_public_type
-#define key_names_valid2                       ssh_key_names_valid2
-#define key_new                                        ssh_key_new
-#define key_new_private                                ssh_key_new_private
-#define key_parse_private                      ssh_key_parse_private
-#define key_perm_ok                            ssh_key_perm_ok
-#define key_read                               ssh_key_read
-#define key_save_private                       ssh_key_save_private
-#define key_sign                               ssh_key_sign
-#define key_size                               ssh_key_size
-#define key_ssh_name                           ssh_key_ssh_name
-#define key_to_blob                            ssh_key_to_blob
-#define key_to_certified                       ssh_key_to_certified
-#define key_type                               ssh_key_type
-#define key_type_from_name                     ssh_key_type_from_name
-#define key_type_plain                         ssh_key_type_plain
-#define key_verify                             ssh_key_verify
-#define key_write                              ssh_key_write
-#define load_hostkeys                          ssh_load_hostkeys
-#define log_facility_name                      ssh_log_facility_name
-#define log_facility_number                    ssh_log_facility_number
-#define log_init                               ssh_log_init
-#define log_level_name                         ssh_log_level_name
-#define log_level_number                       ssh_log_level_number
-#define logit                                  ssh_logit
-#define logit                                  ssh_logit
-#define lookup_key_in_hostfile_by_type         ssh_lookup_key_in_hostfile_by_type
-#define lookup_key_in_hostkeys_by_type         ssh_lookup_key_in_hostkeys_by_type
-#define mac_clear                              ssh_mac_clear
-#define mac_compute                            ssh_mac_compute
-#define mac_init                               ssh_mac_init
-#define mac_setup                              ssh_mac_setup
-#define mac_valid                              ssh_mac_valid
-#define macs                                   ssh_macs
-#define match_host_and_ip                      ssh_match_host_and_ip
-#define match_hostname                         ssh_match_hostname
-#define match_list                             ssh_match_list
-#define match_pattern                          ssh_match_pattern
-#define match_pattern_list                     ssh_match_pattern_list
-#define match_user                             ssh_match_user
-#define mktemp_proto                           ssh_mktemp_proto
-#define mm_receive_fd                          ssh_mm_receive_fd
-#define mm_send_fd                             ssh_mm_send_fd
-#define modp_group_free                                ssh_modp_group_free
-#define modp_group_from_g_and_safe_p           ssh_modp_group_from_g_and_safe_p
-#define ms_subtract_diff                       ssh_ms_subtract_diff
-#define ms_to_timeval                          ssh_ms_to_timeval
-#define mysignal                               ssh_mysignal
-#define outgoing_stream                                ssh_outgoing_stream
-#define packet_add_padding                     ssh_packet_add_padding
-#define packet_authentication_state            ssh_packet_authentication_state
-#define packet_backup_state                    ssh_packet_backup_state
-#define packet_close                           ssh_packet_close
-#define packet_connection_is_ipv4              ssh_packet_connection_is_ipv4
-#define packet_connection_is_on_socket         ssh_packet_connection_is_on_socket
-#define packet_disconnect                      ssh_packet_disconnect
-#define packet_get_bignum                      ssh_packet_get_bignum
-#define packet_get_bignum2                     ssh_packet_get_bignum2
-#define packet_get_char                                ssh_packet_get_char
-#define packet_get_connection_in               ssh_packet_get_connection_in
-#define packet_get_connection_out              ssh_packet_get_connection_out
-#define packet_get_encryption_key              ssh_packet_get_encryption_key
-#define packet_get_input                       ssh_packet_get_input
-#define packet_get_int                         ssh_packet_get_int
-#define packet_get_int64                       ssh_packet_get_int64
-#define packet_get_keycontext                  ssh_packet_get_keycontext
-#define packet_get_keyiv                       ssh_packet_get_keyiv
-#define packet_get_keyiv_len                   ssh_packet_get_keyiv_len
-#define packet_get_maxsize                     ssh_packet_get_maxsize
-#define packet_get_newkeys                     ssh_packet_get_newkeys
-#define packet_get_output                      ssh_packet_get_output
-#define packet_get_protocol_flags              ssh_packet_get_protocol_flags
-#define packet_get_raw                         ssh_packet_get_raw
-#define packet_get_ssh1_cipher                 ssh_packet_get_ssh1_cipher
-#define packet_get_state                       ssh_packet_get_state
-#define packet_get_string                      ssh_packet_get_string
-#define packet_get_string_ptr                  ssh_packet_get_string_ptr
-#define packet_have_data_to_write              ssh_packet_have_data_to_write
-#define packet_inc_alive_timeouts              ssh_packet_inc_alive_timeouts
-#define packet_is_interactive                  ssh_packet_is_interactive
-#define packet_need_rekeying                   ssh_packet_need_rekeying
-#define packet_not_very_much_data_to_write     ssh_packet_not_very_much_data_to_write
-#define packet_process_incoming                        ssh_packet_process_incoming
-#define packet_put_bignum                      ssh_packet_put_bignum
-#define packet_put_bignum2                     ssh_packet_put_bignum2
-#define packet_put_char                                ssh_packet_put_char
-#define packet_put_cstring                     ssh_packet_put_cstring
-#define packet_put_int                         ssh_packet_put_int
-#define packet_put_int64                       ssh_packet_put_int64
-#define packet_put_raw                         ssh_packet_put_raw
-#define packet_put_string                      ssh_packet_put_string
-#define packet_read                            ssh_packet_read
-#define packet_read_expect                     ssh_packet_read_expect
-#define packet_read_poll                       ssh_packet_read_poll
-#define packet_read_poll_seqnr                 ssh_packet_read_poll_seqnr
-#define packet_read_seqnr                      ssh_packet_read_seqnr
-#define packet_remaining                       ssh_packet_remaining
-#define packet_request_rekeying                        ssh_packet_request_rekeying
-#define packet_restore_state                   ssh_packet_restore_state
-#define packet_send                            ssh_packet_send
-#define packet_send_debug                      ssh_packet_send_debug
-#define packet_send_ignore                     ssh_packet_send_ignore
-#define packet_set_alive_timeouts              ssh_packet_set_alive_timeouts
-#define packet_set_authenticated               ssh_packet_set_authenticated
-#define packet_set_connection                  ssh_packet_set_connection
-#define packet_set_encryption_key              ssh_packet_set_encryption_key
-#define packet_set_interactive                 ssh_packet_set_interactive
-#define packet_set_iv                          ssh_packet_set_iv
-#define packet_set_keycontext                  ssh_packet_set_keycontext
-#define packet_set_maxsize                     ssh_packet_set_maxsize
-#define packet_set_nonblocking                 ssh_packet_set_nonblocking
-#define packet_set_protocol_flags              ssh_packet_set_protocol_flags
-#define packet_set_rekey_limit                 ssh_packet_set_rekey_limit
-#define packet_set_server                      ssh_packet_set_server
-#define packet_set_state                       ssh_packet_set_state
-#define packet_set_timeout                     ssh_packet_set_timeout
-#define packet_start                           ssh_packet_start
-#define packet_start_compression               ssh_packet_start_compression
-#define packet_write_poll                      ssh_packet_write_poll
-#define packet_write_wait                      ssh_packet_write_wait
-#define parse_ipqos                            ssh_parse_ipqos
-#define percent_expand                         ssh_percent_expand
-#define permanently_drop_suid                  ssh_permanently_drop_suid
-#define permanently_set_uid                    ssh_permanently_set_uid
-#define permitopen_port                                ssh_permitopen_port
-#define pkcs11_add_provider                    ssh_pkcs11_add_provider
-#define pkcs11_del_provider                    ssh_pkcs11_del_provider
-#define pkcs11_init                            ssh_pkcs11_init
-#define pkcs11_interactive                     ssh_pkcs11_interactive
-#define pkcs11_providers                       ssh_pkcs11_providers
-#define pkcs11_terminate                       ssh_pkcs11_terminate
-#define prime_test                             ssh_prime_test
-#define proto_spec                             ssh_proto_spec
-#define put_host_port                          ssh_put_host_port
-#define put_u16                                        ssh_put_u16
-#define put_u32                                        ssh_put_u32
-#define put_u64                                        ssh_put_u64
