Merge remote-tracking branch 'refs/remotes/origin/L1'

Author: dkulwin

.gitattributes

@@ -21,3 +21,4 @@
 *.sh text eol=lf
 config.sub text eol=lf
 fixalgorithms text eol=lf
+runconfigure text eol=lf

.gitignore

@@ -254,4 +254,13 @@ regress/t6.out1
 Makefile
 openbsd-compat/Makefile
 openbsd-compat/regress/Makefile
-contrib/win32/win32compat/Makefile
+contrib/win32/win32compat/Makefile
+config.h
+config.h
+regress/rsa_ssh2_cr.prv
+regress/rsa_ssh2_crnl.prv
+regress/t7.out.pub
+regress/t6.out2
+config.h
+configure
+config.h

Makefile

@@ -44,7 +44,7 @@ CC=@CC@
 LD=@LD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-LIBS=@LIBS@
+LIBS=@LIBS@ -lbcrypt
 K5LIBS=@K5LIBS@
 GSSLIBS=@GSSLIBS@
 SSHLIBS=@SSHLIBS@
@@ -58,7 +58,7 @@ PERL=@PERL@
 SED=@SED@
 ENT=@ENT@
 XAUTH_PATH=@XAUTH_PATH@
-LDFLAGS=-L. -Lopenbsd-compat/ -Lcontrib/win32/win32compat @LDFLAGS@
+LDFLAGS=-L. -Lopenbsd-compat/ -Lcontrib/win32/win32compat @LDFLAGS@ -L/lib/w32api
 EXEEXT=@EXEEXT@
 MANFMT=@MANFMT@
 

Makefile.in

@@ -1,4 +1,5 @@
 See http://www.openssh.com/txt/release-7.1 for the release notes.
+See https://github.com/PowerShell/Win32-OpenSSH/wiki for build/deployment information
 
 Please read http://www.openssh.com/report.html for bug reporting
 instructions and note that we do not use Github for bug reporting or

README

@@ -2454,25 +2454,16 @@ channel_input_data(int type, u_int32_t seq, void *ctxt)
 		c->local_window -= win_len;
 	}
 
-	#ifdef WIN32_FIXME
-	if ( (c->client_tty) && (data_len >= 5) ) {
-		if ( data[0] == '\033' ) { // escape char octal 33, decimal 27
-			if ( (data[1] == '[') && (data[2]== '2') && (data[3]== '0') && ( data[4]== 'h' )) {
-				lftocrlf = 1;
-				data = data + 5 ; // we have processed the 5 bytes ESC sequence
-				data_len = data_len - 5;
-			}
-		}
-	}
-	#endif
-
 	if (c->datagram)
 		buffer_put_string(&c->output, data, data_len);
 	else {
 		#ifndef WIN32_FIXME
 		buffer_append(&c->output, data, data_len);
 		#else
-		buffer_append(&c->output, data, data_len);
+		if ( c->client_tty )
+			telProcessNetwork ( data, data_len ); // run it by ANSI engine if it is the ssh client
+		else
+			buffer_append(&c->output, data, data_len); // it is the sshd server, so pass it on
 		if ( c->isatty ) {
 			buffer_append(&c->input, data, data_len); // we echo the data if it is sshd server and pty interactive mode
 			if ( (data_len ==1) && (data[0] == '\b') )

channels.c

@@ -34,7 +34,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
+ 
 #include "includes.h"
 
 #include <sys/types.h>
@@ -43,6 +43,7 @@
 #include <stdarg.h>
 #include <stdio.h>
 
+
 #include "cipher.h"
 #include "misc.h"
 #include "sshbuf.h"
@@ -51,6 +52,12 @@
 
 #include "openbsd-compat/openssl-compat.h"
 
