Skip to content
Browse files

Future deprecation notice

=========================

We plan on retiring more legacy cryptography in a near-future
release, specifically:

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

This list reflects our current intentions, but please check the final
release notes for future releases.

Potentially-incompatible changes
================================

This release disables a number of legacy cryptographic algorithms
by default in ssh:

 * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants
   and the rijndael-cbc aliases for AES.

 * MD5-based and truncated HMAC algorithms.

These algorithms are already disabled by default in sshd.

Changes since OpenSSH 7.1p2
===========================

This is primarily a bugfix release.

Security
--------

 * ssh(1), sshd(8): remove unfinished and unused roaming code (was
   already forcibly disabled in OpenSSH 7.1p2).

 * ssh(1): eliminate fallback from untrusted X11 forwarding to
   trusted forwarding when the X server disables the SECURITY
   extension.

 * ssh(1), sshd(8): increase the minimum modulus size supported for
   diffie-hellman-group-exchange to 2048 bits.

 * sshd(8): pre-auth sandboxing is now enabled by default (previous
   releases enabled it for new installations via sshd_config).

New Features
------------

 * all: add support for RSA signatures using SHA-256/512 hash
   algorithms based on draft-rsa-dsa-sha2-256-03.txt and
   draft-ssh-ext-info-04.txt.

 * ssh(1): Add an AddKeysToAgent client option which can be set to
   'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When
   enabled, a private key that is used during authentication will be
   added to ssh-agent if it is running (with confirmation enabled if
   set to 'confirm').

 * sshd(8): add a new authorized_keys option "restrict" that includes
   all current and future key restrictions (no-*-forwarding, etc.).
   Also add permissive versions of the existing restrictions, e.g.
   "no-pty" -> "pty". This simplifies the task of setting up
   restricted keys and ensures they are maximally-restricted,
   regardless of any permissions we might implement in the future.

 * ssh(1): add ssh_config CertificateFile option to explicitly list
   certificates. bz#2436

 * ssh-keygen(1): allow ssh-keygen to change the key comment for all
   supported formats.

 * ssh-keygen(1): allow fingerprinting from standard input, e.g.
   "ssh-keygen -lf -"

 * ssh-keygen(1): allow fingerprinting multiple public keys in a
   file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319

 * sshd(8): support "none" as an argument for sshd_config
   Foreground and ChrootDirectory. Useful inside Match blocks to
   override a global default. bz#2486

 * ssh-keygen(1): support multiple certificates (one per line) and
   reading from standard input (using "-f -") for "ssh-keygen -L"

 * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow fetching
   certificates instead of plain keys.

 * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
   hostname canonicalisation - treat them as already canonical and
   remove the trailing '.' before matching ssh_config.

Bugfixes
--------

 * sftp(1): existing destination directories should not terminate
   recursive uploads (regression in openssh 6.8) bz#2528

 * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED
   replies to unexpected messages during key exchange. bz#2949

 * ssh(1): refuse attempts to set ConnectionAttempts=0, which does
   not make sense and would cause ssh to print an uninitialised stack
   variable. bz#2500

 * ssh(1): fix errors when attempting to connect to scoped IPv6
   addresses with hostname canonicalisation enabled.

 * sshd_config(5): list a couple more options usable in Match blocks.
   bz#2489

 * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block.

 * ssh(1): expand tilde characters in filenames passed to -i options
   before checking whether or not the identity file exists. Avoids
   confusion for cases where shell doesn't expand (e.g. "-i ~/file"
   vs. "-i~/file"). bz#2481

 * ssh(1): do not prepend "exec" to the shell command run by "Match
   exec" in a config file, which could cause some commands to fail
   in certain environments. bz#2471

 * ssh-keyscan(1): fix output for multiple hosts/addrs on one line
   when host hashing or a non standard port is in use bz#2479

 * sshd(8): skip "Could not chdir to home directory" message when
   ChrootDirectory is active. bz#2485

 * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump.

 * sshd(8): avoid changing TunnelForwarding device flags if they are
   already what is needed; makes it possible to use tun/tap
   networking as non-root user if device permissions and interface
   flags are pre-established

 * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet.
   bz#2521

 * ssh(1): fix multiplexing master failure to notice client exit.

 * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present
   empty key IDs. bz#1773

 * sshd(8): avoid printf of NULL argument. bz#2535

 * ssh(1), sshd(8): allow RekeyLimits larger than 4GB. bz#2521

 * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL signature
   support.

 * ssh(1), sshd(8): fix connections with peers that use the key
   exchange guess feature of the protocol. bz#2515

 * sshd(8): include remote port number in log messages. bz#2503

 * ssh(1): don't try to load SSHv1 private key when compiled without
   SSHv1 support. bz#2505

 * ssh-agent(1), ssh(1): fix incorrect error messages during key
   loading and signing errors. bz#2507

 * ssh-keygen(1): don't leave empty temporary files when performing
   known_hosts file edits when known_hosts doesn't exist.

 * sshd(8): correct packet format for tcpip-forward replies for
   requests that don't allocate a port bz#2509

 * ssh(1), sshd(8): fix possible hang on closed output. bz#2469

 * ssh(1): expand %i in ControlPath to UID. bz#2449

 * ssh(1), sshd(8): fix return type of openssh_RSA_verify. bz#2460

 * ssh(1), sshd(8): fix some option parsing memory leaks. bz#2182

 * ssh(1): add a some debug output before DNS resolution; it's a
   place where ssh could previously silently stall in cases of
   unresponsive DNS servers. bz#2433

 * ssh(1): remove spurious newline in visual hostkey. bz#2686

 * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+...

 * ssh(1): fix expansion of HostkeyAlgorithms=+...

Documentation
-------------

 * ssh_config(5), sshd_config(5): update default algorithm lists to
   match current reality. bz#2527

 * ssh(1): mention -Q key-plain and -Q key-cert query options.
   bz#2455

 * sshd_config(8): more clearly describe what AuthorizedKeysFile=none
   does.

 * ssh_config(5): better document ExitOnForwardFailure. bz#2444

 * sshd(5): mention internal DH-GEX fallback groups in manual.
   bz#2302

 * sshd_config(5): better description for MaxSessions option.
   bz#2531

Portability
-----------

 * ssh(1), sftp-server(8), ssh-agent(1), sshd(8): Support Illumos/
   Solaris fine-grained privileges. Including a pre-auth privsep
   sandbox and several pledge() emulations. bz#2511

 * Renovate redhat/openssh.spec, removing deprecated options and
   syntax.

 * configure: allow --without-ssl-engine with --without-openssl

 * sshd(8): fix multiple authentication using S/Key. bz#2502

 * sshd(8): read back from libcrypto RAND_* before dropping
   privileges.  Avoids sandboxing violations with BoringSSL.

