Pull up blacklistd(8), requested by christos in ticket #711: netbsd-7
authorriz <riz@NetBSD.org>
Thu, 30 Apr 2015 06:07:29 +0000
branchnetbsd-7
changeset 254234 99fdc5b34c9c
parent 254233 9ca6415907e0
child 254235 76b4db19f72c
Pull up blacklistd(8), requested by christos in ticket #711: crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1 crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2 crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3 crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3 crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1 crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1 crypto/external/bsd/openssh/dist/blf.h up to 1.1 crypto/external/bsd/openssh/dist/blocks.c up to 1.3 crypto/external/bsd/openssh/dist/blowfish.c up to 1.2 crypto/external/bsd/openssh/dist/chacha.c up to 1.3 crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2 crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3 crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3 crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3 crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/ed25519.c up to 1.3 crypto/external/bsd/openssh/dist/fe25519.c up to 1.3 crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ge25519.c up to 1.3 crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1 crypto/external/bsd/openssh/dist/hash.c up to 1.3 crypto/external/bsd/openssh/dist/hmac.c up to 1.3 crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3 crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3 crypto/external/bsd/openssh/dist/poly1305.c up to 1.3 crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2 crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/sc25519.c up to 1.3 crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4 crypto/external/bsd/openssh/dist/ssherr.c up to 1.3 crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/sshkey.c up to 1.3 crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/verify.c up to 1.3 crypto/external/bsd/openssh/dist/opacket.c up to 1.2 crypto/external/bsd/openssh/dist/umac128.c up to 1.1 crypto/external/bsd/openssh/dist/pfilter.c up to 1.2 crypto/external/bsd/openssh/dist/pfilter.h up to 1.1 crypto/external/bsd/openssh/dist/bitmap.h up to 1.2 crypto/external/bsd/openssh/dist/opacket.h up to 1.2 crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2 crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2 crypto/external/bsd/openssh/dist/auth2-jpake.c delete crypto/external/bsd/openssh/dist/compress.c delete crypto/external/bsd/openssh/dist/compress.h delete crypto/external/bsd/openssh/dist/jpake.c delete crypto/external/bsd/openssh/dist/jpake.h delete crypto/external/bsd/openssh/dist/schnorr.c delete crypto/external/bsd/openssh/dist/schnorr.h delete crypto/external/bsd/openssh/dist/strtonum.c 1.1 crypto/external/bsd/openssh/Makefile.inc up to 1.8 crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3 crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2 crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12 crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5 crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2 crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8 crypto/external/bsd/openssh/dist/atomicio.c up to 1.6 crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4 crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6 crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7 crypto/external/bsd/openssh/dist/auth-options.c up to 1.9 crypto/external/bsd/openssh/dist/auth-options.h up to 1.6 crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4 crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6 crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5 crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10 crypto/external/bsd/openssh/dist/auth.c up to 1.12 crypto/external/bsd/openssh/dist/auth.h up to 1.10 crypto/external/bsd/openssh/dist/auth1.c up to 1.11 crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7 crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8 crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7 crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4 crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11 crypto/external/bsd/openssh/dist/auth2.c up to 1.11 crypto/external/bsd/openssh/dist/authfd.c up to 1.8 crypto/external/bsd/openssh/dist/authfd.h up to 1.5 crypto/external/bsd/openssh/dist/authfile.c up to 1.10 crypto/external/bsd/openssh/dist/authfile.h up to 1.6 crypto/external/bsd/openssh/dist/bufaux.c up to 1.7 crypto/external/bsd/openssh/dist/bufbn.c up to 1.5 crypto/external/bsd/openssh/dist/bufec.c up to 1.5 crypto/external/bsd/openssh/dist/buffer.c up to 1.6 crypto/external/bsd/openssh/dist/buffer.h up to 1.7 crypto/external/bsd/openssh/dist/canohost.c up to 1.8 crypto/external/bsd/openssh/dist/channels.c up to 1.13 crypto/external/bsd/openssh/dist/channels.h up to 1.10 crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7 crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6 crypto/external/bsd/openssh/dist/cipher.c up to 1.7 crypto/external/bsd/openssh/dist/cipher.h up to 1.7 crypto/external/bsd/openssh/dist/clientloop.c up to 1.13 crypto/external/bsd/openssh/dist/compat.c up to 1.9 crypto/external/bsd/openssh/dist/compat.h up to 1.6 crypto/external/bsd/openssh/dist/deattack.c up to 1.4 crypto/external/bsd/openssh/dist/deattack.h up to 1.4 crypto/external/bsd/openssh/dist/dh.c up to 1.8 crypto/external/bsd/openssh/dist/dh.h up to 1.4 crypto/external/bsd/openssh/dist/dispatch.c up to 1.5 crypto/external/bsd/openssh/dist/dispatch.h up to 1.4 crypto/external/bsd/openssh/dist/dns.c up to 1.11 crypto/external/bsd/openssh/dist/dns.h up to 1.6 crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5 crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7 crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8 crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7 crypto/external/bsd/openssh/dist/hostfile.c up to 1.7 crypto/external/bsd/openssh/dist/hostfile.h up to 1.7 crypto/external/bsd/openssh/dist/includes.h up to 1.4 crypto/external/bsd/openssh/dist/kex.c up to 1.10 crypto/external/bsd/openssh/dist/kex.h up to 1.9 crypto/external/bsd/openssh/dist/kexdh.c up to 1.4 crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6 crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8 crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5 crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5 crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5 crypto/external/bsd/openssh/dist/kexgex.c up to 1.4 crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6 crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8 crypto/external/bsd/openssh/dist/key.c up to 1.16 crypto/external/bsd/openssh/dist/key.h up to 1.9 crypto/external/bsd/openssh/dist/krl.c up to 1.5 crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/mac.c up to 1.11 crypto/external/bsd/openssh/dist/mac.h up to 1.5 crypto/external/bsd/openssh/dist/match.c up to 1.5 crypto/external/bsd/openssh/dist/misc.c up to 1.10 crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch crypto/external/bsd/openssh/dist/moduli.c up to 1.8 crypto/external/bsd/openssh/dist/monitor.c up to 1.14 crypto/external/bsd/openssh/dist/monitor.h up to 1.7 crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5 crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6 crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4 crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11 crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8 crypto/external/bsd/openssh/dist/msg.c up to 1.4 crypto/external/bsd/openssh/dist/msg.h up to 1.4 crypto/external/bsd/openssh/dist/mux.c up to 1.11 crypto/external/bsd/openssh/dist/myproposal.h up to 1.10 crypto/external/bsd/openssh/dist/namespace.h up to 1.5 crypto/external/bsd/openssh/dist/packet.c up to 1.18 crypto/external/bsd/openssh/dist/packet.h up to 1.11 crypto/external/bsd/openssh/dist/pathnames.h up to 1.9 crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4 crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7 crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4 crypto/external/bsd/openssh/dist/reallocarray.c new crypto/external/bsd/openssh/dist/readconf.c up to 1.13 crypto/external/bsd/openssh/dist/readconf.h up to 1.12 crypto/external/bsd/openssh/dist/readpass.c up to 1.6 crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7 crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9 crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4 crypto/external/bsd/openssh/dist/rsa.c up to 1.5 crypto/external/bsd/openssh/dist/rsa.h up to 1.4 crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5 crypto/external/bsd/openssh/dist/scp.1 up to 1.9 crypto/external/bsd/openssh/dist/scp.c up to 1.11 crypto/external/bsd/openssh/dist/servconf.c up to 1.17 crypto/external/bsd/openssh/dist/servconf.h up to 1.11 crypto/external/bsd/openssh/dist/serverloop.c up to 1.12 crypto/external/bsd/openssh/dist/session.c up to 1.14 crypto/external/bsd/openssh/dist/session.h up to 1.4 crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13 crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7 crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7 crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5 crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8 crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9 crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11 crypto/external/bsd/openssh/dist/sftp.1 up to 1.11 crypto/external/bsd/openssh/dist/sftp.c up to 1.15 crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9 crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10 crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8 crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14 crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5 crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13 crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16 crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10 crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13 crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9 crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4 crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7 crypto/external/bsd/openssh/dist/ssh.1 up to 1.14 crypto/external/bsd/openssh/dist/ssh.c up to 1.16 crypto/external/bsd/openssh/dist/ssh2.h up to 1.6 crypto/external/bsd/openssh/dist/ssh_config up to 1.8 crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13 crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11 crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6 crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6 crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19 crypto/external/bsd/openssh/dist/sshd.8 up to 1.13 crypto/external/bsd/openssh/dist/sshd.c up to 1.18 crypto/external/bsd/openssh/dist/sshd_config up to 1.13 crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17 crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6 crypto/external/bsd/openssh/dist/sshpty.c up to 1.4 crypto/external/bsd/openssh/dist/uidswap.c up to 1.4 crypto/external/bsd/openssh/dist/umac.c up to 1.9 crypto/external/bsd/openssh/dist/version.h up to 1.14 crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5 crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch crypto/external/bsd/openssh/lib/shlib_version up to 1.13 distrib/sets/lists/base/ad.aarch64 patch distrib/sets/lists/base/ad.arm patch distrib/sets/lists/base/ad.mips patch distrib/sets/lists/base/ad.powerpc patch distrib/sets/lists/base/md.amd64 patch distrib/sets/lists/base/md.sparc64 patch distrib/sets/lists/base/mi patch distrib/sets/lists/base/shl.mi patch distrib/sets/lists/comp/ad.aarch64 patch distrib/sets/lists/comp/ad.arm patch distrib/sets/lists/comp/ad.mips patch distrib/sets/lists/comp/ad.powerpc patch distrib/sets/lists/comp/md.amd64 patch distrib/sets/lists/comp/md.sparc64 patch distrib/sets/lists/comp/mi patch distrib/sets/lists/comp/shl.mi patch distrib/sets/lists/debug/ad.aarch64 patch distrib/sets/lists/debug/ad.arm patch distrib/sets/lists/debug/ad.mips patch distrib/sets/lists/debug/ad.powerpc patch distrib/sets/lists/debug/md.amd64 patch distrib/sets/lists/debug/md.sparc64 patch distrib/sets/lists/debug/shl.mi patch distrib/sets/lists/etc/mi patch distrib/sets/lists/man/mi patch etc/defaults/rc.conf 1.130 etc/mtree/NetBSD.dist.base 1.142 external/bsd/Makefile up to 1.48 external/bsd/blacklist/bin/Makefile up to 1.11 plus patch external/bsd/blacklist/bin/blacklistctl.8 up to 1.6 external/bsd/blacklist/bin/blacklistctl.c up to 1.17 external/bsd/blacklist/bin/blacklistd.8 up to 1.10 external/bsd/blacklist/bin/blacklistd.c up to 1.32 external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2 external/bsd/blacklist/bin/conf.c up to 1.18 external/bsd/blacklist/bin/conf.h up to 1.6 external/bsd/blacklist/bin/internal.c up to 1.5 external/bsd/blacklist/bin/internal.h up to 1.12 external/bsd/blacklist/bin/run.c up to 1.12 external/bsd/blacklist/bin/run.h up to 1.5 external/bsd/blacklist/bin/state.c up to 1.15 external/bsd/blacklist/bin/state.h up to 1.5 external/bsd/blacklist/bin/support.c up to 1.6 external/bsd/blacklist/bin/support.h up to 1.5 external/bsd/blacklist/etc/rc.d/Makefile up to 1.1 external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1 external/bsd/blacklist/etc/Makefile up to 1.3 external/bsd/blacklist/etc/blacklistd.conf up to 1.3 external/bsd/blacklist/etc/npf.conf up to 1.1 external/bsd/blacklist/Makefile up to 1.2 external/bsd/blacklist/Makefile.inc up to 1.3 external/bsd/blacklist/README up to 1.7 external/bsd/blacklist/TODO up to 1.7 external/bsd/blacklist/diff/ftpd.diff up to 1.1 external/bsd/blacklist/diff/named.diff up to 1.6 external/bsd/blacklist/diff/ssh.diff up to 1.6 external/bsd/blacklist/include/Makefile up to 1.1 external/bsd/blacklist/include/bl.h up to 1.12 external/bsd/blacklist/include/blacklist.h up to 1.3 external/bsd/blacklist/include/config.h new external/bsd/blacklist/lib/Makefile up to 1.3 external/bsd/blacklist/lib/bl.c up to 1.24 external/bsd/blacklist/lib/blacklist.c up to 1.5 external/bsd/blacklist/lib/libblacklist.3 up to 1.3 external/bsd/blacklist/lib/shlib_version up to 1.1 external/bsd/blacklist/libexec/Makefile up to 1.1 external/bsd/blacklist/libexec/blacklistd-helper up to 1.4 external/bsd/blacklist/port/m4/.cvsignore up to 1.1 external/bsd/blacklist/port/Makefile.am up to 1.4 external/bsd/blacklist/port/_strtoi.h up to 1.1 external/bsd/blacklist/port/clock_gettime.c up to 1.2 external/bsd/blacklist/port/configure.ac up to 1.7 external/bsd/blacklist/port/fgetln.c up to 1.1 external/bsd/blacklist/port/fparseln.c up to 1.1 external/bsd/blacklist/port/getprogname.c up to 1.4 external/bsd/blacklist/port/pidfile.c up to 1.1 external/bsd/blacklist/port/popenve.c up to 1.2 external/bsd/blacklist/port/port.h up to 1.6 external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9 external/bsd/blacklist/port/strlcat.c up to 1.2 external/bsd/blacklist/port/strlcpy.c up to 1.2 external/bsd/blacklist/port/strtoi.c up to 1.3 external/bsd/blacklist/test/Makefile up to 1.2 external/bsd/blacklist/test/cltest.c up to 1.6 external/bsd/blacklist/test/srvtest.c up to 1.9 lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23 libexec/ftpd/pfilter.c up to 1.1 libexec/ftpd/pfilter.h up to 1.1 libexec/ftpd/Makefile up to 1.64 libexec/ftpd/ftpd.c up to 1.201 Add blacklistd(8), a daemon to block and release network ports on demand to mitigate abuse, and related changes to system daemons to support it. [christos, ticket #711]
crypto/external/bsd/openssh/Makefile.inc
crypto/external/bsd/openssh/bin/Makefile.inc
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile
crypto/external/bsd/openssh/bin/sshd/Makefile
crypto/external/bsd/openssh/dist/PROTOCOL
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305
crypto/external/bsd/openssh/dist/PROTOCOL.key
crypto/external/bsd/openssh/dist/PROTOCOL.krl
crypto/external/bsd/openssh/dist/addrmatch.c
crypto/external/bsd/openssh/dist/atomicio.c
crypto/external/bsd/openssh/dist/auth-bsdauth.c
crypto/external/bsd/openssh/dist/auth-chall.c
crypto/external/bsd/openssh/dist/auth-krb5.c
crypto/external/bsd/openssh/dist/auth-options.c
crypto/external/bsd/openssh/dist/auth-options.h
crypto/external/bsd/openssh/dist/auth-passwd.c
crypto/external/bsd/openssh/dist/auth-rh-rsa.c
crypto/external/bsd/openssh/dist/auth-rhosts.c
crypto/external/bsd/openssh/dist/auth-rsa.c
crypto/external/bsd/openssh/dist/auth.c
crypto/external/bsd/openssh/dist/auth.h
crypto/external/bsd/openssh/dist/auth1.c
crypto/external/bsd/openssh/dist/auth2-chall.c
crypto/external/bsd/openssh/dist/auth2-gss.c
crypto/external/bsd/openssh/dist/auth2-hostbased.c
crypto/external/bsd/openssh/dist/auth2-jpake.c
crypto/external/bsd/openssh/dist/auth2-kbdint.c
crypto/external/bsd/openssh/dist/auth2-krb5.c
crypto/external/bsd/openssh/dist/auth2-none.c
crypto/external/bsd/openssh/dist/auth2-passwd.c
crypto/external/bsd/openssh/dist/auth2-pubkey.c
crypto/external/bsd/openssh/dist/auth2.c
crypto/external/bsd/openssh/dist/authfd.c
crypto/external/bsd/openssh/dist/authfd.h
crypto/external/bsd/openssh/dist/authfile.c
crypto/external/bsd/openssh/dist/authfile.h
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c
crypto/external/bsd/openssh/dist/bitmap.c
crypto/external/bsd/openssh/dist/bitmap.h
crypto/external/bsd/openssh/dist/blf.h
crypto/external/bsd/openssh/dist/blocks.c
crypto/external/bsd/openssh/dist/blowfish.c
crypto/external/bsd/openssh/dist/bufaux.c
crypto/external/bsd/openssh/dist/bufbn.c
crypto/external/bsd/openssh/dist/bufec.c
crypto/external/bsd/openssh/dist/buffer.c
crypto/external/bsd/openssh/dist/buffer.h
crypto/external/bsd/openssh/dist/canohost.c
crypto/external/bsd/openssh/dist/chacha.c
crypto/external/bsd/openssh/dist/chacha.h
crypto/external/bsd/openssh/dist/channels.c
crypto/external/bsd/openssh/dist/channels.h
crypto/external/bsd/openssh/dist/cipher-3des1.c
crypto/external/bsd/openssh/dist/cipher-aesctr.c
crypto/external/bsd/openssh/dist/cipher-aesctr.h
crypto/external/bsd/openssh/dist/cipher-bf1.c
crypto/external/bsd/openssh/dist/cipher-chachapoly.c
crypto/external/bsd/openssh/dist/cipher-chachapoly.h
crypto/external/bsd/openssh/dist/cipher.c
crypto/external/bsd/openssh/dist/cipher.h
crypto/external/bsd/openssh/dist/clientloop.c
crypto/external/bsd/openssh/dist/compat.c
crypto/external/bsd/openssh/dist/compat.h
crypto/external/bsd/openssh/dist/compress.c
crypto/external/bsd/openssh/dist/compress.h
crypto/external/bsd/openssh/dist/crypto_api.h
crypto/external/bsd/openssh/dist/deattack.c
crypto/external/bsd/openssh/dist/deattack.h
crypto/external/bsd/openssh/dist/dh.c
crypto/external/bsd/openssh/dist/dh.h
crypto/external/bsd/openssh/dist/digest-libc.c
crypto/external/bsd/openssh/dist/digest-openssl.c
crypto/external/bsd/openssh/dist/digest.h
crypto/external/bsd/openssh/dist/dispatch.c
crypto/external/bsd/openssh/dist/dispatch.h
crypto/external/bsd/openssh/dist/dns.c
crypto/external/bsd/openssh/dist/dns.h
crypto/external/bsd/openssh/dist/ed25519.c
crypto/external/bsd/openssh/dist/fe25519.c
crypto/external/bsd/openssh/dist/fe25519.h
crypto/external/bsd/openssh/dist/ge25519.c
crypto/external/bsd/openssh/dist/ge25519.h
crypto/external/bsd/openssh/dist/ge25519_base.data
crypto/external/bsd/openssh/dist/groupaccess.c
crypto/external/bsd/openssh/dist/gss-genr.c
crypto/external/bsd/openssh/dist/gss-serv-krb5.c
crypto/external/bsd/openssh/dist/gss-serv.c
crypto/external/bsd/openssh/dist/hash.c
crypto/external/bsd/openssh/dist/hmac.c
crypto/external/bsd/openssh/dist/hmac.h
crypto/external/bsd/openssh/dist/hostfile.c
crypto/external/bsd/openssh/dist/hostfile.h
crypto/external/bsd/openssh/dist/includes.h
crypto/external/bsd/openssh/dist/jpake.c
crypto/external/bsd/openssh/dist/jpake.h
crypto/external/bsd/openssh/dist/kex.c
crypto/external/bsd/openssh/dist/kex.h
crypto/external/bsd/openssh/dist/kexc25519.c
crypto/external/bsd/openssh/dist/kexc25519c.c
crypto/external/bsd/openssh/dist/kexc25519s.c
crypto/external/bsd/openssh/dist/kexdh.c
crypto/external/bsd/openssh/dist/kexdhc.c
crypto/external/bsd/openssh/dist/kexdhs.c
crypto/external/bsd/openssh/dist/kexecdh.c
crypto/external/bsd/openssh/dist/kexecdhc.c
crypto/external/bsd/openssh/dist/kexecdhs.c
crypto/external/bsd/openssh/dist/kexgex.c
crypto/external/bsd/openssh/dist/kexgexc.c
crypto/external/bsd/openssh/dist/kexgexs.c
crypto/external/bsd/openssh/dist/key.c
crypto/external/bsd/openssh/dist/key.h
crypto/external/bsd/openssh/dist/krl.c
crypto/external/bsd/openssh/dist/krl.h
crypto/external/bsd/openssh/dist/mac.c
crypto/external/bsd/openssh/dist/mac.h
crypto/external/bsd/openssh/dist/match.c
crypto/external/bsd/openssh/dist/misc.c
crypto/external/bsd/openssh/dist/misc.h
crypto/external/bsd/openssh/dist/moduli-gen/Makefile
crypto/external/bsd/openssh/dist/moduli-gen/moduli
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192
crypto/external/bsd/openssh/dist/moduli.c
crypto/external/bsd/openssh/dist/monitor.c
crypto/external/bsd/openssh/dist/monitor.h
crypto/external/bsd/openssh/dist/monitor_fdpass.c
crypto/external/bsd/openssh/dist/monitor_mm.c
crypto/external/bsd/openssh/dist/monitor_mm.h
crypto/external/bsd/openssh/dist/monitor_wrap.c
crypto/external/bsd/openssh/dist/monitor_wrap.h
crypto/external/bsd/openssh/dist/msg.c
crypto/external/bsd/openssh/dist/msg.h
crypto/external/bsd/openssh/dist/mux.c
crypto/external/bsd/openssh/dist/myproposal.h
crypto/external/bsd/openssh/dist/namespace.h
crypto/external/bsd/openssh/dist/opacket.c
crypto/external/bsd/openssh/dist/opacket.h
crypto/external/bsd/openssh/dist/packet.c
crypto/external/bsd/openssh/dist/packet.h
crypto/external/bsd/openssh/dist/pathnames.h
crypto/external/bsd/openssh/dist/pfilter.c
crypto/external/bsd/openssh/dist/pfilter.h
crypto/external/bsd/openssh/dist/pkcs11.h
crypto/external/bsd/openssh/dist/poly1305.c
crypto/external/bsd/openssh/dist/poly1305.h
crypto/external/bsd/openssh/dist/progressmeter.c
crypto/external/bsd/openssh/dist/progressmeter.h
crypto/external/bsd/openssh/dist/readconf.c
crypto/external/bsd/openssh/dist/readconf.h
crypto/external/bsd/openssh/dist/readpass.c
crypto/external/bsd/openssh/dist/reallocarray.c
crypto/external/bsd/openssh/dist/rijndael.c
crypto/external/bsd/openssh/dist/rijndael.h
crypto/external/bsd/openssh/dist/roaming_client.c
crypto/external/bsd/openssh/dist/roaming_common.c
crypto/external/bsd/openssh/dist/roaming_dummy.c
crypto/external/bsd/openssh/dist/rsa.c
crypto/external/bsd/openssh/dist/rsa.h
crypto/external/bsd/openssh/dist/sandbox-systrace.c
crypto/external/bsd/openssh/dist/sc25519.c
crypto/external/bsd/openssh/dist/sc25519.h
crypto/external/bsd/openssh/dist/schnorr.c
crypto/external/bsd/openssh/dist/schnorr.h
crypto/external/bsd/openssh/dist/scp.1
crypto/external/bsd/openssh/dist/scp.c
crypto/external/bsd/openssh/dist/servconf.c
crypto/external/bsd/openssh/dist/servconf.h
crypto/external/bsd/openssh/dist/serverloop.c
crypto/external/bsd/openssh/dist/session.c
crypto/external/bsd/openssh/dist/session.h
crypto/external/bsd/openssh/dist/sftp-client.c
crypto/external/bsd/openssh/dist/sftp-client.h
crypto/external/bsd/openssh/dist/sftp-common.c
crypto/external/bsd/openssh/dist/sftp-common.h
crypto/external/bsd/openssh/dist/sftp-glob.c
crypto/external/bsd/openssh/dist/sftp-server.8
crypto/external/bsd/openssh/dist/sftp-server.c
crypto/external/bsd/openssh/dist/sftp.1
crypto/external/bsd/openssh/dist/sftp.c
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c
crypto/external/bsd/openssh/dist/ssh-add.1
crypto/external/bsd/openssh/dist/ssh-add.c
crypto/external/bsd/openssh/dist/ssh-agent.1
crypto/external/bsd/openssh/dist/ssh-agent.c
crypto/external/bsd/openssh/dist/ssh-dss.c
crypto/external/bsd/openssh/dist/ssh-ecdsa.c
crypto/external/bsd/openssh/dist/ssh-ed25519.c
crypto/external/bsd/openssh/dist/ssh-gss.h
crypto/external/bsd/openssh/dist/ssh-keygen.1
crypto/external/bsd/openssh/dist/ssh-keygen.c
crypto/external/bsd/openssh/dist/ssh-keyscan.1
crypto/external/bsd/openssh/dist/ssh-keyscan.c
crypto/external/bsd/openssh/dist/ssh-keysign.8
crypto/external/bsd/openssh/dist/ssh-keysign.c
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c
crypto/external/bsd/openssh/dist/ssh-pkcs11.c
crypto/external/bsd/openssh/dist/ssh-pkcs11.h
crypto/external/bsd/openssh/dist/ssh-rsa.c
crypto/external/bsd/openssh/dist/ssh.1
crypto/external/bsd/openssh/dist/ssh.c
crypto/external/bsd/openssh/dist/ssh2.h
crypto/external/bsd/openssh/dist/ssh_api.c
crypto/external/bsd/openssh/dist/ssh_api.h
crypto/external/bsd/openssh/dist/ssh_config
crypto/external/bsd/openssh/dist/ssh_config.5
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c
crypto/external/bsd/openssh/dist/sshbuf-misc.c
crypto/external/bsd/openssh/dist/sshbuf.c
crypto/external/bsd/openssh/dist/sshbuf.h
crypto/external/bsd/openssh/dist/sshconnect.c
crypto/external/bsd/openssh/dist/sshconnect.h
crypto/external/bsd/openssh/dist/sshconnect1.c
crypto/external/bsd/openssh/dist/sshconnect2.c
crypto/external/bsd/openssh/dist/sshd.8
crypto/external/bsd/openssh/dist/sshd.c
crypto/external/bsd/openssh/dist/sshd_config
crypto/external/bsd/openssh/dist/sshd_config.5
crypto/external/bsd/openssh/dist/ssherr.c
crypto/external/bsd/openssh/dist/ssherr.h
crypto/external/bsd/openssh/dist/sshkey.c
crypto/external/bsd/openssh/dist/sshkey.h
crypto/external/bsd/openssh/dist/sshlogin.c
crypto/external/bsd/openssh/dist/sshpty.c
crypto/external/bsd/openssh/dist/uidswap.c
crypto/external/bsd/openssh/dist/umac.c
crypto/external/bsd/openssh/dist/umac128.c
crypto/external/bsd/openssh/dist/verify.c
crypto/external/bsd/openssh/dist/version.h
crypto/external/bsd/openssh/dist/xmalloc.c
crypto/external/bsd/openssh/lib/Makefile
crypto/external/bsd/openssh/lib/shlib_version
distrib/sets/lists/base/ad.aarch64
distrib/sets/lists/base/ad.arm
distrib/sets/lists/base/ad.mips
distrib/sets/lists/base/ad.powerpc
distrib/sets/lists/base/md.amd64
distrib/sets/lists/base/md.sparc64
distrib/sets/lists/base/mi
distrib/sets/lists/base/shl.mi
distrib/sets/lists/comp/ad.aarch64
distrib/sets/lists/comp/ad.arm
distrib/sets/lists/comp/ad.mips
distrib/sets/lists/comp/ad.powerpc
distrib/sets/lists/comp/md.amd64
distrib/sets/lists/comp/md.sparc64
distrib/sets/lists/comp/mi
distrib/sets/lists/comp/shl.mi
distrib/sets/lists/debug/ad.aarch64
distrib/sets/lists/debug/ad.arm
distrib/sets/lists/debug/ad.mips
distrib/sets/lists/debug/ad.powerpc
distrib/sets/lists/debug/md.amd64
distrib/sets/lists/debug/md.evbmips
distrib/sets/lists/debug/md.sparc64
distrib/sets/lists/debug/mi
distrib/sets/lists/debug/shl.mi
distrib/sets/lists/etc/mi
distrib/sets/lists/man/mi
etc/defaults/rc.conf
etc/mtree/NetBSD.dist.base
external/bsd/Makefile
external/bsd/bind/bin/named/Makefile
external/bsd/bind/dist/bin/named/client.c
external/bsd/bind/dist/bin/named/main.c
external/bsd/bind/dist/bin/named/pfilter.c
external/bsd/bind/dist/bin/named/pfilter.h
external/bsd/bind/dist/bin/named/query.c
external/bsd/bind/dist/bin/named/update.c
external/bsd/bind/dist/bin/named/xfrout.c
external/bsd/bind/dist/contrib/zkt-1.1.2/tags
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf
external/bsd/blacklist/Makefile
external/bsd/blacklist/Makefile.inc
external/bsd/blacklist/README
external/bsd/blacklist/TODO
external/bsd/blacklist/bin/Makefile
external/bsd/blacklist/bin/blacklistctl.8
external/bsd/blacklist/bin/blacklistctl.c
external/bsd/blacklist/bin/blacklistd.8
external/bsd/blacklist/bin/blacklistd.c
external/bsd/blacklist/bin/blacklistd.conf.5
external/bsd/blacklist/bin/conf.c
external/bsd/blacklist/bin/conf.h
external/bsd/blacklist/bin/internal.c
external/bsd/blacklist/bin/internal.h
external/bsd/blacklist/bin/run.c
external/bsd/blacklist/bin/run.h
external/bsd/blacklist/bin/state.c
external/bsd/blacklist/bin/state.h
external/bsd/blacklist/bin/support.c
external/bsd/blacklist/bin/support.h
external/bsd/blacklist/diff/ftpd.diff
external/bsd/blacklist/diff/named.diff
external/bsd/blacklist/diff/ssh.diff
external/bsd/blacklist/etc/Makefile
external/bsd/blacklist/etc/blacklistd.conf
external/bsd/blacklist/etc/npf.conf
external/bsd/blacklist/etc/rc.d/Makefile
external/bsd/blacklist/etc/rc.d/blacklistd
external/bsd/blacklist/include/Makefile
external/bsd/blacklist/include/bl.h
external/bsd/blacklist/include/blacklist.h
external/bsd/blacklist/include/config.h
external/bsd/blacklist/lib/Makefile
external/bsd/blacklist/lib/bl.c
external/bsd/blacklist/lib/blacklist.c
external/bsd/blacklist/lib/libblacklist.3
external/bsd/blacklist/lib/shlib_version
external/bsd/blacklist/libexec/Makefile
external/bsd/blacklist/libexec/blacklistd-helper
external/bsd/blacklist/port/Makefile.am
external/bsd/blacklist/port/_strtoi.h
external/bsd/blacklist/port/clock_gettime.c
external/bsd/blacklist/port/configure.ac
external/bsd/blacklist/port/fgetln.c
external/bsd/blacklist/port/fparseln.c
external/bsd/blacklist/port/getprogname.c
external/bsd/blacklist/port/m4/.cvsignore
external/bsd/blacklist/port/pidfile.c
external/bsd/blacklist/port/popenve.c
external/bsd/blacklist/port/port.h
external/bsd/blacklist/port/sockaddr_snprintf.c
external/bsd/blacklist/port/strlcat.c
external/bsd/blacklist/port/strlcpy.c
external/bsd/blacklist/port/strtoi.c
external/bsd/blacklist/test/Makefile
external/bsd/blacklist/test/cltest.c
external/bsd/blacklist/test/srvtest.c
lib/Makefile
lib/libpam/modules/pam_ssh/pam_ssh.c
libexec/ftpd/Makefile
libexec/ftpd/ftpd.c
libexec/ftpd/pfilter.c
libexec/ftpd/pfilter.h
--- a/crypto/external/bsd/openssh/Makefile.inc	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/Makefile.inc	Thu Apr 30 06:07:29 2015 +0000
@@ -1,21 +1,22 @@
-#	$NetBSD: Makefile.inc,v 1.5.22.1 2015/03/09 07:46:05 snj Exp $
+#	$NetBSD: Makefile.inc,v 1.5.22.2 2015/04/30 06:07:29 riz Exp $
 
 WARNS?=	4
 
 .include <bsd.own.mk>
 
 USE_FORT?= yes	# network client/server
+WITH_OPENSSL=1
 
 SSHDIST?= ${NETBSDSRCDIR}/crypto/external/bsd/openssh/dist
 
 CPPFLAGS+=-I${SSHDIST}
 
-CPPFLAGS+= -DHAVE_HEADER_AD
-CPPFLAGS+= -DHAVE_LOGIN_CAP
-CPPFLAGS+= -DHAVE_MMAP
-CPPFLAGS+= -DHAVE_OPENPTY
+CPPFLAGS+=-DHAVE_DLOPEN
+CPPFLAGS+=-DHAVE_HEADER_AD
+CPPFLAGS+=-DHAVE_LOGIN_CAP
+CPPFLAGS+=-DHAVE_STDLIB_H
 
-CPPFLAGS+=-DENABLE_PKCS11
+CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
 .if !defined(NOPIC)
 CPPFLAGS+=-DHAVE_DLOPEN
 .endif
--- a/crypto/external/bsd/openssh/bin/Makefile.inc	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/bin/Makefile.inc	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,6 @@
-#	$NetBSD: Makefile.inc,v 1.2 2009/12/19 18:00:26 christos Exp $
+#	$NetBSD: Makefile.inc,v 1.2.26.1 2015/04/30 06:07:29 riz Exp $
 
+CPPFLAGS+=-DWITH_OPENSSL
 LDADD+=	-lssh -lcrypto -lcrypt -lz
 DPADD+=	${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ}
 
--- a/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile	Thu Apr 30 06:07:29 2015 +0000
@@ -1,9 +1,9 @@
-#	$NetBSD: Makefile,v 1.1 2009/06/07 22:38:45 christos Exp $
+#	$NetBSD: Makefile,v 1.1.26.1 2015/04/30 06:07:29 riz Exp $
 
 BINDIR=	/usr/bin
 
 PROG=	ssh-keyscan
-SRCS=	ssh-keyscan.c
+SRCS=	ssh-keyscan.c ssh_api.c kexdhs.c kexgexs.c kexecdhs.c
 MAN=	ssh-keyscan.1
 
 .include <bsd.prog.mk>
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile	Thu Apr 30 06:07:29 2015 +0000
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.9 2012/08/10 12:20:12 joerg Exp $
+#	$NetBSD: Makefile,v 1.9.12.1 2015/04/30 06:07:29 riz Exp $
 
 .include <bsd.own.mk>
 
@@ -15,8 +15,7 @@
 	auth2-none.c auth2-passwd.c auth2-pubkey.c \
 	monitor_mm.c monitor.c monitor_wrap.c \
 	kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
-	auth2-jpake.c \
-	roaming_common.c roaming_serv.c sandbox-rlimit.c
+	roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
 
 COPTS.auth-options.c=	-Wno-pointer-sign
 COPTS.ldapauth.c=	-Wno-format-nonliteral	# XXX: should fix
@@ -69,3 +68,10 @@
 
 LDADD+=	-lwrap
 DPADD+=	${LIBWRAP}
+
+.ifdef CRUNCHEDPROG
+CPPFLAGS+=-DSMALL
+.else
+LDADD+=	-lblacklist
+DPADD+=	${LIBBLACKLIST}
+.endif
--- a/crypto/external/bsd/openssh/dist/PROTOCOL	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL	Thu Apr 30 06:07:29 2015 +0000
@@ -40,8 +40,8 @@
      "ecdsa-sha2-nistp521-cert-v01@openssh.com"
 
 OpenSSH introduces new public key algorithms to support certificate
-authentication for users and hostkeys. These methods are documented in
-the file PROTOCOL.certkeys
+authentication for users and host keys. These methods are documented
+in the file PROTOCOL.certkeys
 
 1.4. transport: Elliptic Curve cryptography
 
@@ -91,6 +91,17 @@
 the exchanged MAC algorithms are ignored and there doesn't have to be
 a matching MAC.
 
