summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Very big makeover in the way telnet, telnetd and libtelnet are built.markm2003-07-1651-25404/+0
| | | | | | | | | | | | | | | | | | | | | | | Previously, there were two copies of telnet; a non-crypto version that lived in the usual places, and a crypto version that lived in crypto/telnet/. The latter was built in a broken manner somewhat akin to other "contribified" sources. This meant that there were 4 telnets competing with each other at build time - KerberosIV, Kerberos5, plain-old-secure and base. KerberosIV is no longer in the running, but the other three took it in turns to jump all over each other during a "make buildworld". As the crypto issue has been clarified, and crypto _calls_ are not a problem, crypto/telnet has been repo-copied to contrib/telnet, and with this commit, all telnets are now "contribified". The contrib path was chosen to not destroy history in the repository, and differs from other contrib/ entries in that it may be worked on as "normal" BSD code. There is no dangerous crypto in these sources, only a very weak system less strong than enigma(1). Kerberos5 telnet and Secure telnet are now selected by using the usual macros in /etc/make.conf, and the build process is unsurprising and less treacherous.
* This commit was generated by cvs2svn to compensate for changes in r116791,des2003-06-241-0/+1
|\ | | | | | | which included commits to RCS files with non-trunk default branches.
| * Add a "return" that was missing from 3.6.1p1. Since it's been fixed indes2003-06-241-0/+1
| | | | | | | | the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.
* | Fix off-by-one and initialization errors which prevented sshd fromdes2003-05-281-1/+2
| | | | | | | | | | | | | | restarting when sent a SIGHUP. Submitted by: tegge Approved by: re (jhb)
* | Revert unnecessary part of previous commit.des2003-05-131-7/+7
| |
* | Rename a few functions to avoid stealing common words (error, log, debugdes2003-05-121-7/+16
| | | | | | | | | | | | | | etc.) from the application namespace for programs that use pam_ssh(8). Use #defines to avoid changing the actual source code. Approved by: re (rwatson)
* | Fix up external variables named "debug" that have a horrible habitmarkm2003-05-115-8/+8
| | | | | | | | | | | | | | | | of conflicting with other, similarly named functions in static libraries. This is done mostly by renaming the var if it is shared amongst modules, or making it static otherwise. OK'ed by: re(scottl)
* | Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.obrien2003-05-0419-81/+79
| |
* | Remove RCSID from files which have no other diffs to the vendor branch.des2003-05-0125-25/+0
| |
* | Nit.des2003-04-231-1/+1
| |
* | Improvements to the proposed shell code.des2003-04-231-7/+6
| |
* | Regenerate.des2003-04-231-2/+42
| |
* | Resolve conflicts.des2003-04-2347-622/+827
| |
* | This commit was generated by cvs2svn to compensate for changes in r113908,des2003-04-2390-1208/+3375
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OpenSSH-portable 3.6.1p1.des2003-04-23135-1771/+4207
| |
* | - when using a child process instead of a thread, change the child'sdes2003-03-311-2/+13
| | | | | | | | | | | | | | name to reflect its role - try to handle expired passwords a little better MFC after: 1 week
* | If an ssh1 client initiated challenge-response authentication but diddes2003-03-313-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | not respond to challenge, and later successfully authenticated itself using another method, the kbdint context would never be released, leaving the PAM child process behind even after the connection ended. Fix this by automatically releasing the kbdint context if a packet of type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type SSH_CMSG_AUTH_TIS_RESPONSE. MFC after: 1 week
* | Merge conflictsjedgar2003-03-202-5/+30
| |
* | This commit was generated by cvs2svn to compensate for changes in r112439,jedgar2003-03-201-13/+12
|\ \ | | | | | | | | | which included commits to RCS files with non-trunk default branches.
| * | Import of PKCS #1 security fix.jedgar2003-03-201-13/+12
| | | | | | | | | | | | http://www.openssl.org/news/secadv_20030319.txt
* | | KerberosIV deorbit sequence: Re-entry. Thank you, faithful friend.markm2003-03-08657-148390/+0
| | | | | | | | | | | | Enjoy your retirement in ports.
* | | Unbreak Kerberos 5 authentication in telnet.nectar2003-03-061-0/+24
| | | | | | | | | | | | | | | | | | (Credential forwarding is still broken.) PR: bin/45397
* | | Resolve conflicts after import of OpenSSL 0.9.7a.nectar2003-02-195-1/+27
| | |
* | | This commit was generated by cvs2svn to compensate for changes in r111147,nectar2003-02-19152-646/+1661
|\ \ \ | |/ / | | | | | | which included commits to RCS files with non-trunk default branches.
| * | Vendor import of OpenSSL 0.9.7a.nectar2003-02-19157-647/+1688
| | |
* | | Paranoia: instead of a NULL conversation function, use one that alwaysdes2003-02-161-6/+24
| | | | | | | | | | | | | | | | | | | | | | | | returns PAM_CONV_ERR; moreover, make sure we always have the right conversation function installed before calling PAM service functions. Also unwrap some not-so-long lines. MFC after: 3 days
* | | When `des_read_pw_string' is a macro, as in OpenSSL 0.9.7,nectar2003-02-141-1/+1
| | | | | | | | | | | | an attempt to declare a prototype for it will croak.