 * Fix name collision with system-provided glob(3) functions.
   bz#2463

 * Adapt Makefile to use ssh-keygen -A when generating host keys.
   bz#2459

 * configure: correct default value for --with-ssh1 bz#2457

 * configure: better detection of _res symbol bz#2259

 * support getrandom() syscall on Linux
  • Loading branch information...
1 parent 8b584ed commit f1738f284e7846659ca31f4b4d8dd440f2bc9070 christos committed Mar 11, 2016
Showing with 2,580 additions and 1,635 deletions.
  1. +2 −2 crypto/external/bsd/openssh/dist/auth-bsdauth.c
  2. +2 −2 crypto/external/bsd/openssh/dist/auth-krb5.c
  3. +65 −46 crypto/external/bsd/openssh/dist/auth-options.c
  4. +2 −4 crypto/external/bsd/openssh/dist/auth.h
  5. +22 −14 crypto/external/bsd/openssh/dist/auth2-pubkey.c
  6. +17 −3 crypto/external/bsd/openssh/dist/authfd.c
  7. +4 −2 crypto/external/bsd/openssh/dist/authfd.h
  8. +10 −17 crypto/external/bsd/openssh/dist/authfile.c
  9. +1 −1 crypto/external/bsd/openssh/dist/bitmap.c
  10. +8 −8 crypto/external/bsd/openssh/dist/channels.c
  11. +2 −3 crypto/external/bsd/openssh/dist/cipher.c
  12. +116 −79 crypto/external/bsd/openssh/dist/clientloop.c
  13. +2 −2 crypto/external/bsd/openssh/dist/clientloop.h
  14. +6 −3 crypto/external/bsd/openssh/dist/dh.h
  15. +139 −39 crypto/external/bsd/openssh/dist/kex.c
  16. +8 −5 crypto/external/bsd/openssh/dist/kex.h
  17. +3 −3 crypto/external/bsd/openssh/dist/kexc25519s.c
  18. +3 −3 crypto/external/bsd/openssh/dist/kexdhs.c
  19. +3 −3 crypto/external/bsd/openssh/dist/kexecdhs.c
  20. +3 −3 crypto/external/bsd/openssh/dist/kexgexs.c
  21. +3 −3 crypto/external/bsd/openssh/dist/key.c
  22. +3 −2 crypto/external/bsd/openssh/dist/key.h
  23. +9 −14 crypto/external/bsd/openssh/dist/krl.c
  24. +1 −2 crypto/external/bsd/openssh/dist/krl.h
  25. +30 −26 crypto/external/bsd/openssh/dist/misc.c
  26. +2 −2 crypto/external/bsd/openssh/dist/moduli-gen/Makefile
  27. +34 −40 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048
  28. +40 −37 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072
  29. +34 −38 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096
  30. +35 −37 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144
  31. +36 −36 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680
  32. +31 −29 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192
  33. +16 −20 crypto/external/bsd/openssh/dist/monitor.c
  34. +3 −3 crypto/external/bsd/openssh/dist/monitor_wrap.c
  35. +2 −6 crypto/external/bsd/openssh/dist/monitor_wrap.h
  36. +20 −12 crypto/external/bsd/openssh/dist/mux.c
  37. +7 −16 crypto/external/bsd/openssh/dist/myproposal.h
  38. +0 −12 crypto/external/bsd/openssh/dist/opacket.c
  39. +0 −4 crypto/external/bsd/openssh/dist/opacket.h
  40. +207 −160 crypto/external/bsd/openssh/dist/packet.c
  41. +4 −7 crypto/external/bsd/openssh/dist/packet.h
  42. +82 −29 crypto/external/bsd/openssh/dist/readconf.c
  43. +9 −3 crypto/external/bsd/openssh/dist/readconf.h
  44. +2 −2 crypto/external/bsd/openssh/dist/readpass.c
  45. +71 −0 crypto/external/bsd/openssh/dist/sandbox-pledge.c
  46. +19 −12 crypto/external/bsd/openssh/dist/sandbox-systrace.c
  47. +3 −2 crypto/external/bsd/openssh/dist/scp.1
  48. +12 −2 crypto/external/bsd/openssh/dist/scp.c
  49. +34 −19 crypto/external/bsd/openssh/dist/servconf.c
  50. +11 −20 crypto/external/bsd/openssh/dist/serverloop.c
  51. +17 −9 crypto/external/bsd/openssh/dist/session.c
  52. +11 −11 crypto/external/bsd/openssh/dist/sftp-client.c
  53. +3 −1 crypto/external/bsd/openssh/dist/sftp-server-main.c
  54. +5 −4 crypto/external/bsd/openssh/dist/sftp-server.c
  55. +3 −2 crypto/external/bsd/openssh/dist/sftp.1
  56. +2 −1 crypto/external/bsd/openssh/dist/sftp.c
  57. +16 −19 crypto/external/bsd/openssh/dist/ssh-add.c
  58. +11 −4 crypto/external/bsd/openssh/dist/ssh-agent.1
  59. +21 −4 crypto/external/bsd/openssh/dist/ssh-agent.c
  60. +4 −7 crypto/external/bsd/openssh/dist/ssh-dss.c
  61. +5 −9 crypto/external/bsd/openssh/dist/ssh-ecdsa.c
  62. +11 −7 crypto/external/bsd/openssh/dist/ssh-keygen.1
  63. +210 −156 crypto/external/bsd/openssh/dist/ssh-keygen.c
  64. +5 −3 crypto/external/bsd/openssh/dist/ssh-keyscan.1
  65. +57 −14 crypto/external/bsd/openssh/dist/ssh-keyscan.c
  66. +3 −3 crypto/external/bsd/openssh/dist/ssh-keysign.8
  67. +19 −8 crypto/external/bsd/openssh/dist/ssh-keysign.c
  68. +2 −2 crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c
  69. +2 −1 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c
  70. +5 −3 crypto/external/bsd/openssh/dist/ssh-pkcs11.c
  71. +118 −31 crypto/external/bsd/openssh/dist/ssh-rsa.c
  72. +42 −55 crypto/external/bsd/openssh/dist/ssh.1
  73. +107 −45 crypto/external/bsd/openssh/dist/ssh.c
  74. +8 −2 crypto/external/bsd/openssh/dist/ssh.h
  75. +2 −8 crypto/external/bsd/openssh/dist/ssh2.h
  76. +8 −8 crypto/external/bsd/openssh/dist/ssh_api.c
  77. +4 −2 crypto/external/bsd/openssh/dist/ssh_config
  78. +109 −34 crypto/external/bsd/openssh/dist/ssh_config.5
  79. +4 −4 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c
  80. +6 −6 crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c
  81. +5 −5 crypto/external/bsd/openssh/dist/sshbuf-misc.c
  82. +8 −10 crypto/external/bsd/openssh/dist/sshbuf.c
  83. +34 −31 crypto/external/bsd/openssh/dist/sshbuf.h
  84. +65 −10 crypto/external/bsd/openssh/dist/sshconnect.c
  85. +3 −1 crypto/external/bsd/openssh/dist/sshconnect.h
  86. +11 −4 crypto/external/bsd/openssh/dist/sshconnect1.c
  87. +186 −79 crypto/external/bsd/openssh/dist/sshconnect2.c
  88. +44 −11 crypto/external/bsd/openssh/dist/sshd.8
  89. +46 −42 crypto/external/bsd/openssh/dist/sshd.c
  90. +2 −2 crypto/external/bsd/openssh/dist/sshd_config
  91. +39 −25 crypto/external/bsd/openssh/dist/sshd_config.5
  92. +2 −2 crypto/external/bsd/openssh/dist/ssherr.c
  93. +112 −98 crypto/external/bsd/openssh/dist/sshkey.c
  94. +9 −8 crypto/external/bsd/openssh/dist/sshkey.h
  95. +3 −3 crypto/external/bsd/openssh/dist/sshlogin.c
  96. +2 −2 crypto/external/bsd/openssh/dist/version.h
  97. +9 −1 crypto/external/bsd/openssh/dist/xmalloc.c
  98. +2 −1 crypto/external/bsd/openssh/dist/xmalloc.h
View
4 crypto/external/bsd/openssh/dist/auth-bsdauth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-bsdauth.c,v 1.13 2014/06/24 01:13:21 djm Exp $ */
+/* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -98,7 +98,7 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses)
if (!authctxt->valid)
return -1;
- if (authctxt->as == 0)
+ if (authctxt->as == NULL)
error("bsdauth_respond: no bsd auth session");
if (numresponses != 1)
View
4 crypto/external/bsd/openssh/dist/auth-krb5.c
@@ -1,8 +1,8 @@
-/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.21 2016/01/27 06:44:58 djm Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
- * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $
+ * From: FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar
*/
/*
* Copyright (c) 2002 Daniel Kouril. All rights reserved.
View
111 crypto/external/bsd/openssh/dist/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.70 2015/12/10 17:08:40 mmcc Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -72,27 +72,53 @@ auth_clear_options(void)
free(ce->s);
free(ce);
}
- if (forced_command) {
- free(forced_command);
- forced_command = NULL;
- }
- if (authorized_principals) {
- free(authorized_principals);
- authorized_principals = NULL;
- }
+ free(forced_command);
+ forced_command = NULL;
+ free(authorized_principals);
+ authorized_principals = NULL;
forced_tun_device = -1;
channel_clear_permitted_opens();
}
/*
+ * Match flag 'opt' in *optsp, and if allow_negate is set then also match
+ * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
+ * if negated option matches.
+ * If the option or negated option matches, then *optsp is updated to
+ * point to the first character after the option and, if 'msg' is not NULL
+ * then a message based on it added via auth_debug_add().
+ */
+static int
+match_flag(const char *opt, int allow_negate, char **optsp, const char *msg)
+{
+ size_t opt_len = strlen(opt);
+ char *opts = *optsp;
+ int negate = 0;
+
+ if (allow_negate && strncasecmp(opts, "no-", 3) == 0) {
+ opts += 3;
+ negate = 1;
+ }
+ if (strncasecmp(opts, opt, opt_len) == 0) {
+ *optsp = opts + opt_len;
+ if (msg != NULL) {
+ auth_debug_add("%s %s.", msg,
+ negate ? "disabled" : "enabled");
+ }
+ return negate ? 0 : 1;
+ }
+ return -1;
+}
+
+/*
