MFC r305077:

Squelch clang 3.9.0 warnings about BASE (which is 32768) being converted
to -32768 when it is used as an argument to mp_itom(), in both libtelnet
and newkey. This code has been wrong since r26238 (!), so after almost
20 years it is rather useless to try to correct it.

MFC r305086:

Fix warnings in telnet about invalid constant conversions, e.g.:

contrib/telnet/telnet/commands.c:2914:13: error: implicit conversion
from 'int' to 'char' changes value from 137 to -119
[-Werror,-Wconstant-conversion]
*lsrp++ = IPOPT_SSRR;
~ ^~~~~~~~~~
/usr/include/netinet/ip.h:152:21: note: expanded from macro 'IPOPT_SSRR'
#define IPOPT_SSRR 137 /* strict source route */
^~~
contrib/telnet/telnet/commands.c:2916:13: error: implicit conversion
from 'int' to 'char' changes value from 131 to -125
[-Werror,-Wconstant-conversion]
*lsrp++ = IPOPT_LSRR;
~ ^~~~~~~~~~
/usr/include/netinet/ip.h:148:21: note: expanded from macro 'IPOPT_LSRR'
#define IPOPT_LSRR 131 /* loose source route */
^~~

Use unsigned char buffers instead.

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Rename all symbols in libmp(3) to mp_*, just like Solaris.

The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.

libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.

Reviewed by: deischen, rdivacky

Encrypted strings (after hex decoding) aren't null terminated, because
0 might simply be part of the ciphertext.

PR: bin/40266
Submitted by: andr@dgap.mipt.ru
MFC after: 3 days

Very large style makeover.

1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.

Add Berkeley copyright to SRA.

This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:

Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.

>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.

>dave safford

This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.

MFC after: 1 day

Add __FBSDID() to diff-reduce with "base" telnet.

Code merge and diff reduce with "base" telnet. This is the "later"
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.

Fix the latest telnet breakage. Obviously this was never compiled.

srandomdev() affords us the opportunity to radically improve, and at the
same time simplify, the random number selection code.

Forced commit. This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.

Get crypto from libcrypto, not libdes.

Add SRA authentication to src/crypto/telnet.

SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.

SRA was originally developed at Texas A&M University.

This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).

SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.