-#define pwcopy                                 ssh_pwcopy
-#define read_keyfile_line                      ssh_read_keyfile_line
-#define read_passphrase                                ssh_read_passphrase
-#define refresh_progress_meter                 ssh_refresh_progress_meter
-#define rekey_requested                                ssh_rekey_requested
-#define replacearg                             ssh_replacearg
-#define restore_uid                            ssh_restore_uid
-#define rijndael_decrypt                       ssh_rijndael_decrypt
-#define rijndael_encrypt                       ssh_rijndael_encrypt
-#define rijndael_set_key                       ssh_rijndael_set_key
-#define rsa_generate_additional_parameters     ssh_rsa_generate_additional_parameters
-#define rsa_private_decrypt                    ssh_rsa_private_decrypt
-#define rsa_public_encrypt                     ssh_rsa_public_encrypt
-#define sanitise_stdfd                         ssh_sanitise_stdfd
-#define scan_scaled                            ssh_scan_scaled
-#define schnorr_sign                           ssh_schnorr_sign
-#define schnorr_sign_buf                       ssh_schnorr_sign_buf
-#define schnorr_verify                         ssh_schnorr_verify
-#define schnorr_verify_buf                     ssh_schnorr_verify_buf
-#define seed_rng                               ssh_seed_rng
-#define set_log_handler                                ssh_set_log_handler
-#define set_newkeys                            ssh_set_newkeys
-#define set_nodelay                            ssh_set_nodelay
-#define set_nonblock                           ssh_set_nonblock
-#define shadow_pw                              ssh_shadow_pw
-#define sigdie                                 ssh_sigdie
-#define sock_set_v6only                                ssh_sock_set_v6only
-#define ssh1_3des_iv                           ssh_ssh1_3des_iv
-#define start_progress_meter                   ssh_start_progress_meter
-#define stop_progress_meter                    ssh_stop_progress_meter
-#define strdelim                               ssh_strdelim
-#define sys_tun_open                           ssh_sys_tun_open
-#define temporarily_use_uid                    ssh_temporarily_use_uid
-#define tilde_expand_filename                  ssh_tilde_expand_filename
-#define timingsafe_bcmp                                ssh_timingsafe_bcmp
-#define tohex                                  ssh_tohex
-#define tty_make_modes                         ssh_tty_make_modes
-#define tty_parse_modes                                ssh_tty_parse_modes
-#define tun_open                               ssh_tun_open
-#define umac_ctx                               ssh_umac_ctx
-#define umac_delete                            ssh_umac_delete
-#define umac_final                             ssh_umac_final
-#define umac_new                               ssh_umac_new
-#define umac_update                            ssh_umac_update
-#define unset_nonblock                         ssh_unset_nonblock
-#define uudecode                               ssh_uudecode
-#define uuencode                               ssh_uuencode
-#define verbose                                        ssh_verbose
-#define verbose                                        ssh_verbose
-#define verify_host_key_dns                    ssh_verify_host_key_dns
-#define vis                                    ssh_vis
-#define x11_connect_display                    ssh_x11_connect_display
-#define x11_create_display_inet                        ssh_x11_create_display_inet
-#define x11_input_open                         ssh_x11_input_open
-#define x11_request_forwarding_with_spoofing   ssh_x11_request_forwarding_with_spoofing
-#define xasprintf                              ssh_xasprintf
-#define xcalloc                                        ssh_xcalloc
-#define xcrypt                                 ssh_xcrypt
-#define xfree                                  ssh_xfree
-#define xmalloc                                        ssh_xmalloc
-#define xmmap                                  ssh_xmmap
-#define xrealloc                               ssh_xrealloc
-#define xstrdup                                        ssh_xstrdup
+#define glob ssh_glob
+#define globfree ssh_globfree
+#define kexc25519_client ssh_kexc25519_client
+#define kex_c25519_hash ssh_kex_c25519_hash
+#define kexc25519_keygen ssh_kexc25519_keygen
+#define kexc25519_shared_key ssh_kexc25519_shared_key
+#define crypto_scalarmult_curve25519 ssh_crypto_scalarmult_curve25519
+#define pkcs11_add_provider ssh_pkcs11_add_provider
+#define pkcs11_del_provider ssh_pkcs11_del_provider
+#define pkcs11_init ssh_pkcs11_init
+#define pkcs11_interactive ssh_pkcs11_interactive
+#define pkcs11_providers ssh_pkcs11_providers
+#define pkcs11_terminate ssh_pkcs11_terminate
+#define seed_rng ssh_seed_rng
+#define export_dns_rr ssh_export_dns_rr
+#define verify_host_key_dns ssh_verify_host_key_dns
+#define refresh_progress_meter ssh_refresh_progress_meter
+#define start_progress_meter ssh_start_progress_meter
+#define stop_progress_meter ssh_stop_progress_meter
+#define kexecdh_client ssh_kexecdh_client
+#define kex_ecdh_hash ssh_kex_ecdh_hash
+#define kexgex_client ssh_kexgex_client
+#define kexdh_client ssh_kexdh_client
+#define kexgex_hash ssh_kexgex_hash
+#define kex_dh_hash ssh_kex_dh_hash
+#define choose_dh ssh_choose_dh
+#define dh_estimate ssh_dh_estimate
+#define dh_gen_key ssh_dh_gen_key
+#define dh_new_group ssh_dh_new_group
+#define dh_new_group1 ssh_dh_new_group1
+#define dh_new_group14 ssh_dh_new_group14
+#define dh_new_group_asc ssh_dh_new_group_asc
+#define dh_pub_is_valid ssh_dh_pub_is_valid
+#define rijndaelEncrypt ssh_rijndaelEncrypt
+#define rijndaelKeySetupDec ssh_rijndaelKeySetupDec
+#define rijndaelKeySetupEnc ssh_rijndaelKeySetupEnc
+#define rijndael_decrypt ssh_rijndael_decrypt
+#define rijndael_encrypt ssh_rijndael_encrypt
+#define rijndael_set_key ssh_rijndael_set_key
+#define mm_receive_fd ssh_mm_receive_fd
+#define mm_send_fd ssh_mm_send_fd
+#define dump_base64 ssh_dump_base64
+#define uudecode ssh_uudecode
+#define uuencode ssh_uuencode
+#define tty_make_modes ssh_tty_make_modes
+#define tty_parse_modes ssh_tty_parse_modes
+#define ask_permission ssh_ask_permission
+#define read_passphrase ssh_read_passphrase
+#define gen_candidates ssh_gen_candidates
+#define prime_test ssh_prime_test
+#define add_host_to_hostfile ssh_add_host_to_hostfile
+#define check_key_in_hostkeys ssh_check_key_in_hostkeys
+#define free_hostkeys ssh_free_hostkeys
+#define host_hash ssh_host_hash
+#define hostfile_read_key ssh_hostfile_read_key
+#define init_hostkeys ssh_init_hostkeys
+#define load_hostkeys ssh_load_hostkeys
+#define lookup_key_in_hostkeys_by_type ssh_lookup_key_in_hostkeys_by_type
+#define compat13 ssh_compat13
+#define compat20 ssh_compat20
+#define compat_cipher_proposal ssh_compat_cipher_proposal
+#define compat_datafellows ssh_compat_datafellows
+#define compat_kex_proposal ssh_compat_kex_proposal
+#define compat_pkalg_proposal ssh_compat_pkalg_proposal
+#define datafellows ssh_datafellows
+#define enable_compat13 ssh_enable_compat13
+#define enable_compat20 ssh_enable_compat20
+#define proto_spec ssh_proto_spec
+#define decode_reply ssh_decode_reply
+#define freerrset ssh_freerrset
+#define getrrsetbyname ssh_getrrsetbyname
+#define permanently_drop_suid ssh_permanently_drop_suid
+#define permanently_set_uid ssh_permanently_set_uid
+#define restore_uid ssh_restore_uid
+#define temporarily_use_uid ssh_temporarily_use_uid
+#define key_add_private ssh_key_add_private
+#define key_cert_check_authority ssh_key_cert_check_authority
+#define key_cert_copy ssh_key_cert_copy
+#define key_certify ssh_key_certify
+#define key_demote ssh_key_demote
+#define key_drop_cert ssh_key_drop_cert
+#define key_ec_validate_private ssh_key_ec_validate_private
+#define key_ec_validate_public ssh_key_ec_validate_public
+#define key_fingerprint_raw ssh_key_fingerprint_raw
+#define key_from_blob ssh_key_from_blob
+#define key_from_private ssh_key_from_private
+#define key_generate ssh_key_generate
+#define key_in_file ssh_key_in_file
+#define key_load_cert ssh_key_load_cert
+#define key_load_file ssh_key_load_file
+#define key_load_private ssh_key_load_private
+#define key_load_private_cert ssh_key_load_private_cert
+#define key_load_private_pem ssh_key_load_private_pem
+#define key_load_private_type ssh_key_load_private_type
+#define key_load_public ssh_key_load_public
+#define key_new_private ssh_key_new_private
+#define key_perm_ok ssh_key_perm_ok
+#define key_private_deserialize ssh_key_private_deserialize
+#define key_private_serialize ssh_key_private_serialize
+#define key_read ssh_key_read
+#define key_save_private ssh_key_save_private
+#define key_sign ssh_key_sign
+#define key_to_blob ssh_key_to_blob
+#define key_to_certified ssh_key_to_certified
+#define key_verify ssh_key_verify
+#define key_write ssh_key_write
+#define blacklist_filename ssh_blacklist_filename
+#define blacklisted_key ssh_blacklisted_key
+#define sshkey_in_file ssh_sshkey_in_file
+#define sshkey_load_cert ssh_sshkey_load_cert
+#define sshkey_load_file ssh_sshkey_load_file
+#define sshkey_load_private ssh_sshkey_load_private
+#define sshkey_load_private_cert ssh_sshkey_load_private_cert
+#define sshkey_load_private_pem ssh_sshkey_load_private_pem
+#define sshkey_load_private_type ssh_sshkey_load_private_type
+#define sshkey_load_public ssh_sshkey_load_public