+
+
+#ifdef USE_MSCNG
+#undef WITH_OPENSSL
+#endif
+
 #ifdef WITH_SSH1
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
@@ -108,9 +115,19 @@ static const struct sshcipher ciphers[] = {
 			SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
 # endif /* OPENSSL_HAVE_EVPGCM */
 #else /* WITH_OPENSSL */
+
+#ifdef USE_MSCNG
+	{ "aes128-ctr",	SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CTR, NULL },
+	{ "aes192-ctr",	SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CTR, NULL },
+	{ "aes256-ctr",	SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CTR, NULL },
+	{ "aes128-cbc",	SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CBC, NULL },
+	{ "aes192-cbc",	SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CBC, NULL },
+	{ "aes256-cbc",	SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CBC, NULL },	
+#else
 	{ "aes128-ctr",	SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL },
 	{ "aes192-ctr",	SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL },
 	{ "aes256-ctr",	SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL },
+#endif	
 	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL },
 #endif /* WITH_OPENSSL */
 	{ "[email protected]",
@@ -293,6 +310,8 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher,
     const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
     int do_encrypt)
 {
+
+	
 #ifdef WITH_OPENSSL
 	int ret = SSH_ERR_INTERNAL_ERROR;
 	const EVP_CIPHER *type;
@@ -316,11 +335,25 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher,
 		return chachapoly_init(&cc->cp_ctx, key, keylen);
 	}
 #ifndef WITH_OPENSSL
+
+#ifdef USE_MSCNG
+
+    /* cng shares cipher flag with NONE.  Make sure the NONE cipher isn't requested */
+	if ((cc->cipher->flags & CFLAG_NONE) == 0)
+	{
+
+		if (cng_cipher_init(&cc->cng_ctx,key,keylen,iv, ivlen,cc->cipher->flags))
+			return SSH_ERR_LIBCRYPTO_ERROR;
+
+		return 0;
+	}
+#else
 	if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
 		aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen);
 		aesctr_ivsetup(&cc->ac_ctx, iv);
 		return 0;
 	}
+#endif	
 	if ((cc->cipher->flags & CFLAG_NONE) != 0)
 		return 0;
 	return SSH_ERR_INVALID_ARGUMENT;
@@ -373,6 +406,7 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher,
 	return 0;
 }
 
+
 /*
  * cipher_crypt() operates as following:
  * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'.
@@ -387,18 +421,44 @@ int
 cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
    const u_char *src, u_int len, u_int aadlen, u_int authlen)
 {
+#ifdef USE_MSCNG
+	int ret = 0;
+#endif 	
+	
 	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
 		return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src,
 		    len, aadlen, authlen, cc->encrypt);
 	}
 #ifndef WITH_OPENSSL
-	if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
+
+#ifdef USE_MSCNG
+
+    /* cng shares cipher flag with NONE.  Make sure the NONE cipher isn't requested */
+	if ((cc->cipher->flags & CFLAG_NONE) == 0)
+	{
+		if (aadlen)
+			memcpy(dest, src, aadlen);
+		if (cc->encrypt)
+			ret = cng_cipher_encrypt(&cc->cng_ctx,dest+aadlen, len, src+aadlen,len);
+		else
+			ret = cng_cipher_decrypt(&cc->cng_ctx,dest+aadlen, len, src+aadlen, len);
+		
+		if (ret != len){
+			return SSH_ERR_LIBCRYPTO_ERROR;
+		}
+		return 0;
+	}
+#else
+		if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
 		if (aadlen)
 			memcpy(dest, src, aadlen);
 		aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen,
 		    dest + aadlen, len);
 		return 0;
 	}
+#endif 
+
+	
 	if ((cc->cipher->flags & CFLAG_NONE) != 0) {
 		memcpy(dest, src, aadlen + len);
 		return 0;
@@ -472,6 +532,10 @@ cipher_cleanup(struct sshcipher_ctx *cc)
 	else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
 		return SSH_ERR_LIBCRYPTO_ERROR;
 #endif
+#ifdef USE_MSCNG
+	else
+		cng_cipher_cleanup(&cc->cng_ctx);
+#endif	
 	return 0;
 }
 

cipher.c

@@ -41,7 +41,9 @@
 #include <openssl/evp.h>
 #include "cipher-chachapoly.h"
 #include "cipher-aesctr.h"
-
+#ifdef USE_MSCNG
+#include "contrib/win32/win32compat/cng_cipher.h"
+#endif
 /*
  * Cipher types for SSH-1.  New types can be added, but old types should not
  * be removed for compatibility.  The maximum allowed value is 31.
@@ -70,6 +72,10 @@ struct sshcipher_ctx {
 	struct chachapoly_ctx cp_ctx; /* XXX union with evp? */
 	struct aesctr_ctx ac_ctx; /* XXX union with evp? */
 	const struct sshcipher *cipher;
+	#ifdef USE_MSCNG
+	struct ssh_cng_cipher_ctx  cng_ctx;
+	#endif
+	
 };
 
 u_int	 cipher_mask_ssh1(int);