* return 1 if access is granted, 0 if not.
* side effect: sets key option flags
*/
int
auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
{
const char *cp;
- int i;
+ int i, r;
/* reset options */
auth_clear_options();
@@ -101,52 +127,48 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
return 1;
while (*opts && *opts != ' ' && *opts != '\t') {
- cp = "cert-authority";
- if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- key_is_cert_authority = 1;
- opts += strlen(cp);
+ if ((r = match_flag("cert-authority", 0, &opts, NULL)) != -1) {
+ key_is_cert_authority = r;
goto next_option;
}
- cp = "no-port-forwarding";
- if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- auth_debug_add("Port forwarding disabled.");
+ if ((r = match_flag("restrict", 0, &opts, NULL)) != -1) {
+ auth_debug_add("Key is restricted.");
no_port_forwarding_flag = 1;
- opts += strlen(cp);
+ no_agent_forwarding_flag = 1;
+ no_x11_forwarding_flag = 1;
+ no_pty_flag = 1;
+ no_user_rc = 1;
goto next_option;
}
- cp = "no-agent-forwarding";
- if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- auth_debug_add("Agent forwarding disabled.");
- no_agent_forwarding_flag = 1;
- opts += strlen(cp);
+ if ((r = match_flag("port-forwarding", 1, &opts,
+ "Port forwarding")) != -1) {
+ no_port_forwarding_flag = r != 1;
goto next_option;
}
- cp = "no-X11-forwarding";
- if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- auth_debug_add("X11 forwarding disabled.");
- no_x11_forwarding_flag = 1;
- opts += strlen(cp);
+ if ((r = match_flag("agent-forwarding", 1, &opts,
+ "Agent forwarding")) != -1) {
+ no_agent_forwarding_flag = r != 1;
goto next_option;
}
- cp = "no-pty";
- if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- auth_debug_add("Pty allocation disabled.");
- no_pty_flag = 1;
- opts += strlen(cp);
+ if ((r = match_flag("x11-forwarding", 1, &opts,
+ "X11 forwarding")) != -1) {
+ no_x11_forwarding_flag = r != 1;
goto next_option;
}
- cp = "no-user-rc";
- if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- auth_debug_add("User rc file execution disabled.");
- no_user_rc = 1;
- opts += strlen(cp);
+ if ((r = match_flag("pty", 1, &opts,
+ "PTY allocation")) != -1) {
+ no_pty_flag = r != 1;
+ goto next_option;
+ }
+ if ((r = match_flag("user-rc", 1, &opts,
+ "User rc execution")) != -1) {
+ no_user_rc = r != 1;
goto next_option;
}
cp = "command=\"";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
- if (forced_command != NULL)
- free(forced_command);
+ free(forced_command);
forced_command = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
@@ -176,8 +198,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
cp = "principals=\"";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
- if (authorized_principals != NULL)
- free(authorized_principals);
+ free(authorized_principals);
authorized_principals = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
@@ -563,8 +584,7 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
free(*cert_forced_command);
*cert_forced_command = NULL;
}
- if (name != NULL)
- free(name);
+ free(name);
sshbuf_free(data);
sshbuf_free(c);
return ret;
@@ -608,8 +628,7 @@ auth_cert_options(struct sshkey *k, struct passwd *pw)
no_user_rc |= cert_no_user_rc;
/* CA-specified forced command supersedes key option */
if (cert_forced_command != NULL) {
- if (forced_command != NULL)
- free(forced_command);
+ free(forced_command);
forced_command = cert_forced_command;
}
return 0;
View
6 crypto/external/bsd/openssh/dist/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.84 2015/05/08 06:41:56 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.86 2015/12/04 16:41:28 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -157,8 +157,6 @@ int auth2_challenge(Authctxt *, char *);
void auth2_challenge_stop(Authctxt *);
int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
int bsdauth_respond(void *, u_int, char **);
-int skey_query(void *, char **, char **, u_int *, char ***, u_int **);
-int skey_respond(void *, u_int, char **);
int allowed_user(struct passwd *);
struct passwd * getpwnamallow(const char *user);
@@ -185,7 +183,7 @@ Key *get_hostkey_private_by_type(int, int, struct ssh *);
int get_hostkey_index(Key *, int, struct ssh *);
int ssh1_session_key(BIGNUM *);
int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *,
- const u_char *, size_t, u_int);
+ const u_char *, size_t, const char *, u_int);
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
View
36 crypto/external/bsd/openssh/dist/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.55 2016/01/27 00:53:12 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -76,19 +76,19 @@ userauth_pubkey(Authctxt *authctxt)
{
Buffer b;
Key *key = NULL;
- char *pkalg, *userstyle;
+ char *pkalg, *userstyle, *fp = NULL;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
int authenticated = 0;
if (!authctxt->valid) {
- debug2("userauth_pubkey: disabled because of invalid user");
+ debug2("%s: disabled because of invalid user", __func__);
return 0;
}
have_sig = packet_get_char();
if (datafellows & SSH_BUG_PKAUTH) {
- debug2("userauth_pubkey: SSH_BUG_PKAUTH");
+ debug2("%s: SSH_BUG_PKAUTH", __func__);
/* no explicit pkalg given */
pkblob = packet_get_string(&blen);
buffer_init(&b);
@@ -103,18 +103,18 @@ userauth_pubkey(Authctxt *authctxt)
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
- logit("userauth_pubkey: unsupported public key algorithm: %s",
- pkalg);
+ logit("%s: unsupported public key algorithm: %s",
+ __func__, pkalg);
goto done;
}
key = key_from_blob(pkblob, blen);
if (key == NULL) {
- error("userauth_pubkey: cannot decode key: %s", pkalg);
+ error("%s: cannot decode key: %s", __func__, pkalg);
goto done;
}
if (key->type != pktype) {
- error("userauth_pubkey: type mismatch for decoded key "
- "(received %d, expected %d)", key->type, pktype);
+ error("%s: type mismatch for decoded key "
+ "(received %d, expected %d)", __func__, key->type, pktype);
goto done;
}
if (key_type_plain(key->type) == KEY_RSA &&
@@ -123,6 +123,7 @@ userauth_pubkey(Authctxt *authctxt)
"signature scheme");
goto done;
}
+ fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT);
if (auth2_userkey_already_used(authctxt, key)) {
logit("refusing previously-used %s key", key_type(key));
goto done;
@@ -135,6 +136,8 @@ userauth_pubkey(Authctxt *authctxt)
}
if (have_sig) {
+ debug3("%s: have signature for %s %s",
+ __func__, sshkey_type(key), fp);
sig = packet_get_string(&slen);
packet_check_eom();
buffer_init(&b);
@@ -180,7 +183,8 @@ userauth_pubkey(Authctxt *authctxt)
buffer_free(&b);
free(sig);
} else {
- debug("test whether pkalg/pkblob are acceptable");
+ debug("%s: test whether pkalg/pkblob are acceptable for %s %s",
+ __func__, sshkey_type(key), fp);
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
@@ -203,11 +207,12 @@ userauth_pubkey(Authctxt *authctxt)
if (authenticated != 1)
auth_clear_options();
done:
- debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
+ debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
if (key != NULL)
key_free(key);
free(pkalg);
free(pkblob);
+ free(fp);
return authenticated;
}
@@ -793,8 +798,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
free(fp);
continue;
}
- verbose("Accepted certificate ID \"%s\" "
+ verbose("Accepted certificate ID \"%s\" (serial %llu) "
"signed by %s CA %s via %s", key->cert->key_id,
+ (unsigned long long)key->cert->serial,
key_type(found), fp, file);
free(fp);
found_key = 1;
@@ -872,8 +878,10 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
if (auth_cert_options(key, pw) != 0)
goto out;
- verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s",
- key->cert->key_id, key_type(key->cert->signature_key), ca_fp,
+ verbose("Accepted certificate ID \"%s\" (serial %llu) signed by "
+ "%s CA %s via %s", key->cert->key_id,
+ (unsigned long long)key->cert->serial,
+ key_type(key->cert->signature_key), ca_fp,
options.trusted_user_ca_keys);
ret = 1;
View
20 crypto/external/bsd/openssh/dist/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.98 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.100 2015/12/04 16:41:28 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -424,11 +424,24 @@ ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge,
}
#endif
+/* encode signature algoritm in flag bits, so we can keep the msg format */
+static u_int
+agent_encode_alg(struct sshkey *key, const char *alg)
+{
+ if (alg != NULL && key->type == KEY_RSA) {
+ if (strcmp(alg, "rsa-sha2-256") == 0)
