summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Fix a coredump bug occurring if ssh-keygen attempts to change the passwordgreen2002-01-071-1/+1
| | | | | | on a DSA key. Submitted by: ian j hart <ianjhart@ntlworld.com>
* mdoc(7) police: remove -r from SYNOPSIS, sort -p in DESCRIPTION.ru2001-12-141-6/+5
|
* Don't assume that the number of fds to select on is known quantity (injkh2001-12-091-32/+56
| | | | | | | | this case 16). Use dynamic FD_SETs and calculated high-water marks throughout. There are also too many versions of telnet in the tree. Obtained from: OpenBSD and Apple's Radar database MFC after: 2 days
* Fixed bugs from previous revision.ru2001-12-041-1/+2
| | | | Removed -s from SYNOPSIS and restored -S in DESCRIPTION.
* Update version string since we applied a fix for the UseLogin issue.nectar2001-12-031-1/+1
|
* Protect variables and function prototypes that are only used in the INET6jhay2001-12-031-1/+7
| | | | | | | | case with an ifdef INET6. This make the fixit floppy compile again. Reviewed by: markm
* More help for alpha WARNS=2. This code is, erm, unusual. Anyone whomarkm2001-12-031-4/+4
| | | | feels like rewriting it will meet no objection from me.
* help the alphas out with the WARNS=2 stuff.markm2001-12-032-2/+2
|
* Do not pass user-defined environmental variables to /usr/bin/login.nectar2001-12-031-0/+2
| | | | | Obtained from: OpenBSD Approved by: green
* Protect names that are used elsewhere. This fixes WARNS=2 breakagemarkm2001-12-011-4/+4
| | | | in crypto telnet.
* Damn. The previous mega-commit was incomplete WRT ANSIfication. Thismarkm2001-11-3013-281/+250
| | | | fixes that.
* Very large style makeover.markm2001-11-3045-5317/+2469
| | | | | | | | | | | | | 1) ANSIfy. 2) Clean up ifdefs so that a) ones that never/always apply are appropriately either fully removed, or just the #if junk is removed. b) change #if defined(FOO) for appropiate values of FOO. (currently AUTHENTICATION and ENCRYPTION) 3) WARNS=2 fixing 4) GC other unused stuff This code can now be unifdef(1)ed to make non-crypto telnet.
* In the "UseLogin yes" case we need env to be NULL to make sure itdwmalone2001-11-191-1/+1
| | | | | | | | will be correctly initialised. PR: 32065 Tested by: The Anarcat <anarcat@anarcat.dyndns.org> MFC after: 3 days
* Fix world by trimming an extra comment terminator.jhb2001-10-291-1/+1
|
* Add Berkeley copyright to SRA.nsayer2001-10-293-1/+91
| | | | | | | | | | | | | | | | | | | | | | This is by the kind permission of Dave Safford, formerly of TAMU who wrote the original code. Here is an excerpt of the e-mail exchange concerning this issue: Dave Safford wrote: >Nick Sayer wrote: >> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to >> ask if you had a prefered license boilerplate for the top of the files. It >> has come up recently, and the SRA code in FreeBSD doesn't have one. >I really have no preference - use whatever is most convenient in the >FreeBSD environment. >dave safford This is the standard BSD license with clause 3 removed and clause 4 suitably renumbered. MFC after: 1 day
* Diff-reduce these two.markm2001-10-271-3/+3
| | | | | | | Really, one of them needs to disappear. I'll figure out which later. Reported by: bde
* Add __FBSDID() to diff-reduce with "base" telnet.markm2001-10-0114-28/+40
|
* Modify a "You don't exist" message, pretty rude for transient YP failures.green2001-09-271-1/+1
|
* fix renamed options in some of the code that was #ifdef AFSassar2001-09-044-4/+7
| | | | | | also print an error if krb5 ticket passing is disabled Submitted by: Jonathan Chen <jon@spock.org>
* Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.markm2001-08-2911-936/+7
|
* Backout last change. I didnt follow the thread and made a mistakeps2001-08-271-1/+1
| | | | with this. localisations is a valid spelling. Oops
* Correctly spell localizationsps2001-08-271-1/+1
|
* Remove description of an option that only applies to UNICOS < 7.0.dd2001-08-251-13/+0
| | | | | | | That define may still be present in the source, but I don't think anyone has plans to try to use it. Obtained from: NetBSD
* Code merge and diff reduce with "base" telnet. This is the "later"markm2001-08-2025-290/+283
| | | | | telnet, so it was treated as the reference code, except where later commits were made to "base" telnet.