+#define sshkey_perm_ok ssh_sshkey_perm_ok
+#define sshkey_save_private ssh_sshkey_save_private
+#define atomicio ssh_atomicio
+#define atomicio6 ssh_atomicio6
+#define atomiciov ssh_atomiciov
+#define atomiciov6 ssh_atomiciov6
+#define current_keys ssh_current_keys
+#define derive_ssh1_session_id ssh_derive_ssh1_session_id
+#define kex_alg_list ssh_kex_alg_list
+#define kex_derive_keys ssh_kex_derive_keys
+#define kex_derive_keys_bn ssh_kex_derive_keys_bn
+#define kex_finish ssh_kex_finish
+#define kex_get_newkeys ssh_kex_get_newkeys
+#define kex_input_kexinit ssh_kex_input_kexinit
+#define kex_names_valid ssh_kex_names_valid
+#define kex_prop2buf ssh_kex_prop2buf
+#define kex_send_kexinit ssh_kex_send_kexinit
+#define kex_setup ssh_kex_setup
+#define dispatch ssh_dispatch
+#define dispatch_init ssh_dispatch_init
+#define dispatch_protocol_error ssh_dispatch_protocol_error
+#define dispatch_protocol_ignore ssh_dispatch_protocol_ignore
+#define dispatch_range ssh_dispatch_range
+#define dispatch_run ssh_dispatch_run
+#define dispatch_set ssh_dispatch_set
+#define key_alg_list ssh_key_alg_list
+#define sshkey_add_private ssh_sshkey_add_private
+#define sshkey_cert_check_authority ssh_sshkey_cert_check_authority
+#define sshkey_cert_copy ssh_sshkey_cert_copy
+#define sshkey_cert_is_legacy ssh_sshkey_cert_is_legacy
+#define sshkey_cert_type ssh_sshkey_cert_type
+#define sshkey_certify ssh_sshkey_certify
+#define sshkey_curve_name_to_nid ssh_sshkey_curve_name_to_nid
+#define sshkey_curve_nid_to_bits ssh_sshkey_curve_nid_to_bits
+#define sshkey_curve_nid_to_name ssh_sshkey_curve_nid_to_name
+#define sshkey_demote ssh_sshkey_demote
+#define sshkey_drop_cert ssh_sshkey_drop_cert
+#define sshkey_dump_ec_key ssh_sshkey_dump_ec_key
+#define sshkey_dump_ec_point ssh_sshkey_dump_ec_point
+#define sshkey_ec_nid_to_hash_alg ssh_sshkey_ec_nid_to_hash_alg
+#define sshkey_ec_validate_private ssh_sshkey_ec_validate_private
+#define sshkey_ec_validate_public ssh_sshkey_ec_validate_public
+#define sshkey_ecdsa_bits_to_nid ssh_sshkey_ecdsa_bits_to_nid
+#define sshkey_ecdsa_key_to_nid ssh_sshkey_ecdsa_key_to_nid
+#define sshkey_ecdsa_nid_from_name ssh_sshkey_ecdsa_nid_from_name
+#define sshkey_equal ssh_sshkey_equal
+#define sshkey_equal_public ssh_sshkey_equal_public
+#define sshkey_fingerprint ssh_sshkey_fingerprint
+#define sshkey_fingerprint_raw ssh_sshkey_fingerprint_raw
+#define sshkey_free ssh_sshkey_free
+#define sshkey_from_blob ssh_sshkey_from_blob
+#define sshkey_from_private ssh_sshkey_from_private
+#define sshkey_generate ssh_sshkey_generate
+#define sshkey_is_cert ssh_sshkey_is_cert
+#define sshkey_names_valid2 ssh_sshkey_names_valid2
+#define sshkey_new ssh_sshkey_new
+#define sshkey_new_private ssh_sshkey_new_private
+#define sshkey_parse_private_fileblob ssh_sshkey_parse_private_fileblob
+#define sshkey_parse_private_fileblob_type ssh_sshkey_parse_private_fileblob_type
+#define sshkey_parse_private_pem_fileblob ssh_sshkey_parse_private_pem_fileblob
+#define sshkey_parse_public_rsa1_fileblob ssh_sshkey_parse_public_rsa1_fileblob
+#define sshkey_plain_to_blob ssh_sshkey_plain_to_blob
+#define sshkey_plain_to_blob_buf ssh_sshkey_plain_to_blob_buf
+#define sshkey_private_deserialize ssh_sshkey_private_deserialize
+#define sshkey_private_serialize ssh_sshkey_private_serialize
+#define sshkey_private_to_fileblob ssh_sshkey_private_to_fileblob
+#define sshkey_read ssh_sshkey_read
+#define sshkey_sign ssh_sshkey_sign
+#define sshkey_size ssh_sshkey_size
+#define sshkey_ssh_name ssh_sshkey_ssh_name
+#define sshkey_ssh_name_plain ssh_sshkey_ssh_name_plain
+#define sshkey_to_blob ssh_sshkey_to_blob
+#define sshkey_to_blob_buf ssh_sshkey_to_blob_buf
+#define sshkey_to_certified ssh_sshkey_to_certified
+#define sshkey_type ssh_sshkey_type
+#define sshkey_type_from_name ssh_sshkey_type_from_name
+#define sshkey_type_is_cert ssh_sshkey_type_is_cert
+#define sshkey_type_plain ssh_sshkey_type_plain
+#define sshkey_verify ssh_sshkey_verify
+#define sshkey_write ssh_sshkey_write
+#define crypto_sign_ed25519 ssh_crypto_sign_ed25519
+#define crypto_sign_ed25519_keypair ssh_crypto_sign_ed25519_keypair
+#define crypto_sign_ed25519_open ssh_crypto_sign_ed25519_open
+#define crypto_sign_ed25519_ref_ge25519_base ssh_crypto_sign_ed25519_ref_ge25519_base
+#define crypto_sign_ed25519_ref_double_scalarmult_vartime ssh_crypto_sign_ed25519_ref_double_scalarmult_vartime
+#define crypto_sign_ed25519_ref_ge25519_base ssh_crypto_sign_ed25519_ref_ge25519_base
+#define crypto_sign_ed25519_ref_isneutral_vartime ssh_crypto_sign_ed25519_ref_isneutral_vartime
+#define crypto_sign_ed25519_ref_pack ssh_crypto_sign_ed25519_ref_pack
+#define crypto_sign_ed25519_ref_scalarmult_base ssh_crypto_sign_ed25519_ref_scalarmult_base
+#define crypto_sign_ed25519_ref_unpackneg_vartime ssh_crypto_sign_ed25519_ref_unpackneg_vartime
+#define crypto_sign_ed25519_ref_sc25519_2interleave2 ssh_crypto_sign_ed25519_ref_sc25519_2interleave2
+#define crypto_sign_ed25519_ref_sc25519_add ssh_crypto_sign_ed25519_ref_sc25519_add
+#define crypto_sign_ed25519_ref_sc25519_from32bytes ssh_crypto_sign_ed25519_ref_sc25519_from32bytes
+#define crypto_sign_ed25519_ref_sc25519_from64bytes ssh_crypto_sign_ed25519_ref_sc25519_from64bytes
+#define crypto_sign_ed25519_ref_sc25519_from_shortsc ssh_crypto_sign_ed25519_ref_sc25519_from_shortsc
+#define crypto_sign_ed25519_ref_sc25519_isshort_vartime ssh_crypto_sign_ed25519_ref_sc25519_isshort_vartime
+#define crypto_sign_ed25519_ref_sc25519_iszero_vartime ssh_crypto_sign_ed25519_ref_sc25519_iszero_vartime
+#define crypto_sign_ed25519_ref_sc25519_lt_vartime ssh_crypto_sign_ed25519_ref_sc25519_lt_vartime
+#define crypto_sign_ed25519_ref_sc25519_mul ssh_crypto_sign_ed25519_ref_sc25519_mul
+#define crypto_sign_ed25519_ref_sc25519_mul_shortsc ssh_crypto_sign_ed25519_ref_sc25519_mul_shortsc
+#define crypto_sign_ed25519_ref_sc25519_sub_nored ssh_crypto_sign_ed25519_ref_sc25519_sub_nored
+#define crypto_sign_ed25519_ref_sc25519_to32bytes ssh_crypto_sign_ed25519_ref_sc25519_to32bytes
+#define crypto_sign_ed25519_ref_sc25519_window3 ssh_crypto_sign_ed25519_ref_sc25519_window3
+#define crypto_sign_ed25519_ref_sc25519_window5 ssh_crypto_sign_ed25519_ref_sc25519_window5
+#define crypto_sign_ed25519_ref_shortsc25519_from16bytes ssh_crypto_sign_ed25519_ref_shortsc25519_from16bytes
+#define rsa_generate_additional_parameters ssh_rsa_generate_additional_parameters
+#define rsa_private_decrypt ssh_rsa_private_decrypt
+#define rsa_public_encrypt ssh_rsa_public_encrypt
+#define sshbuf_b64tod ssh_sshbuf_b64tod
+#define sshbuf_dtob16 ssh_sshbuf_dtob16
+#define sshbuf_dtob64 ssh_sshbuf_dtob64
+#define sshbuf_dump ssh_sshbuf_dump
+#define sshbuf_dump_data ssh_sshbuf_dump_data
+#define crypto_hash_sha512 ssh_crypto_hash_sha512
+#define crypto_verify_32 ssh_crypto_verify_32
+#define crypto_sign_ed25519_ref_fe25519_add ssh_crypto_sign_ed25519_ref_fe25519_add
+#define crypto_sign_ed25519_ref_fe25519_cmov ssh_crypto_sign_ed25519_ref_fe25519_cmov
+#define crypto_sign_ed25519_ref_fe25519_freeze ssh_crypto_sign_ed25519_ref_fe25519_freeze
+#define crypto_sign_ed25519_ref_fe25519_getparity ssh_crypto_sign_ed25519_ref_fe25519_getparity
+#define crypto_sign_ed25519_ref_fe25519_invert ssh_crypto_sign_ed25519_ref_fe25519_invert
+#define crypto_sign_ed25519_ref_fe25519_iseq_vartime ssh_crypto_sign_ed25519_ref_fe25519_iseq_vartime
+#define crypto_sign_ed25519_ref_fe25519_iszero ssh_crypto_sign_ed25519_ref_fe25519_iszero
+#define crypto_sign_ed25519_ref_fe25519_mul ssh_crypto_sign_ed25519_ref_fe25519_mul
+#define crypto_sign_ed25519_ref_fe25519_neg ssh_crypto_sign_ed25519_ref_fe25519_neg
+#define crypto_sign_ed25519_ref_fe25519_pack ssh_crypto_sign_ed25519_ref_fe25519_pack
+#define crypto_sign_ed25519_ref_fe25519_pow2523 ssh_crypto_sign_ed25519_ref_fe25519_pow2523
+#define crypto_sign_ed25519_ref_fe25519_setone ssh_crypto_sign_ed25519_ref_fe25519_setone
+#define crypto_sign_ed25519_ref_fe25519_setzero ssh_crypto_sign_ed25519_ref_fe25519_setzero
+#define crypto_sign_ed25519_ref_fe25519_square ssh_crypto_sign_ed25519_ref_fe25519_square
+#define crypto_sign_ed25519_ref_fe25519_sub ssh_crypto_sign_ed25519_ref_fe25519_sub
+#define crypto_sign_ed25519_ref_fe25519_unpack ssh_crypto_sign_ed25519_ref_fe25519_unpack
+#define crypto_hashblocks_sha512 ssh_crypto_hashblocks_sha512
+#define addr_match_cidr_list ssh_addr_match_cidr_list
+#define addr_match_list ssh_addr_match_list
+#define match_host_and_ip ssh_match_host_and_ip
+#define match_hostname ssh_match_hostname
+#define match_list ssh_match_list
+#define match_pattern ssh_match_pattern
+#define match_pattern_list ssh_match_pattern_list
+#define match_user ssh_match_user
+#define packet_add_padding ssh_packet_add_padding
+#define packet_authentication_state ssh_packet_authentication_state
+#define packet_backup_state ssh_packet_backup_state
+#define packet_close ssh_packet_close
+#define packet_connection_is_on_socket ssh_packet_connection_is_on_socket
+#define packet_disconnect ssh_packet_disconnect
+#define packet_get_bignum ssh_packet_get_bignum
+#define packet_get_bignum2 ssh_packet_get_bignum2
+#define packet_get_char ssh_packet_get_char
+#define packet_get_connection_in ssh_packet_get_connection_in
+#define packet_get_connection_out ssh_packet_get_connection_out
+#define packet_get_cstring ssh_packet_get_cstring
+#define packet_get_ecpoint ssh_packet_get_ecpoint
+#define packet_get_encryption_key ssh_packet_get_encryption_key
+#define packet_get_input ssh_packet_get_input
