Commit Graph

33 Commits

Author SHA1 Message Date
deraadt@openbsd.org
087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
Damien Miller
72ef7c148c support --without-openssl at configure time
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
doug@openbsd.org
7df8818409 upstream commit
Free resources on error in mkstemp and fdopen

ok djm@
2014-10-13 11:37:21 +11:00
Damien Miller
4bedd4032a - dtucker@cvs.openbsd.org 2013/10/24 00:49:49
[moduli.c]
     Periodically print progress and, if possible, expected time to completion
     when screening moduli for DH groups.  ok deraadt djm
2013-10-24 21:02:26 +11:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller
dfceafe8b1 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
[moduli.c ssh-keygen.1 ssh-keygen.c]
     Add options to specify starting line number and number of lines to process
     when screening moduli candidates.  This allows processing of different
     parts of a candidate moduli file in parallel.  man page help jmc@, ok djm@
2012-07-06 13:44:19 +10:00
Darren Tucker
9ee09cfce6 - djm@cvs.openbsd.org 2011/10/19 00:06:10
[moduli.c]
     s/tmpfile/tmp/ to make this -Wshadow clean
2011-11-04 10:52:43 +11:00
Damien Miller
91f3eaec88 - stsp@cvs.openbsd.org 2011/10/16 15:51:39
[moduli.c]
     add missing includes to unbreak tree; fix from rpointel
2011-10-18 16:05:55 +11:00
Damien Miller
390d0561fc - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
[moduli.c ssh-keygen.1 ssh-keygen.c]
     Add optional checkpoints for moduli screening.  feedback & ok deraadt
2011-10-18 16:05:19 +11:00
Darren Tucker
ebdef76b5d - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
shims for the new, non-deprecated OpenSSL key generation functions for
   platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Damien Miller
4499f4cc20 - djm@cvs.openbsd.org 2010/11/10 01:33:07
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
     use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
     these have been around for years by this time. ok markus
2010-11-20 15:15:49 +11:00
Damien Miller
2e9cf49069 - djm@cvs.openbsd.org 2008/06/26 09:19:40
[dh.c dh.h moduli.c]
     when loading moduli from /etc/moduli in sshd(8), check that they
     are of the expected "safe prime" structure and have had
     appropriate primality tests performed;
     feedback and ok dtucker@
2008-06-29 22:47:04 +10:00
Darren Tucker
90aaed4397 - ray@cvs.openbsd.org 2007/02/24 03:30:11
[moduli.c]
     - strlen returns size_t, not int.
     - Pass full buffer size to fgets.
     OK djm@, millert@, and moritz@.
2007-02-25 20:38:55 +11:00
Darren Tucker
0bc85579a9 - markus@cvs.openbsd.org 2006/11/06 21:25:28
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
     ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
     add missing checks for openssl return codes; with & ok djm@
2006-11-07 23:14:41 +11:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller
e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller
5598b4f125 - stevesk@cvs.openbsd.org 2006/07/22 19:08:54
[includes.h moduli.c progressmeter.c scp.c sftp-common.c]
     [sftp-server.c ssh-agent.c sshlogin.c]
     move #include <time.h> out of includes.h
2006-07-24 14:09:40 +10:00
Damien Miller
07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
Damien Miller
0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller
b089fb5fe1 - avsm@cvs.openbsd.org 2005/05/23 22:44:01
[moduli.c ssh-keygen.c]
     - removes signed/unsigned comparisons in moduli generation
     - use strtonum instead of atoi where its easier
     - check some strlcpy overflow and fatal instead of truncate
2005-05-26 12:16:18 +10:00
Darren Tucker
f0e792ec1c - dtucker@cvs.openbsd.org 2005/01/17 03:25:46
[moduli.c]
     Correct spelling: SCHNOOR->SCHNORR; ok djm@
2005-01-20 11:02:26 +11:00
Darren Tucker
fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker
e4ab1157db - markus@cvs.openbsd.org 2004/05/21 08:43:03
[kex.h moduli.c tildexpand.c]
     add prototypes for -Wall; ok djm
2004-05-24 10:14:24 +10:00
Darren Tucker
770fc01078 - djm@cvs.openbsd.org 2004/05/09 00:06:47
[moduli.c ssh-keygen.c] removed: moduli.h
     zap another tiny header; ok deraadt@
2004-05-13 16:24:32 +10:00
Darren Tucker
47abce45b2 - djm@cvs.openbsd.org 2004/04/22 11:56:57
[moduli.c]
     Bugzilla #850: Sophie Germain is the correct name of the French
     mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
2004-05-02 22:09:00 +10:00
Darren Tucker
06930c70ad - djm@cvs.openbsd.org 2003/12/22 09:16:58
[moduli.c ssh-keygen.1 ssh-keygen.c]
     tidy up moduli generation debugging, add -v (verbose/debug) option to
     ssh-keygen; ok markus@
2003-12-31 11:34:51 +11:00
Darren Tucker
5cd9d443ef - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
[moduli.c]
     Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
     they can't be used for Diffie-Hellman.  Assistance and ok djm@
2003-12-10 00:54:38 +11:00
Darren Tucker
1cbc444935 - djm@cvs.openbsd.org 2003/12/07 06:34:18
[moduli.c]
     remove unused debugging #define templates
2003-12-09 19:19:38 +11:00
Damien Miller
787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Darren Tucker
b2f9d4161a - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile.
Should have added with this sync:
   - djm@cvs.openbsd.org 2003/07/28 09:49:56
     [ssh-keygen.1 ssh-keygen.c]
     Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
     Based on code from Phil Karn, William Allen Simpson and Niels Provos.
     ok markus@, thanks jmc@
2003-08-02 23:51:38 +10:00