+1.7 transport: chacha20-poly1305@openssh.com authenticated encryption
+
+OpenSSH supports authenticated encryption using ChaCha20 and Poly1305
+as described in PROTOCOL.chacha20poly1305.
+
+1.8 transport: curve25519-sha256@libssh.org key exchange algorithm
+
+OpenSSH supports the use of ECDH in Curve25519 for key exchange as
+described at:
+http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519
+
 2. Connection protocol changes
 
 2.1. connection: Channel write close extension "eow@openssh.com"
@@ -221,6 +232,103 @@
 The "frame" field contains an IEEE 802.3 Ethernet frame, including
 header.
 
+2.4. connection: Unix domain socket forwarding
+
+OpenSSH supports local and remote Unix domain socket forwarding
+using the "streamlocal" extension.  Forwarding is initiated as per
+TCP sockets but with a single path instead of a host and port.
+
+Similar to direct-tcpip, direct-streamlocal is sent by the client
+to request that the server make a connection to a Unix domain socket.
+
+	byte		SSH_MSG_CHANNEL_OPEN
+	string		"direct-streamlocal@openssh.com"
+	uint32		sender channel
+	uint32		initial window size
+	uint32		maximum packet size
+	string		socket path
+	string		reserved for future use
+
+Similar to forwarded-tcpip, forwarded-streamlocal is sent by the
+server when the client has previously send the server a streamlocal-forward
+GLOBAL_REQUEST.
+
+	byte		SSH_MSG_CHANNEL_OPEN
+	string		"forwarded-streamlocal@openssh.com"
+	uint32		sender channel
+	uint32		initial window size
+	uint32		maximum packet size
+	string		socket path
+	string		reserved for future use
+
+The reserved field is not currently defined and is ignored on the
+remote end.  It is intended to be used in the future to pass
+information about the socket file, such as ownership and mode.
+The client currently sends the empty string for this field.
+
+Similar to tcpip-forward, streamlocal-forward is sent by the client
+to request remote forwarding of a Unix domain socket.
+
+	byte		SSH2_MSG_GLOBAL_REQUEST
+	string		"streamlocal-forward@openssh.com"
+	boolean		TRUE
+	string		socket path
+
+Similar to cancel-tcpip-forward, cancel-streamlocal-forward is sent
+by the client cancel the forwarding of a Unix domain socket.
+
+	byte		SSH2_MSG_GLOBAL_REQUEST
+	string		"cancel-streamlocal-forward@openssh.com"
+	boolean		FALSE
+	string		socket path
+
+2.5. connection: hostkey update and rotation "hostkeys-00@openssh.com"
+and "hostkeys-prove-00@openssh.com"
+
+OpenSSH supports a protocol extension allowing a server to inform
+a client of all its protocol v.2 host keys after user-authentication
+has completed.
+
+	byte		SSH_MSG_GLOBAL_REQUEST
+	string		"hostkeys-00@openssh.com"
+	string[]	hostkeys
+
+Upon receiving this message, a client should check which of the
+supplied host keys are present in known_hosts. For keys that are
+not present, it should send a "hostkeys-prove@openssh.com" message
+to request the server prove ownership of the private half of the
+key.
+
+	byte		SSH_MSG_GLOBAL_REQUEST
+	string		"hostkeys-prove-00@openssh.com"
+	char		1 /* want-reply */
+	string[]	hostkeys
+
+When a server receives this message, it should generate a signature
+using each requested key over the following:
+
+	string		"hostkeys-prove-00@openssh.com"
+	string		session identifier
+	string		hostkey
+
+These signatures should be included in the reply, in the order matching
+the hostkeys in the request:
+
+	byte		SSH_MSG_REQUEST_SUCCESS
+	string[]	signatures
+
+When the client receives this reply (and not a failure), it should
+validate the signatures and may update its known_hosts file, adding keys
+that it has not seen before and deleting keys for the server host that
+are no longer offered.
+
+These extensions let a client learn key types that it had not previously
+encountered, thereby allowing it to potentially upgrade from weaker
+key algorithms to better ones. It also supports graceful key rotation:
+a server may offer multiple keys of the same type for a period (to
+give clients an opportunity to learn them using this extension) before
+removing the deprecated key from those offered.
+
 3. SFTP protocol changes
 
 3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK
@@ -331,5 +439,19 @@
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.20 2013/01/08 18:49:04 markus Exp $
-$NetBSD: PROTOCOL,v 1.3 2013/03/29 16:19:44 christos Exp $
+10. sftp: Extension request "fsync@openssh.com"
+
+This request asks the server to call fsync(2) on an open file handle.
+
+	uint32		id
+	string		"fsync@openssh.com"
+	string		handle
+
+One receiving this request, a server will call fsync(handle_fd) and will
+respond with a SSH_FXP_STATUS message.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+$OpenBSD: PROTOCOL,v 1.27 2015/02/20 22:17:21 djm Exp $
+$NetBSD: PROTOCOL,v 1.3.8.1 2015/04/30 06:07:30 riz Exp $
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305	Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,105 @@
+This document describes the chacha20-poly1305@openssh.com authenticated
+encryption cipher supported by OpenSSH.
+
+Background
+----------
+
+ChaCha20 is a stream cipher designed by Daniel Bernstein and described
+in [1]. It operates by permuting 128 fixed bits, 128 or 256 bits of key,
+a 64 bit nonce and a 64 bit counter into 64 bytes of output. This output
+is used as a keystream, with any unused bytes simply discarded.
+
+Poly1305[2], also by Daniel Bernstein, is a one-time Carter-Wegman MAC
+that computes a 128 bit integrity tag given a message and a single-use
+256 bit secret key.
+
+The chacha20-poly1305@openssh.com combines these two primitives into an
+authenticated encryption mode. The construction used is based on that
+proposed for TLS by Adam Langley in [3], but differs in the layout of
+data passed to the MAC and in the addition of encyption of the packet
+lengths.
+
+Negotiation
+-----------
+
+The chacha20-poly1305@openssh.com offers both encryption and
+authentication. As such, no separate MAC is required. If the
+chacha20-poly1305@openssh.com cipher is selected in key exchange,
+the offered MAC algorithms are ignored and no MAC is required to be
+negotiated.
+
+Detailed Construction
+---------------------
+
+The chacha20-poly1305@openssh.com cipher requires 512 bits of key
+material as output from the SSH key exchange. This forms two 256 bit
+keys (K_1 and K_2), used by two separate instances of chacha20.
+
+The instance keyed by K_1 is a stream cipher that is used only
+to encrypt the 4 byte packet length field. The second instance,
+keyed by K_2, is used in conjunction with poly1305 to build an AEAD
+(Authenticated Encryption with Associated Data) that is used to encrypt
+and authenticate the entire packet.
+
+Two separate cipher instances are used here so as to keep the packet
+lengths confidential but not create an oracle for the packet payload
+cipher by decrypting and using the packet length prior to checking
+the MAC. By using an independently-keyed cipher instance to encrypt the
+length, an active attacker seeking to exploit the packet input handling
+as a decryption oracle can learn nothing about the payload contents or
+its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure).
+
+The AEAD is constructed as follows: for each packet, generate a Poly1305
+key by taking the first 256 bits of ChaCha20 stream output generated
+using K_2, an IV consisting of the packet sequence number encoded as an
+uint64 under the SSH wire encoding rules and a ChaCha20 block counter of
+zero. The K_2 ChaCha20 block counter is then set to the little-endian
+encoding of 1 (i.e. {1, 0, 0, 0, 0, 0, 0, 0}) and this instance is used
+for encryption of the packet payload.
+
+Packet Handling
+---------------
+
+When receiving a packet, the length must be decrypted first. When 4
+bytes of ciphertext length have been received, they may be decrypted
+using the K_1 key, a nonce consisting of the packet sequence number
+encoded as a uint64 under the usual SSH wire encoding and a zero block
+counter to obtain the plaintext length.
+
+Once the entire packet has been received, the MAC MUST be checked
+before decryption. A per-packet Poly1305 key is generated as described
+above and the MAC tag calculated using Poly1305 with this key over the
+ciphertext of the packet length and the payload together. The calculated
+MAC is then compared in constant time with the one appended to the
+packet and the packet decrypted using ChaCha20 as described above (with
+K_2, the packet sequence number as nonce and a starting block counter of
+1).
+
+To send a packet, first encode the 4 byte length and encrypt it using
+K_1. Encrypt the packet payload (using K_2) and append it to the
+encrypted length. Finally, calculate a MAC tag and append it.
+
+Rekeying
+--------
+
+ChaCha20 must never reuse a {key, nonce} for encryption nor may it be
+used to encrypt more than 2^70 bytes under the same {key, nonce}. The
+SSH Transport protocol (RFC4253) recommends a far more conservative
+rekeying every 1GB of data sent or received. If this recommendation
+is followed, then chacha20-poly1305@openssh.com requires no special
+handling in this area.
+
+References
+----------
+
+[1] "ChaCha, a variant of Salsa20", Daniel Bernstein
+    http://cr.yp.to/chacha/chacha-20080128.pdf
+
+[2] "The Poly1305-AES message-authentication code", Daniel Bernstein
+    http://cr.yp.to/mac/poly1305-20050329.pdf
+
+[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
+    http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
+
+$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.key	Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,68 @@
+This document describes the private key format for OpenSSH.
+
+1. Overall format
+
+The key consists of a header, a list of public keys, and
+an encrypted list of matching private keys.
+
+#define AUTH_MAGIC      "openssh-key-v1"
+
+	byte[]	AUTH_MAGIC
+	string	ciphername
+	string	kdfname
+	string	kdfoptions
+	int	number of keys N
+	string	publickey1
+	string	publickey2
+	...
+	string	publickeyN
+	string	encrypted, padded list of private keys
+
+2. KDF options for kdfname "bcrypt"
+
+The options:
+
+	string salt
+	uint32 rounds
+
+are concatenated and represented as a string.
+
+3. Unencrypted list of N private keys
+
+The list of privatekey/comment pairs is padded with the
+bytes 1, 2, 3, ... until the total length is a multiple
+of the cipher block size.
+
+	uint32	checkint
+	uint32	checkint
+	string	privatekey1
+	string	comment1
+	string	privatekey2
+	string	comment2
+	...
+	string	privatekeyN
+	string	commentN
+	char	1
+	char	2
+	char	3
+	...
+	char	padlen % 255
+
+Before the key is encrypted, a random integer is assigned
+to both checkint fields so successful decryption can be
+quickly checked by verifying that both checkint fields
+hold the same value.
+
+4. Encryption
+
+The KDF is used to derive a key, IV (and other values required by
+the cipher) from the passphrase. These values are then used to
+encrypt the unencrypted list of private keys.
+
+5. No encryption
+
+For unencrypted keys the cipher "none" and the KDF "none"
+are used with empty passphrases. The options if the KDF "none"
+are the empty string.
+
+$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.krl	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.krl	Thu Apr 30 06:07:29 2015 +0000
@@ -37,7 +37,7 @@
 #define KRL_SECTION_FINGERPRINT_SHA1		3
 #define KRL_SECTION_SIGNATURE			4
 
-3. Certificate serial section
+2. Certificate section
 
 These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by
 serial number or key ID. The consist of the CA key that issued the
@@ -47,6 +47,11 @@
 	string ca_key
 	string reserved
 
+Where "ca_key" is the standard SSH wire serialisation of the CA's
+public key. Alternately, "ca_key" may be an empty string to indicate
+the certificate section applies to all CAs (this is most useful when
+revoking key IDs).
+
 Followed by one or more sections:
 
 	byte	cert_section_type
@@ -161,4 +166,4 @@
 signatures. Signature sections are optional for KRLs distributed by
 trusted means.
 
-$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $
+$OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $
--- a/crypto/external/bsd/openssh/dist/addrmatch.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/addrmatch.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: addrmatch.c,v 1.6 2013/11/08 19:18:24 christos Exp $	*/
-/*	$OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */
+/*	$NetBSD: addrmatch.c,v 1.6.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/*	$OpenBSD: addrmatch.c,v 1.9 2014/01/19 11:21:51 dtucker Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -18,7 +18,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: addrmatch.c,v 1.6 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: addrmatch.c,v 1.6.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -89,13 +89,13 @@
 
 	switch (sa->sa_family) {
 	case AF_INET:
-		if (slen < sizeof(*in4))
+		if (slen < (socklen_t)sizeof(*in4))
 			return -1;
 		xa->af = AF_INET;
 		memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
 		break;
 	case AF_INET6:
-		if (slen < sizeof(*in6))
+		if (slen < (socklen_t)sizeof(*in6))
 			return -1;
 		xa->af = AF_INET6;
 		memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
--- a/crypto/external/bsd/openssh/dist/atomicio.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/atomicio.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: atomicio.c,v 1.4 2011/08/01 15:55:00 christos Exp $	*/
-/* $OpenBSD: atomicio.c,v 1.26 2010/09/22 22:58:51 djm Exp $ */
+/*	$NetBSD: atomicio.c,v 1.4.22.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: atomicio.c,v 1.27 2015/01/16 06:40:12 deraadt Exp $ */
 /*
  * Copyright (c) 2006 Damien Miller. All rights reserved.
  * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: atomicio.c,v 1.4 2011/08/01 15:55:00 christos Exp $");
+__RCSID("$NetBSD: atomicio.c,v 1.4.22.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/param.h>
 #include <sys/uio.h>
 
@@ -36,6 +36,7 @@
 #include <poll.h>
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 
 #include "atomicio.h"
 
--- a/crypto/external/bsd/openssh/dist/auth-bsdauth.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-bsdauth.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth-bsdauth.c,v 1.2 2009/06/07 22:38:46 christos Exp $	*/
-/* $OpenBSD: auth-bsdauth.c,v 1.11 2007/09/21 08:15:29 djm Exp $ */
+/*	$NetBSD: auth-bsdauth.c,v 1.2.26.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth-bsdauth.c,v 1.13 2014/06/24 01:13:21 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -25,8 +25,10 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-bsdauth.c,v 1.2 2009/06/07 22:38:46 christos Exp $");
+__RCSID("$NetBSD: auth-bsdauth.c,v 1.2.26.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
+#include <stdarg.h>
+#include <stdio.h>
 
 #ifdef BSD_AUTH
 #include "xmalloc.h"
@@ -53,6 +55,11 @@
 	Authctxt *authctxt = ctx;
 	char *challenge = NULL;
 
+	*infotxt = NULL;
+	*numprompts = 0;
+	*prompts = NULL;
+	*echo_on = NULL;
+
 	if (authctxt->as != NULL) {
 		debug2("bsdauth_query: try reuse session");
 		challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
--- a/crypto/external/bsd/openssh/dist/auth-chall.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-chall.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth-chall.c,v 1.4 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth-chall.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
+/*	$NetBSD: auth-chall.c,v 1.4.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth-chall.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -25,8 +25,11 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-chall.c,v 1.4 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth-chall.c,v 1.4.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
 
 #include "xmalloc.h"
 #include "key.h"
@@ -34,6 +37,7 @@
 #include "auth.h"
 #include "log.h"
 #ifdef USE_PAM
+#include "misc.h"
 #include "buffer.h"
 #include "servconf.h"
 extern ServerOptions options;
--- a/crypto/external/bsd/openssh/dist/auth-krb5.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-krb5.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-krb5.c,v 1.5 2013/11/08 19:18:24 christos Exp $	*/
+/*	$NetBSD: auth-krb5.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $	*/
 /* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */
 /*
  *    Kerberos v5 authentication and ticket-passing routines.
@@ -30,7 +30,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-krb5.c,v 1.5 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth-krb5.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <pwd.h>
 #include <stdarg.h>
@@ -42,6 +42,7 @@
 #include "packet.h"
 #include "log.h"
 #include "buffer.h"
+#include "misc.h"
 #include "servconf.h"
 #include "uidswap.h"
 #include "key.h"
--- a/crypto/external/bsd/openssh/dist/auth-options.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth-options.c,v 1.7 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth-options.c,v 1.59.2.1 2013/11/08 01:33:56 djm Exp $ */
+/*	$NetBSD: auth-options.c,v 1.7.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth-options.c,v 1.65 2015/01/14 10:30:34 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.7 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.7.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/queue.h>
 
@@ -23,22 +23,21 @@
 #include <stdarg.h>
 #include <time.h>
 
+#include "key.h"	/* XXX for typedef */
+#include "buffer.h"	/* XXX for typedef */
 #include "xmalloc.h"
 #include "match.h"
+#include "ssherr.h"
 #include "log.h"
 #include "canohost.h"
-#include "buffer.h"
+#include "sshbuf.h"
+#include "misc.h"
 #include "channels.h"
 #include "servconf.h"
-#include "misc.h"
-#include "key.h"
+#include "sshkey.h"
 #include "auth-options.h"
 #include "hostfile.h"
 #include "auth.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
 
 /* Flags set authorized_keys flags */
 int no_port_forwarding_flag = 0;
@@ -332,6 +331,7 @@
 			patterns[i] = '\0';
 			opts++;
 			p = patterns;
+			/* XXX - add streamlocal support */
 			host = hpdelim(&p);
 			if (host == NULL || strlen(host) >= NI_MAXHOST) {
 				debug("%.100s, line %lu: Bad permitopen "
@@ -423,7 +423,7 @@
 #define OPTIONS_CRITICAL	1
 #define OPTIONS_EXTENSIONS	2
 static int
-parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
+parse_option_list(struct sshbuf *oblob, struct passwd *pw,
     u_int which, int crit,
     int *cert_no_port_forwarding_flag,
     int *cert_no_agent_forwarding_flag,
@@ -436,26 +436,25 @@
 	char *command, *allowed;
 	const char *remote_ip;
 	char *name = NULL;
-	u_char *data_blob = NULL;
-	u_int nlen, dlen, clen;
-	Buffer c, data;
-	int ret = -1, found;
+	struct sshbuf *c = NULL, *data = NULL;
+	int r, ret = -1, result, found;
 
-	buffer_init(&data);
+	if ((c = sshbuf_fromb(oblob)) == NULL) {
+		error("%s: sshbuf_fromb failed", __func__);
+		goto out;
+	}
 
-	/* Make copy to avoid altering original */
-	buffer_init(&c);
-	buffer_append(&c, optblob, optblob_len);
-
-	while (buffer_len(&c) > 0) {
-		if ((name = buffer_get_cstring_ret(&c, &nlen)) == NULL ||
-		    (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) {
-			error("Certificate options corrupt");
+	while (sshbuf_len(c) > 0) {
+		sshbuf_free(data);
+		data = NULL;
+		if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 ||
+		    (r = sshbuf_froms(c, &data)) != 0) {
+			error("Unable to parse certificate options: %s",
+			    ssh_err(r));
 			goto out;
 		}
-		buffer_append(&data, data_blob, dlen);
-		debug3("found certificate option \"%.100s\" len %u",
-		    name, dlen);
+		debug3("found certificate option \"%.100s\" len %zu",
+		    name, sshbuf_len(data));
 		found = 0;
 		if ((which & OPTIONS_EXTENSIONS) != 0) {
 			if (strcmp(name, "permit-X11-forwarding") == 0) {
@@ -479,10 +478,10 @@
 		}
 		if (!found && (which & OPTIONS_CRITICAL) != 0) {
 			if (strcmp(name, "force-command") == 0) {
-				if ((command = buffer_get_cstring_ret(&data,
-				    &clen)) == NULL) {
-					error("Certificate constraint \"%s\" "
-					    "corrupt", name);
+				if ((r = sshbuf_get_cstring(data, &command,
+				    NULL)) != 0) {
+					error("Unable to parse \"%s\" "
+					    "section: %s", name, ssh_err(r));
 					goto out;
 				}
 				if (*cert_forced_command != NULL) {
@@ -495,10 +494,10 @@
 				found = 1;
 			}
 			if (strcmp(name, "source-address") == 0) {
-				if ((allowed = buffer_get_cstring_ret(&data,
-				    &clen)) == NULL) {
-					error("Certificate constraint "
-					    "\"%s\" corrupt", name);
+				if ((r = sshbuf_get_cstring(data, &allowed,
+				    NULL)) != 0) {
+					error("Unable to parse \"%s\" "
+					    "section: %s", name, ssh_err(r));
 					goto out;
 				}
 				if ((*cert_source_address_done)++) {
@@ -508,11 +507,12 @@
 					goto out;
 				}
 				remote_ip = get_remote_ipaddr();
-				switch (addr_match_cidr_list(remote_ip,
-				    allowed)) {
+				result = addr_match_cidr_list(remote_ip,
+				    allowed);
+				free(allowed);
+				switch (result) {
 				case 1:
 					/* accepted */
-					free(allowed);
 					break;
 				case 0:
 					/* no match */
@@ -525,12 +525,11 @@
 					    "is not permitted to use this "
 					    "certificate for login.",
 					    remote_ip);
-					free(allowed);
 					goto out;
 				case -1:
+				default:
 					error("Certificate source-address "
 					    "contents invalid");
-					free(allowed);
 					goto out;
 				}
 				found = 1;
@@ -546,16 +545,13 @@
 				logit("Certificate extension \"%s\" "
 				    "is not supported", name);
 			}
-		} else if (buffer_len(&data) != 0) {
+		} else if (sshbuf_len(data) != 0) {
 			error("Certificate option \"%s\" corrupt "
 			    "(extra data)", name);
 			goto out;
 		}
-		buffer_clear(&data);
 		free(name);
-		free(data_blob);
 		name = NULL;
-		data_blob = NULL;
 	}
 	/* successfully parsed all options */
 	ret = 0;
@@ -569,10 +565,8 @@
 	}
 	if (name != NULL)
 		free(name);
-	if (data_blob != NULL)
-		free(data_blob);
-	buffer_free(&data);
-	buffer_free(&c);
+	sshbuf_free(data);
+	sshbuf_free(c);
 	return ret;
 }
 
@@ -581,7 +575,7 @@
  * options so this must be called after auth_parse_options().
  */
 int
-auth_cert_options(Key *k, struct passwd *pw)
+auth_cert_options(struct sshkey *k, struct passwd *pw)
 {
 	int cert_no_port_forwarding_flag = 1;
 	int cert_no_agent_forwarding_flag = 1;
@@ -591,10 +585,9 @@
 	char *cert_forced_command = NULL;
 	int cert_source_address_done = 0;
 
-	if (key_cert_is_legacy(k)) {
+	if (sshkey_cert_is_legacy(k)) {
 		/* All options are in the one field for v00 certs */
-		if (parse_option_list(buffer_ptr(&k->cert->critical),
-		    buffer_len(&k->cert->critical), pw,
+		if (parse_option_list(k->cert->critical, pw,
 		    OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1,
 		    &cert_no_port_forwarding_flag,
 		    &cert_no_agent_forwarding_flag,
@@ -606,14 +599,12 @@
 			return -1;
 	} else {
 		/* Separate options and extensions for v01 certs */
-		if (parse_option_list(buffer_ptr(&k->cert->critical),
-		    buffer_len(&k->cert->critical), pw,
+		if (parse_option_list(k->cert->critical, pw,
 		    OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
 		    &cert_forced_command,
 		    &cert_source_address_done) == -1)
 			return -1;
-		if (parse_option_list(buffer_ptr(&k->cert->extensions),
-		    buffer_len(&k->cert->extensions), pw,
+		if (parse_option_list(k->cert->extensions, pw,
 		    OPTIONS_EXTENSIONS, 1,
 		    &cert_no_port_forwarding_flag,
 		    &cert_no_agent_forwarding_flag,
--- a/crypto/external/bsd/openssh/dist/auth-options.h	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.h	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth-options.h,v 1.4 2011/07/25 03:03:10 christos Exp $	*/
-/* $OpenBSD: auth-options.h,v 1.20 2010/05/07 11:30:29 djm Exp $ */
+/*	$NetBSD: auth-options.h,v 1.4.22.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth-options.h,v 1.21 2015/01/14 10:30:34 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -36,6 +36,6 @@
 
 int	auth_parse_options(struct passwd *, const char *, const char *, u_long);
 void	auth_clear_options(void);
-int	auth_cert_options(Key *, struct passwd *);
+int	auth_cert_options(struct sshkey *, struct passwd *);
 
 #endif
--- a/crypto/external/bsd/openssh/dist/auth-passwd.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-passwd.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth-passwd.c,v 1.2 2009/06/07 22:38:46 christos Exp $	*/
-/* $OpenBSD: auth-passwd.c,v 1.43 2007/09/21 08:15:29 djm Exp $ */
+/*	$NetBSD: auth-passwd.c,v 1.2.26.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -38,7 +38,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-passwd.c,v 1.2 2009/06/07 22:38:46 christos Exp $");
+__RCSID("$NetBSD: auth-passwd.c,v 1.2.26.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 
 #include <login_cap.h>
@@ -51,6 +51,7 @@
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "key.h"
 #include "hostfile.h"
--- a/crypto/external/bsd/openssh/dist/auth-rh-rsa.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-rh-rsa.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth-rh-rsa.c,v 1.4 2011/07/25 03:03:10 christos Exp $	*/
-/* $OpenBSD: auth-rh-rsa.c,v 1.43 2010/03/04 10:36:03 djm Exp $ */
+/*	$NetBSD: auth-rh-rsa.c,v 1.4.22.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth-rh-rsa.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -15,7 +15,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-rh-rsa.c,v 1.4 2011/07/25 03:03:10 christos Exp $");
+__RCSID("$NetBSD: auth-rh-rsa.c,v 1.4.22.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 
 #include <pwd.h>
@@ -25,6 +25,7 @@
 #include "uidswap.h"
 #include "log.h"
 #include "buffer.h"
+#include "misc.h"
 #include "servconf.h"
 #include "key.h"
 #include "hostfile.h"
--- a/crypto/external/bsd/openssh/dist/auth-rhosts.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-rhosts.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth-rhosts.c,v 1.3 2010/11/21 18:29:48 adam Exp $	*/
-/* $OpenBSD: auth-rhosts.c,v 1.44 2010/03/07 11:57:13 dtucker Exp $ */
+/*	$NetBSD: auth-rhosts.c,v 1.3.26.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth-rhosts.c,v 1.46 2014/12/23 22:42:48 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -16,7 +16,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-rhosts.c,v 1.3 2010/11/21 18:29:48 adam Exp $");
+__RCSID("$NetBSD: auth-rhosts.c,v 1.3.26.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -33,12 +33,12 @@
 #include "uidswap.h"
 #include "pathnames.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "canohost.h"
 #include "key.h"
 #include "hostfile.h"
 #include "auth.h"
-#include "misc.h"
 
 /* import */
 extern ServerOptions options;
@@ -56,7 +56,8 @@
 		  const char *server_user)
 {
 	FILE *f;
-	char buf[1024];	/* Must not be larger than host, user, dummy below. */
+#define RBUFLN 1024
+	char buf[RBUFLN];/* Must not be larger than host, user, dummy below. */
 	int fd;
 	struct stat st;
 
@@ -79,8 +80,9 @@
 		return 0;
 	}
 	while (fgets(buf, sizeof(buf), f)) {
-		/* All three must be at least as big as buf to avoid overflows. */
-		char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp;
+		/* All three must have length >= buf to avoid overflows. */
+		char hostbuf[RBUFLN], userbuf[RBUFLN], dummy[RBUFLN];
+		char *host, *user, *cp;
 		int negated;
 
 		for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
@@ -139,8 +141,8 @@
 		/* Check for empty host/user names (particularly '+'). */
 		if (!host[0] || !user[0]) {
 			/* We come here if either was '+' or '-'. */
-			auth_debug_add("Ignoring wild host/user names in %.100s.",
-			    filename);
+			auth_debug_add("Ignoring wild host/user names "
+			    "in %.100s.", filename);
 			continue;
 		}
 		/* Verify that host name matches. */
@@ -148,7 +150,8 @@
 			if (!innetgr(host + 1, hostname, NULL, NULL) &&
 			    !innetgr(host + 1, ipaddr, NULL, NULL))
 				continue;
-		} else if (strcasecmp(host, hostname) && strcmp(host, ipaddr) != 0)
+		} else if (strcasecmp(host, hostname) &&
+		    strcmp(host, ipaddr) != 0)
 			continue;	/* Different hostname. */
 
 		/* Verify that user name matches. */
@@ -207,7 +210,8 @@
 	/* Switch to the user's uid. */
 	temporarily_use_uid(pw);
 	/*
-	 * Quick check: if the user has no .shosts or .rhosts files, return
+	 * Quick check: if the user has no .shosts or .rhosts files and
+	 * no system hosts.equiv/shosts.equiv files exist then return
 	 * failure immediately without doing costly lookups from name
 	 * servers.
 	 */
@@ -222,27 +226,38 @@
 	/* Switch back to privileged uid. */
 	restore_uid();
 
-	/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
+	/*
+	 * Deny if The user has no .shosts or .rhosts file and there
+	 * are no system-wide files.
+	 */
 	if (!rhosts_files[rhosts_file_index] &&
 	    stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
-	    stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
+	    stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
+		debug3("%s: no hosts access files exist", __func__);
 		return 0;
+	}
 
-	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
-	if (pw->pw_uid != 0) {
+	/*
+	 * If not logging in as superuser, try /etc/hosts.equiv and
+	 * shosts.equiv.
+	 */
+	if (pw->pw_uid == 0)
+		debug3("%s: root user, ignoring system hosts files", __func__);
+	else {
 		if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
 		    client_user, pw->pw_name)) {
-			auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
-			    hostname, ipaddr);
+			auth_debug_add("Accepted for %.100s [%.100s] by "
+			    "/etc/hosts.equiv.", hostname, ipaddr);
 			return 1;
 		}
 		if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr,
 		    client_user, pw->pw_name)) {
-			auth_debug_add("Accepted for %.100s [%.100s] by %.100s.",
-			    hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
+			auth_debug_add("Accepted for %.100s [%.100s] by "
+			    "%.100s.", hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
 			return 1;
 		}
 	}
+
 	/*
 	 * Check that the home directory is owned by root or the user, and is
 	 * not group or world writable.
@@ -289,21 +304,26 @@
 			auth_debug_add("Bad file modes for %.200s", buf);
 			continue;
 		}
-		/* Check if we have been configured to ignore .rhosts and .shosts files. */
+		/*
+		 * Check if we have been configured to ignore .rhosts
+		 * and .shosts files.
+		 */
 		if ((pw->pw_uid == 0 && options.ignore_root_rhosts) ||
 		    (pw->pw_uid != 0 && options.ignore_rhosts)) {
-			auth_debug_add("Server has been configured to ignore %.100s.",
-			    rhosts_files[rhosts_file_index]);
+			auth_debug_add("Server has been configured to "
+			    "ignore %.100s.", rhosts_files[rhosts_file_index]);
 			continue;
 		}
 		/* Check if authentication is permitted by the file. */
-		if (check_rhosts_file(buf, hostname, ipaddr, client_user, pw->pw_name)) {
+		if (check_rhosts_file(buf, hostname, ipaddr,
+		    client_user, pw->pw_name)) {
 			auth_debug_add("Accepted by %.100s.",
 			    rhosts_files[rhosts_file_index]);
 			/* Restore the privileged uid. */
 			restore_uid();
-			auth_debug_add("Accepted host %s ip %s client_user %s server_user %s",
-				hostname, ipaddr, client_user, pw->pw_name);
+			auth_debug_add("Accepted host %s ip %s client_user "
+			    "%s server_user %s", hostname, ipaddr,
+			    client_user, pw->pw_name);
 			return 1;
 		}
 	}
--- a/crypto/external/bsd/openssh/dist/auth-rsa.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-rsa.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth-rsa.c,v 1.8 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */
+/*	$NetBSD: auth-rsa.c,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -16,12 +16,11 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-rsa.c,v 1.8 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth-rsa.c,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 
 #include <openssl/rsa.h>
-#include <openssl/md5.h>
 