+#define packet_get_int ssh_packet_get_int
+#define packet_get_int64 ssh_packet_get_int64
+#define packet_get_keycontext ssh_packet_get_keycontext
+#define packet_get_keyiv ssh_packet_get_keyiv
+#define packet_get_keyiv_len ssh_packet_get_keyiv_len
+#define packet_get_maxsize ssh_packet_get_maxsize
+#define packet_get_newkeys ssh_packet_get_newkeys
+#define packet_get_output ssh_packet_get_output
+#define packet_get_protocol_flags ssh_packet_get_protocol_flags
+#define packet_get_raw ssh_packet_get_raw
+#define packet_get_receive_context ssh_packet_get_receive_context
+#define packet_get_rekey_timeout ssh_packet_get_rekey_timeout
+#define packet_get_send_context ssh_packet_get_send_context
+#define packet_get_ssh1_cipher ssh_packet_get_ssh1_cipher
+#define packet_get_state ssh_packet_get_state
+#define packet_get_string ssh_packet_get_string
+#define packet_get_string_ptr ssh_packet_get_string_ptr
+#define packet_have_data_to_write ssh_packet_have_data_to_write
+#define packet_inc_alive_timeouts ssh_packet_inc_alive_timeouts
+#define packet_is_interactive ssh_packet_is_interactive
+#define packet_need_rekeying ssh_packet_need_rekeying
+#define packet_not_very_much_data_to_write ssh_packet_not_very_much_data_to_write
+#define packet_process_incoming ssh_packet_process_incoming
+#define packet_put_bignum ssh_packet_put_bignum
+#define packet_put_bignum2 ssh_packet_put_bignum2
+#define packet_put_char ssh_packet_put_char
+#define packet_put_cstring ssh_packet_put_cstring
+#define packet_put_ecpoint ssh_packet_put_ecpoint
+#define packet_put_int ssh_packet_put_int
+#define packet_put_int64 ssh_packet_put_int64
+#define packet_put_raw ssh_packet_put_raw
+#define packet_put_string ssh_packet_put_string
+#define packet_read ssh_packet_read
+#define packet_read_expect ssh_packet_read_expect
+#define packet_read_poll_seqnr ssh_packet_read_poll_seqnr
+#define packet_read_seqnr ssh_packet_read_seqnr
+#define packet_remaining ssh_packet_remaining
+#define packet_request_rekeying ssh_packet_request_rekeying
+#define packet_restore_state ssh_packet_restore_state
+#define packet_send ssh_packet_send
+#define packet_send_debug ssh_packet_send_debug
+#define packet_send_ignore ssh_packet_send_ignore
+#define packet_set_alive_timeouts ssh_packet_set_alive_timeouts
+#define packet_set_authenticated ssh_packet_set_authenticated
+#define packet_set_connection ssh_packet_set_connection
+#define packet_set_encryption_key ssh_packet_set_encryption_key
+#define packet_set_interactive ssh_packet_set_interactive
+#define packet_set_iv ssh_packet_set_iv
+#define packet_set_keycontext ssh_packet_set_keycontext
+#define packet_set_maxsize ssh_packet_set_maxsize
+#define packet_set_nonblocking ssh_packet_set_nonblocking
+#define packet_set_postauth ssh_packet_set_postauth
+#define packet_set_protocol_flags ssh_packet_set_protocol_flags
+#define packet_set_rekey_limits ssh_packet_set_rekey_limits
+#define packet_set_server ssh_packet_set_server
+#define packet_set_state ssh_packet_set_state
+#define packet_set_timeout ssh_packet_set_timeout
+#define packet_start ssh_packet_start
+#define packet_start_compression ssh_packet_start_compression
+#define packet_write_poll ssh_packet_write_poll
+#define packet_write_wait ssh_packet_write_wait
+#define rekey_requested ssh_rekey_requested
+#define set_newkeys ssh_set_newkeys
+#define buffer_get_ecpoint ssh_buffer_get_ecpoint
+#define buffer_get_ecpoint_ret ssh_buffer_get_ecpoint_ret
+#define buffer_put_ecpoint ssh_buffer_put_ecpoint
+#define buffer_put_ecpoint_ret ssh_buffer_put_ecpoint_ret
+#define mac_alg_list ssh_mac_alg_list
+#define mac_clear ssh_mac_clear
+#define mac_compute ssh_mac_compute
+#define mac_init ssh_mac_init
+#define mac_setup ssh_mac_setup
+#define mac_valid ssh_mac_valid
+#define detect_attack ssh_detect_attack
+#define buffer_compress ssh_buffer_compress
+#define buffer_compress_init_recv ssh_buffer_compress_init_recv
+#define buffer_compress_init_send ssh_buffer_compress_init_send
+#define buffer_compress_uninit ssh_buffer_compress_uninit
+#define buffer_uncompress ssh_buffer_uncompress
+#define incoming_stream ssh_incoming_stream
+#define outgoing_stream ssh_outgoing_stream
+#define cipher_alg_list ssh_cipher_alg_list
+#define cipher_authlen ssh_cipher_authlen
+#define cipher_blocksize ssh_cipher_blocksize
+#define cipher_by_name ssh_cipher_by_name
+#define cipher_by_number ssh_cipher_by_number
+#define cipher_cleanup ssh_cipher_cleanup
+#define cipher_crypt ssh_cipher_crypt
+#define cipher_get_keycontext ssh_cipher_get_keycontext
+#define cipher_get_keyiv ssh_cipher_get_keyiv
+#define cipher_get_keyiv_len ssh_cipher_get_keyiv_len
+#define cipher_get_length ssh_cipher_get_length
+#define cipher_get_number ssh_cipher_get_number
+#define cipher_init ssh_cipher_init
+#define cipher_is_cbc ssh_cipher_is_cbc
+#define cipher_ivlen ssh_cipher_ivlen
+#define cipher_keylen ssh_cipher_keylen
+#define cipher_mask_ssh1 ssh_cipher_mask_ssh1
+#define cipher_name ssh_cipher_name
+#define cipher_number ssh_cipher_number
+#define cipher_reset_multithreaded ssh_cipher_reset_multithreaded
+#define cipher_return_name ssh_cipher_return_name
+#define cipher_seclen ssh_cipher_seclen
+#define cipher_set_key_string ssh_cipher_set_key_string
+#define cipher_set_keycontext ssh_cipher_set_keycontext
+#define cipher_set_keyiv ssh_cipher_set_keyiv
+#define cipher_warning_message ssh_cipher_warning_message
+#define ciphers_valid ssh_ciphers_valid
+#define buffer_get_bignum ssh_buffer_get_bignum
+#define buffer_get_bignum2 ssh_buffer_get_bignum2
+#define buffer_get_bignum2_ret ssh_buffer_get_bignum2_ret
+#define buffer_get_bignum_ret ssh_buffer_get_bignum_ret
+#define buffer_put_bignum ssh_buffer_put_bignum
+#define buffer_put_bignum2 ssh_buffer_put_bignum2
+#define buffer_put_bignum2_ret ssh_buffer_put_bignum2_ret
+#define buffer_put_bignum_ret ssh_buffer_put_bignum_ret
+#define sshbuf_get_bignum1 ssh_sshbuf_get_bignum1
+#define sshbuf_get_bignum2 ssh_sshbuf_get_bignum2
+#define sshbuf_get_ec ssh_sshbuf_get_ec
+#define sshbuf_get_eckey ssh_sshbuf_get_eckey
+#define sshbuf_put_bignum1 ssh_sshbuf_put_bignum1
+#define sshbuf_put_bignum2 ssh_sshbuf_put_bignum2
+#define sshbuf_put_ec ssh_sshbuf_put_ec
+#define sshbuf_put_eckey ssh_sshbuf_put_eckey
+#define digests ssh_digests
+#define chachapoly_crypt ssh_chachapoly_crypt
+#define chachapoly_get_length ssh_chachapoly_get_length
+#define chachapoly_init ssh_chachapoly_init
+#define chacha_encrypt_bytes ssh_chacha_encrypt_bytes
+#define chacha_ivsetup ssh_chacha_ivsetup
+#define chacha_keysetup ssh_chacha_keysetup
+#define poly1305_auth ssh_poly1305_auth
+#define umac128_delete ssh_umac128_delete
+#define umac128_final ssh_umac128_final
+#define umac128_new ssh_umac128_new
+#define umac128_update ssh_umac128_update
+#define umac_ctx ssh_umac_ctx
+#define umac_ctx ssh_umac_ctx
+#define umac_delete ssh_umac_delete
+#define umac_final ssh_umac_final
+#define umac_new ssh_umac_new
+#define umac_update ssh_umac_update
+#define evp_ssh1_3des ssh_evp_ssh1_3des
+#define ssh1_3des_iv ssh_ssh1_3des_iv
+#define evp_aes_ctr_mt ssh_evp_aes_ctr_mt
+#define evp_ssh1_bf ssh_evp_ssh1_bf
+#define chan_ibuf_empty ssh_chan_ibuf_empty
+#define chan_is_dead ssh_chan_is_dead
+#define chan_mark_dead ssh_chan_mark_dead
+#define chan_obuf_empty ssh_chan_obuf_empty
+#define chan_rcvd_eow ssh_chan_rcvd_eow
+#define chan_rcvd_ieof ssh_chan_rcvd_ieof
+#define chan_rcvd_oclose ssh_chan_rcvd_oclose
+#define chan_read_failed ssh_chan_read_failed
+#define chan_write_failed ssh_chan_write_failed
+#define auth_request_forwarding ssh_auth_request_forwarding
+#define channel_add_adm_permitted_opens ssh_channel_add_adm_permitted_opens
+#define channel_add_permitted_opens ssh_channel_add_permitted_opens
+#define channel_after_select ssh_channel_after_select
+#define channel_by_id ssh_channel_by_id
+#define channel_cancel_cleanup ssh_channel_cancel_cleanup
+#define channel_cancel_lport_listener ssh_channel_cancel_lport_listener
+#define channel_cancel_rport_listener ssh_channel_cancel_rport_listener
+#define channel_clear_adm_permitted_opens ssh_channel_clear_adm_permitted_opens
+#define channel_clear_permitted_opens ssh_channel_clear_permitted_opens
+#define channel_close_all ssh_channel_close_all
+#define channel_close_fd ssh_channel_close_fd
+#define channel_connect_by_listen_address ssh_channel_connect_by_listen_address
+#define channel_connect_by_listen_path ssh_channel_connect_by_listen_path
+#define channel_connect_stdio_fwd ssh_channel_connect_stdio_fwd
+#define channel_connect_to_path ssh_channel_connect_to_path
+#define channel_connect_to_port ssh_channel_connect_to_port
+#define channel_disable_adm_local_opens ssh_channel_disable_adm_local_opens
+#define channel_find_open ssh_channel_find_open
+#define channel_free ssh_channel_free
+#define channel_free_all ssh_channel_free_all
+#define channel_input_close ssh_channel_input_close
+#define channel_input_close_confirmation ssh_channel_input_close_confirmation
+#define channel_input_data ssh_channel_input_data
+#define channel_input_extended_data ssh_channel_input_extended_data
+#define channel_input_ieof ssh_channel_input_ieof
+#define channel_input_oclose ssh_channel_input_oclose
+#define channel_input_open_confirmation ssh_channel_input_open_confirmation
+#define channel_input_open_failure ssh_channel_input_open_failure
+#define channel_input_port_forward_request ssh_channel_input_port_forward_request
+#define channel_input_port_open ssh_channel_input_port_open