+ return SSH_AGENT_RSA_SHA2_256;
+ else if (strcmp(alg, "rsa-sha2-512") == 0)
+ return SSH_AGENT_RSA_SHA2_512;
+ }
+ return 0;
+}
+
/* ask agent to sign data, returns err.h code on error, 0 on success */
int
ssh_agent_sign(int sock, struct sshkey *key,
u_char **sigp, size_t *lenp,
- const u_char *data, size_t datalen, u_int compat)
+ const u_char *data, size_t datalen, const char *alg, u_int compat)
{
struct sshbuf *msg;
u_char *blob = NULL, type;
@@ -447,12 +460,13 @@ ssh_agent_sign(int sock, struct sshkey *key,
return SSH_ERR_ALLOC_FAIL;
if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)
goto out;
+ flags |= agent_encode_alg(key, alg);
if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
(r = sshbuf_put_string(msg, blob, blen)) != 0 ||
(r = sshbuf_put_string(msg, data, datalen)) != 0 ||
(r = sshbuf_put_u32(msg, flags)) != 0)
goto out;
- if ((r = ssh_request_reply(sock, msg, msg) != 0))
+ if ((r = ssh_request_reply(sock, msg, msg)) != 0)
goto out;
if ((r = sshbuf_get_u8(msg, &type)) != 0)
goto out;
View
6 crypto/external/bsd/openssh/dist/authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.38 2015/01/14 20:05:27 djm Exp $ */
+/* $OpenBSD: authfd.h,v 1.39 2015/12/04 16:41:28 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -41,7 +41,7 @@ int ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge,
u_char session_id[16], u_char response[16]);
int ssh_agent_sign(int sock, struct sshkey *key,
u_char **sigp, size_t *lenp,
- const u_char *data, size_t datalen, u_int compat);
+ const u_char *data, size_t datalen, const char *alg, u_int compat);
/* Messages for the authentication agent connection. */
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
@@ -86,5 +86,7 @@ int ssh_agent_sign(int sock, struct sshkey *key,
#define SSH_COM_AGENT2_FAILURE 102
#define SSH_AGENT_OLD_SIGNATURE 0x01
+#define SSH_AGENT_RSA_SHA2_256 0x02
+#define SSH_AGENT_RSA_SHA2_512 0x04
#endif /* AUTHFD_H */
View
27 crypto/external/bsd/openssh/dist/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.116 2015/07/09 09:49:46 markus Exp $ */
+/* $OpenBSD: authfile.c,v 1.120 2015/12/11 04:21:11 mmcc Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
@@ -238,8 +238,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
/* success */
r = 0;
out:
- if (buffer != NULL)
- sshbuf_free(buffer);
+ sshbuf_free(buffer);
return r;
}
@@ -267,14 +266,13 @@ sshkey_load_private(const char *filename, const char *passphrase,
goto out;
}
if ((r = sshkey_load_file(fd, buffer)) != 0 ||
- (r = sshkey_parse_private_fileblob(buffer, passphrase, filename,
- keyp, commentp)) != 0)
+ (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
+ commentp)) != 0)
goto out;
r = 0;
out:
close(fd);
- if (buffer != NULL)
- sshbuf_free(buffer);
+ sshbuf_free(buffer);
return r;
}
@@ -421,10 +419,8 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp)
r = 0;
out:
- if (file != NULL)
- free(file);
- if (pub != NULL)
- sshkey_free(pub);
+ free(file);
+ sshkey_free(pub);
return r;
}
@@ -469,10 +465,8 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
*keyp = key;
key = NULL;
out:
- if (key != NULL)
- sshkey_free(key);
- if (cert != NULL)
- sshkey_free(cert);
+ sshkey_free(key);
+ sshkey_free(cert);
return r;
}
@@ -533,8 +527,7 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
}
r = SSH_ERR_KEY_NOT_FOUND;
out:
- if (pub != NULL)
- sshkey_free(pub);
+ sshkey_free(pub);
fclose(f);
return r;
}
View
2 crypto/external/bsd/openssh/dist/bitmap.c
@@ -51,7 +51,7 @@ void
bitmap_free(struct bitmap *b)
{
if (b != NULL && b->d != NULL) {
- memset(b->d, 0, b->len);
+ explicit_bzero(b->d, b->len);
free(b->d);
}
free(b);
View
16 crypto/external/bsd/openssh/dist/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.347 2015/07/01 02:26:31 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.349 2016/02/05 13:28:19 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -652,7 +652,7 @@ channel_open_message(void)
case SSH_CHANNEL_INPUT_DRAINING:
case SSH_CHANNEL_OUTPUT_DRAINING:
snprintf(buf, sizeof buf,
- " #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d cc %d)\r\n",
+ " #%d %.300s (t%d r%d i%u/%d o%u/%d fd %d/%d cc %d)\r\n",
c->self, c->remote_name,
c->type, c->remote_id,
c->istate, buffer_len(&c->input),
@@ -1869,13 +1869,13 @@ read_mux(Channel *c, u_int need)
if (buffer_len(&c->input) < need) {
rlen = need - buffer_len(&c->input);
len = read(c->rfd, buf, MIN(rlen, CHAN_RBUF));
+ if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ return buffer_len(&c->input);
if (len <= 0) {
- if (errno != EINTR && errno != EAGAIN) {
- debug2("channel %d: ctl read<=0 rfd %d len %d",
- c->self, c->rfd, len);
- chan_read_failed(c);
- return 0;
- }
+ debug2("channel %d: ctl read<=0 rfd %d len %d",
+ c->self, c->rfd, len);
+ chan_read_failed(c);
+ return 0;
} else
buffer_append(&c->input, buf, len);
}
View
5 crypto/external/bsd/openssh/dist/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.100 2015/01/14 10:29:45 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.101 2015/12/10 17:08:40 mmcc Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -347,8 +347,7 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher,
if (cipher->discard_len > 0) {
if ((junk = malloc(cipher->discard_len)) == NULL ||
(discard = malloc(cipher->discard_len)) == NULL) {
- if (junk != NULL)
- free(junk);
+ free(junk);
ret = SSH_ERR_ALLOC_FAIL;
goto bad;
}
View
195 crypto/external/bsd/openssh/dist/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.284 2016/02/08 10:57:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -103,7 +103,6 @@
#include "sshpty.h"
#include "match.h"
#include "msg.h"
-#include "roaming.h"
#include "ssherr.h"
#include "hostfile.h"
@@ -161,8 +160,6 @@ static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */
static void client_init_dispatch(void);
int session_ident = -1;
-int session_resumed = 0;
-
/* Track escape per proto2 channel */
struct escape_filter_ctx {
int escape_pending;
@@ -280,6 +277,9 @@ client_x11_display_valid(const char *display)
{
size_t i, dlen;
+ if (display == NULL)
+ return 0;
+
dlen = strlen(display);
for (i = 0; i < dlen; i++) {
if (!isalnum((u_char)display[i]) &&
@@ -293,35 +293,34 @@ client_x11_display_valid(const char *display)
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
#define X11_TIMEOUT_SLACK 60
-void
+int
client_x11_get_proto(const char *display, const char *xauth_path,
u_int trusted, u_int timeout, char **_proto, char **_data)
{
- char cmd[1024];
- char line[512];
- char xdisplay[512];
+ char cmd[1024], line[512], xdisplay[512];
+ char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
static char proto[512], data[512];
FILE *f;
- int got_data = 0, generated = 0, do_unlink = 0, i;
- char *xauthdir, *xauthfile;
+ int got_data = 0, generated = 0, do_unlink = 0, i, r;
struct stat st;
u_int now, x11_timeout_real;
- xauthdir = xauthfile = NULL;
*_proto = proto;
*_data = data;
- proto[0] = data[0] = '\0';
+ proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
- if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
+ if (!client_x11_display_valid(display)) {
+ if (display != NULL)
+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
+ display);
+ return -1;
+ }
+ if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
debug("No xauth program.");
- } else if (!client_x11_display_valid(display)) {
- logit("DISPLAY '%s' invalid, falling back to fake xauth data",
- display);
- } else {
- if (display == NULL) {
- debug("x11_get_proto: DISPLAY not set");
- return;
- }
+ xauth_path = NULL;
+ }
+
+ if (xauth_path != NULL) {
/*
* Handle FamilyLocal case where $DISPLAY does
* not match an authorization entry. For this we
@@ -330,45 +329,60 @@ client_x11_get_proto(const char *display, const char *xauth_path,
* is not perfect.
*/
if (strncmp(display, "localhost:", 10) == 0) {
- snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
- display + 10);
+ if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
+ display + 10)) < 0 ||
+ (size_t)r >= sizeof(xdisplay)) {
+ error("%s: display name too long", __func__);
+ return -1;
+ }
display = xdisplay;
}
if (trusted == 0) {
- xauthdir = xmalloc(PATH_MAX);
- xauthfile = xmalloc(PATH_MAX);
- mktemp_proto(xauthdir, PATH_MAX);
/*
+ * Generate an untrusted X11 auth cookie.
+ *
* The authentication cookie should briefly outlive
* ssh's willingness to forward X11 connections to
* avoid nasty fail-open behaviour in the X server.
*/
+ mktemp_proto(xauthdir, sizeof(xauthdir));