 #include <pwd.h>
 #include <stdio.h>
@@ -36,6 +35,7 @@
 #include "buffer.h"
 #include "pathnames.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "key.h"
 #include "auth-options.h"
@@ -46,7 +46,8 @@
 #endif
 #include "monitor_wrap.h"
 #include "ssh.h"
-#include "misc.h"
+
+#include "digest.h"
 
 /* import */
 extern ServerOptions options;
@@ -91,12 +92,13 @@
 auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
 {
 	u_char buf[32], mdbuf[16];
-	MD5_CTX md;
+	struct ssh_digest_ctx *md;
 	int len;
 
 	/* don't allow short keys */
 	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
-		error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits",
+		error("%s: RSA modulus too small: %d < minimum %d bits",
+		    __func__,
 		    BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
 		return (0);
 	}
@@ -104,13 +106,15 @@
 	/* The response is MD5 of decrypted challenge plus session id. */
 	len = BN_num_bytes(challenge);
 	if (len <= 0 || len > 32)
-		fatal("auth_rsa_verify_response: bad challenge length %d", len);
+		fatal("%s: bad challenge length %d", __func__, len);
 	memset(buf, 0, 32);
 	BN_bn2bin(challenge, buf + 32 - len);
-	MD5_Init(&md);
-	MD5_Update(&md, buf, 32);
-	MD5_Update(&md, session_id, 16);
-	MD5_Final(mdbuf, &md);
+	if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+	    ssh_digest_update(md, buf, 32) < 0 ||
+	    ssh_digest_update(md, session_id, 16) < 0 ||
+	    ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0)
+		fatal("%s: md5 failed", __func__);
+	ssh_digest_free(md);
 
 	/* Verify that the response is the original challenge. */
 	if (timingsafe_bcmp(response, mdbuf, 16) != 0) {
@@ -140,7 +144,8 @@
 	challenge = PRIVSEP(auth_rsa_generate_challenge(key));
 
 	/* Encrypt the challenge with the public key. */
-	rsa_public_encrypt(encrypted_challenge, challenge, key->rsa);
+	if (rsa_public_encrypt(encrypted_challenge, challenge, key->rsa) != 0)
+		fatal("%s: rsa_public_encrypt failed", __func__);
 
 	/* Send the encrypted challenge to the client. */
 	packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE);
@@ -165,7 +170,8 @@
     const BIGNUM *client_n, Key **rkey)
 {
 	char *fp, line[SSH_MAX_PUBKEY_BYTES];
-	int allowed = 0, bits;
+	int allowed = 0;
+	u_int bits;
 	FILE *f;
 	u_long linenum = 0;
 	Key *key;
@@ -226,12 +232,14 @@
 
 		/* check the real bits  */
 		keybits = BN_num_bits(key->rsa->n);
-		if (keybits < 0 || bits != keybits)
+		if (keybits < 0 || bits != (u_int)keybits)
 			logit("Warning: %s, line %lu: keysize mismatch: "
 			    "actual %d vs. announced %d.",
 			    file, linenum, BN_num_bits(key->rsa->n), bits);
 
-		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+		if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+		    SSH_FP_DEFAULT)) == NULL)
+			continue;
 		debug("matching key found: file %s, line %lu %s %s",
 		    file, linenum, key_type(key), fp);
 		free(fp);
@@ -282,7 +290,6 @@
 #ifdef WITH_LDAP_PUBKEY
 	if (options.lpk.on) {
 	    u_int bits;
-	    int sbits;
 	    ldap_key_t *k;
 	    /* here is the job */
 	    Key *key = key_new(KEY_RSA1);
@@ -317,11 +324,10 @@
 			    xoptions = NULL;
 
 			/* Parse the key from the line. */
-			if (hostfile_read_key(&cp, &sbits, key) == 0) {
+			if (hostfile_read_key(&cp, &bits, key) == 0) {
 			    debug("[LDAP] line %d: non ssh1 key syntax", i);
 			    continue;
 			}
-			bits = sbits;
 			/* cp now points to the comment part. */
 
 			/* Check if the we have found the desired key (identified by its modulus). */
--- a/crypto/external/bsd/openssh/dist/auth.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth.c,v 1.8.4.1 2014/10/17 16:12:36 martin Exp $	*/
-/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */
+/*	$NetBSD: auth.c,v 1.8.4.2 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth.c,v 1.110 2015/02/25 17:29:38 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,10 +25,9 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.8.4.1 2014/10/17 16:12:36 martin Exp $");
+__RCSID("$NetBSD: auth.c,v 1.8.4.2 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <sys/param.h>
 
 #include <errno.h>
 #include <fcntl.h>
@@ -40,12 +39,14 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 
 #include "xmalloc.h"
 #include "match.h"
 #include "groupaccess.h"
 #include "log.h"
 #include "buffer.h"
+#include "misc.h"
 #include "servconf.h"
 #include "key.h"
 #include "hostfile.h"
@@ -53,15 +54,16 @@
 #include "auth-options.h"
 #include "canohost.h"
 #include "uidswap.h"
-#include "misc.h"
 #include "packet.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
 #include "authfile.h"
 #include "monitor_wrap.h"
-#include "krl.h"
+#include "authfile.h"
+#include "ssherr.h"
 #include "compat.h"
+#include "pfilter.h"
 
 #ifdef HAVE_LOGIN_CAP
 #include <login_cap.h>
@@ -362,10 +364,26 @@
 	    compat20 ? "ssh2" : "ssh1",
 	    authctxt->info != NULL ? ": " : "",
 	    authctxt->info != NULL ? authctxt->info : "");
+	if (!authctxt->postponed)
+		pfilter_notify(!authenticated);
 	free(authctxt->info);
 	authctxt->info = NULL;
 }
 
+void
+auth_maxtries_exceeded(Authctxt *authctxt)
+{
+	error("maximum authentication attempts exceeded for "
+	    "%s%.100s from %.200s port %d %s",
+	    authctxt->valid ? "" : "invalid user ",
+	    authctxt->user,
+	    get_remote_ipaddr(),
+	    get_remote_port(),
+	    compat20 ? "ssh2" : "ssh1");
+	packet_disconnect("Too many authentication failures");
+	/* NOTREACHED */
+}
+
 /*
  * Check whether root logins are disallowed.
  */
@@ -401,7 +419,7 @@
 char *
 expand_authorized_keys(const char *filename, struct passwd *pw)
 {
-	char *file, ret[MAXPATHLEN];
+	char *file, ret[PATH_MAX];
 	int i;
 
 	file = percent_expand(filename, "h", pw->pw_dir,
@@ -493,7 +511,7 @@
 auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
     uid_t uid, char *err, size_t errlen)
 {
-	char buf[MAXPATHLEN], homedir[MAXPATHLEN];
+	char buf[PATH_MAX], homedir[PATH_MAX];
 	char *cp;
 	int comparehome = 0;
 	struct stat st;
@@ -671,39 +689,39 @@
 int
 auth_key_is_revoked(Key *key)
 {
-	char *key_fp;
+	char *fp = NULL;
+	int r;
 
 	if (options.revoked_keys_file == NULL)
 		return 0;
-	switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {
-	case 0:
-		return 0;	/* Not revoked */
-	case -2:
-		break;		/* Not a KRL */
-	default:
-		goto revoked;
+	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+	    SSH_FP_DEFAULT)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		error("%s: fingerprint key: %s", __func__, ssh_err(r));
+		goto out;
 	}
-	debug3("%s: treating %s as a key list", __func__,
-	    options.revoked_keys_file);
-	switch (key_in_file(key, options.revoked_keys_file, 0)) {
+
+	r = sshkey_check_revoked(key, options.revoked_keys_file);
+	switch (r) {
 	case 0:
-		/* key not revoked */
-		return 0;
-	case -1:
-		/* Error opening revoked_keys_file: refuse all keys */
-		error("Revoked keys file is unreadable: refusing public key "
-		    "authentication");
-		return 1;
-	case 1:
- revoked:
-		/* Key revoked */
-		key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-		error("WARNING: authentication attempt with a revoked "
-		    "%s key %s ", key_type(key), key_fp);
-		free(key_fp);
-		return 1;
+		break; /* not revoked */
+	case SSH_ERR_KEY_REVOKED:
+		error("Authentication key %s %s revoked by file %s",
+		    sshkey_type(key), fp, options.revoked_keys_file);
+		goto out;
+	default:
+		error("Error checking authentication key %s %s in "
+		    "revoked keys file %s: %s", sshkey_type(key), fp,
+		    options.revoked_keys_file, ssh_err(r));
+		goto out;
 	}
-	fatal("key_in_file returned junk");
+
+	/* Success */
+	r = 0;
+
+ out:
+	free(fp);
+	return r == 0 ? 0 : 1;
 }
 
 void
--- a/crypto/external/bsd/openssh/dist/auth.h	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth.h	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth.h,v 1.7 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth.h,v 1.76 2013/07/19 07:37:48 markus Exp $ */
+/*	$NetBSD: auth.h,v 1.7.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth.h,v 1.82 2015/02/16 22:13:32 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -43,6 +43,9 @@
 #include <krb5.h>
 #endif
 
+struct ssh;
+struct sshkey;
+
 typedef struct Authctxt Authctxt;
 typedef struct Authmethod Authmethod;
 typedef struct KbdintDevice KbdintDevice;
@@ -62,7 +65,6 @@
 	char		*style;
 	void		*kbdintctxt;
 	char		*info;		/* Extra info for next auth_log */
-	void		*jpake_ctx;
 #ifdef BSD_AUTH
 	auth_session_t	*as;
 #endif
@@ -79,6 +81,9 @@
 	char		*krb5_ticket_file;
 #endif
 	void		*methoddata;
+
+	struct sshkey	**prev_userkeys;
+	u_int		 nprev_userkeys;
 };
 /*
  * Every authentication method has to handle authentication requests for
@@ -132,6 +137,8 @@
 int	 user_key_allowed(struct passwd *, Key *);
 void	 pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
 	    __attribute__((__format__ (printf, 3, 4)));
+void	 auth2_record_userkey(Authctxt *, struct sshkey *);
+int	 auth2_userkey_already_used(Authctxt *, struct sshkey *);
 
 #ifdef KRB4
 #include <krb.h>
@@ -165,6 +172,7 @@
 	    __attribute__((__format__ (printf, 2, 3)))
 	    __attribute__((__nonnull__ (2)));
 void	auth_log(Authctxt *, int, int, const char *, const char *);
+void	auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
 void	userauth_finish(Authctxt *, int, const char *, const char *);
 int	auth_root_allowed(const char *);
 
@@ -183,9 +191,6 @@
 int	skey_query(void *, char **, char **, u_int *, char ***, u_int **);
 int	skey_respond(void *, u_int, char **);
 
-void	auth2_jpake_get_pwdata(Authctxt *, BIGNUM **, char **, char **);
-void	auth2_jpake_stop(Authctxt *);
-
 int	allowed_user(struct passwd *);
 struct passwd * getpwnamallow(const char *user);
 
@@ -205,12 +210,13 @@
 
 /* hostkey handling */
 Key	*get_hostkey_by_index(int);
-Key	*get_hostkey_public_by_index(int);
-Key	*get_hostkey_public_by_type(int);
-Key	*get_hostkey_private_by_type(int);
-int	 get_hostkey_index(Key *);
+Key	*get_hostkey_public_by_index(int, struct ssh *);
+Key	*get_hostkey_public_by_type(int, int, struct ssh *);
+Key	*get_hostkey_private_by_type(int, int, struct ssh *);
+int	 get_hostkey_index(Key *, int, struct ssh *);
 int	 ssh1_session_key(BIGNUM *);
-void	 sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int);
+int	 sshd_hostkey_sign(Key *, Key *, u_char **, size_t *,
+	     const u_char *, size_t, u_int);
 
 /* debug messages during authentication */
 void	 auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
--- a/crypto/external/bsd/openssh/dist/auth1.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth1.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth1.c,v 1.8 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */
+/*	$NetBSD: auth1.c,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth1.c,v 1.8 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth1.c,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/queue.h>
 
@@ -27,6 +27,7 @@
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "compat.h"
 #include "key.h"
@@ -40,6 +41,7 @@
 #endif
 #include "monitor_wrap.h"
 #include "buffer.h"
+#include "pfilter.h"
 
 /* import */
 extern ServerOptions options;
@@ -137,7 +139,7 @@
 	/* Try authentication with the password. */
 	authenticated = PRIVSEP(auth_password(authctxt, password));
 
-	memset(password, 0, dlen);
+	explicit_bzero(password, dlen);
 	free(password);
 
 	return (authenticated);
@@ -287,7 +289,7 @@
 	response = packet_get_string(&dlen);
 	packet_check_eom();
 	authenticated = verify_response(authctxt, response);
-	memset(response, 'r', dlen);
+	explicit_bzero(response, dlen);
 	free(response);
 
 	return (authenticated);
@@ -378,7 +380,7 @@
 			    "configuration", authctxt->user);
 			len = buffer_len(&loginmsg);
 			buffer_append(&loginmsg, "\0", 1);
-			msg = buffer_ptr(&loginmsg);
+			msg = (char *)buffer_ptr(&loginmsg);
 			/* strip trailing newlines */
 			if (len > 0)
 				while (len > 0 && msg[--len] == '\n')
@@ -397,7 +399,7 @@
 			return;
 
 		if (++authctxt->failures >= options.max_authtries)
-			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+			auth_maxtries_exceeded(authctxt);
 
 		packet_start(SSH_SMSG_FAILURE);
 		packet_send();
@@ -444,6 +446,7 @@
 	else {
 		debug("do_authentication: invalid user %s", user);
 		authctxt->pw = fakepw();
+		pfilter_notify(1);
 	}
 
 	/* Configuration may have changed as a result of Match */
--- a/crypto/external/bsd/openssh/dist/auth2-chall.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-chall.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2-chall.c,v 1.5 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2-chall.c,v 1.38.2.1 2013/11/08 01:33:56 djm Exp $ */
+/*	$NetBSD: auth2-chall.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-chall.c,v 1.5 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2-chall.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 
 #include <stdio.h>
@@ -41,6 +41,7 @@
 #include "packet.h"
 #include "dispatch.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 
 /* import */    
@@ -48,7 +49,7 @@
 
 static int auth2_challenge_start(Authctxt *);
 static int send_userauth_info_request(Authctxt *);
-static void input_userauth_info_response(int, u_int32_t, void *);
+static int input_userauth_info_response(int, u_int32_t, void *);
 
 #ifdef BSD_AUTH
 extern KbdintDevice bsdauth_device;
@@ -122,7 +123,7 @@
 			    strlen(devices[i]->name));
 		}
 		buffer_append(&b, "\0", 1);
-		kbdintctxt->devices = xstrdup(buffer_ptr(&b));
+		kbdintctxt->devices = xstrdup((const char *)buffer_ptr(&b));
 		buffer_free(&b);
 	} else {
 		kbdintctxt->devices = xstrdup(devs);
@@ -149,7 +150,7 @@
 	if (kbdintctxt->device)
 		kbdint_reset_device(kbdintctxt);
 	free(kbdintctxt->devices);
-	bzero(kbdintctxt, sizeof(*kbdintctxt));
+	explicit_bzero(kbdintctxt, sizeof(*kbdintctxt));
 	free(kbdintctxt);
 }
 /* get next device */
@@ -279,7 +280,7 @@
 	return 1;
 }
 
-static void
+static int
 input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
@@ -313,7 +314,7 @@
 	res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
 
 	for (i = 0; i < nresp; i++) {
-		memset(response[i], 'r', strlen(response[i]));
+		explicit_bzero(response[i], strlen(response[i]));
 		free(response[i]);
 	}
 	free(response);
@@ -344,6 +345,7 @@
 	}
 	userauth_finish(authctxt, authenticated, "keyboard-interactive",
 	    devicename);
+	return 0;
 }
 
 void
--- a/crypto/external/bsd/openssh/dist/auth2-gss.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-gss.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2-gss.c,v 1.6 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
+/*	$NetBSD: auth2-gss.c,v 1.6.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-gss.c,v 1.6 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2-gss.c,v 1.6.4.1 2015/04/30 06:07:30 riz Exp $");
 
 #ifdef GSSAPI
 
@@ -40,6 +40,7 @@
 #include "log.h"
 #include "dispatch.h"
 #include "buffer.h"
+#include "misc.h"
 #include "servconf.h"
 #include "packet.h"
 #include "ssh-gss.h"
@@ -47,10 +48,10 @@
 
 extern ServerOptions options;
 
-static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
-static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
-static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
-static void input_gssapi_errtok(int, u_int32_t, void *);
+static int input_gssapi_token(int type, u_int32_t plen, void *ctxt);
+static int input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
+static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+static int input_gssapi_errtok(int, u_int32_t, void *);
 
 /*
  * We only support those mechanisms that we know about (ie ones that we know
@@ -62,7 +63,6 @@
 	gss_OID_desc goid = {0, NULL};
 	Gssctxt *ctxt = NULL;
 	int mechs;
-	gss_OID_set supported;
 	int present;
 	OM_uint32 ms;
 	u_int len;
@@ -77,7 +77,6 @@
 		return (0);
 	}
 
-	ssh_gssapi_supported_oids(&supported);
 	do {
 		mechs--;
 
@@ -90,15 +89,12 @@
 		    doid[1] == len - 2) {
 			goid.elements = doid + 2;
 			goid.length   = len - 2;
-			gss_test_oid_set_member(&ms, &goid, supported,
-			    &present);
+			ssh_gssapi_test_oid_supported(&ms, &goid, &present);
 		} else {
 			logit("Badly formed OID received");
 		}
 	} while (mechs > 0 && !present);
 
-	gss_release_oid_set(&ms, &supported);
-
 	if (!present) {
 		free(doid);
 		authctxt->server_caused_failure = 1;
@@ -130,7 +126,7 @@
 	return (0);
 }
 
-static void
+static int
 input_gssapi_token(int type, u_int32_t plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
@@ -182,9 +178,10 @@
 	}
 
 	gss_release_buffer(&min_status, &send_tok);
+	return 0;
 }
 
-static void
+static int
 input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
@@ -216,6 +213,7 @@
 	/* The client will have already moved on to the next auth */
 
 	gss_release_buffer(&maj_status, &send_tok);
+	return 0;
 }
 
 /*
@@ -224,7 +222,7 @@
  * which only enables it once the GSSAPI exchange is complete.
  */
 
-static void
+static int
 input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
@@ -248,9 +246,10 @@
 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
 	userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+	return 0;
 }
 
-static void
+static int
 input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
@@ -288,6 +287,7 @@
 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
 	userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+	return 0;
 }
 
 Authmethod method_gssapi = {
--- a/crypto/external/bsd/openssh/dist/auth2-hostbased.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-hostbased.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2-hostbased.c,v 1.5 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */
+/*	$NetBSD: auth2-hostbased.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-hostbased.c,v 1.5 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2-hostbased.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 
 #include <pwd.h>
@@ -37,6 +37,7 @@
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "compat.h"
 #include "key.h"
@@ -48,6 +49,7 @@
 #endif
 #include "monitor_wrap.h"
 #include "pathnames.h"
+#include "match.h"
 
 /* import */
 extern ServerOptions options;
@@ -101,6 +103,20 @@
 		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
+	if (key_type_plain(key->type) == KEY_RSA &&
+	    (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+		error("Refusing RSA key because peer uses unsafe "
+		    "signature format");
+		goto done;
+	}
+	if (match_pattern_list(sshkey_ssh_name(key),
+	    options.hostbased_key_types,
+	    strlen(options.hostbased_key_types), 0) != 1) {
+		logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
+		    __func__, sshkey_type(key));
+		goto done;
+	}
+
 	service = datafellows & SSH_BUG_HBSERVICE ? __UNCONST("ssh-userauth") :
 	    authctxt->service;
 	buffer_init(&b);
@@ -157,7 +173,7 @@
 	resolvedname = get_canonical_hostname(options.use_dns);
 	ipaddr = get_remote_ipaddr();
 
-	debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
+	debug2("%s: chost %s resolvedname %s ipaddr %s", __func__,
 	    chost, resolvedname, ipaddr);
 
 	if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
@@ -166,19 +182,27 @@
 	}
 
 	if (options.hostbased_uses_name_from_packet_only) {
-		if (auth_rhosts2(pw, cuser, chost, chost) == 0)
+		if (auth_rhosts2(pw, cuser, chost, chost) == 0) {
+			debug2("%s: auth_rhosts2 refused "
+			    "user \"%.100s\" host \"%.100s\" (from packet)",
+			    __func__, cuser, chost);
 			return 0;
+		}
 		lookup = chost;
 	} else {
 		if (strcasecmp(resolvedname, chost) != 0)
 			logit("userauth_hostbased mismatch: "
 			    "client sends %s, but we resolve %s to %s",
 			    chost, ipaddr, resolvedname);
-		if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)
+		if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) {
+			debug2("%s: auth_rhosts2 refused "
+			    "user \"%.100s\" host \"%.100s\" addr \"%.100s\"",
+			    __func__, cuser, resolvedname, ipaddr);
 			return 0;
+		}
 		lookup = resolvedname;
 	}
-	debug2("userauth_hostbased: access allowed by auth_rhosts2");
+	debug2("%s: access allowed by auth_rhosts2", __func__);
 
 	if (key_is_cert(key) && 
 	    key_cert_check_authority(key, 1, 0, lookup, &reason)) {
@@ -201,14 +225,17 @@
 
 	if (host_status == HOST_OK) {
 		if (key_is_cert(key)) {
-			fp = key_fingerprint(key->cert->signature_key,
-			    SSH_FP_MD5, SSH_FP_HEX);
+			if ((fp = sshkey_fingerprint(key->cert->signature_key,
+			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+				fatal("%s: sshkey_fingerprint fail", __func__);
 			verbose("Accepted certificate ID \"%s\" signed by "
 			    "%s CA %s from %s@%s", key->cert->key_id,
 			    key_type(key->cert->signature_key), fp,
 			    cuser, lookup);
 		} else {
-			fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+			if ((fp = sshkey_fingerprint(key,
+			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+				fatal("%s: sshkey_fingerprint fail", __func__);
 			verbose("Accepted %s public key %s from %s@%s",
 			    key_type(key), fp, cuser, lookup);
 		}
--- a/crypto/external/bsd/openssh/dist/auth2-jpake.c	Wed Apr 29 20:35:02 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,564 +0,0 @@
-/*	$NetBSD: auth2-jpake.c,v 1.6 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2-jpake.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
-/*
- * Copyright (c) 2008 Damien Miller.  All rights reserved.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Server side of zero-knowledge password auth using J-PAKE protocol
- * as described in:
- *
- * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
- * 16th Workshop on Security Protocols, Cambridge, April 2008
- *
- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
- */
-
-#ifdef JPAKE
-
-#include <sys/types.h>
-#include <sys/param.h>
-
-#include <pwd.h>
-#include <stdio.h>
-#include <string.h>
-#include <login_cap.h>
-
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-
-#include "xmalloc.h"
-#include "ssh2.h"
-#include "key.h"
-#include "hostfile.h"
-#include "auth.h"
-#include "buffer.h"
-#include "packet.h"
-#include "dispatch.h"
-#include "log.h"
-#include "servconf.h"
-#include "auth-options.h"
-#include "canohost.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
-
-#include "schnorr.h"
-#include "jpake.h"
-
-/*
- * XXX options->permit_empty_passwd (at the moment, they will be refused
- * anyway because they will mismatch on fake salt.
- */
-
-/* Dispatch handlers */
-static void input_userauth_jpake_client_step1(int, u_int32_t, void *);
-static void input_userauth_jpake_client_step2(int, u_int32_t, void *);
-static void input_userauth_jpake_client_confirm(int, u_int32_t, void *);
-
-static int auth2_jpake_start(Authctxt *);
-
-/* import */
-extern ServerOptions options;
-extern u_char *session_id2;
-extern u_int session_id2_len;
-
-/*
- * Attempt J-PAKE authentication.
- */
-static int
-userauth_jpake(Authctxt *authctxt)
-{
-	int authenticated = 0;
-
-	packet_check_eom();
-
-	debug("jpake-01@openssh.com requested");
-
-	if (authctxt->user != NULL) {
-		if (authctxt->jpake_ctx == NULL)
-			authctxt->jpake_ctx = jpake_new();
-		if (options.zero_knowledge_password_authentication)
-			authenticated = auth2_jpake_start(authctxt);
-	}
-
-	return authenticated;
-}
-
-Authmethod method_jpake = {
-	"jpake-01@openssh.com",
-	userauth_jpake,
-	&options.zero_knowledge_password_authentication
-};
-
-/* Clear context and callbacks */
-void
-auth2_jpake_stop(Authctxt *authctxt)
-{
-	/* unregister callbacks */
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL);
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL);
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL);
-	if (authctxt->jpake_ctx != NULL) {
-		jpake_free(authctxt->jpake_ctx);
-		authctxt->jpake_ctx = NULL;
-	}
-}
-
-/* Returns 1 if 'c' is a valid crypt(3) salt character, 0 otherwise */
-static int
-valid_crypt_salt(int c)
-{
-	if (c >= 'A' && c <= 'Z')
-		return 1;
-	if (c >= 'a' && c <= 'z')
-		return 1;
-	if (c >= '.' && c <= '9')
-		return 1;
-	return 0;
-}
-
-/*
- * Derive fake salt as H(username || first_private_host_key)
- * This provides relatively stable fake salts for non-existent
- * users and avoids the jpake method becoming an account validity
- * oracle.
- */
-static void
-derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
-{
-	u_char *digest;
-	u_int digest_len;
-	Buffer b;
-	Key *k;
-
-	buffer_init(&b);
-	buffer_put_cstring(&b, username);
-	if ((k = get_hostkey_by_index(0)) == NULL ||
-	    (k->flags & KEY_FLAG_EXT))
-		fatal("%s: no hostkeys", __func__);
-	switch (k->type) {
-	case KEY_RSA1:
-	case KEY_RSA:
-		if (k->rsa->p == NULL || k->rsa->q == NULL)
-			fatal("%s: RSA key missing p and/or q", __func__);
-		buffer_put_bignum2(&b, k->rsa->p);
-		buffer_put_bignum2(&b, k->rsa->q);
-		break;
-	case KEY_DSA:
-		if (k->dsa->priv_key == NULL)
-			fatal("%s: DSA key missing priv_key", __func__);
-		buffer_put_bignum2(&b, k->dsa->priv_key);
-		break;
-	case KEY_ECDSA:
-		if (EC_KEY_get0_private_key(k->ecdsa) == NULL)
-			fatal("%s: ECDSA key missing priv_key", __func__);
-		buffer_put_bignum2(&b, EC_KEY_get0_private_key(k->ecdsa));
-		break;
-	default:
-		fatal("%s: unknown key type %d", __func__, k->type);
-	}
-	if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
-	    &digest, &digest_len) != 0)
-		fatal("%s: hash_buffer", __func__);
-	buffer_free(&b);
-	if (len > digest_len)
-		fatal("%s: not enough bytes for rawsalt (want %u have %u)",
-		    __func__, len, digest_len);
-	memcpy(rawsalt, digest, len);
-	bzero(digest, digest_len);
-	free(digest);
-}
-
-/* ASCII an integer [0, 64) for inclusion in a password/salt */
-static char
-pw_encode64(u_int i64)
-{
-	const u_char e64[] =
-	    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-	return e64[i64 % 64];
-}
-
-/* Generate ASCII salt bytes for user */
-static char *
-makesalt(u_int want, const char *user)
-{
-	u_char rawsalt[32];
-	static char ret[33];
-	u_int i;
-
-	if (want > sizeof(ret) - 1)
-		fatal("%s: want %u", __func__, want);
-
-	derive_rawsalt(user, rawsalt, sizeof(rawsalt));
-	bzero(ret, sizeof(ret));
-	for (i = 0; i < want; i++)
-		ret[i] = pw_encode64(rawsalt[i]);
-	bzero(rawsalt, sizeof(rawsalt));
-
-	return ret;
-}
-
-/*
- * Select the system's default password hashing scheme and generate
- * a stable fake salt under it for use by a non-existent account.
- * Prevents jpake method being used to infer the validity of accounts.
- */
-static void
-fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme)
-{
-	char *rounds_s, *style;
-	long long rounds;
-	login_cap_t *lc;
-
-
-	if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL &&
-	    (lc = login_getclass(NULL)) == NULL)
-		fatal("%s: login_getclass failed", __func__);
-	style = login_getcapstr(lc, "localcipher", NULL, NULL);
-	if (style == NULL)
-		style = xstrdup("blowfish,6");
-	login_close(lc);
-	
-	if ((rounds_s = strchr(style, ',')) != NULL)
-		*rounds_s++ = '\0';
-	rounds = strtonum(rounds_s, 1, 1<<31, NULL);
-	
-	if (strcmp(style, "md5") == 0) {
-		xasprintf(salt, "$1$%s$", makesalt(8, authctxt->user));
-		*scheme = xstrdup("md5");
-	} else if (strcmp(style, "old") == 0) {
-		*salt = xstrdup(makesalt(2, authctxt->user));
-		*scheme = xstrdup("crypt");
-	} else if (strcmp(style, "newsalt") == 0) {
-		rounds = MAX(rounds, 7250);
-		rounds = MIN(rounds, (1<<24) - 1);
-		xasprintf(salt, "_%c%c%c%c%s",
-		    pw_encode64(rounds), pw_encode64(rounds >> 6),
-		    pw_encode64(rounds >> 12), pw_encode64(rounds >> 18),
-		    makesalt(4, authctxt->user));
-		*scheme = xstrdup("crypt-extended");
-	} else {
-		/* Default to blowfish */
-		rounds = MAX(rounds, 3);
-		rounds = MIN(rounds, 31);
-		xasprintf(salt, "$2a$%02lld$%s", rounds,
-		    makesalt(22, authctxt->user));
-		*scheme = xstrdup("bcrypt");
-	}
-	free(style);
-	debug3("%s: fake %s salt for user %s: %s",
-	    __func__, *scheme, authctxt->user, *salt);
-}
-
-/*
- * Fetch password hashing scheme, password salt and derive shared secret
- * for user. If user does not exist, a fake but stable and user-unique
- * salt will be returned.
- */
-void
-auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
-    char **hash_scheme, char **salt)
-{
-	char *cp;
-	u_char *secret;
-	u_int secret_len, salt_len;
-
-#ifdef JPAKE_DEBUG
-	debug3("%s: valid %d pw %.5s...", __func__,
-	    authctxt->valid, authctxt->pw->pw_passwd);
-#endif
-
-	*salt = NULL;
-	*hash_scheme = NULL;
-	if (authctxt->valid) {
-		if (strncmp(authctxt->pw->pw_passwd, "$2$", 3) == 0 &&
-		    strlen(authctxt->pw->pw_passwd) > 28) {
-			/*
-			 * old-variant bcrypt:
-			 *     "$2$", 2 digit rounds, "$", 22 bytes salt
-			 */
-			salt_len = 3 + 2 + 1 + 22 + 1;
-			*salt = xmalloc(salt_len);
-			strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
-			*hash_scheme = xstrdup("bcrypt");
-		} else if (strncmp(authctxt->pw->pw_passwd, "$2a$", 4) == 0 &&
-		    strlen(authctxt->pw->pw_passwd) > 29) {
-			/*
-			 * current-variant bcrypt:
-			 *     "$2a$", 2 digit rounds, "$", 22 bytes salt
-			 */
-			salt_len = 4 + 2 + 1 + 22 + 1;
-			*salt = xmalloc(salt_len);
-			strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
-			*hash_scheme = xstrdup("bcrypt");
-		} else if (strncmp(authctxt->pw->pw_passwd, "$1$", 3) == 0 &&
-		    strlen(authctxt->pw->pw_passwd) > 5) {
-			/*
-			 * md5crypt:
-			 *     "$1$", salt until "$"
-			 */
-			cp = strchr(authctxt->pw->pw_passwd + 3, '$');
-			if (cp != NULL) {
-				salt_len = (cp - authctxt->pw->pw_passwd) + 1;
-				*salt = xmalloc(salt_len);
-				strlcpy(*salt, authctxt->pw->pw_passwd,
-				    salt_len);
-				*hash_scheme = xstrdup("md5crypt");
-			}
-		} else if (strncmp(authctxt->pw->pw_passwd, "_", 1) == 0 &&
-		    strlen(authctxt->pw->pw_passwd) > 9) {
-			/*
-			 * BSDI extended crypt:
-			 *     "_", 4 digits count, 4 chars salt
-			 */
-			salt_len = 1 + 4 + 4 + 1;
-			*salt = xmalloc(salt_len);
-			strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
-			*hash_scheme = xstrdup("crypt-extended");
-		} else if (strlen(authctxt->pw->pw_passwd) == 13  &&
-		    valid_crypt_salt(authctxt->pw->pw_passwd[0]) &&
-		    valid_crypt_salt(authctxt->pw->pw_passwd[1])) {
-			/*
-			 * traditional crypt:
-			 *     2 chars salt
-			 */
-			salt_len = 2 + 1;
-			*salt = xmalloc(salt_len);
-			strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
-			*hash_scheme = xstrdup("crypt");
-		}
-		if (*salt == NULL) {
-			debug("%s: unrecognised crypt scheme for user %s",
-			    __func__, authctxt->pw->pw_name);
-		}
-	}
-	if (*salt == NULL)
-		fake_salt_and_scheme(authctxt, salt, hash_scheme);
-
-	if (hash_buffer(authctxt->pw->pw_passwd,
-	    strlen(authctxt->pw->pw_passwd), EVP_sha256(),
-	    &secret, &secret_len) != 0)
-		fatal("%s: hash_buffer", __func__);
-	if ((*s = BN_bin2bn(secret, secret_len, NULL)) == NULL)
-		fatal("%s: BN_bin2bn (secret)", __func__);
-#ifdef JPAKE_DEBUG
-	debug3("%s: salt = %s (len %u)", __func__,
-	    *salt, (u_int)strlen(*salt));
-	debug3("%s: scheme = %s", __func__, *hash_scheme);
-	JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
-#endif
-	bzero(secret, secret_len);
-	free(secret);
-}
-
-/*
- * Begin authentication attempt.
- * Note, sets authctxt->postponed while in subprotocol
- */
-static int
-auth2_jpake_start(Authctxt *authctxt)
-{
-	struct jpake_ctx *pctx = authctxt->jpake_ctx;
-	u_char *x3_proof, *x4_proof;
-	u_int x3_proof_len, x4_proof_len;
-	char *salt, *hash_scheme;
-
-	debug("%s: start", __func__);
-
-	PRIVSEP(jpake_step1(pctx->grp,
-	    &pctx->server_id, &pctx->server_id_len,
-	    &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
-	    &x3_proof, &x3_proof_len,
-	    &x4_proof, &x4_proof_len));
-
-	PRIVSEP(auth2_jpake_get_pwdata(authctxt, &pctx->s,
-	    &hash_scheme, &salt));
-
-	if (!use_privsep)
-		JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
-
-	packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1);
-	packet_put_cstring(hash_scheme);
-	packet_put_cstring(salt);
-	packet_put_string(pctx->server_id, pctx->server_id_len);
-	packet_put_bignum2(pctx->g_x3);
-	packet_put_bignum2(pctx->g_x4);
-	packet_put_string(x3_proof, x3_proof_len);
-	packet_put_string(x4_proof, x4_proof_len);
-	packet_send();
-	packet_write_wait();
-
-	bzero(hash_scheme, strlen(hash_scheme));
-	bzero(salt, strlen(salt));
-	free(hash_scheme);
-	free(salt);
-	bzero(x3_proof, x3_proof_len);
-	bzero(x4_proof, x4_proof_len);
-	free(x3_proof);
-	free(x4_proof);
-
-	/* Expect step 1 packet from peer */
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1,
-	    input_userauth_jpake_client_step1);
-
-	authctxt->postponed = 1;
-	return 0;
-}
-
-/* ARGSUSED */
-static void
-input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
-{
-	Authctxt *authctxt = ctxt;
-	struct jpake_ctx *pctx = authctxt->jpake_ctx;
-	u_char *x1_proof, *x2_proof, *x4_s_proof;
-	u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
-
-	/* Disable this message */
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL);
-
-	/* Fetch step 1 values */
-	if ((pctx->g_x1 = BN_new()) == NULL ||
-	    (pctx->g_x2 = BN_new()) == NULL)
-		fatal("%s: BN_new", __func__);
-	pctx->client_id = packet_get_string(&pctx->client_id_len);
-	packet_get_bignum2(pctx->g_x1);
-	packet_get_bignum2(pctx->g_x2);
-	x1_proof = packet_get_string(&x1_proof_len);
-	x2_proof = packet_get_string(&x2_proof_len);
-	packet_check_eom();
-
-	if (!use_privsep)
-		JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
-
-	PRIVSEP(jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
-	    pctx->g_x1, pctx->g_x2, pctx->x4,
-	    pctx->client_id, pctx->client_id_len,
-	    pctx->server_id, pctx->server_id_len,
-	    x1_proof, x1_proof_len,
-	    x2_proof, x2_proof_len,
-	    &pctx->b,
-	    &x4_s_proof, &x4_s_proof_len));
-
-	bzero(x1_proof, x1_proof_len);
-	bzero(x2_proof, x2_proof_len);
-	free(x1_proof);
-	free(x2_proof);
-
-	if (!use_privsep)
-		JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
-
-	/* Send values for step 2 */
-	packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2);
-	packet_put_bignum2(pctx->b);
-	packet_put_string(x4_s_proof, x4_s_proof_len);
-	packet_send();
-	packet_write_wait();
-
-	bzero(x4_s_proof, x4_s_proof_len);
-	free(x4_s_proof);
-
-	/* Expect step 2 packet from peer */
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2,
-	    input_userauth_jpake_client_step2);
-}
-
-/* ARGSUSED */
-static void
-input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt)
-{
-	Authctxt *authctxt = ctxt;
-	struct jpake_ctx *pctx = authctxt->jpake_ctx;
-	u_char *x2_s_proof;
-	u_int x2_s_proof_len;
-
-	/* Disable this message */
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL);
-
-	if ((pctx->a = BN_new()) == NULL)
-		fatal("%s: BN_new", __func__);
-
-	/* Fetch step 2 values */
-	packet_get_bignum2(pctx->a);
-	x2_s_proof = packet_get_string(&x2_s_proof_len);
-	packet_check_eom();
-
-	if (!use_privsep)
-		JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
-
-	/* Derive shared key and calculate confirmation hash */
-	PRIVSEP(jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
-	    pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
-	    pctx->server_id, pctx->server_id_len,
-	    pctx->client_id, pctx->client_id_len,
-	    session_id2, session_id2_len,
-	    x2_s_proof, x2_s_proof_len,
-	    &pctx->k,
-	    &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
-
-	bzero(x2_s_proof, x2_s_proof_len);
-	free(x2_s_proof);
-
-	if (!use_privsep)
-		JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
-
-	/* Send key confirmation proof */
-	packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM);
-	packet_put_string(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
-	packet_send();
-	packet_write_wait();
-
-	/* Expect confirmation from peer */
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM,
-	    input_userauth_jpake_client_confirm);
-}
-
-/* ARGSUSED */
-static void
-input_userauth_jpake_client_confirm(int type, u_int32_t seq, void *ctxt)
-{
-	Authctxt *authctxt = ctxt;
-	struct jpake_ctx *pctx = authctxt->jpake_ctx;
-	int authenticated = 0;
-
-	/* Disable this message */
-	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL);
-
-	pctx->h_k_cid_sessid = packet_get_string(&pctx->h_k_cid_sessid_len);
-	packet_check_eom();
-
-	if (!use_privsep)
-		JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
-
-	/* Verify expected confirmation hash */
-	if (PRIVSEP(jpake_check_confirm(pctx->k,
-	    pctx->client_id, pctx->client_id_len,
-	    session_id2, session_id2_len,
-	    pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len)) == 1)
-		authenticated = authctxt->valid ? 1 : 0;
-	else
-		debug("%s: confirmation mismatch", __func__);
-		
-	/* done */
-	authctxt->postponed = 0;
-	jpake_free(authctxt->jpake_ctx);
-	authctxt->jpake_ctx = NULL;
-	userauth_finish(authctxt, authenticated, method_jpake.name, NULL);
-}
-
-#endif /* JPAKE */
-
--- a/crypto/external/bsd/openssh/dist/auth2-kbdint.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-kbdint.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2-kbdint.c,v 1.3 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2-kbdint.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
+/*	$NetBSD: auth2-kbdint.c,v 1.3.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth2-kbdint.c,v 1.7 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-kbdint.c,v 1.3 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2-kbdint.c,v 1.3.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 
 #include "xmalloc.h"
@@ -35,6 +35,7 @@
 #include "auth.h"
 #include "log.h"
 #include "buffer.h"
+#include "misc.h"
 #include "servconf.h"
 