+#define channel_input_status_confirm ssh_channel_input_status_confirm
+#define channel_input_window_adjust ssh_channel_input_window_adjust
+#define channel_lookup ssh_channel_lookup
+#define channel_new ssh_channel_new
+#define channel_not_very_much_buffered_data ssh_channel_not_very_much_buffered_data
+#define channel_open_message ssh_channel_open_message
+#define channel_output_poll ssh_channel_output_poll
+#define channel_permit_all_opens ssh_channel_permit_all_opens
+#define channel_post ssh_channel_post
+#define channel_pre ssh_channel_pre
+#define channel_prepare_select ssh_channel_prepare_select
+#define channel_print_adm_permitted_opens ssh_channel_print_adm_permitted_opens
+#define channel_register_cleanup ssh_channel_register_cleanup
+#define channel_register_filter ssh_channel_register_filter
+#define channel_register_open_confirm ssh_channel_register_open_confirm
+#define channel_register_status_confirm ssh_channel_register_status_confirm
+#define channel_request_remote_forwarding ssh_channel_request_remote_forwarding
+#define channel_request_rforward_cancel ssh_channel_request_rforward_cancel
+#define channel_request_start ssh_channel_request_start
+#define channel_send_open ssh_channel_send_open
+#define channel_send_window_changes ssh_channel_send_window_changes
+#define channel_set_af ssh_channel_set_af
+#define channel_set_fds ssh_channel_set_fds
+#define channel_set_hpn ssh_channel_set_hpn
+#define channel_setup_local_fwd_listener ssh_channel_setup_local_fwd_listener
+#define channel_setup_remote_fwd_listener ssh_channel_setup_remote_fwd_listener
+#define channel_still_open ssh_channel_still_open
+#define channel_stop_listening ssh_channel_stop_listening
+#define channel_tcpwinsz ssh_channel_tcpwinsz
+#define channel_update_permitted_opens ssh_channel_update_permitted_opens
+#define deny_input_open ssh_deny_input_open
+#define permitopen_port ssh_permitopen_port
+#define x11_connect_display ssh_x11_connect_display
+#define x11_create_display_inet ssh_x11_create_display_inet
+#define x11_input_open ssh_x11_input_open
+#define x11_request_forwarding_with_spoofing ssh_x11_request_forwarding_with_spoofing
+#define clear_cached_addr ssh_clear_cached_addr
+#define get_canonical_hostname ssh_get_canonical_hostname
+#define get_local_ipaddr ssh_get_local_ipaddr
+#define get_local_name ssh_get_local_name
+#define get_local_port ssh_get_local_port
+#define get_peer_ipaddr ssh_get_peer_ipaddr
+#define get_peer_port ssh_get_peer_port
+#define get_remote_ipaddr ssh_get_remote_ipaddr
+#define get_remote_name_or_ip ssh_get_remote_name_or_ip
+#define get_remote_port ssh_get_remote_port
+#define get_sock_port ssh_get_sock_port
+#define ipv64_normalise_mapped ssh_ipv64_normalise_mapped
+#define buffer_append ssh_buffer_append
+#define buffer_append_space ssh_buffer_append_space
+#define buffer_check_alloc ssh_buffer_check_alloc
+#define buffer_consume ssh_buffer_consume
+#define buffer_consume_end ssh_buffer_consume_end
+#define buffer_consume_end_ret ssh_buffer_consume_end_ret
+#define buffer_consume_ret ssh_buffer_consume_ret
+#define buffer_get ssh_buffer_get
+#define buffer_get_ret ssh_buffer_get_ret
+#define buffer_get_char ssh_buffer_get_char
+#define buffer_get_char_ret ssh_buffer_get_char_ret
+#define buffer_get_cstring ssh_buffer_get_cstring
+#define buffer_get_cstring_ret ssh_buffer_get_cstring_ret
+#define buffer_get_int ssh_buffer_get_int
+#define buffer_get_int64 ssh_buffer_get_int64
+#define buffer_get_int64_ret ssh_buffer_get_int64_ret
+#define buffer_get_int_ret ssh_buffer_get_int_ret
+#define buffer_get_short ssh_buffer_get_short
+#define buffer_get_short_ret ssh_buffer_get_short_ret
+#define buffer_get_string ssh_buffer_get_string
+#define buffer_get_string_ptr ssh_buffer_get_string_ptr
+#define buffer_get_string_ptr_ret ssh_buffer_get_string_ptr_ret
+#define buffer_get_string_ret ssh_buffer_get_string_ret
+#define buffer_put_bignum2_from_string ssh_buffer_put_bignum2_from_string
+#define buffer_put_char ssh_buffer_put_char
+#define buffer_put_cstring ssh_buffer_put_cstring
+#define buffer_put_int ssh_buffer_put_int
+#define buffer_put_int64 ssh_buffer_put_int64
+#define buffer_put_short ssh_buffer_put_short
+#define buffer_put_string ssh_buffer_put_string
+#define sshbuf_froms ssh_sshbuf_froms
+#define sshbuf_get ssh_sshbuf_get
+#define sshbuf_get_cstring ssh_sshbuf_get_cstring
+#define sshbuf_get_string ssh_sshbuf_get_string
+#define sshbuf_get_string_direct ssh_sshbuf_get_string_direct
+#define sshbuf_get_stringb ssh_sshbuf_get_stringb
+#define sshbuf_get_u16 ssh_sshbuf_get_u16
+#define sshbuf_get_u32 ssh_sshbuf_get_u32
+#define sshbuf_get_u64 ssh_sshbuf_get_u64
+#define sshbuf_get_u8 ssh_sshbuf_get_u8
+#define sshbuf_peek_string_direct ssh_sshbuf_peek_string_direct
+#define sshbuf_put ssh_sshbuf_put
+#define sshbuf_put_bignum2_bytes ssh_sshbuf_put_bignum2_bytes
+#define sshbuf_put_cstring ssh_sshbuf_put_cstring
+#define sshbuf_put_string ssh_sshbuf_put_string
+#define sshbuf_put_stringb ssh_sshbuf_put_stringb
+#define sshbuf_put_u16 ssh_sshbuf_put_u16
+#define sshbuf_put_u32 ssh_sshbuf_put_u32
+#define sshbuf_put_u64 ssh_sshbuf_put_u64
+#define sshbuf_put_u8 ssh_sshbuf_put_u8
+#define sshbuf_putb ssh_sshbuf_putb
+#define sshbuf_putf ssh_sshbuf_putf
+#define sshbuf_putfv ssh_sshbuf_putfv
+#define sshbuf_alloc ssh_sshbuf_alloc
+#define sshbuf_avail ssh_sshbuf_avail
+#define sshbuf_check_reserve ssh_sshbuf_check_reserve
+#define sshbuf_consume ssh_sshbuf_consume
+#define sshbuf_consume_end ssh_sshbuf_consume_end
+#define sshbuf_free ssh_sshbuf_free
+#define sshbuf_from ssh_sshbuf_from
+#define sshbuf_fromb ssh_sshbuf_fromb
+#define sshbuf_init ssh_sshbuf_init
+#define sshbuf_len ssh_sshbuf_len
+#define sshbuf_max_size ssh_sshbuf_max_size
+#define sshbuf_mutable_ptr ssh_sshbuf_mutable_ptr
+#define sshbuf_new ssh_sshbuf_new
+#define sshbuf_parent ssh_sshbuf_parent
+#define sshbuf_ptr ssh_sshbuf_ptr
+#define sshbuf_refcount ssh_sshbuf_refcount
+#define sshbuf_reserve ssh_sshbuf_reserve
+#define sshbuf_reset ssh_sshbuf_reset
+#define sshbuf_set_max_size ssh_sshbuf_set_max_size
+#define sshbuf_set_parent ssh_sshbuf_set_parent
+#define timingsafe_bcmp ssh_timingsafe_bcmp
+#define mysignal ssh_mysignal
+#define a2port ssh_a2port
+#define a2tun ssh_a2tun
+#define addargs ssh_addargs
+#define bandwidth_limit ssh_bandwidth_limit
+#define bandwidth_limit_init ssh_bandwidth_limit_init
+#define chop ssh_chop
+#define cleanhostname ssh_cleanhostname
+#define colon ssh_colon
+#define convtime ssh_convtime
+#define freeargs ssh_freeargs
+#define get_u16 ssh_get_u16
+#define get_u32 ssh_get_u32
+#define get_u32_le ssh_get_u32_le
+#define get_u64 ssh_get_u64
+#define hpdelim ssh_hpdelim
+#define iptos2str ssh_iptos2str
+#define lowercase ssh_lowercase
+#define mktemp_proto ssh_mktemp_proto
+#define monotime ssh_monotime
+#define ms_subtract_diff ssh_ms_subtract_diff
+#define ms_to_timeval ssh_ms_to_timeval
+#define parse_ipqos ssh_parse_ipqos
+#define percent_expand ssh_percent_expand
+#define put_host_port ssh_put_host_port
+#define put_u16 ssh_put_u16
+#define put_u32 ssh_put_u32
+#define put_u32_le ssh_put_u32_le
+#define put_u64 ssh_put_u64
+#define pwcopy ssh_pwcopy
+#define read_keyfile_line ssh_read_keyfile_line
+#define replacearg ssh_replacearg
+#define sanitise_stdfd ssh_sanitise_stdfd
+#define set_nodelay ssh_set_nodelay
+#define set_nonblock ssh_set_nonblock
+#define sock_set_v6only ssh_sock_set_v6only
+#define strdelim ssh_strdelim
+#define tilde_expand_filename ssh_tilde_expand_filename
+#define tohex ssh_tohex
+#define tun_open ssh_tun_open
+#define unix_listener ssh_unix_listener
+#define unset_nonblock ssh_unset_nonblock
+#define xasprintf ssh_xasprintf
+#define xcalloc ssh_xcalloc
+#define xmalloc ssh_xmalloc
+#define xrealloc ssh_xrealloc
+#define xstrdup ssh_xstrdup
+#define fatal ssh_fatal
+#define cleanup_exit ssh_cleanup_exit
+#define sys_tun_open ssh_sys_tun_open
+#define debug ssh_debug
+#define debug2 ssh_debug2
+#define debug3 ssh_debug3
+#define do_log ssh_do_log
+#define do_log2 ssh_do_log2
+#define error ssh_error
+#define log_change_level ssh_log_change_level
+#define log_facility_name ssh_log_facility_name
+#define log_facility_number ssh_log_facility_number
+#define log_init ssh_log_init
+#define log_is_on_stderr ssh_log_is_on_stderr
+#define log_level_name ssh_log_level_name
+#define log_level_number ssh_log_level_number
+#define log_redirect_stderr_to ssh_log_redirect_stderr_to
+#define logit ssh_logit
+#define set_log_handler ssh_set_log_handler
+#define sigdie ssh_sigdie
+#define verbose ssh_verbose
index b5b33d5..c848c41 100644 (file)
@@ -549,10 +549,10 @@ send_client_banner(int connection_out, int minor1)
        /* Send our own protocol version identification. */
        if (compat20) {
                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
-                   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
+                   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
        } else {
                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
-                   PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
+                   PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
        }
        if (roaming_atomicio(vwrite, connection_out, client_version_string,
            strlen(client_version_string)) != strlen(client_version_string))
index 8ed3ec0..f87acbc 100644 (file)
@@ -159,12 +159,16 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
        return ret;
 }
 