+ if (mkdtemp(xauthdir) == NULL) {
+ error("%s: mkdtemp: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+ do_unlink = 1;
+ if ((r = snprintf(xauthfile, sizeof(xauthfile),
+ "%s/xauthfile", xauthdir)) < 0 ||
+ (size_t)r >= sizeof(xauthfile)) {
+ error("%s: xauthfile path too long", __func__);
+ unlink(xauthfile);
+ rmdir(xauthdir);
+ return -1;
+ }
+
if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
x11_timeout_real = UINT_MAX;
else
x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
- if (mkdtemp(xauthdir) != NULL) {
- do_unlink = 1;
- snprintf(xauthfile, PATH_MAX, "%s/xauthfile",
- xauthdir);
- snprintf(cmd, sizeof(cmd),
- "%s -f %s generate %s " SSH_X11_PROTO
- " untrusted timeout %u 2>" _PATH_DEVNULL,
- xauth_path, xauthfile, display,
- x11_timeout_real);
- debug2("x11_get_proto: %s", cmd);
- if (x11_refuse_time == 0) {
- now = monotime() + 1;
- if (UINT_MAX - timeout < now)
- x11_refuse_time = UINT_MAX;
- else
- x11_refuse_time = now + timeout;
- channel_set_x11_refuse_time(
- x11_refuse_time);
- }
- if (system(cmd) == 0)
- generated = 1;
+ if ((r = snprintf(cmd, sizeof(cmd),
+ "%s -f %s generate %s " SSH_X11_PROTO
+ " untrusted timeout %u 2>" _PATH_DEVNULL,
+ xauth_path, xauthfile, display,
+ x11_timeout_real)) < 0 ||
+ (size_t)r >= sizeof(cmd))
+ fatal("%s: cmd too long", __func__);
+ debug2("%s: %s", __func__, cmd);
+ if (x11_refuse_time == 0) {
+ now = monotime() + 1;
+ if (UINT_MAX - timeout < now)
+ x11_refuse_time = UINT_MAX;
+ else
+ x11_refuse_time = now + timeout;
+ channel_set_x11_refuse_time(x11_refuse_time);
}
+ if (system(cmd) == 0)
+ generated = 1;
}
/*
@@ -390,17 +404,20 @@ client_x11_get_proto(const char *display, const char *xauth_path,
got_data = 1;
if (f)
pclose(f);
- } else
- error("Warning: untrusted X11 forwarding setup failed: "
- "xauth key data not generated");
+ }
}
if (do_unlink) {
unlink(xauthfile);
rmdir(xauthdir);
}
- free(xauthdir);
- free(xauthfile);
+
+ /* Don't fall back to fake X11 data for untrusted forwarding */
+ if (!trusted && !got_data) {
+ error("Warning: untrusted X11 forwarding setup failed: "
+ "xauth key data not generated");
+ return -1;
+ }
/*
* If we didn't get authentication data, just make up some
@@ -424,6 +441,8 @@ client_x11_get_proto(const char *display, const char *xauth_path,
rnd >>= 8;
}
}
+
+ return 0;
}
/*
@@ -727,7 +746,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
static void
client_process_net_input(fd_set *readset)
{
- int len, cont = 0;
+ int len;
char buf[8192];
/*
@@ -736,8 +755,8 @@ client_process_net_input(fd_set *readset)
*/
if (FD_ISSET(connection_in, readset)) {
/* Read as much as possible. */
- len = roaming_read(connection_in, buf, sizeof(buf), &cont);
- if (len == 0 && cont == 0) {
+ len = read(connection_in, buf, sizeof(buf));
+ if (len == 0) {
/*
* Received EOF. The remote host has closed the
* connection.
@@ -1471,13 +1490,43 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
{
fd_set *readset = NULL, *writeset = NULL;
double start_time, total_time;
- int r, max_fd = 0, max_fd2 = 0, len, rekeying = 0;
+ int r, max_fd = 0, max_fd2 = 0, len;
u_int64_t ibytes, obytes;
u_int nalloc = 0;
char buf[100];
debug("Entering interactive session.");
+ if (options.control_master &&
+ ! option_clear_or_none(options.control_path)) {
+ debug("pledge: id");
+ if (pledge("stdio rpath wpath cpath unix inet dns proc exec id tty",
+ NULL) == -1)
+ fatal("%s pledge(): %s", __func__, strerror(errno));
+
+ } else if (options.forward_x11 || options.permit_local_command) {
+ debug("pledge: exec");
+ if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
+ NULL) == -1)
+ fatal("%s pledge(): %s", __func__, strerror(errno));
+
+ } else if (options.update_hostkeys) {
+ debug("pledge: filesystem full");
+ if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
+ NULL) == -1)
+ fatal("%s pledge(): %s", __func__, strerror(errno));
+
+ } else if (! option_clear_or_none(options.proxy_command)) {
+ debug("pledge: proc");
+ if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
+ fatal("%s pledge(): %s", __func__, strerror(errno));
+
+ } else {
+ debug("pledge: network");
+ if (pledge("stdio unix inet dns tty", NULL) == -1)
+ fatal("%s pledge(): %s", __func__, strerror(errno));
+ }
+
start_time = get_current_time();
/* Initialize variables. */
@@ -1556,10 +1605,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
if (compat20 && session_closed && !channel_still_open())
break;
- rekeying = (active_state->kex != NULL && !active_state->kex->done);
-
- if (rekeying) {
+ if (ssh_packet_is_rekeying(active_state)) {
debug("rekeying in progress");
+ } else if (need_rekeying) {
+ /* manual rekey request */
+ debug("need rekeying");
+ if ((r = kex_start_rekex(active_state)) != 0)
+ fatal("%s: kex_start_rekex: %s", __func__,
+ ssh_err(r));
+ need_rekeying = 0;
} else {
/*
* Make packets of buffered stdin data, and buffer
@@ -1590,23 +1644,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
*/
max_fd2 = max_fd;
client_wait_until_can_do_something(&readset, &writeset,
- &max_fd2, &nalloc, rekeying);
+ &max_fd2, &nalloc, ssh_packet_is_rekeying(active_state));
if (quit_pending)
break;
/* Do channel operations unless rekeying in progress. */
- if (!rekeying) {
+ if (!ssh_packet_is_rekeying(active_state))
channel_after_select(readset, writeset);
- if (need_rekeying || packet_need_rekeying()) {
- debug("need rekeying");
- active_state->kex->done = 0;
- if ((r = kex_send_kexinit(active_state)) != 0)
- fatal("%s: kex_send_kexinit: %s",
- __func__, ssh_err(r));
- need_rekeying = 0;
- }
- }
/* Buffer input from the connection. */
client_process_net_input(readset);
@@ -1624,14 +1669,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
client_process_output(writeset);
}
- if (session_resumed) {
- connection_in = packet_get_connection_in();
- connection_out = packet_get_connection_out();
- max_fd = MAX(max_fd, connection_out);
- max_fd = MAX(max_fd, connection_in);
- session_resumed = 0;
- }
-
/*
* Send as much buffered packet data as possible to the
* sender.
@@ -1725,7 +1762,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
}
/* Clear and free any buffers. */
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
buffer_free(&stdin_buffer);
buffer_free(&stdout_buffer);
buffer_free(&stderr_buffer);
View
4 crypto/external/bsd/openssh/dist/clientloop.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */
+/* $OpenBSD: clientloop.h,v 1.32 2016/01/13 23:04:47 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -39,7 +39,7 @@
/* Client side main loop for the interactive session. */
int client_loop(int, int, int);
-void client_x11_get_proto(const char *, const char *, u_int, u_int,
+int client_x11_get_proto(const char *, const char *, u_int, u_int,
char **, char **);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(int, int, int, const char *, struct termios *,
View
9 crypto/external/bsd/openssh/dist/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */
+/* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -44,8 +44,11 @@ int dh_pub_is_valid(DH *, BIGNUM *);
u_int dh_estimate(int);
-/* Min and max values from RFC4419. */
-#define DH_GRP_MIN 1024
+/*
+ * Max value from RFC4419.
+ * Miniumum increased in light of DH precomputation attacks.
+ */
+#define DH_GRP_MIN 2048
#define DH_GRP_MAX 8192
/*
View
178 crypto/external/bsd/openssh/dist/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.109 2015/07/30 00:01:34 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -46,7 +46,6 @@
#include "misc.h"
#include "dispatch.h"
#include "monitor.h"
-#include "roaming.h"
#include "ssherr.h"
#include "sshbuf.h"
@@ -56,6 +55,19 @@
static int kex_choose_conf(struct ssh *);
static int kex_input_newkeys(int, u_int32_t, void *);
+static const char *proposal_names[PROPOSAL_MAX] = {
+ "KEX algorithms",
+ "host key algorithms",
+ "ciphers ctos",
+ "ciphers stoc",
+ "MACs ctos",
+ "MACs stoc",
+ "compression ctos",
+ "compression stoc",
+ "languages ctos",
+ "languages stoc",
+};
+
struct kexalg {
char *name;
u_int type;
@@ -248,16 +260,16 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
for (i = 0; i < PROPOSAL_MAX; i++) {
if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0)
goto out;
- debug2("kex_parse_kexinit: %s", proposal[i]);
+ debug2("%s: %s", proposal_names[i], proposal[i]);
}
/* first kex follows / reserved */
- if ((r = sshbuf_get_u8(b, &v)) != 0 ||
- (r = sshbuf_get_u32(b, &i)) != 0)
+ if ((r = sshbuf_get_u8(b, &v)) != 0 || /* first_kex_follows */
