Support for XDM-AUTHORIZATION-1 at the SSH server end, making use of

the remote IP/port data provided by the server for forwarded
connections. Disabled by default, since it's incompatible with SSH2,
probably incompatible with some X clients, and tickles a bug in
at least one version of OpenSSH.

[originally from svn r2554]

sshdes.c

@@ -897,10 +897,9 @@ void des3_encrypt_pubkey_ossh(unsigned char *key, unsigned char *iv,
     memset(ourkeys, 0, sizeof(ourkeys));
 }
 
-void des_encrypt_xdmauth(unsigned char *keydata, unsigned char *blk, int len)
+static void des_keysetup_xdmauth(unsigned char *keydata, DESContext *dc)
 {
     unsigned char key[8];
-    DESContext dc;
     int i, nbits, j;
     unsigned int bits;
 
@@ -918,11 +917,23 @@ void des_encrypt_xdmauth(unsigned char *keydata, unsigned char *blk, int len)
 	nbits -= 7;
     }
 
-    des_key_setup(GET_32BIT_MSB_FIRST(key), GET_32BIT_MSB_FIRST(key + 4),
-		  &dc);
+    des_key_setup(GET_32BIT_MSB_FIRST(key), GET_32BIT_MSB_FIRST(key + 4), dc);
+}
+
+void des_encrypt_xdmauth(unsigned char *keydata, unsigned char *blk, int len)
+{
+    DESContext dc;
+    des_keysetup_xdmauth(keydata, &dc);
     des_cbc_encrypt(blk, blk, 24, &dc);
 }
 
+void des_decrypt_xdmauth(unsigned char *keydata, unsigned char *blk, int len)
+{
+    DESContext dc;
+    des_keysetup_xdmauth(keydata, &dc);
+    des_cbc_decrypt(blk, blk, 24, &dc);
+}
+
 static const struct ssh2_cipher ssh_3des_ssh2 = {
     des3_make_context, des3_free_context, des3_iv, des3_key,
     des3_ssh2_encrypt_blk, des3_ssh2_decrypt_blk,