+static char *myproposal[PROPOSAL_MAX];
+static const char *myproposal_default[PROPOSAL_MAX] = { KEX_CLIENT };
+
 void
 ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 {
-       char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
        Kex *kex;
 
+       memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
+
        xxx_host = host;
        xxx_hostaddr = hostaddr;
 
@@ -442,6 +446,22 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
                        fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
                }
        }
+        /* if we are using aes-ctr there can be issues in either a fork or sandbox
+         * so the initial aes-ctr is defined to point to the original single process
+         * evp. After authentication we'll be past the fork and the sandboxed privsep
+         * so we repoint the define to the multithreaded evp. To start the threads we
+         * then force a rekey
+         */
+        CipherContext *ccsend;
+        ccsend = (CipherContext*)packet_get_send_context();
+       
+       /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */
+        if (strstr(cipher_return_name((Cipher*)ccsend->cipher), "ctr")) {
+               debug ("Single to Multithread CTR cipher swap - client request");
+                cipher_reset_multithreaded();
+                packet_request_rekeying();
+        }
+
        debug("Authentication succeeded (%s).", authctxt.method->name);
 }
 
index d64bc21..b5952e6 100644 (file)
@@ -436,7 +436,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
        }
 
        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-           major, minor, SSH_VERSION,
+           major, minor, SSH_RELEASE,
            *options.version_addendum == '\0' ? "" : " ",
            options.version_addendum, newline);
 
@@ -2207,6 +2207,23 @@ main(int ac, char **av)
            options.client_alive_count_max);
 
        /* Start session. */
+
+       /* if we are using aes-ctr there can be issues in either a fork or sandbox
+         * so the initial aes-ctr is defined to point ot the original single process
+        * evp. After authentication we'll be past the fork and the sandboxed privsep
+        * so we repoint the define to the multithreaded evp. To start the threads we
+        * then force a rekey
+        */
+        CipherContext *ccsend;
+        ccsend = (CipherContext*)packet_get_send_context();
+
+       /* only rekey if necessary. If we don't do this gcm mode cipher breaks */
+       if (strstr(cipher_return_name((Cipher*)ccsend->cipher), "ctr")) {
+               debug ("Single to Multithreaded CTR cipher swap - server request");
+               cipher_reset_multithreaded();
+               packet_request_rekeying();
+       }
+
        do_authenticated(authctxt);
 
        /* The connection has been terminated. */
diff --git a/crypto/openssh/umac128.c b/crypto/openssh/umac128.c
new file mode 100644 (file)
index 0000000..52f9173
--- /dev/null
@@ -0,0 +1,6 @@
+#define        UMAC_OUTPUT_LEN 16
+#define        umac_new        umac128_new
+#define        umac_update     umac128_update
+#define        umac_final      umac128_final
+#define        umac_delete     umac128_delete
+#include "umac.c"
index cc8a079..abef40c 100644 (file)
@@ -3,4 +3,7 @@
 #define SSH_VERSION    "OpenSSH_6.7"
 
 #define SSH_PORTABLE   "p1"
-#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
+
+#define SSH_VERSION_DRAGONFLY  "DragonFly-20050123"
+#define SSH_VERSION_HPN        "_hpn14v5"
+#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE SSH_VERSION_HPN
index bcdee48..e32f741 100644 (file)
@@ -7,6 +7,7 @@ MAN=    pam_ssh.8
 LDADD= -lssh -lcrypto -lcrypt
 DPADD= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT}
 
+WARNS?=        4
 SSHDIR=                ${.CURDIR}/../../../crypto/openssh
 CFLAGS+=       -I${SSHDIR} -include ssh_namespace.h
 
index a933759..688a76c 100644 (file)
@@ -3,8 +3,8 @@ SSHDIR=         ${.CURDIR}/../../../crypto/openssh
 CFLAGS+=       -I${.CURDIR}/../../lib/libssh -I${SSHDIR} -include ssh_namespace.h
 
 .if ${.CURDIR:T} != "libssh"
-DPADD+=        ${LIBSSH} ${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
-LDADD+=        -lssh -lcrypto -lutil -lz
+DPADD+=        ${LIBSSH} ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBPTHREAD}
+LDADD+=        -lssh -lcrypto -lutil -lz -lpthread
 .endif
 
-.PATH: ${SSHDIR}
+.PATH: ${SSHDIR} ${SSHDIR}/openbsd-compat
index f5ef7b5..57c1a48 100644 (file)
@@ -1,24 +1,29 @@
-# $FreeBSD: src/secure/lib/libssh/Makefile,v 1.2.2.7 2003/02/03 17:31:12 des Exp $
-# $DragonFly: src/secure/lib/libssh/Makefile,v 1.13 2008/09/28 17:18:02 pavalos Exp $
-
 LIB=   ssh
 SHLIB_MAJOR= 4
-SRCS=  acss.c authfd.c authfile.c bufaux.c bufbn.c buffer.c \
-       canohost.c channels.c cipher.c cipher-acss.c cipher-aes.c \
-       cipher-bf1.c cipher-ctr.c cipher-3des1.c cleanup.c \
+SRCS=  ssherr.c \
+       sshbuf.c \
+       sshkey.c \
+       sshbuf-getput-basic.c \
+       sshbuf-misc.c \
+       sshbuf-getput-crypto.c
+SRCS+= authfd.c authfile.c bufaux.c bufbn.c buffer.c \
+       canohost.c channels.c cipher.c cipher-aes.c \
+       cipher-bf1.c cipher-ctr.c cipher-ctr-mt.c cipher-3des1.c cleanup.c \
        compat.c compress.c crc32.c deattack.c fatal.c hostfile.c \
        log.c match.c md-sha256.c moduli.c nchan.c packet.c \
        readpass.c rsa.c ttymodes.c xmalloc.c addrmatch.c \
        atomicio.c key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \
        monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c \
        kexdh.c kexgex.c kexdhc.c kexgexc.c bufec.c kexecdh.c kexecdhc.c \
-       msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c jpake.c \
-       schnorr.c ssh-pkcs11.c
+       msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c umac128.c \
+       ssh-pkcs11.c krl.c smult_curve25519_ref.c \
+       kexc25519.c kexc25519c.c poly1305.c chacha.c cipher-chachapoly.c \
+       ssh-ed25519.c digest-openssl.c hmac.c \
+       sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c blocks.c
 # Portability layer
-SRCS+= bsd-misc.c getrrsetbyname.c glob.c openssl-compat.c \
+SRCS+= bcrypt_pbkdf.c blowfish.c bsd-misc.c explicit_bzero.c \
+       getrrsetbyname.c glob.c openssl-compat.c \
        port-tun.c timingsafe_bcmp.c
-# FreeBSD additions
-SRCS+= version.c
 
 MAN=   moduli.5
 
@@ -26,5 +31,3 @@ WARNS?=       0
 
 .include "../../Makefile.ssh.common"
 .include <bsd.lib.mk>
-
-.PATH: ${SSHDIR}/openbsd-compat
index fd38c9c..eb5ffb9 100644 (file)
 /* Can't do comparisons on readv */
 /* #undef BROKEN_READV_COMPARISON */
 
+/* NetBSD read function is sometimes redirected, breaking atomicio comparisons
+   against it */
+/* #undef BROKEN_READ_COMPARISON */
+
 /* Define if you have a broken realpath. */
 /* #undef BROKEN_REALPATH */
 
@@ -75,6 +79,9 @@
 /* Define if your snprintf is busted */
 /* #undef BROKEN_SNPRINTF */
 
+/* FreeBSD strnvis argument order is swapped compared to OpenBSD */
+/* #undef BROKEN_STRNVIS */
+
 /* tcgetattr with ICANON may hang */
 /* #undef BROKEN_TCGETATTR_ICANON */
 
 /* Define to 1 if you have the `arc4random_buf' function. */
 #define HAVE_ARC4RANDOM_BUF 1
 