+ (r = sshbuf_get_u32(b, &i)) != 0) /* reserved */
goto out;
if (first_kex_follows != NULL)
- *first_kex_follows = i;
- debug2("kex_parse_kexinit: first_kex_follows %d ", v);
- debug2("kex_parse_kexinit: reserved %u ", i);
+ *first_kex_follows = v;
+ debug2("first_kex_follows %d ", v);
+ debug2("reserved %u ", i);
r = 0;
*propp = proposal;
out:
@@ -283,7 +295,14 @@ kex_prop_free(char **proposal)
static int
kex_protocol_error(int type, u_int32_t seq, void *ctxt)
{
- error("Hm, kex protocol error: type %d seq %u", type, seq);
+ struct ssh *ssh = active_state; /* XXX */
+ int r;
+
+ error("kex protocol error: type %d seq %u", type, seq);
+ if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 ||
+ (r = sshpkt_put_u32(ssh, seq)) != 0 ||
+ (r = sshpkt_send(ssh)) != 0)
+ return r;
return 0;
}
@@ -295,6 +314,20 @@ kex_reset_dispatch(struct ssh *ssh)
ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
}
+static int
+kex_send_ext_info(struct ssh *ssh)
+{
+ int r;
+
+ if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
+ (r = sshpkt_put_u32(ssh, 1)) != 0 ||
+ (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
+ (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 ||
+ (r = sshpkt_send(ssh)) != 0)
+ return r;
+ return 0;
+}
+
int
kex_send_newkeys(struct ssh *ssh)
{
@@ -307,9 +340,51 @@ kex_send_newkeys(struct ssh *ssh)
debug("SSH2_MSG_NEWKEYS sent");
debug("expecting SSH2_MSG_NEWKEYS");
ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys);
+ if (ssh->kex->ext_info_c)
+ if ((r = kex_send_ext_info(ssh)) != 0)
+ return r;
return 0;
}
+int
+kex_input_ext_info(int type, u_int32_t seq, void *ctxt)
+{
+ struct ssh *ssh = ctxt;
+ struct kex *kex = ssh->kex;
+ u_int32_t i, ninfo;
+ char *name, *val, *found;
+ int r;
+
+ debug("SSH2_MSG_EXT_INFO received");
+ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
+ if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
+ return r;
+ for (i = 0; i < ninfo; i++) {
+ if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
+ return r;
+ if ((r = sshpkt_get_cstring(ssh, &val, NULL)) != 0) {
+ free(name);
+ return r;
+ }
+ debug("%s: %s=<%s>", __func__, name, val);
+ if (strcmp(name, "server-sig-algs") == 0) {
+ found = match_list("rsa-sha2-256", val, NULL);
+ if (found) {
+ kex->rsa_sha2 = 256;
+ free(found);
+ }
+ found = match_list("rsa-sha2-512", val, NULL);
+ if (found) {
+ kex->rsa_sha2 = 512;
+ free(found);
+ }
+ }
+ free(name);
+ free(val);
+ }
+ return sshpkt_get_end(ssh);
+}
+
static int
kex_input_newkeys(int type, u_int32_t seq, void *ctxt)
{
@@ -449,7 +524,7 @@ kex_free_newkeys(struct newkeys *newkeys)
newkeys->enc.key = NULL;
}
if (newkeys->enc.iv) {
- explicit_bzero(newkeys->enc.iv, newkeys->enc.block_size);
+ explicit_bzero(newkeys->enc.iv, newkeys->enc.iv_len);
free(newkeys->enc.iv);
newkeys->enc.iv = NULL;
}
@@ -490,6 +565,8 @@ kex_free(struct kex *kex)
free(kex->client_version_string);
free(kex->server_version_string);
free(kex->failed_choice);
+ free(kex->hostkey_alg);
+ free(kex->name);
free(kex);
}
@@ -508,6 +585,25 @@ kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
return 0;
}
+/*
+ * Request key re-exchange, returns 0 on success or a ssherr.h error
+ * code otherwise. Must not be called if KEX is incomplete or in-progress.
+ */
+int
+kex_start_rekex(struct ssh *ssh)
+{
+ if (ssh->kex == NULL) {
+ error("%s: no kex", __func__);
+ return SSH_ERR_INTERNAL_ERROR;
+ }
+ if (ssh->kex->done == 0) {
+ error("%s: requested twice", __func__);
+ return SSH_ERR_INTERNAL_ERROR;
+ }
+ ssh->kex->done = 0;
+ return kex_send_kexinit(ssh);
+}
+
static int
choose_enc(struct sshenc *enc, char *client, char *server)
{
@@ -572,6 +668,7 @@ choose_kex(struct kex *k, char *client, char *server)
k->name = match_list(client, server, NULL);
+ debug("kex: algorithm: %s", k->name ? k->name : "(no match)");
if (k->name == NULL)
return SSH_ERR_NO_KEX_ALG_MATCH;
if ((kexalg = kex_alg_by_name(k->name)) == NULL)
@@ -585,15 +682,16 @@ choose_kex(struct kex *k, char *client, char *server)
static int
choose_hostkeyalg(struct kex *k, char *client, char *server)
{
- char *hostkeyalg = match_list(client, server, NULL);
+ k->hostkey_alg = match_list(client, server, NULL);
- if (hostkeyalg == NULL)
+ debug("kex: host key algorithm: %s",
+ k->hostkey_alg ? k->hostkey_alg : "(no match)");
+ if (k->hostkey_alg == NULL)
return SSH_ERR_NO_HOSTKEY_ALG_MATCH;
- k->hostkey_type = sshkey_type_from_name(hostkeyalg);
+ k->hostkey_type = sshkey_type_from_name(k->hostkey_alg);
if (k->hostkey_type == KEY_UNSPEC)
return SSH_ERR_INTERNAL_ERROR;
- k->hostkey_nid = sshkey_ecdsa_nid_from_name(hostkeyalg);
- free(hostkeyalg);
+ k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg);
return 0;
}
@@ -632,8 +730,11 @@ kex_choose_conf(struct ssh *ssh)
u_int mode, ctos, need, dh_need, authlen;
int r, first_kex_follows;
- if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 ||
- (r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
+ debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");
+ if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)
+ goto out;
+ debug2("peer %s KEXINIT proposal", kex->server ? "client" : "server");
+ if ((r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
goto out;
if (kex->server) {
@@ -644,18 +745,30 @@ kex_choose_conf(struct ssh *ssh)
sprop=peer;
}
- /* Check whether server offers roaming */
- if (!kex->server) {
- char *roaming = match_list(KEX_RESUME,
- peer[PROPOSAL_KEX_ALGS], NULL);
+ /* Check whether client supports ext_info_c */
+ if (kex->server) {
+ char *ext;
- if (roaming) {
- kex->roaming = 1;
- free(roaming);
+ ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
+ if (ext) {
+ kex->ext_info_c = 1;
+ free(ext);
}
}
/* Algorithm Negotiation */
+ if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
+ sprop[PROPOSAL_KEX_ALGS])) != 0) {
+ kex->failed_choice = peer[PROPOSAL_KEX_ALGS];
+ peer[PROPOSAL_KEX_ALGS] = NULL;
+ goto out;
+ }
+ if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
+ sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) {
+ kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS];
+ peer[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL;
+ goto out;
+ }
for (mode = 0; mode < MODE_MAX; mode++) {
if ((newkeys = calloc(1, sizeof(*newkeys))) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
@@ -688,24 +801,12 @@ kex_choose_conf(struct ssh *ssh)
peer[ncomp] = NULL;
goto out;
}
- debug("kex: %s %s %s %s",
+ debug("kex: %s cipher: %s MAC: %s compression: %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
authlen == 0 ? newkeys->mac.name : "<implicit>",
newkeys->comp.name);
}
- if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
- sprop[PROPOSAL_KEX_ALGS])) != 0) {
- kex->failed_choice = peer[PROPOSAL_KEX_ALGS];
- peer[PROPOSAL_KEX_ALGS] = NULL;
- goto out;
- }
- if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
- sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) {
- kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS];
- peer[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL;
- goto out;
- }
need = dh_need = 0;
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = kex->newkeys[mode];
@@ -791,8 +892,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
digest = NULL;
r = 0;
out:
- if (digest)
- free(digest);
+ free(digest);
ssh_digest_free(hashctx);
return r;
}
View
13 crypto/external/bsd/openssh/dist/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.73 2015/07/30 00:01:34 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.76 2016/02/08 10:57:07 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -40,7 +40,6 @@
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
-#define KEX_RESUME "resume@appgate.com"
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
@@ -115,10 +114,12 @@ struct kex {
u_int dh_need;
int server;
char *name;
+ char *hostkey_alg;
int hostkey_type;
int hostkey_nid;
u_int kex_type;
- int roaming;
+ int rsa_sha2;
+ int ext_info_c;
struct sshbuf *my;
struct sshbuf *peer;
sig_atomic_t done;
@@ -132,8 +133,8 @@ struct kex {
struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
int (*host_key_index)(struct sshkey *, int, struct ssh *);
- int (*sign)(struct sshkey *, struct sshkey *,
- u_char **, size_t *, const u_char *, size_t, u_int);
+ int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *,
+ const u_char *, size_t, const char *, u_int);
int (*kex[KEX_MAX])(struct ssh *);
/* kex specific state */
DH *dh; /* DH */