 /* import */
--- a/crypto/external/bsd/openssh/dist/auth2-krb5.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-krb5.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-krb5.c,v 1.2 2013/11/08 19:18:24 christos Exp $	*/
+/*	$NetBSD: auth2-krb5.c,v 1.2.4.1 2015/04/30 06:07:30 riz Exp $	*/
 /*
  * Copyright (c) 2003 Markus Friedl.  All rights reserved.
  *
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-krb5.c,v 1.2 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2-krb5.c,v 1.2.4.1 2015/04/30 06:07:30 riz Exp $");
 
 #include <krb5.h>
 #include <stdio.h>
@@ -41,6 +41,7 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
+#include "misc.h"
 #include "servconf.h"
 
 /* import */
--- a/crypto/external/bsd/openssh/dist/auth2-none.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-none.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2-none.c,v 1.3 2010/11/21 18:29:48 adam Exp $	*/
-/* $OpenBSD: auth2-none.c,v 1.16 2010/06/25 08:46:17 djm Exp $ */
+/*	$NetBSD: auth2-none.c,v 1.3.26.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth2-none.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,8 +25,10 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-none.c,v 1.3 2010/11/21 18:29:48 adam Exp $");
+__RCSID("$NetBSD: auth2-none.c,v 1.3.26.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
+#include <stdarg.h>
+#include <stdio.h>
 
 #include "xmalloc.h"
 #include "key.h"
@@ -35,6 +37,7 @@
 #include "packet.h"
 #include "log.h"
 #include "buffer.h"
+#include "misc.h"
 #include "servconf.h"
 #include "compat.h"
 #include "ssh2.h"
--- a/crypto/external/bsd/openssh/dist/auth2-passwd.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-passwd.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2-passwd.c,v 1.3 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */
+/*	$NetBSD: auth2-passwd.c,v 1.3.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-passwd.c,v 1.3 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2-passwd.c,v 1.3.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 
 #include <string.h>
@@ -42,6 +42,7 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
+#include "misc.h"
 #include "servconf.h"
 
 /* import */
@@ -60,7 +61,7 @@
 	if (change) {
 		/* discard new password from packet */
 		newpass = packet_get_string(&newlen);
-		memset(newpass, 0, newlen);
+		explicit_bzero(newpass, newlen);
 		free(newpass);
 	}
 	packet_check_eom();
@@ -69,7 +70,7 @@
 		logit("password change not supported");
 	else if (PRIVSEP(auth_password(authctxt, password)) == 1)
 		authenticated = 1;
-	memset(password, 0, len);
+	explicit_bzero(password, len);
 	free(password);
 	return authenticated;
 }
--- a/crypto/external/bsd/openssh/dist/auth2-pubkey.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-pubkey.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.9 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */
+/*	$NetBSD: auth2-pubkey.c,v 1.9.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth2-pubkey.c,v 1.47 2015/02/17 00:14:05 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.9 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.9.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
@@ -40,6 +40,7 @@
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
+#include <limits.h>
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -47,6 +48,7 @@
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "compat.h"
 #include "key.h"
@@ -60,9 +62,9 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
-#include "misc.h"
 #include "authfile.h"
 #include "match.h"
+#include "digest.h"
 
 #ifdef WITH_LDAP_PUBKEY
 #include "ldapauth.h"
@@ -119,6 +121,23 @@
 		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
+	if (key_type_plain(key->type) == KEY_RSA &&
+	    (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+		logit("Refusing RSA key because client uses unsafe "
+		    "signature scheme");
+		goto done;
+	}
+	if (auth2_userkey_already_used(authctxt, key)) {
+		logit("refusing previously-used %s key", key_type(key));
+		goto done;
+	}
+	if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types,
+	    strlen(options.pubkey_key_types), 0) != 1) {
+		logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
+		    __func__, sshkey_ssh_name(key));
+		goto done;
+	}
+
 	if (have_sig) {
 		sig = packet_get_string(&slen);
 		packet_check_eom();
@@ -156,8 +175,12 @@
 		authenticated = 0;
 		if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
 		    PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
-		    buffer_len(&b))) == 1)
+		    buffer_len(&b))) == 1) {
 			authenticated = 1;
+			/* Record the successful key to prevent reuse */
+			auth2_record_userkey(authctxt, key);
+			key = NULL; /* Don't free below */
+		}
 		buffer_free(&b);
 		free(sig);
 	} else {
@@ -209,17 +232,20 @@
 	}
 
 	if (key_is_cert(key)) {
-		fp = key_fingerprint(key->cert->signature_key,
-		    SSH_FP_MD5, SSH_FP_HEX);
+		fp = sshkey_fingerprint(key->cert->signature_key,
+		    options.fingerprint_hash, SSH_FP_DEFAULT);
 		auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", 
 		    key_type(key), key->cert->key_id,
 		    (unsigned long long)key->cert->serial,
-		    key_type(key->cert->signature_key), fp,
+		    key_type(key->cert->signature_key),
+		    fp == NULL ? "(null)" : fp,
 		    extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
 		free(fp);
 	} else {
-		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-		auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
+		fp = sshkey_fingerprint(key, options.fingerprint_hash,
+		    SSH_FP_DEFAULT);
+		auth_info(authctxt, "%s %s%s%s", key_type(key),
+		    fp == NULL ? "(null)" : fp,
 		    extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
 		free(fp);
 	}
@@ -227,7 +253,7 @@
 }
 
 static int
-match_principals_option(const char *principal_list, struct KeyCert *cert)
+match_principals_option(const char *principal_list, struct sshkey_cert *cert)
 {
 	char *result;
 	u_int i;
@@ -247,7 +273,7 @@
 }
 
 static int
-match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
+match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert)
 {
 	FILE *f;
 	char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
@@ -367,7 +393,7 @@
 				auth_parse_options(pw, xoptions, file, linenum) == 1) {
 			    found_key = 1;
 			    debug("[LDAP] matching key found");
-			    fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+			    fp = sshkey_fingerprint(found, SSH_FP_HASH_DEFAULT, SSH_FP_HEX);
 			    verbose("[LDAP] Found matching %s key: %s", key_type(found), fp);
 
 			    /* restoring memory */
@@ -439,8 +465,9 @@
 				continue;
 			if (!key_is_cert_authority)
 				continue;
-			fp = key_fingerprint(found, SSH_FP_MD5,
-			    SSH_FP_HEX);
+			if ((fp = sshkey_fingerprint(found,
+			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+				continue;
 			debug("matching CA found: file %s, line %lu, %s %s",
 			    file, linenum, key_type(found), fp);
 			/*
@@ -479,11 +506,13 @@
 				continue;
 			if (key_is_cert_authority)
 				continue;
-			found_key = 1;
-			fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+			if ((fp = sshkey_fingerprint(found,
+			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+				continue;
 			debug("matching key found: file %s, line %lu %s %s",
 			    file, linenum, key_type(found), fp);
 			free(fp);
+			found_key = 1;
 			break;
 		}
 	}
@@ -505,11 +534,12 @@
 	if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
 		return 0;
 
-	ca_fp = key_fingerprint(key->cert->signature_key,
-	    SSH_FP_MD5, SSH_FP_HEX);
+	if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
+	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+		return 0;
 
-	if (key_in_file(key->cert->signature_key,
-	    options.trusted_user_ca_keys, 1) != 1) {
+	if (sshkey_in_file(key->cert->signature_key,
+	    options.trusted_user_ca_keys, 1, 0) != 0) {
 		debug2("%s: CA %s %s is not listed in %s", __func__,
 		    key_type(key->cert->signature_key), ca_fp,
 		    options.trusted_user_ca_keys);
@@ -754,6 +784,35 @@
 	return success;
 }
 
+/* Records a public key in the list of previously-successful keys */
+void
+auth2_record_userkey(Authctxt *authctxt, struct sshkey *key)
+{
+	struct sshkey **tmp;
+
+	if (authctxt->nprev_userkeys >= INT_MAX ||
+	    (tmp = reallocarray(authctxt->prev_userkeys,
+	    authctxt->nprev_userkeys + 1, sizeof(*tmp))) == NULL)
+		fatal("%s: reallocarray failed", __func__);
+	authctxt->prev_userkeys = tmp;
+	authctxt->prev_userkeys[authctxt->nprev_userkeys] = key;
+	authctxt->nprev_userkeys++;
+}
+
+/* Checks whether a key has already been used successfully for authentication */
+int
+auth2_userkey_already_used(Authctxt *authctxt, struct sshkey *key)
+{
+	u_int i;
+
+	for (i = 0; i < authctxt->nprev_userkeys; i++) {
+		if (sshkey_equal_public(key, authctxt->prev_userkeys[i])) {
+			return 1;
+		}
+	}
+	return 0;
+}
+
 Authmethod method_pubkey = {
 	"publickey",
 	userauth_pubkey,
--- a/crypto/external/bsd/openssh/dist/auth2.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2.c,v 1.8 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2.c,v 1.126 2012/12/02 20:34:09 djm Exp $ */
+/*	$NetBSD: auth2.c,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2.c,v 1.8 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2.c,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/uio.h>
@@ -42,6 +42,7 @@
 #include "packet.h"
 #include "log.h"
 #include "buffer.h"
+#include "misc.h"
 #include "servconf.h"
 #include "compat.h"
 #include "key.h"
@@ -51,6 +52,7 @@
 #include "pathnames.h"
 #include "buffer.h"
 #include "canohost.h"
+#include "pfilter.h"
 
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -77,9 +79,6 @@
 #ifdef GSSAPI
 extern Authmethod method_gssapi;
 #endif
-#ifdef JPAKE
-extern Authmethod method_jpake;
-#endif
 
 static int log_flag = 0;
 
@@ -89,9 +88,6 @@
 #ifdef GSSAPI
 	&method_gssapi,
 #endif
-#ifdef JPAKE
-	&method_jpake,
-#endif
 	&method_passwd,
 	&method_kbdint,
 	&method_hostbased,
@@ -103,8 +99,8 @@
 
 /* protocol */
 
-static void input_service_request(int, u_int32_t, void *);
-static void input_userauth_request(int, u_int32_t, void *);
+static int input_service_request(int, u_int32_t, void *);
+static int input_userauth_request(int, u_int32_t, void *);
 
 /* helper */
 static Authmethod *authmethod_lookup(Authctxt *, const char *);
@@ -167,9 +163,7 @@
 {
 	char *banner = NULL;
 
-	if (options.banner == NULL ||
-	    strcasecmp(options.banner, "none") == 0 ||
-	    (datafellows & SSH_BUG_BANNER) != 0)
+	if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0)
 		return;
 
 	if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
@@ -192,7 +186,7 @@
 }
 
 /*ARGSUSED*/
-static void
+static int
 input_service_request(int type, u_int32_t seq, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
@@ -223,10 +217,11 @@
 		packet_disconnect("bad service request %s", service);
 	}
 	free(service);
+	return 0;
 }
 
 /*ARGSUSED*/
-static void
+static int
 input_userauth_request(int type, u_int32_t seq, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
@@ -261,6 +256,7 @@
 		} else {
 			logit("input_userauth_request: invalid user %s", user);
 			authctxt->pw = fakepw();
+			pfilter_notify(1);
 		}
 #ifdef USE_PAM
 		if (options.use_pam)
@@ -283,9 +279,6 @@
 	}
 	/* reset state */
 	auth2_challenge_stop(authctxt);
-#ifdef JPAKE
-	auth2_jpake_stop(authctxt);
-#endif
 
 #ifdef GSSAPI
 	/* XXX move to auth2_gssapi_stop() */
@@ -307,6 +300,7 @@
 	free(service);
 	free(user);
 	free(method);
+	return 0;
 }
 
 void
@@ -337,7 +331,7 @@
 			/* if PAM returned a message, send it to the user */
 			if (buffer_len(&loginmsg) > 0) {
 				buffer_append(&loginmsg, "\0", 1);
-				userauth_send_banner(buffer_ptr(&loginmsg));
+				userauth_send_banner((const char *)buffer_ptr(&loginmsg));
 				packet_write_wait();
 			}
 			fatal("Access denied for user %s by PAM account "
@@ -369,15 +363,11 @@
 		authctxt->success = 1;
 	} else {
 		/* Allow initial try of "none" auth without failure penalty */
-		if (!authctxt->server_caused_failure &&
+		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
-		if (authctxt->failures >= options.max_authtries) {
-			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
-#ifdef SSH_AUDIT_EVENTS
-			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
-#endif
-		}
+		if (authctxt->failures >= options.max_authtries)
+			auth_maxtries_exceeded(authctxt);
 		methods = authmethods_get(authctxt);
 		debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
 		    partial, methods);
@@ -438,7 +428,7 @@
 		    strlen(authmethods[i]->name));
 	}
 	buffer_append(&b, "\0", 1);
-	list = xstrdup(buffer_ptr(&b));
+	list = xstrdup((const char *)buffer_ptr(&b));
 	buffer_free(&b);
 	return list;
 }
--- a/crypto/external/bsd/openssh/dist/authfd.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/authfd.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: authfd.c,v 1.6 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: authfd.c,v 1.87.2.1 2013/11/08 01:33:56 djm Exp $ */
+/*	$NetBSD: authfd.c,v 1.6.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: authfd.c,v 1.94 2015/01/14 20:05:27 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,137 +37,131 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: authfd.c,v 1.6 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: authfd.c,v 1.6.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/un.h>
 #include <sys/socket.h>
 
-#include <openssl/evp.h>
-
-#include <openssl/crypto.h>
 #include <fcntl.h>
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
 #include <unistd.h>
+#include <errno.h>
 
 #include "xmalloc.h"
 #include "ssh.h"
 #include "rsa.h"
-#include "buffer.h"
-#include "key.h"
+#include "sshbuf.h"
+#include "sshkey.h"
 #include "authfd.h"
 #include "cipher.h"
-#include "kex.h"
 #include "compat.h"
 #include "log.h"
 #include "atomicio.h"
 #include "misc.h"
-
-static int agent_present = 0;
+#include "ssherr.h"
 
-/* helper */
-int	decode_reply(int type);
+#define MAX_AGENT_IDENTITIES	2048		/* Max keys in agent reply */
+#define MAX_AGENT_REPLY_LEN	(256 * 1024) 	/* Max bytes in agent reply */
 
 /* macro to check for "agent failure" message */
 #define agent_failed(x) \
-    ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \
+    ((x == SSH_AGENT_FAILURE) || \
+    (x == SSH_COM_AGENT2_FAILURE) || \
     (x == SSH2_AGENT_FAILURE))
 
-int
-ssh_agent_present(void)
+/* Convert success/failure response from agent to a err.h status */
+static int
+decode_reply(u_char type)
 {
-	int authfd;
-
-	if (agent_present)
-		return 1;
-	if ((authfd = ssh_get_authentication_socket()) == -1)
+	if (agent_failed(type))
+		return SSH_ERR_AGENT_FAILURE;
+	else if (type == SSH_AGENT_SUCCESS)
 		return 0;
-	else {
-		ssh_close_authentication_socket(authfd);
-		return 1;
-	}
+	else
+		return SSH_ERR_INVALID_FORMAT;
 }
 
 /* Returns the number of the authentication fd, or -1 if there is none. */
-
 int
-ssh_get_authentication_socket(void)
+ssh_get_authentication_socket(int *fdp)
 {
 	const char *authsocket;
-	int sock;
+	int sock, oerrno;
 	struct sockaddr_un sunaddr;
 
+	if (fdp != NULL)
+		*fdp = -1;
+
 	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
 	if (!authsocket)
-		return -1;
+		return SSH_ERR_AGENT_NOT_PRESENT;
 
-	bzero(&sunaddr, sizeof(sunaddr));
+	memset(&sunaddr, 0, sizeof(sunaddr));
 	sunaddr.sun_family = AF_UNIX;
 	strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
 
-	sock = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (sock < 0)
-		return -1;
+	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
+		return SSH_ERR_SYSTEM_ERROR;
 
 	/* close on exec */
-	if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1) {
+	if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 ||
+	    connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
+		oerrno = errno;
 		close(sock);
-		return -1;
+		errno = oerrno;
+		return SSH_ERR_SYSTEM_ERROR;
 	}
-	if (connect(sock, (struct sockaddr *)(void *)&sunaddr, sizeof sunaddr) < 0) {
+	if (fdp != NULL)
+		*fdp = sock;
+	else
 		close(sock);
-		return -1;
-	}
-	agent_present = 1;
-	return sock;
+	return 0;
 }
 
+/* Communicate with agent: send request and read reply */
 static int
-ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
+ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
 {
-	u_int l, len;
+	int r;
+	size_t l, len;
 	char buf[1024];
 
 	/* Get the length of the message, and format it in the buffer. */
-	len = buffer_len(request);
+	len = sshbuf_len(request);
 	put_u32(buf, len);
 
 	/* Send the length and then the packet to the agent. */
-	if (atomicio(vwrite, auth->fd, buf, 4) != 4 ||
-	    atomicio(vwrite, auth->fd, buffer_ptr(request),
-	    buffer_len(request)) != buffer_len(request)) {
-		error("Error writing to authentication socket.");
-		return 0;
-	}
+	if (atomicio(vwrite, sock, buf, 4) != 4 ||
+	    atomicio(vwrite, sock, __UNCONST(sshbuf_ptr(request)),
+	    sshbuf_len(request)) != sshbuf_len(request))
+		return SSH_ERR_AGENT_COMMUNICATION;
 	/*
 	 * Wait for response from the agent.  First read the length of the
 	 * response packet.
 	 */
-	if (atomicio(read, auth->fd, buf, 4) != 4) {
-	    error("Error reading response length from authentication socket.");
-	    return 0;
-	}
+	if (atomicio(read, sock, buf, 4) != 4)
+	    return SSH_ERR_AGENT_COMMUNICATION;
 
 	/* Extract the length, and check it for sanity. */
 	len = get_u32(buf);
-	if (len > 256 * 1024)
-		fatal("Authentication response too long: %u", len);
+	if (len > MAX_AGENT_REPLY_LEN)
+		return SSH_ERR_INVALID_FORMAT;
 
 	/* Read the rest of the response in to the buffer. */
-	buffer_clear(reply);
+	sshbuf_reset(reply);
 	while (len > 0) {
 		l = len;
 		if (l > sizeof(buf))
 			l = sizeof(buf);
-		if (atomicio(read, auth->fd, buf, l) != l) {
-			error("Error reading response from authentication socket.");
-			return 0;
-		}
-		buffer_append(reply, buf, l);
+		if (atomicio(read, sock, buf, l) != l)
+			return SSH_ERR_AGENT_COMMUNICATION;
+		if ((r = sshbuf_put(reply, buf, l)) != 0)
+			return r;
 		len -= l;
 	}
-	return 1;
+	return 0;
 }
 
 /*
@@ -175,7 +169,6 @@
  * obtained).  The argument must have been returned by
  * ssh_get_authentication_socket().
  */
-
 void
 ssh_close_authentication_socket(int sock)
 {
@@ -183,80 +176,103 @@
 		close(sock);
 }
 
-/*
- * Opens and connects a private socket for communication with the
- * authentication agent.  Returns the file descriptor (which must be
- * shut down and closed by the caller when no longer needed).
- * Returns NULL if an error occurred and the connection could not be
- * opened.
- */
+/* Lock/unlock agent */
+int
+ssh_lock_agent(int sock, int lock, const char *password)
+{
+	int r;
+	u_char type = lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK;
+	struct sshbuf *msg;
 
-AuthenticationConnection *
-ssh_get_authentication_connection(void)
+	if ((msg = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_put_u8(msg, type)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, password)) != 0)
+		goto out;
+	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+		goto out;
+	if ((r = sshbuf_get_u8(msg, &type)) != 0)
+		goto out;
+	r = decode_reply(type);
+ out:
+	sshbuf_free(msg);
+	return r;
+}
+
+#ifdef WITH_SSH1
+static int
+deserialise_identity1(struct sshbuf *ids, struct sshkey **keyp, char **commentp)
 {
-	AuthenticationConnection *auth;
-	int sock;
+	struct sshkey *key;
+	int r, keybits;
+	u_int32_t bits;
+	char *comment = NULL;
 
-	sock = ssh_get_authentication_socket();
+	if ((key = sshkey_new(KEY_RSA1)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_get_u32(ids, &bits)) != 0 ||
+	    (r = sshbuf_get_bignum1(ids, key->rsa->e)) != 0 ||
+	    (r = sshbuf_get_bignum1(ids, key->rsa->n)) != 0 ||
+	    (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0)
+		goto out;
+	keybits = BN_num_bits(key->rsa->n);
+	/* XXX previously we just warned here. I think we should be strict */
+	if (keybits < 0 || bits != (u_int)keybits) {
+		r = SSH_ERR_KEY_BITS_MISMATCH;
+		goto out;
+	}
+	if (keyp != NULL) {
+		*keyp = key;
+		key = NULL;
+	}
+	if (commentp != NULL) {
+		*commentp = comment;
+		comment = NULL;
+	}
+	r = 0;
+ out:
+	sshkey_free(key);
+	free(comment);
+	return r;
+}
+#endif
 
-	/*
-	 * Fail if we couldn't obtain a connection.  This happens if we
-	 * exited due to a timeout.
-	 */
-	if (sock < 0)
-		return NULL;
+static int
+deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp)
+{
+	int r;
+	char *comment = NULL;
+	const u_char *blob;
+	size_t blen;
 
-	auth = xcalloc(1, sizeof(*auth));
-	auth->fd = sock;
-	buffer_init(&auth->identities);
-	auth->howmany = 0;
-
-	return auth;
+	if ((r = sshbuf_get_string_direct(ids, &blob, &blen)) != 0 ||
+	    (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0)
+		goto out;
+	if ((r = sshkey_from_blob(blob, blen, keyp)) != 0)
+		goto out;
+	if (commentp != NULL) {
+		*commentp = comment;
+		comment = NULL;
+	}
+	r = 0;
+ out:
+	free(comment);
+	return r;
 }
 
 /*
- * Closes the connection to the authentication agent and frees any associated
- * memory.
+ * Fetch list of identities held by the agent.
  */
-
-void
-ssh_close_authentication_connection(AuthenticationConnection *auth)
+int
+ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp)
 {
-	buffer_free(&auth->identities);
-	close(auth->fd);
-	free(auth);
-}
-
-/* Lock/unlock agent */
-int
-ssh_lock_agent(AuthenticationConnection *auth, int lock, const char *password)
-{
-	int type;
-	Buffer msg;
+	u_char type, code1 = 0, code2 = 0;
+	u_int32_t num, i;
+	struct sshbuf *msg;
+	struct ssh_identitylist *idl = NULL;
+	int r;
 
-	buffer_init(&msg);
-	buffer_put_char(&msg, lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK);
-	buffer_put_cstring(&msg, password);
-
-	if (ssh_request_reply(auth, &msg, &msg) == 0) {
-		buffer_free(&msg);
-		return 0;
-	}
-	type = buffer_get_char(&msg);
-	buffer_free(&msg);
-	return decode_reply(type);
-}
-
-/*
- * Returns the first authentication identity held by the agent.
- */
-
-int
-ssh_get_num_identities(AuthenticationConnection *auth, int version)
-{
-	int type, code1 = 0, code2 = 0;
-	Buffer request;
-
+	/* Determine request and expected response types */
 	switch (version) {
 	case 1:
 		code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES;
@@ -267,288 +283,283 @@
 		code2 = SSH2_AGENT_IDENTITIES_ANSWER;
 		break;
 	default:
-		return 0;
+		return SSH_ERR_INVALID_ARGUMENT;
 	}
 
 	/*
 	 * Send a message to the agent requesting for a list of the
 	 * identities it can represent.
 	 */
-	buffer_init(&request);
-	buffer_put_char(&request, code1);
+	if ((msg = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_put_u8(msg, code1)) != 0)
+		goto out;
 
-	buffer_clear(&auth->identities);
-	if (ssh_request_reply(auth, &request, &auth->identities) == 0) {
-		buffer_free(&request);
-		return 0;
-	}
-	buffer_free(&request);
+	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+		goto out;
 
 	/* Get message type, and verify that we got a proper answer. */
-	type = buffer_get_char(&auth->identities);
+	if ((r = sshbuf_get_u8(msg, &type)) != 0)
+		goto out;
 	if (agent_failed(type)) {
-		return 0;
+		r = SSH_ERR_AGENT_FAILURE;
+		goto out;
 	} else if (type != code2) {
-		fatal("Bad authentication reply message type: %d", type);
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
 	}
 
 	/* Get the number of entries in the response and check it for sanity. */
-	auth->howmany = buffer_get_int(&auth->identities);
-	if ((u_int)auth->howmany > 1024)
-		fatal("Too many identities in authentication reply: %d",
-		    auth->howmany);
-
-	return auth->howmany;
-}
+	if ((r = sshbuf_get_u32(msg, &num)) != 0)
+		goto out;
+	if (num > MAX_AGENT_IDENTITIES) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if (num == 0) {
+		r = SSH_ERR_AGENT_NO_IDENTITIES;
+		goto out;
+	}
 
-Key *
-ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version)
-{
-	/* get number of identities and return the first entry (if any). */
-	if (ssh_get_num_identities(auth, version) > 0)
-		return ssh_get_next_identity(auth, comment, version);
-	return NULL;
+	/* Deserialise the response into a list of keys/comments */
+	if ((idl = calloc(1, sizeof(*idl))) == NULL ||
+	    (idl->keys = calloc(num, sizeof(*idl->keys))) == NULL ||
+	    (idl->comments = calloc(num, sizeof(*idl->comments))) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	for (i = 0; i < num;) {
+		switch (version) {
+		case 1:
+#ifdef WITH_SSH1
+			if ((r = deserialise_identity1(msg,
+			    &(idl->keys[i]), &(idl->comments[i]))) != 0)
+				goto out;
+#endif
+			break;
+		case 2:
+			if ((r = deserialise_identity2(msg,
+			    &(idl->keys[i]), &(idl->comments[i]))) != 0) {
+				if (r == SSH_ERR_KEY_TYPE_UNKNOWN) {
+					/* Gracefully skip unknown key types */
+					num--;
+					continue;
+				} else
+					goto out;
+			}
+			break;
+		}
+		i++;
+	}
+	idl->nkeys = num;
+	*idlp = idl;
+	idl = NULL;
+	r = 0;
+ out:
+	sshbuf_free(msg);
+	if (idl != NULL)
+		ssh_free_identitylist(idl);
+	return r;
 }
 