* | | document the current default value for VersionAddendum.des2003-02-114-4/+4
| | |
* | | Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.des2003-02-071-0/+1
| | | | | | | | | | | | MFC after: 3 days
* | | The manual page lists only 2 files, however it reads as `three files' which istrhodes2003-02-051-2/+2
| | | | | | | | | | | | | | | | | | | | | obviously incorrect. PR: 46841 Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
* | | Linux-PAM's pam_start(3) fails with a bogus error message if passed thedes2003-02-031-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | pam_conv argument is NULL. OpenPAM doesn't care, but to make things easier for people porting this code to other systems (or -STABLE), use a dummy struct pam_conv instead of NULL. Pointed out by: Damien Miller <djm@mindrot.org>
* | | Bump patch date to 2003-02-01 (the day after I fixed PAM authenticationdes2003-02-031-1/+1
| | | | | | | | | | | | for ssh1)
* | | Fix keyboard-interactive authentication for ssh1. The problem was twofold:des2003-01-312-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The PAM kbdint device sometimes doesn't know authentication succeeded until you re-query it. The ssh1 kbdint code would never re-query the device, so authentication would always fail. This patch has been submitted to the OpenSSH developers. - The monitor code for PAM sometimes forgot to tell the monitor that authentication had succeeded. This caused the monitor to veto the privsep child's decision to allow the connection. These patches have been tested with OpenSSH clients on -STABLE, NetBSD and Linux, and with ssh.com's ssh1 on Solaris. Sponsored by: DARPA, NAI Labs
* | | Background:nectar2003-01-2910-494/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c). Now, finally get around to removing the dependencies on these interfaces. There were basically two cases: des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced. des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed. Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.
* | | This commit was generated by cvs2svn to compensate for changes in r110018,nectar2003-01-295-29/+33
|\ \ \ | |/ / | | | | | | which included commits to RCS files with non-trunk default branches.
| * | = Fix a bug in UI_UTIL_read_pw's error handling that causednectar2003-01-295-29/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | des_read_pw_string to break (and thus rather mysteriously breaking utilities such as kinit). = Enable the BSD /dev/crypto interface. (These changes are being imported on the vendor branch, as they have already been accepted and committed to the OpenSSL CVS repository.)
* | | Merge conflicts.markm2003-01-2829-1117/+1762
| | | | | | | | | | | | This is cunning doublespeak for "use vendor code".
* | | Remove files no longer on OpenSSL 0.9.7. crypto/des/rnd_keys.c ismarkm2003-01-2849-6676/+0
| | | | | | | | | | | | retained as it is still used.
* | | This commit was generated by cvs2svn to compensate for changes in r109998,markm2003-01-28943-19752/+102078
|\ \ \ | |/ / | | | | | | which included commits to RCS files with non-trunk default branches.
| * | Vendor import of OpenSSL release 0.9.7. This release includesmarkm2003-01-28965-20829/+103840
| | | | | | | | | | | | support for AES and OpenBSD's hardware crypto.
* | | Make the Kerberos 4 bits build against OpenSSL 0.9.7. This requirednectar2003-01-2820-13/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | two basic changes (both of which should be no-ops until OpenSSL 0.9.7 is imported): = Define OPENSSL_DES_LIBDES_COMPATIBILITY wherever we include openssl/des.h. = Spell `struct des_ks_struct []' using the existing `des_key_schedule' typedef. When OpenSSL 0.9.7 is imported, `des_key_schedule' (among other things) will be a macro invocation instead of a typedef, and things should `just work'. Yes, this commit does take several files off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.
* | | Force early initialization of the resolver library, since the resolverdes2003-01-221-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | configuration files will no longer be available once sshd is chrooted. PR: 39953, 40894 Submitted by: dinoex MFC after: 3 days
* | | This commit was generated by cvs2svn to compensate for changes in r109641,nectar2003-01-211-1/+2
|\ \ \ | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches.
| * | | Add a missing include, needed to get a prototype for `des_read_pw_string'.nectar2003-01-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | This is particularly important for OpenSSL 0.9.7, as `des_read_pw_string' is a macro there. (This fix brought in on the vendor branch, because I already committed it to Heimdal's CVS.)
* | | | add more RFC defined telnet optionsbillf2003-01-181-3/+8
| | | | | | | | | | | | | | | | Reviewed by: ps
* | | | The previous commit contained a stupid mistake: ctxt->pam_[cp]sock wasdes2002-12-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | initialized after the call to pthread_create() instead of before. It just happened to work with threads enabled because ctxt is shared, but of course it doesn't work when we use a child process instead of threads.
* | | | If possible, use pthreads instead of a child process for PAM.des2002-12-142-65/+334
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that they share the PAM context used by the keyboard-interactive thread. If a child process is used instead, they will (necessarily) use a separate context. Constify do_pam_account() and do_pam_session(). Sponsored by: DARPA, NAI Labs
* | | | Add a missing #include "canohost.h".des2002-12-141-0/+1
| | | |
* | | | Remove code related to the PAMAuthenticationViaKbdInt option (which we'vedes2002-12-141-4/+1
| | | | | | | | | | | | | | | | disabled). This removes the only reference to auth2_pam().
* | | | Back out a lastlog-related change which is no longer relevant.des2002-12-141-1/+1
| | | |
OpenPOWER on IntegriCloud