* Update the OpenSSH minor-version string.green2001-08-161-1/+1
| | | | | Requested by: obrien Reviewed by: rwatson
* Removal of following export controll related sentences:horikawa2001-08-151-10/+0
| | | | | | | | | | | | | | | o Because of export controls, TELNET ENCRYPT option is not supported outside of the United States and Canada. o Because of export controls, data encryption is not supported outside of the United States and Canada. src/crypto/README revision 1.5 commit log says: > Crypto sources are no longer export controlled: > Explain, why crypto sources are still in crypto/. and actually telnet encryption is used outside of US and Canada now. Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp> Reviewed by: no objection on doc
* mdoc(7) police: s/BSD/.Bx/ where appropriate.ru2001-08-141-3/+6
|
* output_data(), output_datalen() and netflush() didn't actually guaranteekris2001-07-236-45/+50
| | | | | | | | | | | | | to do what they are supposed to: under some circumstances output data would be truncated, or the buffer would not actually be flushed (possibly leading to overflows when the caller assumes the operation succeeded). Change the semantics so that these functions ensure they complete the operation before returning. Comment out diagnostic code enabled by '-D reports' which causes an infinite recursion and an eventual crash. Patch developed with assistance from ru and assar.
* More potential buffer overflow fixes.ru2001-07-204-35/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Fixed `nfrontp' calculations in output_data(). If `remaining' is initially zero, it was possible for `nfrontp' to be decremented. Noticed by: dillon o Replaced leaking writenet() with output_datalen(): : * writenet : * : * Just a handy little function to write a bit of raw data to the net. : * It will force a transmit of the buffer if necessary : * : * arguments : * ptr - A pointer to a character string to write : * len - How many bytes to write : */ : void : writenet(ptr, len) : register unsigned char *ptr; : register int len; : { : /* flush buffer if no room for new data) */ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ : if ((&netobuf[BUFSIZ] - nfrontp) < len) { : /* if this fails, don't worry, buffer is a little big */ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ : netflush(); : } : : memmove(nfrontp, ptr, len); : nfrontp += len; : : } /* end of writenet */ What an irony! :-) o Optimized output_datalen() a bit.
* Resolve conflictskris2001-07-194-7/+9
|
* This commit was generated by cvs2svn to compensate for changes in r79998,kris2001-07-1992-1445/+2518
|\ | | | | | | which included commits to RCS files with non-trunk default branches.
| * Initial import of OpenSSL 0.9.6bkris2001-07-1997-1460/+2538
| |
* | vsnprintf() can return a value larger than the buffer size.ru2001-07-191-1/+1
| | | | | | | | | | Submitted by: assar Obtained from: OpenBSD
* | Fixed the exploitable remote buffer overflow.ru2001-07-196-314/+219
| | | | | | | | | | | | Reported on: bugtraq Obtained from: Heimdal, NetBSD Reviewed by: obrien, imp
* | Bug fix: When the client connects to a server and Kerberosnectar2001-07-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | authentication is enabled, the client effectively ignores any error from krb5_rd_rep due to a missing branch. In theory this could result in an ssh client using Kerberos 5 authentication accepting a spoofed AP-REP. I doubt this is a real possiblity, however, because the AP-REP is passed from the server to the client via the SSH encrypted channel. Any tampering should cause the decryption or MAC to fail. Approved by: green MFC after: 1 week
* | mdoc(7) police: removed HISTORY info from the .Os call.ru2001-07-102-3/+2
| |
* | Fix an incorrect conflict resolution which prevented TISAuthenticationgreen2001-07-071-25/+2
| | | | | | | | from working right in 2.9.
* | mdoc(7) police: merge all fixes from non-crypto version.ru2001-07-051-58/+92
| |
* | MF non-crypto: 1.13: document -u in usage.ru2001-07-051-8/+8
| |
* | Also add a colon to "Bad passphrase, please try again ".green2001-06-291-1/+1
| |
* | Put in a missing colon in the "Enter passphrase" message.green2001-06-291-1/+1
| |
* | Back out the last change which is probably actually a red herring. Argh!green2001-06-261-4/+2
| |
* | Don't pointlessly kill a channel because the first (forced)green2001-06-261-2/+4
| | | | | | | | | | | | non-blocking read returns 0. Now I can finally tunnel CVSUP again...
* | fix merges from 0.3fassar2001-06-217-274/+528
| |
* | This commit was generated by cvs2svn to compensate for changes in r78527,assar2001-06-21485-7462/+39617
|\ \ | | | | | | | | | which included commits to RCS files with non-trunk default branches.
| * | import of heimdal 0.3fassar2001-06-21495-7740/+40167
| | |
* | | (do_authloop): handle !KRB4 && KRB5assar2001-06-161-4/+7
| | |
* | | Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 doesmarkm2001-06-151-1/+3
| | | | | | | | | | | | not imply that you want, need or have kerberosIV headers.
* | | Enable Kerberos 5 support in sshd again.green2001-06-123-2/+4
| | |
* | | Switch to the user's uid before attempting to unlink the auth forwardinggreen2001-06-084-25/+45
| | | | | | | | | | | | | | | | | | file, nullifying the effects of a race. Obtained from: OpenBSD
OpenPOWER on IntegriCloud