-Key *
-ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
+void
+ssh_free_identitylist(struct ssh_identitylist *idl)
 {
-	int keybits;
-	u_int bits;
-	u_char *blob;
-	u_int blen;
-	Key *key = NULL;
-
-	/* Return failure if no more entries. */
-	if (auth->howmany <= 0)
-		return NULL;
+	size_t i;
 
-	/*
-	 * Get the next entry from the packet.  These will abort with a fatal
-	 * error if the packet is too short or contains corrupt data.
-	 */
-	switch (version) {
-	case 1:
-		key = key_new(KEY_RSA1);
-		bits = buffer_get_int(&auth->identities);
-		buffer_get_bignum(&auth->identities, key->rsa->e);
-		buffer_get_bignum(&auth->identities, key->rsa->n);
-		*comment = buffer_get_string(&auth->identities, NULL);
-		keybits = BN_num_bits(key->rsa->n);
-		if (keybits < 0 || bits != (u_int)keybits)
-			logit("Warning: identity keysize mismatch: actual %d, announced %u",
-			    BN_num_bits(key->rsa->n), bits);
-		break;
-	case 2:
-		blob = buffer_get_string(&auth->identities, &blen);
-		*comment = buffer_get_string(&auth->identities, NULL);
-		key = key_from_blob(blob, blen);
-		free(blob);
-		break;
-	default:
-		return NULL;
+	if (idl == NULL)
+		return;
+	for (i = 0; i < idl->nkeys; i++) {
+		if (idl->keys != NULL)
+			sshkey_free(idl->keys[i]);
+		if (idl->comments != NULL)
+			free(idl->comments[i]);
 	}
-	/* Decrement the number of remaining entries. */
-	auth->howmany--;
-	return key;
+	free(idl);
 }
 
 /*
- * Generates a random challenge, sends it to the agent, and waits for
- * response from the agent.  Returns true (non-zero) if the agent gave the
- * correct answer, zero otherwise.  Response type selects the style of
- * response desired, with 0 corresponding to protocol version 1.0 (no longer
- * supported) and 1 corresponding to protocol version 1.1.
+ * Sends a challenge (typically from a server via ssh(1)) to the agent,
+ * and waits for a response from the agent.
+ * Returns true (non-zero) if the agent gave the correct answer, zero
+ * otherwise.
  */
 
+#ifdef WITH_SSH1
 int
-ssh_decrypt_challenge(AuthenticationConnection *auth,
-    Key* key, BIGNUM *challenge,
-    u_char session_id[16],
-    u_int response_type,
-    u_char response[16])
+ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge,
+    u_char session_id[16], u_char response[16])
 {
-	Buffer buffer;
-	int success = 0;
-	int i;
-	int type;
+	struct sshbuf *msg;
+	int r;
+	u_char type;
 
 	if (key->type != KEY_RSA1)
-		return 0;
-	if (response_type == 0) {
-		logit("Compatibility with ssh protocol version 1.0 no longer supported.");
-		return 0;
-	}
-	buffer_init(&buffer);
-	buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
-	buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
-	buffer_put_bignum(&buffer, key->rsa->e);
-	buffer_put_bignum(&buffer, key->rsa->n);
-	buffer_put_bignum(&buffer, challenge);
-	buffer_append(&buffer, session_id, 16);
-	buffer_put_int(&buffer, response_type);
-
-	if (ssh_request_reply(auth, &buffer, &buffer) == 0) {
-		buffer_free(&buffer);
-		return 0;
+		return SSH_ERR_INVALID_ARGUMENT;
+	if ((msg = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_put_u8(msg, SSH_AGENTC_RSA_CHALLENGE)) != 0 ||
+	    (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 ||
+	    (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 ||
+	    (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0 ||
+	    (r = sshbuf_put_bignum1(msg, challenge)) != 0 ||
+	    (r = sshbuf_put(msg, session_id, 16)) != 0 ||
+	    (r = sshbuf_put_u32(msg, 1)) != 0) /* Response type for proto 1.1 */
+		goto out;
+	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+		goto out;
+	if ((r = sshbuf_get_u8(msg, &type)) != 0)
+		goto out;
+	if (agent_failed(type)) {
+		r = SSH_ERR_AGENT_FAILURE;
+		goto out;
+	} else if (type != SSH_AGENT_RSA_RESPONSE) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
 	}
-	type = buffer_get_char(&buffer);
+	if ((r = sshbuf_get(msg, response, 16)) != 0)
+		goto out;
+	r = 0;
+ out:
+	sshbuf_free(msg);
+	return r;
+}
+#endif
 
-	if (agent_failed(type)) {
-		logit("Agent admitted failure to authenticate using the key.");
-	} else if (type != SSH_AGENT_RSA_RESPONSE) {
-		fatal("Bad authentication response: %d", type);
-	} else {
-		success = 1;
-		/*
-		 * Get the response from the packet.  This will abort with a
-		 * fatal error if the packet is corrupt.
-		 */
-		for (i = 0; i < 16; i++)
-			response[i] = (u_char)buffer_get_char(&buffer);
-	}
-	buffer_free(&buffer);
-	return success;
-}
-
-/* ask agent to sign data, returns -1 on error, 0 on success */
+/* ask agent to sign data, returns err.h code on error, 0 on success */
 int
-ssh_agent_sign(AuthenticationConnection *auth,
-    Key *key,
-    u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_agent_sign(int sock, struct sshkey *key,
+    u_char **sigp, size_t *lenp,
+    const u_char *data, size_t datalen, u_int compat)
 {
-	extern int datafellows;
-	Buffer msg;
-	u_char *blob;
-	u_int blen;
-	int type, flags = 0;
-	int ret = -1;
+	struct sshbuf *msg;
+	u_char *blob = NULL, type;
+	size_t blen = 0, len = 0;
+	u_int flags = 0;
+	int r = SSH_ERR_INTERNAL_ERROR;
 
-	if (key_to_blob(key, &blob, &blen) == 0)
-		return -1;
-
-	if (datafellows & SSH_BUG_SIGBLOB)
-		flags = SSH_AGENT_OLD_SIGNATURE;
+	if (sigp != NULL)
+		*sigp = NULL;
+	if (lenp != NULL)
+		*lenp = 0;
 
-	buffer_init(&msg);
-	buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST);
-	buffer_put_string(&msg, blob, blen);
-	buffer_put_string(&msg, data, datalen);
-	buffer_put_int(&msg, flags);
-	free(blob);
-
-	if (ssh_request_reply(auth, &msg, &msg) == 0) {
-		buffer_free(&msg);
-		return -1;
+	if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (compat & SSH_BUG_SIGBLOB)
+		flags |= SSH_AGENT_OLD_SIGNATURE;
+	if ((msg = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)
+		goto out;
+	if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
+	    (r = sshbuf_put_string(msg, blob, blen)) != 0 ||
+	    (r = sshbuf_put_string(msg, data, datalen)) != 0 ||
+	    (r = sshbuf_put_u32(msg, flags)) != 0)
+		goto out;
+	if ((r = ssh_request_reply(sock, msg, msg) != 0))
+		goto out;
+	if ((r = sshbuf_get_u8(msg, &type)) != 0)
+		goto out;
+	if (agent_failed(type)) {
+		r = SSH_ERR_AGENT_FAILURE;
+		goto out;
+	} else if (type != SSH2_AGENT_SIGN_RESPONSE) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
 	}
-	type = buffer_get_char(&msg);
-	if (agent_failed(type)) {
-		logit("Agent admitted failure to sign using the key.");
-	} else if (type != SSH2_AGENT_SIGN_RESPONSE) {
-		fatal("Bad authentication response: %d", type);
-	} else {
-		ret = 0;
-		*sigp = buffer_get_string(&msg, lenp);
+	if ((r = sshbuf_get_string(msg, sigp, &len)) != 0)
+		goto out;
+	*lenp = len;
+	r = 0;
+ out:
+	if (blob != NULL) {
+		explicit_bzero(blob, blen);
+		free(blob);
 	}
-	buffer_free(&msg);
-	return ret;
+	sshbuf_free(msg);
+	return r;
 }
 
 /* Encode key for a message to the agent. */
 
-static void
-ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
+#ifdef WITH_SSH1
+static int
+ssh_encode_identity_rsa1(struct sshbuf *b, RSA *key, const char *comment)
 {
-	buffer_put_int(b, BN_num_bits(key->n));
-	buffer_put_bignum(b, key->n);
-	buffer_put_bignum(b, key->e);
-	buffer_put_bignum(b, key->d);
+	int r;
+
 	/* To keep within the protocol: p < q for ssh. in SSL p > q */
-	buffer_put_bignum(b, key->iqmp);	/* ssh key->u */
-	buffer_put_bignum(b, key->q);	/* ssh key->p, SSL key->q */
-	buffer_put_bignum(b, key->p);	/* ssh key->q, SSL key->p */
-	buffer_put_cstring(b, comment);
+	if ((r = sshbuf_put_u32(b, BN_num_bits(key->n))) != 0 ||
+	    (r = sshbuf_put_bignum1(b, key->n)) != 0 ||
+	    (r = sshbuf_put_bignum1(b, key->e)) != 0 ||
+	    (r = sshbuf_put_bignum1(b, key->d)) != 0 ||
+	    (r = sshbuf_put_bignum1(b, key->iqmp)) != 0 ||
+	    (r = sshbuf_put_bignum1(b, key->q)) != 0 ||
+	    (r = sshbuf_put_bignum1(b, key->p)) != 0 ||
+	    (r = sshbuf_put_cstring(b, comment)) != 0)
+		return r;
+	return 0;
+}
+#endif
+
+static int
+ssh_encode_identity_ssh2(struct sshbuf *b, struct sshkey *key,
+    const char *comment)
+{
+	int r;
+
+	if ((r = sshkey_private_serialize(key, b)) != 0 ||
+	    (r = sshbuf_put_cstring(b, comment)) != 0)
+		return r;
+	return 0;
 }
 
-static void
-ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
+static int
+encode_constraints(struct sshbuf *m, u_int life, u_int confirm)
 {
-	buffer_put_cstring(b, key_ssh_name(key));
-	switch (key->type) {
-	case KEY_RSA:
-		buffer_put_bignum2(b, key->rsa->n);
-		buffer_put_bignum2(b, key->rsa->e);
-		buffer_put_bignum2(b, key->rsa->d);
-		buffer_put_bignum2(b, key->rsa->iqmp);
-		buffer_put_bignum2(b, key->rsa->p);
-		buffer_put_bignum2(b, key->rsa->q);
-		break;
-	case KEY_RSA_CERT_V00:
-	case KEY_RSA_CERT:
-		if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
-			fatal("%s: no cert/certblob", __func__);
-		buffer_put_string(b, buffer_ptr(&key->cert->certblob),
-		    buffer_len(&key->cert->certblob));
-		buffer_put_bignum2(b, key->rsa->d);
-		buffer_put_bignum2(b, key->rsa->iqmp);
-		buffer_put_bignum2(b, key->rsa->p);
-		buffer_put_bignum2(b, key->rsa->q);
-		break;
-	case KEY_DSA:
-		buffer_put_bignum2(b, key->dsa->p);
-		buffer_put_bignum2(b, key->dsa->q);
-		buffer_put_bignum2(b, key->dsa->g);
-		buffer_put_bignum2(b, key->dsa->pub_key);
-		buffer_put_bignum2(b, key->dsa->priv_key);
-		break;
-	case KEY_DSA_CERT_V00:
-	case KEY_DSA_CERT:
-		if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
-			fatal("%s: no cert/certblob", __func__);
-		buffer_put_string(b, buffer_ptr(&key->cert->certblob),
-		    buffer_len(&key->cert->certblob));
-		buffer_put_bignum2(b, key->dsa->priv_key);
-		break;
-	case KEY_ECDSA:
-		buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid));
-		buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
-		    EC_KEY_get0_public_key(key->ecdsa));
-		buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
-		break;
-	case KEY_ECDSA_CERT:
-		if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
-			fatal("%s: no cert/certblob", __func__);
-		buffer_put_string(b, buffer_ptr(&key->cert->certblob),
-		    buffer_len(&key->cert->certblob));
-		buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
-		break;
+	int r;
+
+	if (life != 0) {
+		if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_LIFETIME)) != 0 ||
+		    (r = sshbuf_put_u32(m, life)) != 0)
+			goto out;
 	}
-	buffer_put_cstring(b, comment);
+	if (confirm != 0) {
+		if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_CONFIRM)) != 0)
+			goto out;
+	}
+	r = 0;
+ out:
+	return r;
 }
 
 /*
- * Adds an identity to the authentication server.  This call is not meant to
- * be used by normal applications.
+ * Adds an identity to the authentication server.
+ * This call is intended only for use by ssh-add(1) and like applications.
  */
-
 int
-ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
-    const char *comment, u_int life, u_int confirm)
+ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment,
+    u_int life, u_int confirm)
 {
-	Buffer msg;
-	int type, constrained = (life || confirm);
+	struct sshbuf *msg;
+	int r, constrained = (life || confirm);
+	u_char type;
 
-	buffer_init(&msg);
+	if ((msg = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
 
 	switch (key->type) {
+#ifdef WITH_SSH1
 	case KEY_RSA1:
 		type = constrained ?
 		    SSH_AGENTC_ADD_RSA_ID_CONSTRAINED :
 		    SSH_AGENTC_ADD_RSA_IDENTITY;
-		buffer_put_char(&msg, type);
-		ssh_encode_identity_rsa1(&msg, key->rsa, comment);
+		if ((r = sshbuf_put_u8(msg, type)) != 0 ||
+		    (r = ssh_encode_identity_rsa1(msg, key->rsa, comment)) != 0)
+			goto out;
 		break;
+#endif
+#ifdef WITH_OPENSSL
 	case KEY_RSA:
 	case KEY_RSA_CERT:
 	case KEY_RSA_CERT_V00:
@@ -557,79 +568,94 @@
 	case KEY_DSA_CERT_V00:
 	case KEY_ECDSA:
 	case KEY_ECDSA_CERT:
+#endif
+	case KEY_ED25519:
+	case KEY_ED25519_CERT:
 		type = constrained ?
 		    SSH2_AGENTC_ADD_ID_CONSTRAINED :
 		    SSH2_AGENTC_ADD_IDENTITY;
-		buffer_put_char(&msg, type);
-		ssh_encode_identity_ssh2(&msg, key, comment);
+		if ((r = sshbuf_put_u8(msg, type)) != 0 ||
+		    (r = ssh_encode_identity_ssh2(msg, key, comment)) != 0)
+			goto out;
 		break;
 	default:
-		buffer_free(&msg);
-		return 0;
+		r = SSH_ERR_INVALID_ARGUMENT;
+		goto out;
 	}
-	if (constrained) {
-		if (life != 0) {
-			buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
-			buffer_put_int(&msg, life);
-		}
-		if (confirm != 0)
-			buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
-	}
-	if (ssh_request_reply(auth, &msg, &msg) == 0) {
-		buffer_free(&msg);
-		return 0;
-	}
-	type = buffer_get_char(&msg);
-	buffer_free(&msg);
-	return decode_reply(type);
+	if (constrained &&
+	    (r = encode_constraints(msg, life, confirm)) != 0)
+		goto out;
+	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+		goto out;
+	if ((r = sshbuf_get_u8(msg, &type)) != 0)
+		goto out;
+	r = decode_reply(type);
+ out:
+	sshbuf_free(msg);
+	return r;
 }
 
 /*
- * Removes an identity from the authentication server.  This call is not
- * meant to be used by normal applications.
+ * Removes an identity from the authentication server.
+ * This call is intended only for use by ssh-add(1) and like applications.
  */
-
 int
-ssh_remove_identity(AuthenticationConnection *auth, Key *key)
+ssh_remove_identity(int sock, struct sshkey *key)
 {
-	Buffer msg;
-	int type;
-	u_char *blob;
-	u_int blen;
+	struct sshbuf *msg;
+	int r;
+	u_char type, *blob = NULL;
+	size_t blen;
 
-	buffer_init(&msg);
+	if ((msg = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
 
+#ifdef WITH_SSH1
 	if (key->type == KEY_RSA1) {
-		buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
-		buffer_put_int(&msg, BN_num_bits(key->rsa->n));
-		buffer_put_bignum(&msg, key->rsa->e);
-		buffer_put_bignum(&msg, key->rsa->n);
-	} else if (key_type_plain(key->type) == KEY_DSA ||
-	    key_type_plain(key->type) == KEY_RSA ||
-	    key_type_plain(key->type) == KEY_ECDSA) {
-		key_to_blob(key, &blob, &blen);
-		buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
-		buffer_put_string(&msg, blob, blen);
+		if ((r = sshbuf_put_u8(msg,
+		    SSH_AGENTC_REMOVE_RSA_IDENTITY)) != 0 ||
+		    (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 ||
+		    (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 ||
+		    (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0)
+			goto out;
+	} else
+#endif
+	if (key->type != KEY_UNSPEC) {
+		if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)
+			goto out;
+		if ((r = sshbuf_put_u8(msg,
+		    SSH2_AGENTC_REMOVE_IDENTITY)) != 0 ||
+		    (r = sshbuf_put_string(msg, blob, blen)) != 0)
+			goto out;
+	} else {
+		r = SSH_ERR_INVALID_ARGUMENT;
+		goto out;
+	}
+	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+		goto out;
+	if ((r = sshbuf_get_u8(msg, &type)) != 0)
+		goto out;
+	r = decode_reply(type);
+ out:
+	if (blob != NULL) {
+		explicit_bzero(blob, blen);
 		free(blob);
-	} else {
-		buffer_free(&msg);
-		return 0;
 	}
-	if (ssh_request_reply(auth, &msg, &msg) == 0) {
-		buffer_free(&msg);
-		return 0;
-	}
-	type = buffer_get_char(&msg);
-	buffer_free(&msg);
-	return decode_reply(type);
+	sshbuf_free(msg);
+	return r;
 }
 
+/*
+ * Add/remove an token-based identity from the authentication server.
+ * This call is intended only for use by ssh-add(1) and like applications.
+ */
 int
-ssh_update_card(AuthenticationConnection *auth, int add,
-    const char *reader_id, const char *pin, u_int life, u_int confirm)
+ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
+    u_int life, u_int confirm)
 {
-	Buffer msg;
-	int type, constrained = (life || confirm);
+	struct sshbuf *msg;
+	int r, constrained = (life || confirm);
+	u_char type;
 
 	if (add) {
 		type = constrained ?
@@ -638,69 +664,48 @@
 	} else
 		type = SSH_AGENTC_REMOVE_SMARTCARD_KEY;
 
-	buffer_init(&msg);
-	buffer_put_char(&msg, type);
-	buffer_put_cstring(&msg, reader_id);
-	buffer_put_cstring(&msg, pin);
-
-	if (constrained) {
-		if (life != 0) {
-			buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
-			buffer_put_int(&msg, life);
-		}
-		if (confirm != 0)
-			buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
-	}
-
-	if (ssh_request_reply(auth, &msg, &msg) == 0) {
-		buffer_free(&msg);
-		return 0;
-	}
-	type = buffer_get_char(&msg);
-	buffer_free(&msg);
-	return decode_reply(type);
+	if ((msg = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_put_u8(msg, type)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, reader_id)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, pin)) != 0)
+		goto out;
+	if (constrained &&
+	    (r = encode_constraints(msg, life, confirm)) != 0)
+		goto out;
+	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+		goto out;
+	if ((r = sshbuf_get_u8(msg, &type)) != 0)
+		goto out;
+	r = decode_reply(type);
+ out:
+	sshbuf_free(msg);
+	return r;
 }
 
 /*
- * Removes all identities from the agent.  This call is not meant to be used
- * by normal applications.
+ * Removes all identities from the agent.
+ * This call is intended only for use by ssh-add(1) and like applications.
  */
-
 int
-ssh_remove_all_identities(AuthenticationConnection *auth, int version)
+ssh_remove_all_identities(int sock, int version)
 {
-	Buffer msg;
-	int type;
-	int code = (version==1) ?
-		SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES :
-		SSH2_AGENTC_REMOVE_ALL_IDENTITIES;
-
-	buffer_init(&msg);
-	buffer_put_char(&msg, code);
+	struct sshbuf *msg;
+	u_char type = (version == 1) ?
+	    SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES :
+	    SSH2_AGENTC_REMOVE_ALL_IDENTITIES;
+	int r;
 
-	if (ssh_request_reply(auth, &msg, &msg) == 0) {
-		buffer_free(&msg);
-		return 0;
-	}
-	type = buffer_get_char(&msg);
-	buffer_free(&msg);
-	return decode_reply(type);
+	if ((msg = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_put_u8(msg, type)) != 0)
+		goto out;
+	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+		goto out;
+	if ((r = sshbuf_get_u8(msg, &type)) != 0)
+		goto out;
+	r = decode_reply(type);
+ out:
+	sshbuf_free(msg);
+	return r;
 }
-
-int
-decode_reply(int type)
-{
-	switch (type) {
-	case SSH_AGENT_FAILURE:
-	case SSH_COM_AGENT2_FAILURE:
-	case SSH2_AGENT_FAILURE:
-		logit("SSH_AGENT_FAILURE");
-		return 0;
-	case SSH_AGENT_SUCCESS:
-		return 1;
-	default:
-		fatal("Bad response from authentication agent: %d", type);
-	}
-	/* NOTREACHED */
-	return 0;
-}
--- a/crypto/external/bsd/openssh/dist/authfd.h	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/authfd.h	Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,5 @@
-/*	$NetBSD: authfd.h,v 1.3 2010/11/21 18:29:48 adam Exp $	*/
-/* $OpenBSD: authfd.h,v 1.37 2009/08/27 17:44:52 djm Exp $ */
+/*	$NetBSD: authfd.h,v 1.3.26.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: authfd.h,v 1.38 2015/01/14 20:05:27 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -17,6 +17,33 @@
 #ifndef AUTHFD_H
 #define AUTHFD_H
 
+/* List of identities returned by ssh_fetch_identitylist() */
+struct ssh_identitylist {
+	size_t nkeys;
+	struct sshkey **keys;
+	char **comments;
+};
+
+int	ssh_get_authentication_socket(int *fdp);
+void	ssh_close_authentication_socket(int sock);
+
+int	ssh_lock_agent(int sock, int lock, const char *password);
+int	ssh_fetch_identitylist(int sock, int version,
+	    struct ssh_identitylist **idlp);
+void	ssh_free_identitylist(struct ssh_identitylist *idl);
+int	ssh_add_identity_constrained(int sock, struct sshkey *key,
+	    const char *comment, u_int life, u_int confirm);
+int	ssh_remove_identity(int sock, struct sshkey *key);
+int	ssh_update_card(int sock, int add, const char *reader_id,
+	    const char *pin, u_int life, u_int confirm);
+int	ssh_remove_all_identities(int sock, int version);
+
+int	ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge,
+	    u_char session_id[16], u_char response[16]);
+int	ssh_agent_sign(int sock, struct sshkey *key,
+	    u_char **sigp, size_t *lenp,
+	    const u_char *data, size_t datalen, u_int compat);
+
 /* Messages for the authentication agent connection. */
 #define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
 #define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
@@ -61,35 +88,4 @@
 
 #define	SSH_AGENT_OLD_SIGNATURE			0x01
 
-typedef struct {
-	int	fd;
-	Buffer	identities;
-	int	howmany;
-}	AuthenticationConnection;
-
-int	ssh_agent_present(void);
-int	ssh_get_authentication_socket(void);
-void	ssh_close_authentication_socket(int);
-
-AuthenticationConnection *ssh_get_authentication_connection(void);
-void	ssh_close_authentication_connection(AuthenticationConnection *);
-int	 ssh_get_num_identities(AuthenticationConnection *, int);
-Key	*ssh_get_first_identity(AuthenticationConnection *, char **, int);
-Key	*ssh_get_next_identity(AuthenticationConnection *, char **, int);
-int	 ssh_add_identity_constrained(AuthenticationConnection *, Key *,
-    const char *, u_int, u_int);
-int	 ssh_remove_identity(AuthenticationConnection *, Key *);
-int	 ssh_remove_all_identities(AuthenticationConnection *, int);
-int	 ssh_lock_agent(AuthenticationConnection *, int, const char *);
-int	 ssh_update_card(AuthenticationConnection *, int, const char *,
-    const char *, u_int, u_int);
-
-int
-ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
-    u_int, u_char[16]);
-
-int
-ssh_agent_sign(AuthenticationConnection *, Key *, u_char **, u_int *, u_char *,
-    u_int);
-
 #endif				/* AUTHFD_H */
--- a/crypto/external/bsd/openssh/dist/authfile.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/authfile.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,20 +1,7 @@
-/*	$NetBSD: authfile.c,v 1.8 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: authfile.c,v 1.97 2013/05/17 00:13:13 djm Exp $ */
+/*	$NetBSD: authfile.c,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: authfile.c,v 1.111 2015/02/23 16:55:51 djm Exp $ */
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * This file contains functions for reading and writing identity files, and
- * for reading the passphrase from the user.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- *
- *
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -38,26 +25,20 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: authfile.c,v 1.8 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: authfile.c,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <sys/param.h>
 #include <sys/uio.h>
 
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-
 #include <errno.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 
-#include "xmalloc.h"
 #include "cipher.h"
-#include "buffer.h"
 #include "key.h"
 #include "ssh.h"
 #include "log.h"
@@ -65,546 +46,132 @@
 #include "rsa.h"
 #include "misc.h"
 #include "atomicio.h"
+#include "sshbuf.h"
+#include "ssherr.h"
+#include "krl.h"
 
 #define MAX_KEY_FILE_SIZE	(1024 * 1024)
 
-/* Version identification string for SSH v1 identity files. */
-static const char authfile_id_string[] =
-    "SSH PRIVATE KEY FILE FORMAT 1.1\n";
-
-/*
- * Serialises the authentication (private) key to a blob, encrypting it with
- * passphrase.  The identification of the blob (lowest 64 bits of n) will
- * precede the key to provide identification of the key without needing a
- * passphrase.
- */
-static int
-key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
-    const char *comment)
-{
-	Buffer buffer, encrypted;
-	u_char buf[100], *cp;
-	int i, cipher_num;
-	CipherContext ciphercontext;
-	const Cipher *cipher;
-	u_int32_t rnd;
-
-	/*
-	 * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
-	 * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
-	 */
-	cipher_num = (strcmp(passphrase, "") == 0) ?
-	    SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER;
-	if ((cipher = cipher_by_number(cipher_num)) == NULL)
-		fatal("save_private_key_rsa: bad cipher");
-
-	/* This buffer is used to built the secret part of the private key. */
-	buffer_init(&buffer);
-
-	/* Put checkbytes for checking passphrase validity. */
-	rnd = arc4random();
-	buf[0] = rnd & 0xff;
-	buf[1] = (rnd >> 8) & 0xff;
-	buf[2] = buf[0];
-	buf[3] = buf[1];
-	buffer_append(&buffer, buf, 4);
-
-	/*
-	 * Store the private key (n and e will not be stored because they
-	 * will be stored in plain text, and storing them also in encrypted
-	 * format would just give known plaintext).
-	 */
-	buffer_put_bignum(&buffer, key->rsa->d);
-	buffer_put_bignum(&buffer, key->rsa->iqmp);
-	buffer_put_bignum(&buffer, key->rsa->q);	/* reverse from SSL p */
-	buffer_put_bignum(&buffer, key->rsa->p);	/* reverse from SSL q */
-
-	/* Pad the part to be encrypted until its size is a multiple of 8. */
-	while (buffer_len(&buffer) % 8 != 0)
-		buffer_put_char(&buffer, 0);
-
-	/* This buffer will be used to contain the data in the file. */
-	buffer_init(&encrypted);
-
-	/* First store keyfile id string. */
-	for (i = 0; authfile_id_string[i]; i++)
-		buffer_put_char(&encrypted, authfile_id_string[i]);
-	buffer_put_char(&encrypted, 0);
-
-	/* Store cipher type. */
-	buffer_put_char(&encrypted, cipher_num);
-	buffer_put_int(&encrypted, 0);	/* For future extension */
-
-	/* Store public key.  This will be in plain text. */
-	buffer_put_int(&encrypted, BN_num_bits(key->rsa->n));
-	buffer_put_bignum(&encrypted, key->rsa->n);
-	buffer_put_bignum(&encrypted, key->rsa->e);
-	buffer_put_cstring(&encrypted, comment);
-
-	/* Allocate space for the private part of the key in the buffer. */
-	cp = buffer_append_space(&encrypted, buffer_len(&buffer));
-
-	cipher_set_key_string(&ciphercontext, cipher, passphrase,
-	    CIPHER_ENCRYPT);
-	cipher_crypt(&ciphercontext, cp,
-	    buffer_ptr(&buffer), buffer_len(&buffer), 0, 0);
-	cipher_cleanup(&ciphercontext);
-	memset(&ciphercontext, 0, sizeof(ciphercontext));
-
-	/* Destroy temporary data. */
-	memset(buf, 0, sizeof(buf));
-	buffer_free(&buffer);
-
-	buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
-	buffer_free(&encrypted);
-
-	return 1;
-}
-
-/* convert SSH v2 key in OpenSSL PEM format */
-static int
-key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
-    const char *comment)
-{
-	int success = 0;
-	int blen, len = strlen(_passphrase);
-	u_char *passphrase = (len > 0) ? __UNCONST(_passphrase) : NULL;
-	const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
-	const u_char *bptr;
-	BIO *bio;
-
-	if (len > 0 && len <= 4) {
-		error("passphrase too short: have %d bytes, need > 4", len);
-		return 0;
-	}
-	if ((bio = BIO_new(BIO_s_mem())) == NULL) {
-		error("%s: BIO_new failed", __func__);
-		return 0;
-	}
-	switch (key->type) {
-	case KEY_DSA:
-		success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
-		    cipher, passphrase, len, NULL, NULL);
-		break;
-	case KEY_ECDSA:
-		success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
-		    cipher, passphrase, len, NULL, NULL);
-		break;
-	case KEY_RSA:
-		success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
-		    cipher, passphrase, len, NULL, NULL);
-		break;
-	}
-	if (success) {
-		if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0)
-			success = 0;
-		else
-			buffer_append(blob, bptr, blen);
-	}
-	BIO_free(bio);
-	return success;
-}
-
 /* Save a key blob to a file */
 static int
-key_save_private_blob(Buffer *keybuf, const char *filename)
+sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
 {
-	int fd;
+	int fd, oerrno;
 
-	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) {
-		error("open %s failed: %s.", filename, strerror(errno));
-		return 0;
-	}
-	if (atomicio(vwrite, fd, buffer_ptr(keybuf),
-	    buffer_len(keybuf)) != buffer_len(keybuf)) {
-		error("write to key file %s failed: %s", filename,
-		    strerror(errno));
+	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
+		return SSH_ERR_SYSTEM_ERROR;
+	if (atomicio(vwrite, fd, __UNCONST(sshbuf_ptr(keybuf)),
+	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
+		oerrno = errno;
 		close(fd);
 		unlink(filename);
-		return 0;
+		errno = oerrno;
+		return SSH_ERR_SYSTEM_ERROR;
 	}
 	close(fd);
-	return 1;
-}
-
-/* Serialise "key" to buffer "blob" */
-static int
-key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
-    const char *comment)
-{
-	switch (key->type) {
-	case KEY_RSA1:
-		return key_private_rsa1_to_blob(key, blob, passphrase, comment);
-	case KEY_DSA:
-	case KEY_ECDSA:
-	case KEY_RSA:
-		return key_private_pem_to_blob(key, blob, passphrase, comment);
-	default:
-		error("%s: cannot save key type %d", __func__, key->type);
-		return 0;
-	}
+	return 0;
 }
 
 int
-key_save_private(Key *key, const char *filename, const char *passphrase,
-    const char *comment)
+sshkey_save_private(struct sshkey *key, const char *filename,
+    const char *passphrase, const char *comment,
+    int force_new_format, const char *new_format_cipher, int new_format_rounds)
 {
-	Buffer keyblob;
-	int success = 0;
-
-	buffer_init(&keyblob);
-	if (!key_private_to_blob(key, &keyblob, passphrase, comment))
-		goto out;
-	if (!key_save_private_blob(&keyblob, filename))
-		goto out;
-	success = 1;
- out:
-	buffer_free(&keyblob);
-	return success;
-}
-
-/*
- * Parse the public, unencrypted portion of a RSA1 key.
- */
-static Key *
-key_parse_public_rsa1(Buffer *blob, char **commentp)
-{
-	Key *pub;
-	Buffer copy;
+	struct sshbuf *keyblob = NULL;
+	int r;
 
-	/* Check that it is at least big enough to contain the ID string. */
-	if (buffer_len(blob) < sizeof(authfile_id_string)) {
-		debug3("Truncated RSA1 identifier");
-		return NULL;
-	}
-
-	/*
-	 * Make sure it begins with the id string.  Consume the id string
-	 * from the buffer.
-	 */
-	if (memcmp(buffer_ptr(blob), authfile_id_string,
-	    sizeof(authfile_id_string)) != 0) {
-		debug3("Incorrect RSA1 identifier");
-		return NULL;
-	}
-	buffer_init(&copy);
-	buffer_append(&copy, buffer_ptr(blob), buffer_len(blob));
-	buffer_consume(&copy, sizeof(authfile_id_string));
-
-	/* Skip cipher type and reserved data. */
-	(void) buffer_get_char(&copy);		/* cipher type */
-	(void) buffer_get_int(&copy);		/* reserved */
-
-	/* Read the public key from the buffer. */
-	(void) buffer_get_int(&copy);
-	pub = key_new(KEY_RSA1);
-	buffer_get_bignum(&copy, pub->rsa->n);
-	buffer_get_bignum(&copy, pub->rsa->e);
-	if (commentp)
-		*commentp = buffer_get_string(&copy, NULL);
-	/* The encrypted private part is not parsed by this function. */
-	buffer_free(&copy);
-
-	return pub;
+	if ((keyblob = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
+	    force_new_format, new_format_cipher, new_format_rounds)) != 0)
+		goto out;
+	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
+		goto out;
+	r = 0;
+ out:
+	sshbuf_free(keyblob);
+	return r;
 }
 