@@ -160,9 +161,11 @@ void kex_prop_free(char **);
int kex_send_kexinit(struct ssh *);
int kex_input_kexinit(int, u_int32_t, void *);
+int kex_input_ext_info(int, u_int32_t, void *);
int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *);
int kex_send_newkeys(struct ssh *);
+int kex_start_rekex(struct ssh *);
int kexdh_client(struct ssh *);
int kexdh_server(struct ssh *);
View
6 crypto/external/bsd/openssh/dist/kexc25519s.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexc25519s.c,v 1.9 2015/04/27 00:37:53 dtucker Exp $ */
+/* $OpenBSD: kexc25519s.c,v 1.10 2015/12/04 16:41:28 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -132,8 +132,8 @@ input_kex_c25519_init(int type, u_int32_t seq, void *ctxt)
}
/* sign H */
- if ((r = kex->sign(server_host_private, server_host_public,
- &signature, &slen, hash, hashlen, ssh->compat)) < 0)
+ if ((r = kex->sign(server_host_private, server_host_public, &signature,
+ &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
goto out;
/* send server hostkey, ECDH pubkey 'Q_S' and signed H */
View
6 crypto/external/bsd/openssh/dist/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.22 2015/01/26 06:10:03 djm Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.23 2015/12/04 16:41:28 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -176,8 +176,8 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt)
}
/* sign H */
- if ((r = kex->sign(server_host_private, server_host_public,
- &signature, &slen, hash, hashlen, ssh->compat)) < 0)
+ if ((r = kex->sign(server_host_private, server_host_public, &signature,
+ &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
goto out;
/* destroy_sensitive_data(); */
View
6 crypto/external/bsd/openssh/dist/kexecdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.14 2015/01/26 06:10:03 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.15 2015/12/04 16:41:28 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -165,8 +165,8 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt)
}
/* sign H */
- if ((r = kex->sign(server_host_private, server_host_public,
- &signature, &slen, hash, hashlen, ssh->compat)) < 0)
+ if ((r = kex->sign(server_host_private, server_host_public, &signature,
+ &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
goto out;
/* destroy_sensitive_data(); */
View
6 crypto/external/bsd/openssh/dist/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.25 2015/04/13 02:04:08 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.26 2015/12/04 16:41:28 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -215,8 +215,8 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt)
}
/* sign H */
- if ((r = kex->sign(server_host_private, server_host_public,
- &signature, &slen, hash, hashlen, ssh->compat)) < 0)
+ if ((r = kex->sign(server_host_private, server_host_public, &signature,
+ &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
goto out;
/* destroy_sensitive_data(); */
View
6 crypto/external/bsd/openssh/dist/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.128 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: key.c,v 1.129 2015/12/04 16:41:28 markus Exp $ */
/*
* placed in the public domain
*/
@@ -130,7 +130,7 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
int
key_sign(const Key *key, u_char **sigp, u_int *lenp,
- const u_char *data, u_int datalen)
+ const u_char *data, u_int datalen, const char *alg)
{
int r;
u_char *sig;
@@ -141,7 +141,7 @@ key_sign(const Key *key, u_char **sigp, u_int *lenp,
if (lenp != NULL)
*lenp = 0;
if ((r = sshkey_sign(key, &sig, &siglen,
- data, datalen, datafellows)) != 0) {
+ data, datalen, alg, datafellows)) != 0) {
fatal_on_fatal_errors(r, __func__, 0);
error("%s: %s", __func__, ssh_err(r));
return -1;
View
5 crypto/external/bsd/openssh/dist/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.48 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: key.h,v 1.49 2015/12/04 16:41:28 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -84,7 +84,8 @@ int key_ec_validate_private(const EC_KEY *);
Key *key_from_blob(const u_char *, u_int);
int key_to_blob(const Key *, u_char **, u_int *);
-int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int,
+ const char *);
int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
void key_private_serialize(const Key *, struct sshbuf *);
View
23 crypto/external/bsd/openssh/dist/krl.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.37 2015/12/31 00:33:52 djm Exp $ */
#include <sys/param.h> /* MIN */
#include <sys/types.h>
@@ -721,7 +721,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 ||
(r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 ||
(r = sshbuf_put_u64(buf, krl->krl_version)) != 0 ||
- (r = sshbuf_put_u64(buf, krl->generated_date) != 0) ||
+ (r = sshbuf_put_u64(buf, krl->generated_date)) != 0 ||
(r = sshbuf_put_u64(buf, krl->flags)) != 0 ||
(r = sshbuf_put_string(buf, NULL, 0)) != 0 ||
(r = sshbuf_put_cstring(buf, krl->comment)) != 0)
@@ -770,7 +770,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
goto out;
if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
- sshbuf_ptr(buf), sshbuf_len(buf), 0)) != 0)
+ sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0)
goto out;
KRL_DBG(("%s: signature sig len %zu", __func__, slen));
if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
@@ -824,10 +824,8 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
goto out;
while (sshbuf_len(buf) > 0) {
- if (subsect != NULL) {
- sshbuf_free(subsect);
- subsect = NULL;
- }
+ sshbuf_free(subsect);
+ subsect = NULL;
if ((r = sshbuf_get_u8(buf, &type)) != 0 ||
(r = sshbuf_froms(buf, &subsect)) != 0)
goto out;
@@ -1015,7 +1013,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
}
/* Check signature over entire KRL up to this point */
if ((r = sshkey_verify(key, blob, blen,
- sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0)
+ sshbuf_ptr(buf), sig_off, 0)) != 0)
goto out;
/* Check if this key has already signed this KRL */
for (i = 0; i < nca_used; i++) {
@@ -1036,7 +1034,6 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
ca_used = tmp_ca_used;
ca_used[nca_used++] = key;
key = NULL;
- break;
}
if (sshbuf_len(copy) != 0) {
@@ -1057,10 +1054,8 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
if ((r = sshbuf_consume(copy, sects_off)) != 0)
goto out;
while (sshbuf_len(copy) > 0) {
- if (sect != NULL) {
- sshbuf_free(sect);
- sect = NULL;
- }
+ sshbuf_free(sect);
+ sect = NULL;
if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
(r = sshbuf_froms(copy, &sect)) != 0)
goto out;
@@ -1103,7 +1098,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
- if (sshbuf_len(sect) > 0) {
+ if (sect != NULL && sshbuf_len(sect) > 0) {
error("KRL section contains unparsed data");
r = SSH_ERR_INVALID_FORMAT;
goto out;
View
3 crypto/external/bsd/openssh/dist/krl.h
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.h,v 1.4 2015/01/13 19:06:49 djm Exp $ */
+/* $OpenBSD: krl.h,v 1.5 2015/12/30 23:46:14 djm Exp $ */
#ifndef _KRL_H
#define _KRL_H
@@ -43,7 +43,6 @@ struct ssh_krl;
struct ssh_krl *ssh_krl_init(void);
void ssh_krl_free(struct ssh_krl *krl);
void ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version);
-void ssh_krl_set_sign_key(struct ssh_krl *krl, const struct sshkey *sign_key);
int ssh_krl_set_comment(struct ssh_krl *krl, const char *comment);
int ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl,
const struct sshkey *ca_key, u_int64_t serial);
View
56 crypto/external/bsd/openssh/dist/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.97 2015/04/24 01:36:00 deraadt Exp $ */
+/* $OpenBSD: misc.c,v 1.101 2016/01/20 09:22:39 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -27,6 +27,7 @@
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
+#include <sys/time.h>
#include <sys/un.h>
#include <net/if.h>
@@ -587,6 +588,8 @@ percent_expand(const char *string, ...)
/* %% case */
if (*string == '%')
goto append;
+ if (*string == '\0')
+ fatal("%s: invalid format", __func__);
for (j = 0; j < num_keys; j++) {
if (strchr(keys[j].key, *string) != NULL) {
i = strlcat(buf, keys[j].repl, sizeof(buf));
@@ -633,62 +636,63 @@ tun_open(int tun, int mode)
struct ifreq ifr;
char name[100];
int fd = -1, sock;
+ const char *tunbase = "tun";
+
+ if (mode == SSH_TUNMODE_ETHERNET)
+ tunbase = "tap";
/* Open the tunnel device */
if (tun <= SSH_TUNID_MAX) {
- snprintf(name, sizeof(name), "/dev/tun%d", tun);
+ snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun);
fd = open(name, O_RDWR);