+/* Define to 1 if you have the `arc4random_stir' function. */
+#define HAVE_ARC4RANDOM_STIR 1
+
 /* Define to 1 if you have the `arc4random_uniform' function. */
 #define HAVE_ARC4RANDOM_UNIFORM 1
 
 /* Define to 1 if you have the `bcopy' function. */
 #define HAVE_BCOPY 1
 
+/* Define to 1 if you have the `bcrypt_pbkdf' function. */
+/* #undef HAVE_BCRYPT_PBKDF */
+
 /* Define to 1 if you have the `bindresvport_sa' function. */
 #define HAVE_BINDRESVPORT_SA 1
 
+/* Define to 1 if you have the `blf_enc' function. */
+/* #undef HAVE_BLF_ENC */
+
+/* Define to 1 if you have the <blf.h> header file. */
+/* #undef HAVE_BLF_H */
+
+/* Define to 1 if you have the `Blowfish_expand0state' function. */
+/* #undef HAVE_BLOWFISH_EXPAND0STATE */
+
+/* Define to 1 if you have the `Blowfish_expandstate' function. */
+/* #undef HAVE_BLOWFISH_EXPANDSTATE */
+
+/* Define to 1 if you have the `Blowfish_initstate' function. */
+/* #undef HAVE_BLOWFISH_INITSTATE */
+
+/* Define to 1 if you have the `Blowfish_stream2word' function. */
+/* #undef HAVE_BLOWFISH_STREAM2WORD */
+
 /* Define to 1 if you have the `BN_is_prime_ex' function. */
 #define HAVE_BN_IS_PRIME_EX 1
 
+/* Define to 1 if you have the <bsd/libutil.h> header file. */
+/* #undef HAVE_BSD_LIBUTIL_H */
+
 /* Define to 1 if you have the <bsm/audit.h> header file. */
 /* #undef HAVE_BSM_AUDIT_H */
 
 /* Define to 1 if you have the <bstring.h> header file. */
 /* #undef HAVE_BSTRING_H */
 
+/* Define to 1 if you have the `cap_rights_limit' function. */
+/* #undef HAVE_CAP_RIGHTS_LIMIT */
+
 /* Define to 1 if you have the `clock' function. */
 #define HAVE_CLOCK 1
 
+/* Have clock_gettime */
+#define HAVE_CLOCK_GETTIME 1
+
 /* define if you have clock_t data type */
 #define HAVE_CLOCK_T 1
 
 /* Define if your system uses ancillary data style file descriptor passing */
 #define HAVE_CONTROL_IN_MSGHDR 1
 
+/* Define to 1 if you have the `crypt' function. */
+/* #undef HAVE_CRYPT */
+
 /* Define to 1 if you have the <crypto/sha2.h> header file. */
 /* #undef HAVE_CRYPTO_SHA2_H */
 
    don't. */
 #define HAVE_DECL_GLOB_NOMATCH 1
 
+/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
+   and to 0 if you don't. */
+/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */
+
+/* Define to 1 if you have the declaration of `howmany', and to 0 if you
+   don't. */
+#define HAVE_DECL_HOWMANY 1
+
 /* Define to 1 if you have the declaration of `h_errno', and to 0 if you
    don't. */
 #define HAVE_DECL_H_ERRNO 1
    don't. */
 #define HAVE_DECL_MAXSYMLINKS 1
 
+/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
+   don't. */
+#define HAVE_DECL_NFDBITS 1
+
 /* Define to 1 if you have the declaration of `offsetof', and to 0 if you
    don't. */
 #define HAVE_DECL_OFFSETOF 1
    don't. */
 #define HAVE_DECL__GETSHORT 0
 
+/* Define to 1 if you have the `DES_crypt' function. */
+#define HAVE_DES_CRYPT 1
+
 /* Define if you have /dev/ptmx */
 #define HAVE_DEV_PTMX 1
 
 /* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
 #define HAVE_DSA_GENERATE_PARAMETERS_EX 1
 
+/* Define to 1 if you have the <elf.h> header file. */
+#define HAVE_ELF_H 1
+
+/* Define to 1 if you have the `endgrent' function. */
+#define HAVE_ENDGRENT 1
+
 /* Define to 1 if you have the <endian.h> header file. */
 /* #undef HAVE_ENDIAN_H */
 
 /* Define if your system has /etc/default/login */
 /* #undef HAVE_ETC_DEFAULT_LOGIN */
 
+/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
+#define HAVE_EVP_CIPHER_CTX_CTRL 1
+
+/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
+#define HAVE_EVP_DIGESTFINAL_EX 1
+
+/* Define to 1 if you have the `EVP_DigestInit_ex' function. */
+#define HAVE_EVP_DIGESTINIT_EX 1
+
+/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */
+#define HAVE_EVP_MD_CTX_CLEANUP 1
+
+/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
+#define HAVE_EVP_MD_CTX_COPY_EX 1
+
+/* Define to 1 if you have the `EVP_MD_CTX_init' function. */
+#define HAVE_EVP_MD_CTX_INIT 1
+
+/* Define to 1 if you have the `EVP_ripemd160' function. */
+#define HAVE_EVP_RIPEMD160 1
+
 /* Define to 1 if you have the `EVP_sha256' function. */
 #define HAVE_EVP_SHA256 1
 
 /* Define if you have ut_exit in utmp.h */
 /* #undef HAVE_EXIT_IN_UTMP */
 
+/* Define to 1 if you have the `explicit_bzero' function. */
+/* #undef HAVE_EXPLICIT_BZERO */
+
 /* Define to 1 if you have the `fchmod' function. */
 #define HAVE_FCHMOD 1
 
 /* Define to 1 if you have the <fcntl.h> header file. */
 #define HAVE_FCNTL_H 1
 
+/* Define to 1 if the system has the type `fd_mask'. */
+#define HAVE_FD_MASK 1
+
 /* Define to 1 if you have the <features.h> header file. */
 /* #undef HAVE_FEATURES_H */
 
 /* Define to 1 if the system has the type `fsfilcnt_t'. */
 #define HAVE_FSFILCNT_T 1
 
+/* Define to 1 if you have the `fstatfs' function. */
+#define HAVE_FSTATFS 1
+
 /* Define to 1 if you have the `fstatvfs' function. */
 #define HAVE_FSTATVFS 1
 
 /* Define to 1 if you have the `getpeerucred' function. */
 /* #undef HAVE_GETPEERUCRED */
 
+/* Define to 1 if you have the `getpgid' function. */
+#define HAVE_GETPGID 1
+
+/* Define to 1 if you have the `getpgrp' function. */
+#define HAVE_GETPGRP 1
+
 /* Define to 1 if you have the `getpwanam' function. */
 /* #undef HAVE_GETPWANAM */
 
 /* define if you have int64_t data type */
 #define HAVE_INT64_T 1
 
+/* Define to 1 if the system has the type `intmax_t'. */
+#define HAVE_INTMAX_T 1
+
 /* Define to 1 if you have the <inttypes.h> header file. */
 #define HAVE_INTTYPES_H 1
 
 /* Define if you have isblank(3C). */
 #define HAVE_ISBLANK 1
 
+/* Define to 1 if you have the `krb5_cc_new_unique' function. */
+/* #undef HAVE_KRB5_CC_NEW_UNIQUE */
+
+/* Define to 1 if you have the `krb5_free_error_message' function. */
+/* #undef HAVE_KRB5_FREE_ERROR_MESSAGE */
+
+/* Define to 1 if you have the `krb5_get_error_message' function. */
+/* #undef HAVE_KRB5_GET_ERROR_MESSAGE */
+
 /* Define to 1 if you have the <lastlog.h> header file. */
 /* #undef HAVE_LASTLOG_H */
 
 /* Define to 1 if you have the <linux/seccomp.h> header file. */
 /* #undef HAVE_LINUX_SECCOMP_H */
 
+/* Define to 1 if you have the <locale.h> header file. */
+#define HAVE_LOCALE_H 1
+
 /* Define to 1 if you have the `login' function. */
 #define HAVE_LOGIN 1
 
 /* Define to 1 if you have the <maillock.h> header file. */
 /* #undef HAVE_MAILLOCK_H */
 
+/* Define to 1 if you have the `mblen' function. */
+#define HAVE_MBLEN 1
+
 /* Define to 1 if you have the `md5_crypt' function. */
 /* #undef HAVE_MD5_CRYPT */
 
 /* Define to 1 if you have the <memory.h> header file. */
 #define HAVE_MEMORY_H 1
 
+/* Define to 1 if you have the `memset_s' function. */
+/* #undef HAVE_MEMSET_S */
+
 /* Define to 1 if you have the `mkdtemp' function. */
 #define HAVE_MKDTEMP 1
 
 /* Define to 1 if you have the `pututxline' function. */
 #define HAVE_PUTUTXLINE 1
 
-/* Define if your password has a pw_change field */
-#define HAVE_PW_CHANGE_IN_PASSWD 1
-
-/* Define if your password has a pw_class field */
-#define HAVE_PW_CLASS_IN_PASSWD 1
-
-/* Define if your password has a pw_expire field */
-#define HAVE_PW_EXPIRE_IN_PASSWD 1
-
 /* Define to 1 if you have the `readpassphrase' function. */
 #define HAVE_READPASSPHRASE 1
 
 /* define if you have sa_family_t data type */
 #define HAVE_SA_FAMILY_T 1
 
+/* Define to 1 if you have the `scan_scaled' function. */
+/* #undef HAVE_SCAN_SCALED */
+
 /* Define if you have SecureWare-based protected password database */
 /* #undef HAVE_SECUREWARE */
 
 /* Define to 1 if you have the `strtoul' function. */
 #define HAVE_STRTOUL 1
 
+/* Define to 1 if you have the `strtoull' function. */
+#define HAVE_STRTOULL 1
+
 /* define if you have struct addrinfo data type */
 #define HAVE_STRUCT_ADDRINFO 1
 
 /* define if you have struct in6_addr data type */
 #define HAVE_STRUCT_IN6_ADDR 1
 
+/* Define to 1 if `pw_change' is a member of `struct passwd'. */
+#define HAVE_STRUCT_PASSWD_PW_CHANGE 1
+
+/* Define to 1 if `pw_class' is a member of `struct passwd'. */
+#define HAVE_STRUCT_PASSWD_PW_CLASS 1
+
+/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
+#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1
+
+/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
+#define HAVE_STRUCT_PASSWD_PW_GECOS 1
+
 /* define if you have struct sockaddr_in6 data type */
 #define HAVE_STRUCT_SOCKADDR_IN6 1
 