 /* Load a key from a fd into a buffer */
 int
-key_load_file(int fd, const char *filename, Buffer *blob)
+sshkey_load_file(int fd, struct sshbuf *blob)
 {
 	u_char buf[1024];
 	size_t len;
 	struct stat st;
+	int r;
 
-	if (fstat(fd, &st) < 0) {
-		error("%s: fstat of key file %.200s%sfailed: %.100s", __func__,
-		    filename == NULL ? "" : filename,
-		    filename == NULL ? "" : " ",
-		    strerror(errno));
-		return 0;
-	}
+	if (fstat(fd, &st) < 0)
+		return SSH_ERR_SYSTEM_ERROR;
 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-	    st.st_size > MAX_KEY_FILE_SIZE) {
- toobig:
-		error("%s: key file %.200s%stoo large", __func__,
-		    filename == NULL ? "" : filename,
-		    filename == NULL ? "" : " ");
-		return 0;
-	}
-	buffer_clear(blob);
+	    st.st_size > MAX_KEY_FILE_SIZE)
+		return SSH_ERR_INVALID_FORMAT;
 	for (;;) {
 		if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
 			if (errno == EPIPE)
 				break;
-			debug("%s: read from key file %.200s%sfailed: %.100s",
-			    __func__, filename == NULL ? "" : filename,
-			    filename == NULL ? "" : " ", strerror(errno));
-			buffer_clear(blob);
-			bzero(buf, sizeof(buf));
-			return 0;
+			r = SSH_ERR_SYSTEM_ERROR;
+			goto out;
 		}
-		buffer_append(blob, buf, len);
-		if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
-			buffer_clear(blob);
-			bzero(buf, sizeof(buf));
-			goto toobig;
+		if ((r = sshbuf_put(blob, buf, len)) != 0)
+			goto out;
+		if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
 		}
 	}
-	bzero(buf, sizeof(buf));
 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-	    st.st_size != buffer_len(blob)) {
-		debug("%s: key file %.200s%schanged size while reading",
-		    __func__, filename == NULL ? "" : filename,
-		    filename == NULL ? "" : " ");
-		buffer_clear(blob);
-		return 0;
+	    st.st_size != (off_t)sshbuf_len(blob)) {
+		r = SSH_ERR_FILE_CHANGED;
+		goto out;
 	}
+	r = 0;
 
-	return 1;
+ out:
+	explicit_bzero(buf, sizeof(buf));
+	if (r != 0)
+		sshbuf_reset(blob);
+	return r;
 }
 
+#ifdef WITH_SSH1
 /*
  * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
  * encountered (the file does not exist or is not readable), and the key
  * otherwise.
  */
-static Key *
-key_load_public_rsa1(int fd, const char *filename, char **commentp)
-{
-	Buffer buffer;
-	Key *pub;
-
-	buffer_init(&buffer);
-	if (!key_load_file(fd, filename, &buffer)) {
-		buffer_free(&buffer);
-		return NULL;
-	}
-
-	pub = key_parse_public_rsa1(&buffer, commentp);
-	if (pub == NULL)
-		debug3("Could not load \"%s\" as a RSA1 public key", filename);
-	buffer_free(&buffer);
-	return pub;
-}
-
-/* load public key from private-key file, works only for SSH v1 */
-Key *
-key_load_public_type(int type, const char *filename, char **commentp)
+static int
+sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
 {
-	Key *pub;
-	int fd;
-
-	if (type == KEY_RSA1) {
-		fd = open(filename, O_RDONLY);
-		if (fd < 0)
-			return NULL;
-		pub = key_load_public_rsa1(fd, filename, commentp);
-		close(fd);
-		return pub;
-	}
-	return NULL;
-}
-
-static Key *
-key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
-{
-	int check1, check2, cipher_type;
-	Buffer decrypted;
-	u_char *cp;
-	CipherContext ciphercontext;
-	const Cipher *cipher;
-	Key *prv = NULL;
-	Buffer copy;
+	struct sshbuf *b = NULL;
+	int r;
 
-	/* Check that it is at least big enough to contain the ID string. */
-	if (buffer_len(blob) < sizeof(authfile_id_string)) {
-		debug3("Truncated RSA1 identifier");
-		return NULL;
-	}
-
-	/*
-	 * Make sure it begins with the id string.  Consume the id string
-	 * from the buffer.
-	 */
-	if (memcmp(buffer_ptr(blob), authfile_id_string,
-	    sizeof(authfile_id_string)) != 0) {
-		debug3("Incorrect RSA1 identifier");
-		return NULL;
-	}
-	buffer_init(&copy);
-	buffer_append(&copy, buffer_ptr(blob), buffer_len(blob));
-	buffer_consume(&copy, sizeof(authfile_id_string));
-
-	/* Read cipher type. */
-	cipher_type = buffer_get_char(&copy);
-	(void) buffer_get_int(&copy);	/* Reserved data. */
-
-	/* Read the public key from the buffer. */
-	(void) buffer_get_int(&copy);
-	prv = key_new_private(KEY_RSA1);
-
-	buffer_get_bignum(&copy, prv->rsa->n);
-	buffer_get_bignum(&copy, prv->rsa->e);
-	if (commentp)
-		*commentp = buffer_get_string(&copy, NULL);
-	else
-		(void)buffer_get_string_ptr(&copy, NULL);
-
-	/* Check that it is a supported cipher. */
-	cipher = cipher_by_number(cipher_type);
-	if (cipher == NULL) {
-		debug("Unsupported RSA1 cipher %d", cipher_type);
-		buffer_free(&copy);
-		goto fail;
-	}
-	/* Initialize space for decrypted data. */
-	buffer_init(&decrypted);
-	cp = buffer_append_space(&decrypted, buffer_len(&copy));
-
-	/* Rest of the buffer is encrypted.  Decrypt it using the passphrase. */
-	cipher_set_key_string(&ciphercontext, cipher, passphrase,
-	    CIPHER_DECRYPT);
-	cipher_crypt(&ciphercontext, cp,
-	    buffer_ptr(&copy), buffer_len(&copy), 0, 0);
-	cipher_cleanup(&ciphercontext);
-	memset(&ciphercontext, 0, sizeof(ciphercontext));
-	buffer_free(&copy);
+	*keyp = NULL;
+	if (commentp != NULL)
+		*commentp = NULL;
 
-	check1 = buffer_get_char(&decrypted);
-	check2 = buffer_get_char(&decrypted);
-	if (check1 != buffer_get_char(&decrypted) ||
-	    check2 != buffer_get_char(&decrypted)) {
-		if (strcmp(passphrase, "") != 0)
-			debug("Bad passphrase supplied for RSA1 key");
-		/* Bad passphrase. */
-		buffer_free(&decrypted);
-		goto fail;
-	}
-	/* Read the rest of the private key. */
-	buffer_get_bignum(&decrypted, prv->rsa->d);
-	buffer_get_bignum(&decrypted, prv->rsa->iqmp);		/* u */
-	/* in SSL and SSH v1 p and q are exchanged */
-	buffer_get_bignum(&decrypted, prv->rsa->q);		/* p */
-	buffer_get_bignum(&decrypted, prv->rsa->p);		/* q */
-
-	/* calculate p-1 and q-1 */
-	rsa_generate_additional_parameters(prv->rsa);
-
-	buffer_free(&decrypted);
-
-	/* enable blinding */
-	if (RSA_blinding_on(prv->rsa, NULL) != 1) {
-		error("%s: RSA_blinding_on failed", __func__);
-		goto fail;
-	}
-	return prv;
-
-fail:
-	if (commentp != NULL)
-		free(*commentp);
-	key_free(prv);
-	return NULL;
+	if ((b = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshkey_load_file(fd, b)) != 0)
+		goto out;
+	if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0)
+		goto out;
+	r = 0;
+ out:
+	sshbuf_free(b);
+	return r;
 }
-
-static Key *
-key_parse_private_pem(Buffer *blob, int type, const char *passphrase,
-    char **commentp)
-{
-	EVP_PKEY *pk = NULL;
-	Key *prv = NULL;
-	const char *name = "<no key>";
-	BIO *bio;
+#endif /* WITH_SSH1 */
 
-	if ((bio = BIO_new_mem_buf(buffer_ptr(blob),
-	    buffer_len(blob))) == NULL) {
-		error("%s: BIO_new_mem_buf failed", __func__);
-		return NULL;
-	}
-	
-	pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, __UNCONST(passphrase));
-	BIO_free(bio);
-	if (pk == NULL) {
-		debug("%s: PEM_read_PrivateKey failed", __func__);
-		(void)ERR_get_error();
-	} else if (pk->type == EVP_PKEY_RSA &&
-	    (type == KEY_UNSPEC||type==KEY_RSA)) {
-		prv = key_new(KEY_UNSPEC);
-		prv->rsa = EVP_PKEY_get1_RSA(pk);
-		prv->type = KEY_RSA;
-		name = "rsa w/o comment";
-#ifdef DEBUG_PK
-		RSA_print_fp(stderr, prv->rsa, 8);
-#endif
-		if (RSA_blinding_on(prv->rsa, NULL) != 1) {
-			error("%s: RSA_blinding_on failed", __func__);
-			key_free(prv);
-			prv = NULL;
-		}
-	} else if (pk->type == EVP_PKEY_DSA &&
-	    (type == KEY_UNSPEC||type==KEY_DSA)) {
-		prv = key_new(KEY_UNSPEC);
-		prv->dsa = EVP_PKEY_get1_DSA(pk);
-		prv->type = KEY_DSA;
-		name = "dsa w/o comment";
-#ifdef DEBUG_PK
-		DSA_print_fp(stderr, prv->dsa, 8);
-#endif
-	} else if (pk->type == EVP_PKEY_EC &&
-	    (type == KEY_UNSPEC||type==KEY_ECDSA)) {
-		prv = key_new(KEY_UNSPEC);
-		prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk);
-		prv->type = KEY_ECDSA;
-		if ((prv->ecdsa_nid = key_ecdsa_key_to_nid(prv->ecdsa)) == -1 ||
-		    key_curve_nid_to_name(prv->ecdsa_nid) == NULL ||
-		    key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa),
-		    EC_KEY_get0_public_key(prv->ecdsa)) != 0 ||
-		    key_ec_validate_private(prv->ecdsa) != 0) {
-			error("%s: bad ECDSA key", __func__);
-			key_free(prv);
-			prv = NULL;
-		}
-		name = "ecdsa w/o comment";
-#ifdef DEBUG_PK
-		if (prv != NULL && prv->ecdsa != NULL)
-			key_dump_ec_key(prv->ecdsa);
-#endif
-	} else {
-		error("%s: PEM_read_PrivateKey: mismatch or "
-		    "unknown EVP_PKEY save_type %d", __func__, pk->save_type);
-	}
-	if (pk != NULL)
-		EVP_PKEY_free(pk);
-	if (prv != NULL && commentp)
-		*commentp = xstrdup(name);
-	debug("read PEM private key done: type %s",
-	    prv ? key_type(prv) : "<unknown>");
-	return prv;
-}
-
-Key *
-key_load_private_pem(int fd, int type, const char *passphrase,
-    char **commentp)
-{
-	Buffer buffer;
-	Key *prv;
-
-	buffer_init(&buffer);
-	if (!key_load_file(fd, NULL, &buffer)) {
-		buffer_free(&buffer);
-		return NULL;
-	}
-	prv = key_parse_private_pem(&buffer, type, passphrase, commentp);
-	buffer_free(&buffer);
-	return prv;
-}
-
+/* XXX remove error() calls from here? */
 int
-key_perm_ok(int fd, const char *filename)
+sshkey_perm_ok(int fd, const char *filename)
 {
 	struct stat st;
 
 	if (fstat(fd, &st) < 0)
-		return 0;
+		return SSH_ERR_SYSTEM_ERROR;
 	/*
 	 * if a key owned by the user is accessed, then we check the
 	 * permissions of the file. if the key owned by a different user,
@@ -618,288 +185,323 @@
 		    (u_int)st.st_mode & 0777, filename);
 		error("It is recommended that your private key files are NOT accessible by others.");
 		error("This private key will be ignored.");
-		return 0;
+		return SSH_ERR_KEY_BAD_PERMISSIONS;
 	}
-	return 1;
+	return 0;
 }
 
-static Key *
-key_parse_private_type(Buffer *blob, int type, const char *passphrase,
-    char **commentp)
+/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
+int
+sshkey_load_private_type(int type, const char *filename, const char *passphrase,
+    struct sshkey **keyp, char **commentp, int *perm_ok)
 {
-	switch (type) {
-	case KEY_RSA1:
-		return key_parse_private_rsa1(blob, passphrase, commentp);
-	case KEY_DSA:
-	case KEY_ECDSA:
-	case KEY_RSA:
-	case KEY_UNSPEC:
-		return key_parse_private_pem(blob, type, passphrase, commentp);
-	default:
-		error("%s: cannot parse key type %d", __func__, type);
-		break;
-	}
-	return NULL;
-}
+	int fd, r;
 
-Key *
-key_load_private_type(int type, const char *filename, const char *passphrase,
-    char **commentp, int *perm_ok)
-{
-	int fd;
-	Key *ret;
-	Buffer buffer;
+	*keyp = NULL;
+	if (commentp != NULL)
+		*commentp = NULL;
 
-	fd = open(filename, O_RDONLY);
-	if (fd < 0) {
-		debug("could not open key file '%s': %s", filename,
-		    strerror(errno));
+	if ((fd = open(filename, O_RDONLY)) < 0) {
 		if (perm_ok != NULL)
 			*perm_ok = 0;
-		return NULL;
+		return SSH_ERR_SYSTEM_ERROR;
 	}
-	if (!key_perm_ok(fd, filename)) {
+	if (sshkey_perm_ok(fd, filename) != 0) {
 		if (perm_ok != NULL)
 			*perm_ok = 0;
-		error("bad permissions: ignore key: %s", filename);
-		close(fd);
-		return NULL;
+		r = SSH_ERR_KEY_BAD_PERMISSIONS;
+		goto out;
 	}
 	if (perm_ok != NULL)
 		*perm_ok = 1;
 
-	buffer_init(&buffer);
-	if (!key_load_file(fd, filename, &buffer)) {
-		buffer_free(&buffer);
-		close(fd);
-		return NULL;
+	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
+ out:
+	close(fd);
+	return r;
+}
+
+int
+sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
+    struct sshkey **keyp, char **commentp)
+{
+	struct sshbuf *buffer = NULL;
+	int r;
+
+	if ((buffer = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
 	}
-	close(fd);
-	ret = key_parse_private_type(&buffer, type, passphrase, commentp);
-	buffer_free(&buffer);
-	return ret;
+	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
+	    (r = sshkey_parse_private_fileblob_type(buffer, type,
+	    passphrase, keyp, commentp)) != 0)
+		goto out;
+
+	/* success */
+	r = 0;
+ out:
+	if (buffer != NULL)
+		sshbuf_free(buffer);
+	return r;
 }
 
-Key *
-key_parse_private(Buffer *buffer, const char *filename,
-    const char *passphrase, char **commentp)
+/* XXX this is almost identical to sshkey_load_private_type() */
+int
+sshkey_load_private(const char *filename, const char *passphrase,
+    struct sshkey **keyp, char **commentp)
 {
-	Key *pub, *prv;
+	struct sshbuf *buffer = NULL;
+	int r, fd;
 
-	/* it's a SSH v1 key if the public key part is readable */
-	pub = key_parse_public_rsa1(buffer, commentp);
-	if (pub == NULL) {
-		prv = key_parse_private_type(buffer, KEY_UNSPEC,
-		    passphrase, NULL);
-		/* use the filename as a comment for PEM */
-		if (commentp && prv)
-			*commentp = xstrdup(filename);
-	} else {
-		key_free(pub);
-		/* key_parse_public_rsa1() has already loaded the comment */
-		prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
-		    NULL);
-	}
-	return prv;
-}
+	*keyp = NULL;
+	if (commentp != NULL)
+		*commentp = NULL;
 
-Key *
-key_load_private(const char *filename, const char *passphrase,
-    char **commentp)
-{
-	Key *prv;
-	Buffer buffer;
-	int fd;
-
-	fd = open(filename, O_RDONLY);
-	if (fd < 0) {
-		debug("could not open key file '%s': %s", filename,
-		    strerror(errno));
-		return NULL;
-	}
-	if (!key_perm_ok(fd, filename)) {
-		error("bad permissions: ignore key: %s", filename);
-		close(fd);
-		return NULL;
+	if ((fd = open(filename, O_RDONLY)) < 0)
+		return SSH_ERR_SYSTEM_ERROR;
+	if (sshkey_perm_ok(fd, filename) != 0) {
+		r = SSH_ERR_KEY_BAD_PERMISSIONS;
+		goto out;
 	}
 
-	buffer_init(&buffer);
-	if (!key_load_file(fd, filename, &buffer)) {
-		buffer_free(&buffer);
-		close(fd);
-		return NULL;
+	if ((buffer = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
 	}
+	if ((r = sshkey_load_file(fd, buffer)) != 0 ||
+	    (r = sshkey_parse_private_fileblob(buffer, passphrase, filename,
+	    keyp, commentp)) != 0)
+		goto out;
+	r = 0;
+ out:
 	close(fd);
-
-	prv = key_parse_private(&buffer, filename, passphrase, commentp);
-	buffer_free(&buffer);
-	return prv;
+	if (buffer != NULL)
+		sshbuf_free(buffer);
+	return r;
 }
 
 static int
-key_try_load_public(Key *k, const char *filename, char **commentp)
+sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
 {
 	FILE *f;
 	char line[SSH_MAX_PUBKEY_BYTES];
 	char *cp;
 	u_long linenum = 0;
+	int r;
 
-	f = fopen(filename, "r");
-	if (f != NULL) {
-		while (read_keyfile_line(f, filename, line, sizeof(line),
-			    &linenum) != -1) {
-			cp = line;
-			switch (*cp) {
-			case '#':
-			case '\n':
-			case '\0':
-				continue;
-			}
-			/* Abort loading if this looks like a private key */
-			if (strncmp(cp, "-----BEGIN", 10) == 0)
-				break;
-			/* Skip leading whitespace. */
-			for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
-				;
-			if (*cp) {
-				if (key_read(k, &cp) == 1) {
-					cp[strcspn(cp, "\r\n")] = '\0';
-					if (commentp) {
-						*commentp = xstrdup(*cp ?
-						    cp : filename);
-					}
-					fclose(f);
-					return 1;
+	if (commentp != NULL)
+		*commentp = NULL;
+	if ((f = fopen(filename, "r")) == NULL)
+		return SSH_ERR_SYSTEM_ERROR;
+	while (read_keyfile_line(f, filename, line, sizeof(line),
+		    &linenum) != -1) {
+		cp = line;
+		switch (*cp) {
+		case '#':
+		case '\n':
+		case '\0':
+			continue;
+		}
+		/* Abort loading if this looks like a private key */
+		if (strncmp(cp, "-----BEGIN", 10) == 0 ||
+		    strcmp(cp, "SSH PRIVATE KEY FILE") == 0)
+			break;
+		/* Skip leading whitespace. */
+		for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
+			;
+		if (*cp) {
+			if ((r = sshkey_read(k, &cp)) == 0) {
+				cp[strcspn(cp, "\r\n")] = '\0';
+				if (commentp) {
+					*commentp = strdup(*cp ?
+					    cp : filename);
+					if (*commentp == NULL)
+						r = SSH_ERR_ALLOC_FAIL;
 				}
+				fclose(f);
+				return r;
 			}
 		}
-		fclose(f);
 	}
-	return 0;
+	fclose(f);
+	return SSH_ERR_INVALID_FORMAT;
 }
 
 /* load public key from ssh v1 private or any pubkey file */
-Key *
-key_load_public(const char *filename, char **commentp)
+int
+sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
 {
-	Key *pub;
-	char file[MAXPATHLEN];
+	struct sshkey *pub = NULL;
+	char file[PATH_MAX];
+	int r, fd;
 
+	if (keyp != NULL)
+		*keyp = NULL;
+	if (commentp != NULL)
+		*commentp = NULL;
+
+	/* XXX should load file once and attempt to parse each format */
+
+	if ((fd = open(filename, O_RDONLY)) < 0)
+		goto skip;
+#ifdef WITH_SSH1
 	/* try rsa1 private key */
-	pub = key_load_public_type(KEY_RSA1, filename, commentp);
-	if (pub != NULL)
-		return pub;
-
-	/* try rsa1 public key */
-	pub = key_new(KEY_RSA1);
-	if (key_try_load_public(pub, filename, commentp) == 1)
-		return pub;
-	key_free(pub);
+	r = sshkey_load_public_rsa1(fd, keyp, commentp);
+	close(fd);
+	switch (r) {
+	case SSH_ERR_INTERNAL_ERROR:
+	case SSH_ERR_ALLOC_FAIL:
+	case SSH_ERR_INVALID_ARGUMENT:
+	case SSH_ERR_SYSTEM_ERROR:
+	case 0:
+		return r;
+	}
+#endif /* WITH_SSH1 */
 
 	/* try ssh2 public key */
-	pub = key_new(KEY_UNSPEC);
-	if (key_try_load_public(pub, filename, commentp) == 1)
-		return pub;
+	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
+		if (keyp != NULL)
+			*keyp = pub;
+		return 0;
+	}
+	sshkey_free(pub);
+
+#ifdef WITH_SSH1
+	/* try rsa1 public key */
+	if ((pub = sshkey_new(KEY_RSA1)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
+		if (keyp != NULL)
+			*keyp = pub;
+		return 0;
+	}
+	sshkey_free(pub);
+#endif /* WITH_SSH1 */
+
+ skip:
+	/* try .pub suffix */
+	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	r = SSH_ERR_ALLOC_FAIL;	/* in case strlcpy or strlcat fail */
 	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
 	    (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
-	    (key_try_load_public(pub, file, commentp) == 1))
-		return pub;
-	key_free(pub);
-	return NULL;
+	    (r = sshkey_try_load_public(pub, file, commentp)) == 0) {
+		if (keyp != NULL)
+			*keyp = pub;
+		return 0;
+	}
+	sshkey_free(pub);
+
+	return r;
 }
 
 /* Load the certificate associated with the named private key */
-Key *
-key_load_cert(const char *filename)
+int
+sshkey_load_cert(const char *filename, struct sshkey **keyp)
 {
-	Key *pub;
-	char *file;
+	struct sshkey *pub = NULL;
+	char *file = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+	*keyp = NULL;
+
+	if (asprintf(&file, "%s-cert.pub", filename) == -1)
+		return SSH_ERR_ALLOC_FAIL;
 
-	pub = key_new(KEY_UNSPEC);
-	xasprintf(&file, "%s-cert.pub", filename);
-	if (key_try_load_public(pub, file, NULL) == 1) {
+	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
+		goto out;
+	}
+	if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
+		goto out;
+
+	*keyp = pub;
+	pub = NULL;
+	r = 0;
+
+ out:
+	if (file != NULL)
 		free(file);
-		return pub;
-	}
-	free(file);
-	key_free(pub);
-	return NULL;
+	if (pub != NULL)
+		sshkey_free(pub);
+	return r;
 }
 
 /* Load private key and certificate */
-Key *
-key_load_private_cert(int type, const char *filename, const char *passphrase,
-    int *perm_ok)
+int
+sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
+    struct sshkey **keyp, int *perm_ok)
 {
-	Key *key, *pub;
+	struct sshkey *key = NULL, *cert = NULL;
+	int r;
+
+	*keyp = NULL;
 
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_RSA:
 	case KEY_DSA:
 	case KEY_ECDSA:
+	case KEY_ED25519:
+#endif /* WITH_OPENSSL */
+	case KEY_UNSPEC:
 		break;
 	default:
-		error("%s: unsupported key type", __func__);
-		return NULL;
-	}
-
-	if ((key = key_load_private_type(type, filename, 
-	    passphrase, NULL, perm_ok)) == NULL)
-		return NULL;
-
-	if ((pub = key_load_cert(filename)) == NULL) {
-		key_free(key);
-		return NULL;
+		return SSH_ERR_KEY_TYPE_UNKNOWN;
 	}
 
+	if ((r = sshkey_load_private_type(type, filename,
+	    passphrase, &key, NULL, perm_ok)) != 0 ||
+	    (r = sshkey_load_cert(filename, &cert)) != 0)
+		goto out;
+
 	/* Make sure the private key matches the certificate */
-	if (key_equal_public(key, pub) == 0) {
-		error("%s: certificate does not match private key %s",
-		    __func__, filename);
-	} else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) {
-		error("%s: key_to_certified failed", __func__);
-	} else {
-		key_cert_copy(pub, key);
-		key_free(pub);
-		return key;
+	if (sshkey_equal_public(key, cert) == 0) {
+		r = SSH_ERR_KEY_CERT_MISMATCH;
+		goto out;
 	}
 
-	key_free(key);
-	key_free(pub);
-	return NULL;
+	if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 ||
+	    (r = sshkey_cert_copy(cert, key)) != 0)
+		goto out;
+	r = 0;
+	*keyp = key;
+	key = NULL;
+ out:
+	if (key != NULL)
+		sshkey_free(key);
+	if (cert != NULL)
+		sshkey_free(cert);
+	return r;
 }
 
 /*
- * Returns 1 if the specified "key" is listed in the file "filename",
- * 0 if the key is not listed or -1 on error.
- * If strict_type is set then the key type must match exactly,
+ * Returns success if the specified "key" is listed in the file "filename",
+ * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
+ * If "strict_type" is set then the key type must match exactly,
  * otherwise a comparison that ignores certficiate data is performed.
+ * If "check_ca" is set and "key" is a certificate, then its CA key is
+ * also checked and sshkey_in_file() will return success if either is found.
  */
 int
-key_in_file(Key *key, const char *filename, int strict_type)
+sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
+    int check_ca)
 {
 	FILE *f;
 	char line[SSH_MAX_PUBKEY_BYTES];
 	char *cp;
 	u_long linenum = 0;
-	int ret = 0;
-	Key *pub;
-	int (*key_compare)(const Key *, const Key *) = strict_type ?
-	    key_equal : key_equal_public;
+	int r = 0;
+	struct sshkey *pub = NULL;
+	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
+	    strict_type ?  sshkey_equal : sshkey_equal_public;
 
-	if ((f = fopen(filename, "r")) == NULL) {
-		if (errno == ENOENT) {
-			debug("%s: keyfile \"%s\" missing", __func__, filename);
-			return 0;
-		} else {
-			error("%s: could not open keyfile \"%s\": %s", __func__,
-			    filename, strerror(errno));
-			return -1;
-		}
-	}
+	if ((f = fopen(filename, "r")) == NULL)
+		return SSH_ERR_SYSTEM_ERROR;
 
 	while (read_keyfile_line(f, filename, line, sizeof(line),
-		    &linenum) != -1) {
+	    &linenum) != -1) {
 		cp = line;
 
 		/* Skip leading whitespace. */
@@ -914,19 +516,62 @@
 			continue;
 		}
 
-		pub = key_new(KEY_UNSPEC);
-		if (key_read(pub, &cp) != 1) {
-			key_free(pub);
-			continue;
+		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
+			r = SSH_ERR_ALLOC_FAIL;
+			goto out;
 		}
-		if (key_compare(key, pub)) {
-			ret = 1;
-			key_free(pub);
-			break;
+		if ((r = sshkey_read(pub, &cp)) != 0)
+			goto out;
+		if (sshkey_compare(key, pub) ||
+		    (check_ca && sshkey_is_cert(key) &&
+		    sshkey_compare(key->cert->signature_key, pub))) {
+			r = 0;
+			goto out;
 		}
-		key_free(pub);
+		sshkey_free(pub);
+		pub = NULL;
 	}
+	r = SSH_ERR_KEY_NOT_FOUND;
+ out:
+	if (pub != NULL)
+		sshkey_free(pub);
 	fclose(f);
-	return ret;
+	return r;
 }
 
+/*
+ * Checks whether the specified key is revoked, returning 0 if not,
+ * SSH_ERR_KEY_REVOKED if it is or another error code if something
+ * unexpected happened.
+ * This will check both the key and, if it is a certificate, its CA key too.
+ * "revoked_keys_file" may be a KRL or a one-per-line list of public keys.
+ */
+int
+sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
+{
+	int r;
+
+#ifdef WITH_OPENSSL
+	r = ssh_krl_file_contains_key(revoked_keys_file, key);
+	/* If this was not a KRL to begin with then continue below */
+	if (r != SSH_ERR_KRL_BAD_MAGIC)
+		return r;
+#endif
+
+	/*
+	 * If the file is not a KRL or we can't handle KRLs then attempt to
+	 * parse the file as a flat list of keys.
+	 */
+	switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) {
+	case 0:
+		/* Key found => revoked */
+		return SSH_ERR_KEY_REVOKED;
+	case SSH_ERR_KEY_NOT_FOUND:
+		/* Key not found => not revoked */
+		return 0;
+	default:
+		/* Some other error occurred */
+		return r;
+	}
+}
+
--- a/crypto/external/bsd/openssh/dist/authfile.h	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/authfile.h	Thu Apr 30 06:07:29 2015 +0000
@@ -1,32 +1,53 @@
-/*	$NetBSD: authfile.h,v 1.4 2011/09/07 17:49:19 christos Exp $	*/
-/* $OpenBSD: authfile.h,v 1.16 2011/05/04 21:15:29 djm Exp $ */
+/*	$NetBSD: authfile.h,v 1.4.22.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */
 
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
+ * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
  *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #ifndef AUTHFILE_H
 #define AUTHFILE_H
 
-int	 key_save_private(Key *, const char *, const char *, const char *);
-int	 key_load_file(int, const char *, Buffer *);
-Key	*key_load_cert(const char *);
-Key	*key_load_public(const char *, char **);
-Key	*key_load_public_type(int, const char *, char **);
-Key	*key_parse_private(Buffer *, const char *, const char *, char **);
-Key	*key_load_private(const char *, const char *, char **);
-Key	*key_load_private_cert(int, const char *, const char *, int *);
-Key	*key_load_private_type(int, const char *, const char *, char **, int *);
-Key	*key_load_private_pem(int, int, const char *, char **);
-int	 key_perm_ok(int, const char *);
-int	 key_in_file(Key *, const char *, int);
+struct sshbuf;
+struct sshkey;
+
+/* XXX document these */
+/* XXX some of these could probably be merged/retired */
+
+int sshkey_save_private(struct sshkey *, const char *,
+    const char *, const char *, int, const char *, int);
+int sshkey_load_file(int, struct sshbuf *);
+int sshkey_load_cert(const char *, struct sshkey **);
+int sshkey_load_public(const char *, struct sshkey **, char **);
+int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
+int sshkey_load_private_cert(int, const char *, const char *,
+    struct sshkey **, int *);
+int sshkey_load_private_type(int, const char *, const char *,
+    struct sshkey **, char **, int *);
+int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
+    struct sshkey **keyp, char **commentp);
+int sshkey_perm_ok(int, const char *);
+int sshkey_in_file(struct sshkey *, const char *, int, int);
+int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file);
 