} else if (tun == SSH_TUNID_ANY) {
for (tun = 100; tun >= 0; tun--) {
- snprintf(name, sizeof(name), "/dev/tun%d", tun);
+ snprintf(name, sizeof(name), "/dev/%s%d",
+ tunbase, tun);
if ((fd = open(name, O_RDWR)) >= 0)
break;
}
} else {
debug("%s: invalid tunnel %u", __func__, tun);
- return (-1);
+ return -1;
}
if (fd < 0) {
- debug("%s: %s open failed: %s", __func__, name, strerror(errno));
- return (-1);
+ debug("%s: %s open: %s", __func__, name, strerror(errno));
+ return -1;
}
debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
- /* Set the tunnel device operation mode */
- snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun);
+ /* Bring interface up if it is not already */
+ snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
goto failed;
- if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
- goto failed;
-
- /* Set interface mode */
- ifr.ifr_flags &= ~IFF_UP;
- if (mode == SSH_TUNMODE_ETHERNET)
- ifr.ifr_flags |= IFF_LINK0;
- else
- ifr.ifr_flags &= ~IFF_LINK0;
- if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
+ if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {
+ debug("%s: get interface %s flags: %s", __func__,
+ ifr.ifr_name, strerror(errno));
goto failed;
+ }
- /* Bring interface up */
- ifr.ifr_flags |= IFF_UP;
- if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
- goto failed;
+ if (!(ifr.ifr_flags & IFF_UP)) {
+ ifr.ifr_flags |= IFF_UP;
+ if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) {
+ debug("%s: activate interface %s: %s", __func__,
+ ifr.ifr_name, strerror(errno));
+ goto failed;
+ }
+ }
close(sock);
- return (fd);
+ return fd;
failed:
if (fd >= 0)
close(fd);
if (sock >= 0)
close(sock);
- debug("%s: failed to set %s mode %d: %s", __func__, name,
- mode, strerror(errno));
- return (-1);
+ return -1;
}
void
View
4 crypto/external/bsd/openssh/dist/moduli-gen/Makefile
@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.4 2015/05/28 00:54:01 dtucker Exp $
+# $OpenBSD: Makefile,v 1.5 2015/10/21 06:37:25 doug Exp $
.include <bsd.own.mk>
# The larger ones will take many days, so if you're going to regen them run
# it in a tmux session or something. The checkpoints should make it safe
# to stop and restart.
-DHSIZE=1536 2048 3072 4096 6144 7680 8192
+DHSIZE=2048 3072 4096 6144 7680 8192
.for bits in ${DHSIZE}
MODULI_PARTS+=moduli.${bits}
View
74 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048
@@ -1,40 +1,34 @@
-20150522030634 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8ADB54257
-20150522030715 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AE6EF847
-20150522030737 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AEC5D76B
-20150522030739 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AECB604F
-20150522030742 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AECF538B
-20150522030756 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AF04851B
-20150522030828 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AF867683
-20150522030905 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B01F7E27
-20150522030909 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B02AFB8F
-20150522030918 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B048739F
-20150522030930 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B07661CB
-20150522030938 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B091EC43
-20150522030955 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B0D50D0F
-20150522031007 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1023673
-20150522031015 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B119500F
-20150522031036 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B177EE9F
-20150522031056 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1D0030B
-20150522031103 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1ECC193
-20150522031125 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B24C9CF7
-20150522031136 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B2774773
-20150522031208 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B2FC9617
-20150522031220 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B32FE6CF
-20150522031228 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B345AC93
-20150522031248 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B392E18F
-20150522031256 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3B32FCF
-20150522031300 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3BF5B2B
-20150522031311 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3E840CB
-20150522031316 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3F5F9D7
-20150522031334 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B439F28B
-20150522031337 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B44025D3
-20150522031339 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B442AC0B
-20150522031353 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4788613
-20150522031356 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B47F8FDB
-20150522031401 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B48EAEFB
-20150522031407 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4A1CE0B
-20150522031420 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4D73D93
-20150522031425 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4E9937F
-20150522031428 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4EFD4BF
-20150522031436 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B507149B
-20150522031452 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B54A3243
+20150722024633 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC82E3847
+20150722024638 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC83EC70B
+20150722024659 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC897368B
+20150722024716 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC8DF1E4F
+20150722024721 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC8F211EB
+20150722024723 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC8F422DB
+20150722024746 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC956BD83
+20150722024749 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC96010FF
+20150722024824 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2EC9FBC12B
+20150722024827 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECA01F5DB
+20150722024853 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECA7B17C7
+20150722024855 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECA7DCB6B
+20150722024930 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECB177B3F
+20150722024936 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECB2A7853
+20150722024941 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECB3A60AF
+20150722024950 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECB5FF357
+20150722024958 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECB7B5D9B
+20150722025052 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECC72211F
+20150722025104 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECCA52287
+20150722025115 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECCD31D8B
+20150722025123 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECCEE546F
+20150722025130 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECD0C7AEB
+20150722025137 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECD259263
+20150722025220 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECDEBEF7B
+20150722025244 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECE54FE63
+20150722025249 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECE677A53
+20150722025253 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECE6D476B
+20150722025334 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECF29D0A3
+20150722025336 2 6 100 2047 5 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECF309BA7
+20150722025351 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECF70679B
+20150722025358 2 6 100 2047 2 C866C026BDF6EE7AB2950158263FD8682A5F2D4A60F2A8490CA11F3727D43C859954C48F01EC2C131F9EC9CF10139A0FCFDF24BE7097DEAC195F817035A5E34D76455A23F3D9160E7D6A6D5D182C294DE2B15D350534EC9AE436C430B46F90F50AA3BC1129402D2F57E4F164889F5A63F1AA6822855B6EC9BAF34D417E2A31531A68FBBCB4D6F835623111450B814AA635B9B2715CE45C8326A6DFCC22E7DC1D5EAB98C7C02DC33CE1DF2B5D74DB234EB5A8B3F5AB35E9BA07E04E9FA9177962457C3BBC1D9DFDFB0BDEE5E00C834768D6825E01E3AAAE6F5EC898D255842FEB8644497CFE4084A7B610E48B1F6ADF8A4B096906F9E7646B26070F2ECF91829B