 /* Define to 1 if you have the <sys/bsdtty.h> header file. */
 /* #undef HAVE_SYS_BSDTTY_H */
 
+/* Define to 1 if you have the <sys/capability.h> header file. */
+/* #undef HAVE_SYS_CAPABILITY_H */
+
 /* Define to 1 if you have the <sys/cdefs.h> header file. */
 #define HAVE_SYS_CDEFS_H 1
 
 /* Define to 1 if you have the <ucred.h> header file. */
 /* #undef HAVE_UCRED_H */
 
+/* Define to 1 if the system has the type `uintmax_t'. */
+#define HAVE_UINTMAX_T 1
+
 /* define if you have uintxx_t data type */
 #define HAVE_UINTXX_T 1
 
 /* Define to 1 if you have the `user_from_uid' function. */
 #define HAVE_USER_FROM_UID 1
 
+/* Define to 1 if you have the `usleep' function. */
+#define HAVE_USLEEP 1
+
 /* Define to 1 if you have the <util.h> header file. */
 #define HAVE_UTIL_H 1
 
 /* Define if va_copy exists */
 #define HAVE_VA_COPY 1
 
-/* Define to 1 if you have the `vhangup' function. */
-/* #undef HAVE_VHANGUP */
-
 /* Define to 1 if you have the <vis.h> header file. */
 #define HAVE_VIS_H 1
 
 /* Define if pututxline updates lastlog too */
 /* #undef LASTLOG_WRITE_PUTUTXLINE */
 
-/* Define if you want TCP Wrappers support */
-#define LIBWRAP 1
-
 /* Define to whatever link() returns for "not supported" if it doesn't return
    EOPNOTSUPP. */
 /* #undef LINK_OPNOTSUPP_ERRNO */
 /* Set this to your mail directory if you do not have _PATH_MAILDIR */
 /* #undef MAIL_DIRECTORY */
 
-/* Define on *nto-qnx systems */
-/* #undef MISSING_FD_MASK */
-
-/* Define on *nto-qnx systems */
-/* #undef MISSING_HOWMANY */
-
-/* Define on *nto-qnx systems */
-/* #undef MISSING_NFDBITS */
-
 /* Need setpgrp to acquire controlling tty */
 /* #undef NEED_SETPGRP */
 
+/* compiler does not accept __attribute__ on return types */
+/* #undef NO_ATTRIBUTE_ON_RETURN_TYPE */
+
 /* Define if the concept of ports only accessible to superusers isn't known */
 /* #undef NO_IPPORT_RESERVED_CONCEPT */
 
 /* Define if EVP_DigestUpdate returns void */
 /* #undef OPENSSL_EVP_DIGESTUPDATE_VOID */
 
-/* libcrypto includes complete ECC support */
+/* OpenSSL has ECC */
 #define OPENSSL_HAS_ECC 1
 
+/* libcrypto has NID_X9_62_prime256v1 */
+#define OPENSSL_HAS_NISTP256 1
+
+/* libcrypto has NID_secp384r1 */
+#define OPENSSL_HAS_NISTP384 1
+
+/* libcrypto has NID_secp521r1 */
+#define OPENSSL_HAS_NISTP521 1
+
+/* libcrypto has EVP AES CTR */
+#define OPENSSL_HAVE_EVPCTR 1
+
+/* libcrypto has EVP AES GCM */
+#define OPENSSL_HAVE_EVPGCM 1
+
 /* libcrypto is missing AES 192 and 256 bit functions */
 /* #undef OPENSSL_LOBOTOMISED_AES */
 
 /* must supply username to passwd */
 /* #undef PASSWD_NEEDS_USERNAME */
 
+/* System dirs owned by bin (uid 2) */
+/* #undef PLATFORM_SYS_DIR_UID */
+
 /* Port number of PRNGD/EGD random number socket */
 /* #undef PRNGD_PORT */
 
 /* read(1) can return 0 for a non-closed fd */
 /* #undef PTY_ZEROREAD */
 
+/* Sandbox using capsicum */
+/* #undef SANDBOX_CAPSICUM */
+
 /* Sandbox using Darwin sandbox_init(3) */
 /* #undef SANDBOX_DARWIN */
 
 /* setrlimit RLIMIT_FSIZE works */
 /* #undef SANDBOX_SKIP_RLIMIT_FSIZE */
 
+/* define if setrlimit RLIMIT_NOFILE breaks things */
+/* #undef SANDBOX_SKIP_RLIMIT_NOFILE */
+
 /* Sandbox using systrace(4) */
 /* #undef SANDBOX_SYSTRACE */
 
 /* Define if you want IRIX project management */
 /* #undef WITH_IRIX_PROJECT */
 
+/* use libcrypto for cryptography */
+#define WITH_OPENSSL 1
+
 /* Define if you want SELinux support. */
 /* #undef WITH_SELINUX */
 
+/* include SSH protocol version 1 support */
+#define WITH_SSH1 1
+
 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
    significant byte first (like Motorola and SPARC, unlike Intel). */
 #if defined AC_APPLE_UNIVERSAL_BUILD
diff --git a/secure/lib/libssh/version.c b/secure/lib/libssh/version.c
deleted file mode 100644 (file)
index 68c1c83..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-/*-
- * Copyright (c) 2001 Brian Fundakowski Feldman
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD: src/crypto/openssh/version.c,v 1.1.2.3 2003/02/03 17:31:08 des Exp $
- * $DragonFly: src/secure/lib/libssh/version.c,v 1.1 2004/07/31 20:05:00 geekgod Exp $
- */
-
-#include <string.h>
-#include "version.h"
-#include "includes.h"
-#include "xmalloc.h"
-
-
-static char *version = NULL;
-
-const char *
-ssh_version_get(void) {
-
-       if (version == NULL)
-               version = xstrdup(SSH_VERSION_BASE " " SSH_VERSION_ADDENDUM);
-       return (version);
-}
-
-void
-ssh_version_set_addendum(const char *add) {
-       char *newvers;
-       size_t size;
-
-       if (add != NULL) {
-               size = strlen(SSH_VERSION_BASE) + 1 + strlen(add) + 1;
-               newvers = xmalloc(size);
-               snprintf(newvers, size, "%s %s", SSH_VERSION_BASE, add);
-       } else {
-               newvers = xstrdup(SSH_VERSION_BASE);
-       }
-       if (version != NULL)
-               xfree(version);
-       version = newvers;
-}
diff --git a/secure/lib/libssh/version.h b/secure/lib/libssh/version.h
deleted file mode 100644 (file)
index 3efed14..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-/* $OpenBSD: version.h,v 1.46 2006/02/01 11:27:22 markus Exp $ */
-/* $DragonFly: src/secure/lib/libssh/version.h,v 1.10 2008/09/28 03:19:46 pavalos Exp $ */
-
-#ifndef SSH_VERSION
-
-#define        SSH_VERSION             (ssh_version_get())
-#define        SSH_RELEASE             (ssh_version_get())
-#define        SSH_VERSION_BASE        "OpenSSH_6.1p1-hpn13v11"
-#define        SSH_VERSION_ADDENDUM    "DragonFly-20121028"
-
-const char *ssh_version_get(void);
-void ssh_version_set_addendum(const char *add);
-#endif /* SSH_VERSION */
index d900175..36e7b95 100644 (file)
@@ -11,5 +11,3 @@ SRCS+=        fmt_scaled.c
 
 .include "../../Makefile.ssh.common"
 .include <bsd.prog.mk>
-
-.PATH: ${SSHDIR}/openbsd-compat
index 5b21fd6..ce96b55 100644 (file)
@@ -3,6 +3,7 @@
 
 PROG=  ssh-keysign
 SRCS=  ssh-keysign.c readconf.c roaming_dummy.c
+SRCS+= fmt_scaled.c
 MAN=   ssh-keysign.8
 .if defined(ENABLE_SUID_SSH)
 BINMODE=4511
index ff7e241..47cb353 100644 (file)
@@ -12,5 +12,3 @@ LDADD+=       -ledit -ltermcap
 
 .include "../../Makefile.ssh.common"
 .include <bsd.prog.mk>
-
-.PATH: ${SSHDIR}/openbsd-compat
index 29734d9..5b872f4 100644 (file)
@@ -4,11 +4,12 @@ PROG= ssh
 LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
 MAN=   ssh.1 ssh_config.5
 MLINKS=        ssh.1 slogin.1
-WARNS?=        2
+WARNS?=        0
 
 SRCS=  ssh.c readconf.c clientloop.c sshtty.c \
        sshconnect.c sshconnect1.c sshconnect2.c mux.c \
        roaming_common.c roaming_client.c
+SRCS+= fmt_scaled.c
 
 XAUTH_PATH?=   /usr/local/bin/xauth
 CFLAGS+= -DXAUTH_PATH=\"${XAUTH_PATH}\"
index 10dd4ee..621f4aa 100644 (file)
@@ -7,9 +7,9 @@ SRCS=   sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
        auth.c auth1.c auth2.c auth-options.c session.c \
        auth-chall.c auth2-chall.c groupaccess.c \
        auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
-       auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-jpake.c \
+       auth2-none.c auth2-passwd.c auth2-pubkey.c \
        monitor_mm.c monitor.c monitor_wrap.c kexdhs.c kexgexs.c kexecdhs.c \
-       auth-krb5.c \
+       kexc25519s.c auth-krb5.c \
        auth2-gss.c gss-serv.c gss-serv-krb5.c \
        loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \
        sftp-server.c sftp-common.c \
@@ -41,6 +41,3 @@ DPADD+=       ${LIBCRYPT} ${LIBWRAP} ${LIBPAM}
 
 .include "../../Makefile.ssh.common"
 .include <bsd.prog.mk>
-
-.PATH: ${SSHDIR}/openbsd-compat
-
index b463740..19f77d9 100644 (file)
@@ -63,7 +63,7 @@ CRUNCH_ALIAS_ssh= scp
 
 CRUNCH_KEEP_ssh= roaming_write roaming_read add_recv_bytes
 
-CRUNCH_LIBS+= -lssh -lcrypto -lz
+CRUNCH_LIBS+= -lssh -lcrypto -lz -lpthread
 
 .include <bsd.crunchgen.mk>
 .include <bsd.prog.mk>