 #endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c	Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,174 @@
+/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */
+/*
+ * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+__RCSID("$NetBSD: bcrypt_pbkdf.c,v 1.2.2.2 2015/04/30 06:07:30 riz Exp $");
+
+#ifndef HAVE_BCRYPT_PBKDF
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+#endif
+#include <string.h>
+
+#ifdef HAVE_BLF_H
+# include <blf.h>
+#endif
+
+#include "crypto_api.h"
+#include <stdio.h>
+#include <time.h>
+#include "misc.h"
+#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
+
+/*
+ * pkcs #5 pbkdf2 implementation using the "bcrypt" hash
+ *
+ * The bcrypt hash function is derived from the bcrypt password hashing
+ * function with the following modifications:
+ * 1. The input password and salt are preprocessed with SHA512.
+ * 2. The output length is expanded to 256 bits.
+ * 3. Subsequently the magic string to be encrypted is lengthened and modifed
+ *    to "OxychromaticBlowfishSwatDynamite"
+ * 4. The hash function is defined to perform 64 rounds of initial state
+ *    expansion. (More rounds are performed by iterating the hash.)
+ *
+ * Note that this implementation pulls the SHA512 operations into the caller
+ * as a performance optimization.
+ *
+ * One modification from official pbkdf2. Instead of outputting key material
+ * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to
+ * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an
+ * attacker can merely run once through the outer loop below, but the user
+ * always runs it twice. Shuffling output bytes requires computing the
+ * entirety of the key material to assemble any subkey. This is something a
+ * wise caller could do; we just do it for you.
+ */
+
+#define BCRYPT_BLOCKS 8
+#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4)
+
+static void
+bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
+{
+	blf_ctx state;
+	u_int8_t ciphertext[BCRYPT_HASHSIZE] =
+	    "OxychromaticBlowfishSwatDynamite";
+	uint32_t cdata[BCRYPT_BLOCKS];
+	int i;
+	uint16_t j;
+	size_t shalen = SHA512_DIGEST_LENGTH;
+
+	/* key expansion */
+	Blowfish_initstate(&state);
+	Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
+	for (i = 0; i < 64; i++) {
+		Blowfish_expand0state(&state, sha2salt, shalen);
+		Blowfish_expand0state(&state, sha2pass, shalen);
+	}
+
+	/* encryption */
+	j = 0;
+	for (i = 0; i < BCRYPT_BLOCKS; i++)
+		cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
+		    &j);
+	for (i = 0; i < 64; i++)
+		blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));
+
+	/* copy out */
+	for (i = 0; i < BCRYPT_BLOCKS; i++) {
+		out[4 * i + 3] = (cdata[i] >> 24) & 0xff;
+		out[4 * i + 2] = (cdata[i] >> 16) & 0xff;
+		out[4 * i + 1] = (cdata[i] >> 8) & 0xff;
+		out[4 * i + 0] = cdata[i] & 0xff;
+	}
+
+	/* zap */
+	memset(ciphertext, 0, sizeof(ciphertext));
+	memset(cdata, 0, sizeof(cdata));
+	memset(&state, 0, sizeof(state));
+}
+
+int
+bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
+    u_int8_t *key, size_t keylen, unsigned int rounds)
+{
+	u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
+	u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
+	u_int8_t out[BCRYPT_HASHSIZE];
+	u_int8_t tmpout[BCRYPT_HASHSIZE];
+	u_int8_t *countsalt;
+	size_t i, j, amt, stride;
+	uint32_t count;
+
+	/* nothing crazy */
+	if (rounds < 1)
+		return -1;
+	if (passlen == 0 || saltlen == 0 || keylen == 0 ||
+	    keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
+		return -1;
+	if ((countsalt = calloc(1, saltlen + 4)) == NULL)
+		return -1;
+	stride = (keylen + sizeof(out) - 1) / sizeof(out);
+	amt = (keylen + stride - 1) / stride;
+
+	memcpy(countsalt, salt, saltlen);
+
+	/* collapse password */
+	crypto_hash_sha512(sha2pass, (const u_char *)pass, passlen);
+
+	/* generate key, sizeof(out) at a time */
+	for (count = 1; keylen > 0; count++) {
+		countsalt[saltlen + 0] = (count >> 24) & 0xff;
+		countsalt[saltlen + 1] = (count >> 16) & 0xff;
+		countsalt[saltlen + 2] = (count >> 8) & 0xff;
+		countsalt[saltlen + 3] = count & 0xff;
+
+		/* first round, salt is salt */
+		crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
+
+		bcrypt_hash(sha2pass, sha2salt, tmpout);
+		memcpy(out, tmpout, sizeof(out));
+
+		for (i = 1; i < rounds; i++) {
+			/* subsequent rounds, salt is previous output */
+			crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
+			bcrypt_hash(sha2pass, sha2salt, tmpout);
+			for (j = 0; j < sizeof(out); j++)
+				out[j] ^= tmpout[j];
+		}
+
+		/*
+		 * pbkdf2 deviation: ouput the key material non-linearly.
+		 */
+		amt = MIN(amt, keylen);
+		for (i = 0; i < amt; i++)
+			key[i * stride + (count - 1)] = out[i];
+		keylen -= amt;
+	}
+
+	/* zap */
+	memset(out, 0, sizeof(out));
+	memset(countsalt, 0, saltlen + 4);
+	free(countsalt);
+
+	return 0;
+}
+#endif /* HAVE_BCRYPT_PBKDF */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/bitmap.c	Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,216 @@
+/*	$NetBSD: bitmap.c,v 1.2.2.2 2015/04/30 06:07:30 riz Exp $	*/
+/*
+ * Copyright (c) 2015 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+__RCSID("$NetBSD: bitmap.c,v 1.2.2.2 2015/04/30 06:07:30 riz Exp $");
+
+#include <sys/types.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+
+#include "misc.h"
+#include "bitmap.h"
+
+#define BITMAP_WTYPE	u_int
+#define BITMAP_MAX	(1<<24)
+#define BITMAP_BYTES	(sizeof(BITMAP_WTYPE))
+#define BITMAP_BITS	(sizeof(BITMAP_WTYPE) * 8)
+#define BITMAP_WMASK	((BITMAP_WTYPE)BITMAP_BITS - 1)
+struct bitmap {
+	BITMAP_WTYPE *d;
+	size_t len; /* number of words allocated */
+	size_t top; /* index of top word allocated */
+};
+
+struct bitmap *
+bitmap_new(void)
+{
+	struct bitmap *ret;
+
+	if ((ret = calloc(1, sizeof(*ret))) == NULL)
+		return NULL;
+	if ((ret->d = calloc(1, BITMAP_BYTES)) == NULL) {
+		free(ret);
+		return NULL;
+	}
+	ret->len = 1;
+	ret->top = 0;
+	return ret;
+}
+
+void
+bitmap_free(struct bitmap *b)
+{
+	if (b != NULL && b->d != NULL) {
+		memset(b->d, 0, b->len);
+		free(b->d);
+	}
+	free(b);
+}
+
+void
+bitmap_zero(struct bitmap *b)
+{
+	memset(b->d, 0, b->len * BITMAP_BYTES);
+	b->top = 0;
+}
+
+int
+bitmap_test_bit(struct bitmap *b, u_int n)
+{
+	if (b->top >= b->len)
+		return 0; /* invalid */
+	if (b->len == 0 || (n / BITMAP_BITS) > b->top)
+		return 0;
+	return (b->d[n / BITMAP_BITS] >> (n & BITMAP_WMASK)) & 1;
+}
+
+static int
+reserve(struct bitmap *b, u_int n)
+{
+	BITMAP_WTYPE *tmp;
+	size_t nlen;
+
+	if (b->top >= b->len || n > BITMAP_MAX)
+		return -1; /* invalid */
+	nlen = (n / BITMAP_BITS) + 1;
+	if (b->len < nlen) {
+		if ((tmp = reallocarray(b->d, nlen, BITMAP_BYTES)) == NULL)
+			return -1;
+		b->d = tmp;
+		memset(b->d + b->len, 0, (nlen - b->len) * BITMAP_BYTES);
+		b->len = nlen;
+	}
+	return 0;
+}
+
+int
+bitmap_set_bit(struct bitmap *b, u_int n)
+{
+	int r;
+	size_t offset;
+
+	if ((r = reserve(b, n)) != 0)
+		return r;
+	offset = n / BITMAP_BITS;
+	if (offset > b->top)
+		b->top = offset;
+	b->d[offset] |= (BITMAP_WTYPE)1 << (n & BITMAP_WMASK);
+	return 0;
+}
+
+/* Resets b->top to point to the most significant bit set in b->d */
+static void
+retop(struct bitmap *b)
+{
+	if (b->top >= b->len)
+		return;
+	while (b->top > 0 && b->d[b->top] == 0)
+		b->top--;
+}
+
+void
+bitmap_clear_bit(struct bitmap *b, u_int n)
+{
+	size_t offset;
+
+	if (b->top >= b->len || n > BITMAP_MAX)
+		return; /* invalid */
+	offset = n / BITMAP_BITS;
+	if (offset > b->top)
+		return;
+	b->d[offset] &= ~((BITMAP_WTYPE)1 << (n & BITMAP_WMASK));
+	/* The top may have changed as a result of the clear */
+	retop(b);
+}
+
+size_t
+bitmap_nbits(struct bitmap *b)
+{
+	size_t bits;
+	BITMAP_WTYPE w;
+
+	retop(b);
+	if (b->top >= b->len)
+		return 0; /* invalid */
+	if (b->len == 0 || (b->top == 0 && b->d[0] == 0))
+		return 0;
+	/* Find MSB set */
+	w = b->d[b->top];
+	bits = (b->top + 1) * BITMAP_BITS;
+	while (!(w & ((BITMAP_WTYPE)1 << (BITMAP_BITS - 1)))) {
+		w <<= 1;
+		bits--;
+	}
+	return bits;
+}
+
+size_t
+bitmap_nbytes(struct bitmap *b)
+{
+	return (bitmap_nbits(b) + 7) / 8;
+}
+
+int
+bitmap_to_string(struct bitmap *b, void *p, size_t l)
+{
+	u_char *s = (u_char *)p;
+	size_t i, j, k, need = bitmap_nbytes(b);
+
+	if (l < need || b->top >= b->len)
+		return -1;
+	if (l > need)
+		l = need;
+	/* Put the bytes from LSB backwards */
+	for (i = k = 0; i < b->top + 1; i++) {
+		for (j = 0; j < BITMAP_BYTES; j++) {
+			if (k >= l)
+				break;
+			s[need - 1 - k++] = (b->d[i] >> (j * 8)) & 0xff;
+		}
+	}
+	return 0;
+}
+
+int
+bitmap_from_string(struct bitmap *b, const void *p, size_t l)
+{
+	int r;
+	size_t i, offset, shift;
+	const u_char *s = p;
+
+	if (l > BITMAP_MAX / 8)
+		return -1;
+	if ((r = reserve(b, l * 8)) != 0)
+		return r;
+	bitmap_zero(b);
+	if (l == 0)
+		return 0;
+	b->top = offset = ((l + (BITMAP_BYTES - 1)) / BITMAP_BYTES) - 1;
+	shift = ((l + (BITMAP_BYTES - 1)) % BITMAP_BYTES) * 8;
+	for (i = 0; i < l; i++) {
+		b->d[offset] |= (BITMAP_WTYPE)s[i] << shift;
+		if (shift == 0) {
+			offset--;
+			shift = BITMAP_BITS - 8;
+		} else
+			shift -= 8;
+	}
+	retop(b);
+	return 0;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/bitmap.h	Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,58 @@
+/*	$NetBSD: bitmap.h,v 1.2.2.2 2015/04/30 06:07:30 riz Exp $	*/
+
+/*
+ * Copyright (c) 2015 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _BITMAP_H
+#define _BITMAP_H
+
+#include <sys/types.h>
+
+/* Simple bit vector routines */
+
+struct bitmap;
+
+/* Allocate a new bitmap. Returns NULL on allocation failure. */
+struct bitmap *bitmap_new(void);
+
+/* Free a bitmap */
+void bitmap_free(struct bitmap *b);
+
+/* Zero an existing bitmap */
+void bitmap_zero(struct bitmap *b);
+
+/* Test whether a bit is set in a bitmap. */
+int bitmap_test_bit(struct bitmap *b, u_int n);
+
+/* Set a bit in a bitmap. Returns 0 on success or -1 on error */
+int bitmap_set_bit(struct bitmap *b, u_int n);
+
+/* Clear a bit in a bitmap */
+void bitmap_clear_bit(struct bitmap *b, u_int n);
+
+/* Return the number of bits in a bitmap (i.e. the position of the MSB) */
+size_t bitmap_nbits(struct bitmap *b);
+
+/* Return the number of bytes needed to represent a bitmap */
+size_t bitmap_nbytes(struct bitmap *b);
+
+/* Convert a bitmap to a big endian byte string */
+int bitmap_to_string(struct bitmap *b, void *p, size_t l);
+
+/* Convert a big endian byte string to a bitmap */
+int bitmap_from_string(struct bitmap *b, const void *p, size_t l);
+
+#endif /* _BITMAP_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/blf.h	Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,88 @@
+/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */
+/*
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _BLF_H_
+#define _BLF_H_
+
+#include "includes.h"
+
+#if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H)
+
+/* Schneier specifies a maximum key length of 56 bytes.
+ * This ensures that every key bit affects every cipher
+ * bit.  However, the subkeys can hold up to 72 bytes.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N	16			/* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N-2)*4)	/* 448 bits */
+#define BLF_MAXUTILIZED ((BLF_N+2)*4)	/* 576 bits */
+
+/* Blowfish context */
+typedef struct BlowfishContext {
+	u_int32_t S[4][256];	/* S-Boxes */
+	u_int32_t P[BLF_N + 2];	/* Subkeys */
+} blf_ctx;
+
+/* Raw access to customized Blowfish
+ *	blf_key is just:
+ *	Blowfish_initstate( state )
+ *	Blowfish_expand0state( state, key, keylen )
+ */
+
+void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *);
+void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *);
+void Blowfish_initstate(blf_ctx *);
+void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
+void Blowfish_expandstate
+(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
+
+/* Standard Blowfish */
+
+void blf_key(blf_ctx *, const u_int8_t *, u_int16_t);
+void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
+void blf_dec(blf_ctx *, u_int32_t *, u_int16_t);
+
+void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t);
+void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t);
+
+void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
+void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
+
+/* Converts u_int8_t to u_int32_t */
+u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *);
+
+#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */
+#endif /* _BLF_H */
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/blocks.c	Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,248 @@
+/* $OpenBSD: blocks.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Author: Daniel J. Bernstein
+ * Copied from nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c
+ */
+#include "includes.h"
+__RCSID("$NetBSD: blocks.c,v 1.3.2.2 2015/04/30 06:07:30 riz Exp $");
+
+#include "crypto_api.h"
+
+typedef unsigned long long uint64;
+
+static uint64 load_bigendian(const unsigned char *x)
+{
+  return
+      (uint64) (x[7]) \
+  | (((uint64) (x[6])) << 8) \
+  | (((uint64) (x[5])) << 16) \
+  | (((uint64) (x[4])) << 24) \
+  | (((uint64) (x[3])) << 32) \
+  | (((uint64) (x[2])) << 40) \
+  | (((uint64) (x[1])) << 48) \
+  | (((uint64) (x[0])) << 56)
+  ;
+}
+
+static void store_bigendian(unsigned char *x,uint64 u)
+{
+  x[7] = u; u >>= 8;
+  x[6] = u; u >>= 8;
+  x[5] = u; u >>= 8;
+  x[4] = u; u >>= 8;
+  x[3] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[0] = u;
+}
+
+#define SHR(x,c) ((x) >> (c))
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c))))
+
+#define Ch(x,y,z) ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7))
+#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6))
+
+#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
+
+#define EXPAND \
+  M(w0 ,w14,w9 ,w1 ) \
+  M(w1 ,w15,w10,w2 ) \
+  M(w2 ,w0 ,w11,w3 ) \
+  M(w3 ,w1 ,w12,w4 ) \
+  M(w4 ,w2 ,w13,w5 ) \
+  M(w5 ,w3 ,w14,w6 ) \
+  M(w6 ,w4 ,w15,w7 ) \
+  M(w7 ,w5 ,w0 ,w8 ) \
+  M(w8 ,w6 ,w1 ,w9 ) \
+  M(w9 ,w7 ,w2 ,w10) \
+  M(w10,w8 ,w3 ,w11) \
+  M(w11,w9 ,w4 ,w12) \
+  M(w12,w10,w5 ,w13) \
+  M(w13,w11,w6 ,w14) \
+  M(w14,w12,w7 ,w15) \
+  M(w15,w13,w8 ,w0 )
+
+#define F(w,k) \
+  T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
+  T2 = Sigma0(a) + Maj(a,b,c); \
+  h = g; \
+  g = f; \
+  f = e; \
+  e = d + T1; \
+  d = c; \
+  c = b; \
+  b = a; \
+  a = T1 + T2;
+
+int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+{
+  uint64 state[8];
+  uint64 a;
+  uint64 b;
+  uint64 c;
+  uint64 d;
+  uint64 e;
+  uint64 f;
+  uint64 g;
+  uint64 h;
+  uint64 T1;
+  uint64 T2;
+
+  a = load_bigendian(statebytes +  0); state[0] = a;
+  b = load_bigendian(statebytes +  8); state[1] = b;
+  c = load_bigendian(statebytes + 16); state[2] = c;
+  d = load_bigendian(statebytes + 24); state[3] = d;
+  e = load_bigendian(statebytes + 32); state[4] = e;
+  f = load_bigendian(statebytes + 40); state[5] = f;
+  g = load_bigendian(statebytes + 48); state[6] = g;
+  h = load_bigendian(statebytes + 56); state[7] = h;
+
+  while (inlen >= 128) {
+    uint64 w0  = load_bigendian(in +   0);
+    uint64 w1  = load_bigendian(in +   8);
+    uint64 w2  = load_bigendian(in +  16);
+    uint64 w3  = load_bigendian(in +  24);
+    uint64 w4  = load_bigendian(in +  32);
+    uint64 w5  = load_bigendian(in +  40);
+    uint64 w6  = load_bigendian(in +  48);
+    uint64 w7  = load_bigendian(in +  56);
+    uint64 w8  = load_bigendian(in +  64);
+    uint64 w9  = load_bigendian(in +  72);
+    uint64 w10 = load_bigendian(in +  80);
+    uint64 w11 = load_bigendian(in +  88);
+    uint64 w12 = load_bigendian(in +  96);
+    uint64 w13 = load_bigendian(in + 104);
+    uint64 w14 = load_bigendian(in + 112);
+    uint64 w15 = load_bigendian(in + 120);
+
+    F(w0 ,0x428a2f98d728ae22ULL)
+    F(w1 ,0x7137449123ef65cdULL)
+    F(w2 ,0xb5c0fbcfec4d3b2fULL)
+    F(w3 ,0xe9b5dba58189dbbcULL)
+    F(w4 ,0x3956c25bf348b538ULL)
+    F(w5 ,0x59f111f1b605d019ULL)
+    F(w6 ,0x923f82a4af194f9bULL)
+    F(w7 ,0xab1c5ed5da6d8118ULL)
+    F(w8 ,0xd807aa98a3030242ULL)
+    F(w9 ,0x12835b0145706fbeULL)
+    F(w10,0x243185be4ee4b28cULL)
+    F(w11,0x550c7dc3d5ffb4e2ULL)
+    F(w12,0x72be5d74f27b896fULL)
+    F(w13,0x80deb1fe3b1696b1ULL)
+    F(w14,0x9bdc06a725c71235ULL)
+    F(w15,0xc19bf174cf692694ULL)
+
+    EXPAND
+
+    F(w0 ,0xe49b69c19ef14ad2ULL)
+    F(w1 ,0xefbe4786384f25e3ULL)
+    F(w2 ,0x0fc19dc68b8cd5b5ULL)
+    F(w3 ,0x240ca1cc77ac9c65ULL)
+    F(w4 ,0x2de92c6f592b0275ULL)
+    F(w5 ,0x4a7484aa6ea6e483ULL)
+    F(w6 ,0x5cb0a9dcbd41fbd4ULL)
+    F(w7 ,0x76f988da831153b5ULL)
+    F(w8 ,0x983e5152ee66dfabULL)
+    F(w9 ,0xa831c66d2db43210ULL)
+    F(w10,0xb00327c898fb213fULL)
+    F(w11,0xbf597fc7beef0ee4ULL)
+    F(w12,0xc6e00bf33da88fc2ULL)
+    F(w13,0xd5a79147930aa725ULL)
+    F(w14,0x06ca6351e003826fULL)
+    F(w15,0x142929670a0e6e70ULL)
+
+    EXPAND
+
+    F(w0 ,0x27b70a8546d22ffcULL)
+    F(w1 ,0x2e1b21385c26c926ULL)
+    F(w2 ,0x4d2c6dfc5ac42aedULL)
+    F(w3 ,0x53380d139d95b3dfULL)
+    F(w4 ,0x650a73548baf63deULL)
+    F(w5 ,0x766a0abb3c77b2a8ULL)
+    F(w6 ,0x81c2c92e47edaee6ULL)
+    F(w7 ,0x92722c851482353bULL)
+    F(w8 ,0xa2bfe8a14cf10364ULL)
+    F(w9 ,0xa81a664bbc423001ULL)
+    F(w10,0xc24b8b70d0f89791ULL)
+    F(w11,0xc76c51a30654be30ULL)
+    F(w12,0xd192e819d6ef5218ULL)
+    F(w13,0xd69906245565a910ULL)
+    F(w14,0xf40e35855771202aULL)
+    F(w15,0x106aa07032bbd1b8ULL)
+
+    EXPAND
+
+    F(w0 ,0x19a4c116b8d2d0c8ULL)
+    F(w1 ,0x1e376c085141ab53ULL)
+    F(w2 ,0x2748774cdf8eeb99ULL)
+    F(w3 ,0x34b0bcb5e19b48a8ULL)
+    F(w4 ,0x391c0cb3c5c95a63ULL)
+    F(w5 ,0x4ed8aa4ae3418acbULL)
+    F(w6 ,0x5b9cca4f7763e373ULL)
+    F(w7 ,0x682e6ff3d6b2b8a3ULL)
+    F(w8 ,0x748f82ee5defb2fcULL)
+    F(w9 ,0x78a5636f43172f60ULL)
+    F(w10,0x84c87814a1f0ab72ULL)
+    F(w11,0x8cc702081a6439ecULL)
+    F(w12,0x90befffa23631e28ULL)
+    F(w13,0xa4506cebde82bde9ULL)
+    F(w14,0xbef9a3f7b2c67915ULL)
+    F(w15,0xc67178f2e372532bULL)
+
+    EXPAND
+
+    F(w0 ,0xca273eceea26619cULL)
+    F(w1 ,0xd186b8c721c0c207ULL)
+    F(w2 ,0xeada7dd6cde0eb1eULL)
+    F(w3 ,0xf57d4f7fee6ed178ULL)
+    F(w4 ,0x06f067aa72176fbaULL)
+    F(w5 ,0x0a637dc5a2c898a6ULL)
+    F(w6 ,0x113f9804bef90daeULL)
+    F(w7 ,0x1b710b35131c471bULL)
+    F(w8 ,0x28db77f523047d84ULL)
+    F(w9 ,0x32caab7b40c72493ULL)
+    F(w10,0x3c9ebe0a15c9bebcULL)
+    F(w11,0x431d67c49c100d4cULL)
+    F(w12,0x4cc5d4becb3e42b6ULL)
+    F(w13,0x597f299cfc657e2aULL)
+    F(w14,0x5fcb6fab3ad6faecULL)
+    F(w15,0x6c44198c4a475817ULL)
+
+    a += state[0];
+    b += state[1];
+    c += state[2];
+    d += state[3];
+    e += state[4];
+    f += state[5];
+    g += state[6];
+    h += state[7];
+  
+    state[0] = a;
+    state[1] = b;
+    state[2] = c;
+    state[3] = d;
+    state[4] = e;
+    state[5] = f;
+    state[6] = g;
+    state[7] = h;
+
+    in += 128;
+    inlen -= 128;
+  }
+
+  store_bigendian(statebytes +  0,state[0]);
+  store_bigendian(statebytes +  8,state[1]);
+  store_bigendian(statebytes + 16,state[2]);
+  store_bigendian(statebytes + 24,state[3]);
+  store_bigendian(statebytes + 32,state[4]);
+  store_bigendian(statebytes + 40,state[5]);
+  store_bigendian(statebytes + 48,state[6]);
+  store_bigendian(statebytes + 56,state[7]);
+
+  return inlen;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/blowfish.c	Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,695 @@
+/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
+/*
+ * Blowfish block cipher for OpenBSD
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code is derived from section 14.3 and the given source
+ * in section V of Applied Cryptography, second edition.
+ * Blowfish is an unpatented fast block cipher designed by
+ * Bruce Schneier.
+ */
+
+#include "includes.h"
+__RCSID("$NetBSD: blowfish.c,v 1.2.2.2 2015/04/30 06:07:30 riz Exp $");
+
+#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
+    !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC))
+
+#if 0
+#include <stdio.h>		/* used for debugging */
+#include <string.h>
+#endif
+
+#include <sys/types.h>
+#include <blf.h>
+
+#undef inline
+#ifdef __GNUC__
+#define inline __inline
+#else				/* !__GNUC__ */
+#define inline
+#endif				/* !__GNUC__ */
+
+/* Function for Feistel Networks */
+
+#define F(s, x) ((((s)[        (((x)>>24)&0xFF)]  \
+		 + (s)[0x100 + (((x)>>16)&0xFF)]) \
+		 ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
+		 + (s)[0x300 + ( (x)     &0xFF)])
+
+#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
+
+void
+Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
+{
+	u_int32_t Xl;
+	u_int32_t Xr;
+	u_int32_t *s = c->S[0];
+	u_int32_t *p = c->P;
+
+	Xl = *xl;
+	Xr = *xr;
+
+	Xl ^= p[0];
+	BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
+	BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
+	BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
+	BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
+	BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
+	BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
+	BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
+	BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
+
+	*xl = Xr ^ p[17];
+	*xr = Xl;
+}
+
+void
+Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
+{
+	u_int32_t Xl;
+	u_int32_t Xr;
+	u_int32_t *s = c->S[0];
+	u_int32_t *p = c->P;
+
+	Xl = *xl;
+	Xr = *xr;
+
+	Xl ^= p[17];
+	BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
+	BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
+	BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
+	BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
+	BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
+	BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
+	BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
+	BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
+
+	*xl = Xr ^ p[0];
+	*xr = Xl;
+}
+
+void
+Blowfish_initstate(blf_ctx *c)
+{
+	/* P-box and S-box tables initialized with digits of Pi */
+
+	static const blf_ctx initstate =
+	{ {
+		{
+			0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
+			0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
+			0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+			0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
+			0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
+			0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+			0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
+			0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
+			0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+			0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
+			0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
+			0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+			0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
+			0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
+			0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+			0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
+			0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
+			0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+			0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
+			0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
+			0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+			0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
+			0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
+			0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+			0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
+			0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
+			0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+			0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
+			0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
+			0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+			0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
+			0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
+			0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+			0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
+			0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
+			0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+			0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
+			0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
+			0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+			0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
+			0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
+			0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+			0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
+			0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
+			0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+			0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
+			0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
+			0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+			0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
+			0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
+			0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+			0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
+			0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
+			0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+			0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
+			0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
+			0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+			0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
+			0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
+			0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+			0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
+			0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
+			0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+		0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
+		{
+			0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
+			0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
+			0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+			0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
+			0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
+			0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+			0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
+			0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
+			0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+			0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
+			0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
+			0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+			0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
+			0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
+			0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+			0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
+			0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
+			0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+			0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
+			0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
+			0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+			0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
+			0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
+			0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+			0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
+			0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
+			0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+			0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
+			0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
+			0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+			0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
+			0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
+			0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+			0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
+			0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
+			0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+			0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
+			0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
+			0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+			0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
+			0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
+			0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+			0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
+			0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
+			0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+			0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
+			0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
+			0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+			0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
+			0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
+			0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+			0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
+			0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
+			0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+			0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
+			0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
+			0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+			0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
+			0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
+			0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+			0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
+			0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
+			0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+		0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
+		{
+			0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
+			0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
+			0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+			0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
+			0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
+			0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+			0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
+			0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
+			0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+			0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
+			0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
+			0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+			0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
+			0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
+			0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+			0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
+			0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
+			0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+			0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
+			0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
+			0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+			0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
+			0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
+			0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+			0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
+			0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
+			0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+			0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
+			0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
+			0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+			0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
+			0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
+			0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+			0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
+			0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
+			0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+			0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
+			0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
+			0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+			0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
+			0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
+			0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+			0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
+			0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
+			0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+			0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
+			0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
+			0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+			0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
+			0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
+			0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+			0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
+			0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
+			0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+			0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
+			0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
+			0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+			0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
+			0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
+			0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+			0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
+			0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
+			0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+		0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
+		{
+			0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
+			0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
+			0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+			0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
+			0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
+			0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+			0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
+			0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
+			0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+			0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
+			0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
+			0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+			0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
+			0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
+			0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+			0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
+			0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
+			0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+			0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
+			0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
+			0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+			0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
+			0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
+			0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+			0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
+			0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
+			0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+			0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
+			0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
+			0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+			0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
+			0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
+			0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+			0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
+			0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
+			0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+			0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
+			0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
+			0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+			0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
+			0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
+			0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+			0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
+			0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
+			0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+			0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
+			0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
+			0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+			0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
+			0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
+			0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+			0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
+			0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
+			0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+			0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
+			0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
+			0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+			0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
+			0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
+			0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+			0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
+			0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
+			0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+		0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
+	},
+	{
+		0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
+		0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
+		0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+		0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
+		0x9216d5d9, 0x8979fb1b
+	} };
+
+	*c = initstate;
+}
+
+u_int32_t
+Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
+    u_int16_t *current)
+{
+	u_int8_t i;
+	u_int16_t j;
+	u_int32_t temp;
+
+	temp = 0x00000000;
+	j = *current;
+
+	for (i = 0; i < 4; i++, j++) {
+		if (j >= databytes)
+			j = 0;
+		temp = (temp << 8) | data[j];
+	}
+
+	*current = j;
+	return temp;
+}
+
+void
+Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
+{
+	u_int16_t i;
+	u_int16_t j;
+	u_int16_t k;
+	u_int32_t temp;
+	u_int32_t datal;
+	u_int32_t datar;
+
+	j = 0;
+	for (i = 0; i < BLF_N + 2; i++) {
+		/* Extract 4 int8 to 1 int32 from keystream */
+		temp = Blowfish_stream2word(key, keybytes, &j);
+		c->P[i] = c->P[i] ^ temp;
+	}
+
+	j = 0;
+	datal = 0x00000000;
+	datar = 0x00000000;
+	for (i = 0; i < BLF_N + 2; i += 2) {
+		Blowfish_encipher(c, &datal, &datar);
+
+		c->P[i] = datal;
+		c->P[i + 1] = datar;
+	}
+
+	for (i = 0; i < 4; i++) {
+		for (k = 0; k < 256; k += 2) {
+			Blowfish_encipher(c, &datal, &datar);
+
+			c->S[i][k] = datal;
+			c->S[i][k + 1] = datar;
+		}
+	}
+}
+
+
+void
+Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
+    const u_int8_t *key, u_int16_t keybytes)
+{
+	u_int16_t i;
+	u_int16_t j;
+	u_int16_t k;
+	u_int32_t temp;
+	u_int32_t datal;
+	u_int32_t datar;
+
+	j = 0;
+	for (i = 0; i < BLF_N + 2; i++) {
+		/* Extract 4 int8 to 1 int32 from keystream */
+		temp = Blowfish_stream2word(key, keybytes, &j);
+		c->P[i] = c->P[i] ^ temp;
+	}
+
+	j = 0;
+	datal = 0x00000000;
+	datar = 0x00000000;
+	for (i = 0; i < BLF_N + 2; i += 2) {
+		datal ^= Blowfish_stream2word(data, databytes, &j);
+		datar ^= Blowfish_stream2word(data, databytes, &j);
+		Blowfish_encipher(c, &datal, &datar);
+
+		c->P[i] = datal;
+		c->P[i + 1] = datar;
+	}
+
+	for (i = 0; i < 4; i++) {
+		for (k = 0; k < 256; k += 2) {
+			datal ^= Blowfish_stream2word(data, databytes, &j);
+			datar ^= Blowfish_stream2word(data, databytes, &j);
+			Blowfish_encipher(c, &datal, &datar);
+
+			c->S[i][k] = datal;
+			c->S[i][k + 1] = datar;
+		}
+	}
+
+}
+
+void
+blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
+{
+	/* Initialize S-boxes and subkeys with Pi */
+	Blowfish_initstate(c);
+
+	/* Transform S-boxes and subkeys with key */
+	Blowfish_expand0state(c, k, len);
+}
+
+void
+blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+{
+	u_int32_t *d;
+	u_int16_t i;
+
+	d = data;
+	for (i = 0; i < blocks; i++) {
+		Blowfish_encipher(c, d, d + 1);
+		d += 2;
+	}
+}
+
+void
+blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+{
+	u_int32_t *d;
+	u_int16_t i;
+
+	d = data;
+	for (i = 0; i < blocks; i++) {
+		Blowfish_decipher(c, d, d + 1);
+		d += 2;
+	}
+}
+
+void
+blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
+{
+	u_int32_t l, r;
+	u_int32_t i;
+
+	for (i = 0; i < len; i += 8) {
+		l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+		r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+		Blowfish_encipher(c, &l, &r);
+		data[0] = l >> 24 & 0xff;
+		data[1] = l >> 16 & 0xff;
+		data[2] = l >> 8 & 0xff;
+		data[3] = l & 0xff;
+		data[4] = r >> 24 & 0xff;
+		data[5] = r >> 16 & 0xff;
+		data[6] = r >> 8 & 0xff;
+		data[7] = r & 0xff;
+		data += 8;
+	}
+}
+
+void
+blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
+{
+	u_int32_t l, r;
+	u_int32_t i;
+
+	for (i = 0; i < len; i += 8) {
+		l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+		r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+		Blowfish_decipher(c, &l, &r);
+		data[0] = l >> 24 & 0xff;
+		data[1] = l >> 16 & 0xff;
+		data[2] = l >> 8 & 0xff;
+		data[3] = l & 0xff;
+		data[4] = r >> 24 & 0xff;
+		data[5] = r >> 16 & 0xff;
+		data[6] = r >> 8 & 0xff;
+		data[7] = r & 0xff;
+		data += 8;
+	}
+}
+
+void
+blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
+{
+	u_int32_t l, r;
+	u_int32_t i, j;
+
+	for (i = 0; i < len; i += 8) {
+		for (j = 0; j < 8; j++)
+			data[j] ^= iv[j];
+		l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+		r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+		Blowfish_encipher(c, &l, &r);
+		data[0] = l >> 24 & 0xff;
+		data[1] = l >> 16 & 0xff;
+		data[2] = l >> 8 & 0xff;
+		data[3] = l & 0xff;
+		data[4] = r >> 24 & 0xff;
+		data[5] = r >> 16 & 0xff;
+		data[6] = r >> 8 & 0xff;
+		data[7] = r & 0xff;
+		iv = data;
+		data += 8;
+	}
+}
+
+void
+blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
+{
+	u_int32_t l, r;
+	u_int8_t *iv;
+	u_int32_t i, j;
+
+	iv = data + len - 16;
+	data = data + len - 8;
+	for (i = len - 8; i >= 8; i -= 8) {
+		l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+		r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+		Blowfish_decipher(c, &l, &r);
+		data[0] = l >> 24 & 0xff;
+		data[1] = l >> 16 & 0xff;
+		data[2] = l >> 8 & 0xff;
+		data[3] = l & 0xff;
+		data[4] = r >> 24 & 0xff;
+		data[5] = r >> 16 & 0xff;
+		data[6] = r >> 8 & 0xff;
+		data[7] = r & 0xff;
+		for (j = 0; j < 8; j++)
+			data[j] ^= iv[j];
+		iv -= 8;
+		data -= 8;
+	}
+	l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+	r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+	Blowfish_decipher(c, &l, &r);
+	data[0] = l >> 24 & 0xff;
+	data[1] = l >> 16 & 0xff;
+	data[2] = l >> 8 & 0xff;
+	data[3] = l & 0xff;
+	data[4] = r >> 24 & 0xff;
+	data[5] = r >> 16 & 0xff;
+	data[6] = r >> 8 & 0xff;
+	data[7] = r & 0xff;
+	for (j = 0; j < 8; j++)
+		data[j] ^= iva[j];
+}
+
+#if 0
+void
+report(u_int32_t data[], u_int16_t len)
+{
+	u_int16_t i;
+	for (i = 0; i < len; i += 2)
+		printf("Block %0hd: %08lx %08lx.\n",
+		    i / 2, data[i], data[i + 1]);
+}
+void
+main(void)
+{
+
+	blf_ctx c;
+	char    key[] = "AAAAA";
+	char    key2[] = "abcdefghijklmnopqrstuvwxyz";
+
+	u_int32_t data[10];
+	u_int32_t data2[] =
+	{0x424c4f57l, 0x46495348l};
+
+	u_int16_t i;
+
+	/* First test */
+	for (i = 0; i < 10; i++)
+		data[i] = i;
+
+	blf_key(&c, (u_int8_t *) key, 5);
+	blf_enc(&c, data, 5);
+	blf_dec(&c, data, 1);
+	blf_dec(&c, data + 2, 4);
+	printf("Should read as 0 - 9.\n");
+	report(data, 10);
+
+	/* Second test */
+	blf_key(&c, (u_int8_t *) key2, strlen(key2));
+	blf_enc(&c, data2, 1);
+	printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
+	report(data2, 2);
+	blf_dec(&c, data2, 1);
+	report(data2, 2);
+}
+#endif
+
+#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
+    !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */
+
--- a/crypto/external/bsd/openssh/dist/bufaux.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/bufaux.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,71 +1,41 @@
-/*	$NetBSD: bufaux.c,v 1.5 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: bufaux.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
+/*	$NetBSD: bufaux.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: bufaux.c,v 1.60 2014/04/30 05:29:56 djm Exp $ */
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * Auxiliary functions for storing and retrieving various data types to/from
- * Buffers.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- *
- *
- * SSH2 packet format added by Markus Friedl
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: bufaux.c,v 1.5 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: bufaux.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $");
+/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
+
 #include <sys/types.h>
 
-#include <openssl/bn.h>
-
-#include <string.h>
-#include <stdarg.h>
-#include <time.h>
-
-#include "xmalloc.h"
 #include "buffer.h"
 #include "log.h"
-#include "misc.h"
-
-/*
- * Returns integers from the buffer (msb first).
- */
+#include "ssherr.h"
 
 int
-buffer_get_short_ret(u_short *ret, Buffer *buffer)
+buffer_get_short_ret(u_short *v, Buffer *buffer)
 {
-	u_char buf[2];
+	int ret;
 
-	if (buffer_get_ret(buffer, (char *) buf, 2) == -1)
-		return (-1);
-	*ret = get_u16(buf);
-	return (0);
+	if ((ret = sshbuf_get_u16(buffer, v)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
+	}
+	return 0;
 }
 
 u_short
@@ -74,21 +44,21 @@
 	u_short ret = 0;	/* XXX: GCC */
 
 	if (buffer_get_short_ret(&ret, buffer) == -1)
-		fatal("buffer_get_short: buffer error");
+		fatal("%s: buffer error", __func__);
 
 	return (ret);
 }
 
 int
-buffer_get_int_ret(u_int *ret, Buffer *buffer)
+buffer_get_int_ret(u_int *v, Buffer *buffer)
 {
-	u_char buf[4];
+	int ret;
 
-	if (buffer_get_ret(buffer, (char *) buf, 4) == -1)
-		return (-1);
-	if (ret != NULL)
-		*ret = get_u32(buf);
-	return (0);
+	if ((ret = sshbuf_get_u32(buffer, v)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
+	}
+	return 0;
 }
 
 u_int
@@ -97,21 +67,21 @@
 	u_int ret = 0;		/* XXX: GCC */
 
 	if (buffer_get_int_ret(&ret, buffer) == -1)
-		fatal("buffer_get_int: buffer error");
+		fatal("%s: buffer error", __func__);
 
 	return (ret);
 }
 
 int
-buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer)
+buffer_get_int64_ret(u_int64_t *v, Buffer *buffer)
 {
-	u_char buf[8];
+	int ret;
 
-	if (buffer_get_ret(buffer, (char *) buf, 8) == -1)
-		return (-1);
-	if (ret != NULL)
-		*ret = get_u64(buf);
-	return (0);
+	if ((ret = sshbuf_get_u64(buffer, v)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
+	}
+	return 0;
 }
 
 u_int64_t
@@ -120,78 +90,52 @@
 	u_int64_t ret = 0;	/* XXX: GCC */
 
 	if (buffer_get_int64_ret(&ret, buffer) == -1)
-		fatal("buffer_get_int: buffer error");
+		fatal("%s: buffer error", __func__);
 
 	return (ret);
 }
 
-/*
- * Stores integers in the buffer, msb first.
- */
 void
 buffer_put_short(Buffer *buffer, u_short value)
 {
-	char buf[2];
+	int ret;
 
-	put_u16(buf, value);
-	buffer_append(buffer, buf, 2);
+	if ((ret = sshbuf_put_u16(buffer, value)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
 }
 
 void
 buffer_put_int(Buffer *buffer, u_int value)
 {
-	char buf[4];
+	int ret;
 
-	put_u32(buf, value);
-	buffer_append(buffer, buf, 4);
+	if ((ret = sshbuf_put_u32(buffer, value)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
 }
 
 void
 buffer_put_int64(Buffer *buffer, u_int64_t value)
 {
-	char buf[8];
+	int ret;
 
-	put_u64(buf, value);
-	buffer_append(buffer, buf, 8);
+	if ((ret = sshbuf_put_u64(buffer, value)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
 }
 
-/*
- * Returns an arbitrary binary string from the buffer.  The string cannot
- * be longer than 256k.  The returned value points to memory allocated
- * with xmalloc; it is the responsibility of the calling function to free
- * the data.  If length_ptr is non-NULL, the length of the returned data
- * will be stored there.  A null character will be automatically appended
- * to the returned string, and is not counted in length.
- */
 void *
 buffer_get_string_ret(Buffer *buffer, u_int *length_ptr)
 {
+	size_t len;
+	int ret;
 	u_char *value;
-	u_int len;
 
-	/* Get the length. */
-	if (buffer_get_int_ret(&len, buffer) != 0) {
-		error("buffer_get_string_ret: cannot extract length");
-		return (NULL);
-	}
-	if (len > 256 * 1024) {
-		error("buffer_get_string_ret: bad string length %u", len);
-		return (NULL);
+	if ((ret = sshbuf_get_string(buffer, &value, &len)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return NULL;
 	}
-	/* Allocate space for the string.  Add one byte for a null character. */
-	value = xmalloc(len + 1);
-	/* Get the string. */
-	if (buffer_get_ret(buffer, value, len) == -1) {
-		error("buffer_get_string_ret: buffer_get failed");
-		free(value);
-		return (NULL);
-	}
-	/* Append a null character to make processing easier. */
-	value[len] = '\0';
-	/* Optionally return the length of the string. */
-	if (length_ptr)
-		*length_ptr = len;
-	return (value);
+	if (length_ptr != NULL)
+		*length_ptr = len;  /* Safe: sshbuf never stores len > 2^31 */
+	return value;
 }
 
 void *
@@ -200,31 +144,24 @@
 	void *ret;
 
 	if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL)
-		fatal("buffer_get_string: buffer error");
+		fatal("%s: buffer error", __func__);
 	return (ret);
 }
 
 char *
 buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr)
 {
-	u_int length;
-	char *cp, *ret = buffer_get_string_ret(buffer, &length);
+	size_t len;
+	int ret;
+	char *value;
 
-	if (ret == NULL)
+	if ((ret = sshbuf_get_cstring(buffer, &value, &len)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
 		return NULL;
-	if ((cp = memchr(ret, '\0', length)) != NULL) {
-		/* XXX allow \0 at end-of-string for a while, remove later */
-		if (cp == ret + length - 1)
-			error("buffer_get_cstring_ret: string contains \\0");
-		else {
-			bzero(ret, length);
-			free(ret);
-			return NULL;
-		}
 	}
 	if (length_ptr != NULL)
-		*length_ptr = length;
-	return ret;
+		*length_ptr = len;  /* Safe: sshbuf never stores len > 2^31 */
+	return value;
 }
 
 char *
@@ -233,86 +170,91 @@
 	char *ret;
 
 	if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL)
-		fatal("buffer_get_cstring: buffer error");
+		fatal("%s: buffer error", __func__);
 	return ret;
 }
 
-void *
+const void *
 buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr)
 {
-	void *ptr;
-	u_int len;
+	size_t len;
+	int ret;
+	const u_char *value;
 
-	if (buffer_get_int_ret(&len, buffer) != 0)
-		return NULL;
-	if (len > 256 * 1024) {
-		error("buffer_get_string_ptr: bad string length %u", len);
+	if ((ret = sshbuf_get_string_direct(buffer, &value, &len)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
 		return NULL;
 	}
-	ptr = buffer_ptr(buffer);
-	buffer_consume(buffer, len);
-	if (length_ptr)
-		*length_ptr = len;
-	return (ptr);
+	if (length_ptr != NULL)
+		*length_ptr = len;  /* Safe: sshbuf never stores len > 2^31 */
+	return value;
 }
 
-void *
+const void *
 buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr)
 {
-	void *ret;
+	const void *ret;
 
 	if ((ret = buffer_get_string_ptr_ret(buffer, length_ptr)) == NULL)
-		fatal("buffer_get_string_ptr: buffer error");
+		fatal("%s: buffer error", __func__);
 	return (ret);
 }
 
-/*
- * Stores and arbitrary binary string in the buffer.
- */
 void
 buffer_put_string(Buffer *buffer, const void *buf, u_int len)
 {
-	buffer_put_int(buffer, len);
-	buffer_append(buffer, buf, len);
+	int ret;
+
+	if ((ret = sshbuf_put_string(buffer, buf, len)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
 }
+
 void
 buffer_put_cstring(Buffer *buffer, const char *s)
 {
-	if (s == NULL)
-		fatal("buffer_put_cstring: s == NULL");
-	buffer_put_string(buffer, s, strlen(s));
+	int ret;
+
+	if ((ret = sshbuf_put_cstring(buffer, s)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
 }
 
-/*
- * Returns a character from the buffer (0 - 255).
- */
 int
-buffer_get_char_ret(u_char *ret, Buffer *buffer)
+buffer_get_char_ret(char *v, Buffer *buffer)
 {
-	if (buffer_get_ret(buffer, ret, 1) == -1) {
-		error("buffer_get_char_ret: buffer_get_ret failed");
-		return (-1);
+	int ret;
+
+	if ((ret = sshbuf_get_u8(buffer, (u_char *)v)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
 	}
-	return (0);
+	return 0;
 }
 
 int
 buffer_get_char(Buffer *buffer)
 {
-	u_char ch;
+	char ch;
 
 	if (buffer_get_char_ret(&ch, buffer) == -1)
-		fatal("buffer_get_char: buffer error");
-	return ch;
+		fatal("%s: buffer error", __func__);
+	return (u_char) ch;
 }
 
-/*
- * Stores a character in the buffer.
- */
 void
 buffer_put_char(Buffer *buffer, int value)
 {
-	char ch = value;
+	int ret;
+
+	if ((ret = sshbuf_put_u8(buffer, value)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
+}
 
-	buffer_append(buffer, &ch, 1);
+void
+buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
+{
+	int ret;
+
+	if ((ret = sshbuf_put_bignum2_bytes(buffer, s, l)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
 }
+
--- a/crypto/external/bsd/openssh/dist/bufbn.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/bufbn.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,225 +1,102 @@
-/*	$NetBSD: bufbn.c,v 1.3 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: bufbn.c,v 1.7 2013/05/17 00:13:13 djm Exp $*/
+/*	$NetBSD: bufbn.c,v 1.3.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */
+
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * Auxiliary functions for storing and retrieving various data types to/from
- * Buffers.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- *
- *
- * SSH2 packet format added by Markus Friedl
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: bufbn.c,v 1.3 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: bufbn.c,v 1.3.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 
-#include <openssl/bn.h>
-
-#include <string.h>
-#include <stdarg.h>
-#include <time.h>
-
-#include "xmalloc.h"
 #include "buffer.h"
 #include "log.h"
-#include "misc.h"
+#include "ssherr.h"
 
-/*
- * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
- * by (bits+7)/8 bytes of binary data, msb first.
- */
 int
 buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
 {
-	int bits = BN_num_bits(value);
-	int bin_size = (bits + 7) / 8;
-	u_char *buf = xmalloc(bin_size);
-	int oi;
-	char msg[2];
+	int ret;
 
-	/* Get the value of in binary */
-	oi = BN_bn2bin(value, buf);
-	if (oi != bin_size) {
-		error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
-		    oi, bin_size);
-		free(buf);
-		return (-1);
+	if ((ret = sshbuf_put_bignum1(buffer, value)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
 	}
-
-	/* Store the number of bits in the buffer in two bytes, msb first. */
-	put_u16(msg, bits);
-	buffer_append(buffer, msg, 2);
-	/* Store the binary data. */
-	buffer_append(buffer, buf, oi);
-
-	memset(buf, 0, bin_size);
-	free(buf);
-
-	return (0);
+	return 0;
 }
 
 void
 buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 {
 	if (buffer_put_bignum_ret(buffer, value) == -1)
-		fatal("buffer_put_bignum: buffer error");
+		fatal("%s: buffer error", __func__);
 }
 
-/*
- * Retrieves a BIGNUM from the buffer.
- */
 int
 buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
 {
-	u_int bits, bytes;
-	u_char buf[2], *bin;
+	int ret;
 
-	/* Get the number of bits. */
-	if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
-		error("buffer_get_bignum_ret: invalid length");
-		return (-1);
-	}
-	bits = get_u16(buf);
-	/* Compute the number of binary bytes that follow. */
-	bytes = (bits + 7) / 8;
-	if (bytes > 8 * 1024) {
-		error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
-		return (-1);
+	if ((ret = sshbuf_get_bignum1(buffer, value)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
 	}
-	if (buffer_len(buffer) < bytes) {
-		error("buffer_get_bignum_ret: input buffer too small");
-		return (-1);
-	}
-	bin = buffer_ptr(buffer);
-	if (BN_bin2bn(bin, bytes, value) == NULL) {
-		error("buffer_get_bignum_ret: BN_bin2bn failed");
-		return (-1);
-	}
-	if (buffer_consume_ret(buffer, bytes) == -1) {
-		error("buffer_get_bignum_ret: buffer_consume failed");
-		return (-1);
-	}
-	return (0);
+	return 0;
 }
 
 void
 buffer_get_bignum(Buffer *buffer, BIGNUM *value)
 {
 	if (buffer_get_bignum_ret(buffer, value) == -1)
-		fatal("buffer_get_bignum: buffer error");
+		fatal("%s: buffer error", __func__);
 }
 
-/*
- * Stores a BIGNUM in the buffer in SSH2 format.
- */
 int
 buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
 {
-	u_int bytes;
-	u_char *buf;
-	int oi;
-	u_int hasnohigh = 0;
+	int ret;
 
-	if (BN_is_zero(value)) {
-		buffer_put_int(buffer, 0);
-		return 0;
-	}
-	if (value->neg) {
-		error("buffer_put_bignum2_ret: negative numbers not supported");
-		return (-1);
+	if ((ret = sshbuf_put_bignum2(buffer, value)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
 	}
-	bytes = BN_num_bytes(value) + 1; /* extra padding byte */
-	if (bytes < 2) {
-		error("buffer_put_bignum2_ret: BN too small");
-		return (-1);
-	}
-	buf = xmalloc(bytes);
-	buf[0] = 0x00;
-	/* Get the value of in binary */
-	oi = BN_bn2bin(value, buf+1);
-	if (oi < 0 || (u_int)oi != bytes - 1) {
-		error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
-		    "oi %d != bin_size %d", oi, bytes);
-		free(buf);
-		return (-1);
-	}
-	hasnohigh = (buf[1] & 0x80) ? 0 : 1;
-	buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
-	memset(buf, 0, bytes);
-	free(buf);
-	return (0);
+	return 0;
 }
 
 void
 buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
 {
 	if (buffer_put_bignum2_ret(buffer, value) == -1)
-		fatal("buffer_put_bignum2: buffer error");
+		fatal("%s: buffer error", __func__);
 }
 
 int
 buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
 {
-	u_int len;
-	u_char *bin;
+	int ret;
 
-	if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
-		error("buffer_get_bignum2_ret: invalid bignum");
-		return (-1);
-	}
-
-	if (len > 0 && (bin[0] & 0x80)) {
-		error("buffer_get_bignum2_ret: negative numbers not supported");
-		free(bin);
-		return (-1);
+	if ((ret = sshbuf_get_bignum2(buffer, value)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
 	}
-	if (len > 8 * 1024) {
-		error("buffer_get_bignum2_ret: cannot handle BN of size %d",
-		    len);
-		free(bin);
-		return (-1);
-	}
-	if (BN_bin2bn(bin, len, value) == NULL) {
-		error("buffer_get_bignum2_ret: BN_bin2bn failed");
-		free(bin);
-		return (-1);
-	}
-	free(bin);
-	return (0);
+	return 0;
 }
 
 void
 buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
 {
 	if (buffer_get_bignum2_ret(buffer, value) == -1)
-		fatal("buffer_get_bignum2: buffer error");
+		fatal("%s: buffer error", __func__);
 }
--- a/crypto/external/bsd/openssh/dist/bufec.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/bufec.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,7 +1,8 @@
-/*	$NetBSD: bufec.c,v 1.3 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */
+/*	$NetBSD: bufec.c,v 1.3.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */
+
 /*
- * Copyright (c) 2010 Damien Miller <djm@mindrot.org>
+ * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -16,70 +17,28 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: bufec.c,v 1.3 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: bufec.c,v 1.3.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/types.h>
 
-#include <openssl/bn.h>
-#include <openssl/ec.h>
+/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
 
-#include <string.h>
-#include <stdarg.h>
+#include <sys/types.h>
 
-#include "xmalloc.h"
 #include "buffer.h"
 #include "log.h"
-#include "misc.h"
+#include "ssherr.h"
 
-/*
- * Maximum supported EC GFp field length is 528 bits. SEC1 uncompressed
- * encoding represents this as two bitstring points that should each
- * be no longer than the field length, SEC1 specifies a 1 byte
- * point type header.
- * Being paranoid here may insulate us to parsing problems in
- * EC_POINT_oct2point.
- */
-#define BUFFER_MAX_ECPOINT_LEN ((528*2 / 8) + 1)
-
-/*
- * Append an EC_POINT to the buffer as a string containing a SEC1 encoded
- * uncompressed point. Fortunately OpenSSL handles the gory details for us.
- */
 int
 buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
     const EC_POINT *point)
 {
-	u_char *buf = NULL;
-	size_t len;
-	BN_CTX *bnctx;
-	int ret = -1;
+	int ret;
 
-	/* Determine length */
-	if ((bnctx = BN_CTX_new()) == NULL)
-		fatal("%s: BN_CTX_new failed", __func__);
-	len = EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED,
-	    NULL, 0, bnctx);
-	if (len > BUFFER_MAX_ECPOINT_LEN) {
-		error("%s: giant EC point: len = %lu (max %u)",
-		    __func__, (u_long)len, BUFFER_MAX_ECPOINT_LEN);
-		goto out;
+	if ((ret = sshbuf_put_ec(buffer, point, curve)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
 	}
-	/* Convert */
-	buf = xmalloc(len);
-	if (EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED,
-	    buf, len, bnctx) != len) {
-		error("%s: EC_POINT_point2oct length mismatch", __func__);
-		goto out;
-	}
-	/* Append */
-	buffer_put_string(buffer, buf, len);
-	ret = 0;
- out:
-	if (buf != NULL) {
-		bzero(buf, len);
-		free(buf);
-	}
-	BN_CTX_free(bnctx);
-	return ret;
+	return 0;
 }
 
 void
@@ -94,43 +53,13 @@
 buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
     EC_POINT *point)
 {
-	u_char *buf;
-	u_int len;
-	BN_CTX *bnctx;
-	int ret = -1;
+	int ret;
 
-	if ((buf = buffer_get_string_ret(buffer, &len)) == NULL) {
-		error("%s: invalid point", __func__);
+	if ((ret = sshbuf_get_ec(buffer, point, curve)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
 		return -1;
 	}
-	if ((bnctx = BN_CTX_new()) == NULL)
-		fatal("%s: BN_CTX_new failed", __func__);
-	if (len > BUFFER_MAX_ECPOINT_LEN) {
-		error("%s: EC_POINT too long: %u > max %u", __func__,
-		    len, BUFFER_MAX_ECPOINT_LEN);
-		goto out;
-	}
-	if (len == 0) {
-		error("%s: EC_POINT buffer is empty", __func__);
-		goto out;
-	}
-	if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) {
-		error("%s: EC_POINT is in an incorrect form: "
-		    "0x%02x (want 0x%02x)", __func__, buf[0],
-		    POINT_CONVERSION_UNCOMPRESSED);
-		goto out;
-	}
-	if (EC_POINT_oct2point(curve, point, buf, len, bnctx) != 1) {
-		error("buffer_get_bignum2_ret: BN_bin2bn failed");
-		goto out;
-	}
-	/* EC_POINT_oct2point verifies that the point is on the curve for us */
-	ret = 0;
- out:
-	BN_CTX_free(bnctx);
-	bzero(buf, len);
-	free(buf);
-	return ret;
+	return 0;
 }
 
 void
@@ -141,3 +70,4 @@
 		fatal("%s: buffer error", __func__);
 }
 
+
--- a/crypto/external/bsd/openssh/dist/buffer.c	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/buffer.c	Thu Apr 30 06:07:29 2015 +0000
@@ -1,253 +1,120 @@
-/*	$NetBSD: buffer.c,v 1.4 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: buffer.c,v 1.33 2013/05/17 00:13:13 djm Exp $ */
+/*	$NetBSD: buffer.c,v 1.4.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: buffer.c,v 1.36 2014/04/30 05:29:56 djm Exp $ */
+
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * Functions for manipulating fifo buffers (that can grow if needed).
+ * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: buffer.c,v 1.4 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: buffer.c,v 1.4.4.1 2015/04/30 06:07:30 riz Exp $");
 #include <sys/param.h>
+/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
 
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
+#include <sys/types.h>
 
-#include "xmalloc.h"
 #include "buffer.h"
 #include "log.h"
-
-#define	BUFFER_MAX_CHUNK	0x100000
-#define	BUFFER_MAX_LEN		0xa00000
-#define	BUFFER_ALLOCSZ		0x008000
-
-/* Initializes the buffer structure. */
-
-void
-buffer_init(Buffer *buffer)
-{
-	const u_int len = 4096;
-
-	buffer->alloc = 0;
-	buffer->buf = xmalloc(len);
-	buffer->alloc = len;
-	buffer->offset = 0;
-	buffer->end = 0;
-}
-
-/* Frees any memory used for the buffer. */
-
-void
-buffer_free(Buffer *buffer)
-{
-	if (buffer->alloc > 0) {
-		memset(buffer->buf, 0, buffer->alloc);
-		buffer->alloc = 0;
-		free(buffer->buf);
-	}
-}
-
-/*
- * Clears any data from the buffer, making it empty.  This does not actually
- * zero the memory.
- */
-
-void
-buffer_clear(Buffer *buffer)
-{
-	buffer->offset = 0;
-	buffer->end = 0;
-}
-
-/* Appends data to the buffer, expanding it if necessary. */
+#include "ssherr.h"
 
 void
 buffer_append(Buffer *buffer, const void *data, u_int len)
 {
-	void *p;
-	p = buffer_append_space(buffer, len);
-	memcpy(p, data, len);
-}
+	int ret;
 
-static int
-buffer_compact(Buffer *buffer)
-{
-	/*
-	 * If the buffer is quite empty, but all data is at the end, move the
-	 * data to the beginning.
-	 */
-	if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
-		memmove(buffer->buf, buffer->buf + buffer->offset,
-			buffer->end - buffer->offset);
-		buffer->end -= buffer->offset;
-		buffer->offset = 0;
-		return (1);
-	}
-	return (0);
+	if ((ret = sshbuf_put(buffer, data, len)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
 }
 
-/*
- * Appends space to the buffer, expanding the buffer if necessary. This does
- * not actually copy the data into the buffer, but instead returns a pointer
- * to the allocated region.
- */
-
 void *
 buffer_append_space(Buffer *buffer, u_int len)
 {
-	u_int newlen;
-	void *p;
-
-	if (len > BUFFER_MAX_CHUNK)
-		fatal("buffer_append_space: len %u not supported", len);
+	int ret;
+	u_char *p;
 
-	/* If the buffer is empty, start using it from the beginning. */
-	if (buffer->offset == buffer->end) {
-		buffer->offset = 0;
-		buffer->end = 0;
-	}
-restart:
-	/* If there is enough space to store all data, store it now. */
-	if (buffer->end + len < buffer->alloc) {
-		p = buffer->buf + buffer->end;
-		buffer->end += len;
-		return p;
-	}
-
-	/* Compact data back to the start of the buffer if necessary */
-	if (buffer_compact(buffer))
-		goto restart;
-
-	/* Increase the size of the buffer and retry. */
-	newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
-	if (newlen > BUFFER_MAX_LEN_HPN)
-		fatal("buffer_append_space: alloc %u not supported",
-		    newlen);
-	buffer->buf = xrealloc(buffer->buf, 1, newlen);
-	buffer->alloc = newlen;
-	goto restart;
-	/* NOTREACHED */
+	if ((ret = sshbuf_reserve(buffer, len, &p)) != 0)
+		fatal("%s: %s", __func__, ssh_err(ret));
+	return p;
 }
 
-/*
- * Check whether an allocation of 'len' will fit in the buffer
- * This must follow the same math as buffer_append_space
- */
 int
 buffer_check_alloc(Buffer *buffer, u_int len)
 {
-	if (buffer->offset == buffer->end) {
-		buffer->offset = 0;
-		buffer->end = 0;
-	}
- restart:
-	if (buffer->end + len < buffer->alloc)
-		return (1);
-	if (buffer_compact(buffer))
-		goto restart;
-	if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN)
-		return (1);
-	return (0);
+	int ret = sshbuf_check_reserve(buffer, len);
+
+	if (ret == 0)
+		return 1;
+	if (ret == SSH_ERR_NO_BUFFER_SPACE)
+		return 0;
+	fatal("%s: %s", __func__, ssh_err(ret));
 }
 
-/* Returns the number of bytes of data in the buffer. */
-
-u_int
-buffer_len(const Buffer *buffer)
-{
-	return buffer->end - buffer->offset;
-}
-
-/* Gets data from the beginning of the buffer. */
-
 int
 buffer_get_ret(Buffer *buffer, void *buf, u_int len)
 {
-	if (len > buffer->end - buffer->offset) {
-		error("buffer_get_ret: trying to get more bytes %d than in buffer %d",
-		    len, buffer->end - buffer->offset);
-		return (-1);
+	int ret;
+
+	if ((ret = sshbuf_get(buffer, buf, len)) != 0) {
+		error("%s: %s", __func__, ssh_err(ret));
+		return -1;
 	}
-	memcpy(buf, buffer->buf + buffer->offset, len);
-	buffer->offset += len;
-	return (0);
+	return 0;
 }
 
 void
 buffer_get(Buffer *buffer, void *buf, u_int len)
 {
 	if (buffer_get_ret(buffer, buf, len) == -1)
-		fatal("buffer_get: buffer error");
+		fatal("%s: buffer error", __func__);
 }
 
-/* Consumes the given number of bytes from the beginning of the buffer. */
-
 int
 buffer_consume_ret(Buffer *buffer, u_int bytes)
 {
-	if (bytes > buffer->end - buffer->offset) {
-		error("buffer_consume_ret: trying to get more bytes than in buffer");
-		return (-1);
-	}
-	buffer->offset += bytes;
-	return (0);
+	int ret = sshbuf_consume(buffer, bytes);
+
+	if (ret == 0)
+		return 0;
+	if (ret == SSH_ERR_MESSAGE_INCOMPLETE)
+		return -1;
+	fatal("%s: %s", __func__, ssh_err(ret));
 }
 
 void
 buffer_consume(Buffer *buffer, u_int bytes)
 {
 	if (buffer_consume_ret(buffer, bytes) == -1)
-		fatal("buffer_consume: buffer error");
+		fatal("%s: buffer error", __func__);
 }
 
-/* Consumes the given number of bytes from the end of the buffer. */
-
 int
 buffer_consume_end_ret(Buffer *buffer, u_int bytes)
 {
-	if (bytes > buffer->end - buffer->offset)
-		return (-1);
-	buffer->end -= bytes;
-	return (0);
+	int ret = sshbuf_consume_end(buffer, bytes);
+
+	if (ret == 0)
+		return 0;
+	if (ret == SSH_ERR_MESSAGE_INCOMPLETE)
+		return -1;
+	fatal("%s: %s", __func__, ssh_err(ret));
 }
 
 void
 buffer_consume_end(Buffer *buffer, u_int bytes)
 {
 	if (buffer_consume_end_ret(buffer, bytes) == -1)
-		fatal("buffer_consume_end: trying to get more bytes than in buffer");
-}
-
-/* Returns a pointer to the first used byte in the buffer. */
-
-void *
-buffer_ptr(const Buffer *buffer)
-{
-	return buffer->buf + buffer->offset;
+		fatal("%s: buffer error", __func__);
 }
 
-/* Dumps the contents of the buffer to stderr. */
 
-void
-buffer_dump(const Buffer *buffer)
-{
-	u_int i;
-	u_char *ucp = buffer->buf;
-
-	for (i = buffer->offset; i < buffer->end; i++) {
-		fprintf(stderr, "%02x", ucp[i]);
-		if ((i-buffer->offset)%16==15)
-			fprintf(stderr, "\r\n");
-		else if ((i-buffer->offset)%2==1)
-			fprintf(stderr, " ");
-	}
-	fprintf(stderr, "\r\n");
-}
--- a/crypto/external/bsd/openssh/dist/buffer.h	Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/buffer.h	Thu Apr 30 06:07:29 2015 +0000
@@ -1,61 +1,61 @@
-/*	$NetBSD: buffer.h,v 1.5 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */
+/*	$NetBSD: buffer.h,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/* $OpenBSD: buffer.h,v 1.25 2014/04/30 05:29:56 djm Exp $ */
 
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * Code for manipulating FIFO buffers.
+ * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
+
 #ifndef BUFFER_H
 #define BUFFER_H
 
+#include "sshbuf.h"
+
 /* move the following to a more appropriate place and name */
 #define BUFFER_MAX_LEN_HPN          0x4000000  /* 64MB */
 
-typedef struct {
-	u_char	*buf;		/* Buffer for data. */
-	u_int	 alloc;		/* Number of bytes allocated for data. */
-	u_int	 offset;	/* Offset of first byte containing data. */
-	u_int	 end;		/* Offset of last byte containing data. */
-}       Buffer;
+typedef struct sshbuf Buffer;
 
-void	 buffer_init(Buffer *);
-void	 buffer_clear(Buffer *);
-void	 buffer_free(Buffer *);
+#define buffer_init(b)		sshbuf_init(b)
+#define buffer_clear(b)		sshbuf_reset(b)
+#define buffer_free(b)		sshbuf_free(b)
+#define buffer_dump(b)		sshbuf_dump(b, stderr)
 
-u_int	 buffer_len(const Buffer *);
-void	*buffer_ptr(const Buffer *);
+/* XXX cast is safe: sshbuf never stores more than len 2^31 */
+#define buffer_len(b)		((u_int) sshbuf_len(b))
+#define	buffer_ptr(b)		sshbuf_mutable_ptr(b)
 
 void	 buffer_append(Buffer *, const void *, u_int);
 void	*buffer_append_space(Buffer *, u_int);
-
 int	 buffer_check_alloc(Buffer *, u_int);
-
 void	 buffer_get(Buffer *, void *, u_int);
 
 void	 buffer_consume(Buffer *, u_int);
 void	 buffer_consume_end(Buffer *, u_int);
 
-void     buffer_dump(const Buffer *);
 
 int	 buffer_get_ret(Buffer *, void *, u_int);
 int	 buffer_consume_ret(Buffer *, u_int);
 int	 buffer_consume_end_ret(Buffer *, u_int);
 
-#include <openssl/bn.h>
-
 void    buffer_put_bignum(Buffer *, const BIGNUM *);
 void    buffer_put_bignum2(Buffer *, const BIGNUM *);
 void	buffer_get_bignum(Buffer *, BIGNUM *);
 void	buffer_get_bignum2(Buffer *, BIGNUM *);
+void	buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int);
 
 u_short	buffer_get_short(Buffer *);
 void	buffer_put_short(Buffer *, u_short);
@@ -70,13 +70,12 @@
 void    buffer_put_char(Buffer *, int);
 
 void   *buffer_get_string(Buffer *, u_int *);
-void   *buffer_get_string_ptr(Buffer *, u_int *);
+const void *buffer_get_string_ptr(Buffer *, u_int *);
 void    buffer_put_string(Buffer *, const void *, u_int);
 char   *buffer_get_cstring(Buffer *, u_int *);
 void	buffer_put_cstring(Buffer *, const char *);
 
-#define buffer_skip_string(b) \
-    do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
+#define buffer_skip_string(b) (void)buffer_get_string_ptr(b, NULL);
 
 int	buffer_put_bignum_ret(Buffer *, const BIGNUM *);
 int	buffer_get_bignum_ret(Buffer *, BIGNUM *);
@@ -87,14 +86,13 @@
 int	buffer_get_int64_ret(u_int64_t *, Buffer *);
 void	*buffer_get_string_ret(Buffer *, u_int *);
 char	*buffer_get_cstring_ret(Buffer *, u_int *);
-void	*buffer_get_string_ptr_ret(Buffer *, u_int *);