aboutsummaryrefslogtreecommitdiff
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* MFC s3_pkt.c 1.1.1.9:Jacques Vidrine2004-03-172-1/+9
| | | | | | | Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079). Notes: svn path=/releng/5.1/; revision=127117
* Correct vulnerabilities in OpenSSL ASN.1 parsing.Jacques Vidrine2003-10-034-6/+16
| | | | | | | Obtained from: openssl.org CVS Notes: svn path=/releng/5.1/; revision=120700
* Update version string.Dag-Erling Smørgrav2003-09-245-5/+5
| | | | Notes: svn path=/releng/5.1/; revision=120417
* MFC: (1.12) resp is a pointer to an array of structs.Dag-Erling Smørgrav2003-09-241-9/+9
| | | | Notes: svn path=/releng/5.1/; revision=120409
* MFC: (1.7) return the correct error value when a null query fails.Dag-Erling Smørgrav2003-09-241-1/+1
| | | | Notes: svn path=/releng/5.1/; revision=120408
* MFC buffer.c 1.2, channels.c 1.16, deattack.c 1.1.1.6, misc.c 1.1.1.5,Jacques Vidrine2003-09-176-26/+38
| | | | | | | | session.c 1.41, ssh-agent.c 1.19: Correct more cases of allocation size bookkeeping errors. Notes: svn path=/releng/5.1/; revision=120167
* Bump addendum version for additional fixes.Jacques Vidrine2003-09-171-1/+1
| | | | Notes: svn path=/releng/5.1/; revision=120166
* MFC buffer.c 1.1.1.7: Do not record expanded size before attempting toJacques Vidrine2003-09-162-5/+8
| | | | | | | reallocate associated memory. Notes: svn path=/releng/5.1/; revision=120130
* Fix off-by-one and initialization errors which prevented sshd fromDag-Erling Smørgrav2003-05-281-1/+2
| | | | | | | | | | restarting when sent a SIGHUP. Submitted by: tegge Approved by: re (jhb) Notes: svn path=/head/; revision=115372
* Revert unnecessary part of previous commit.Dag-Erling Smørgrav2003-05-131-7/+7
| | | | Notes: svn path=/head/; revision=114972
* Rename a few functions to avoid stealing common words (error, log, debugDag-Erling Smørgrav2003-05-121-7/+16
| | | | | | | | | | etc.) from the application namespace for programs that use pam_ssh(8). Use #defines to avoid changing the actual source code. Approved by: re (rwatson) Notes: svn path=/head/; revision=114955
* Fix up external variables named "debug" that have a horrible habitMark Murray2003-05-115-8/+8
| | | | | | | | | | | of conflicting with other, similarly named functions in static libraries. This is done mostly by renaming the var if it is shared amongst modules, or making it static otherwise. OK'ed by: re(scottl) Notes: svn path=/head/; revision=114911
* Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.David E. O'Brien2003-05-0419-81/+79
| | | | Notes: svn path=/head/; revision=114630
* Remove RCSID from files which have no other diffs to the vendor branch.Dag-Erling Smørgrav2003-05-0125-25/+0
| | | | Notes: svn path=/head/; revision=114426
* Nit.Dag-Erling Smørgrav2003-04-231-1/+1
| | | | Notes: svn path=/head/; revision=113914
* Improvements to the proposed shell code.Dag-Erling Smørgrav2003-04-231-7/+6
| | | | Notes: svn path=/head/; revision=113913
* Regenerate.Dag-Erling Smørgrav2003-04-231-2/+42
| | | | Notes: svn path=/head/; revision=113912
* Resolve conflicts.Dag-Erling Smørgrav2003-04-2347-622/+827
| | | | Notes: svn path=/head/; revision=113911
* This commit was generated by cvs2svn to compensate for changes in r113908,Dag-Erling Smørgrav2003-04-2390-1204/+3371
|\ | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=113909
| * Vendor import of OpenSSH-portable 3.6.1p1.Dag-Erling Smørgrav2003-04-23135-1767/+4203
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=113908
* | - when using a child process instead of a thread, change the child'sDag-Erling Smørgrav2003-03-311-2/+13
| | | | | | | | | | | | | | | | | | | | name to reflect its role - try to handle expired passwords a little better MFC after: 1 week Notes: svn path=/head/; revision=112871
* | If an ssh1 client initiated challenge-response authentication but didDag-Erling Smørgrav2003-03-313-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | not respond to challenge, and later successfully authenticated itself using another method, the kbdint context would never be released, leaving the PAM child process behind even after the connection ended. Fix this by automatically releasing the kbdint context if a packet of type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type SSH_CMSG_AUTH_TIS_RESPONSE. MFC after: 1 week Notes: svn path=/head/; revision=112870
* | Merge conflictsChris D. Faulhaber2003-03-202-5/+30
| | | | | | | | Notes: svn path=/head/; revision=112446
* | This commit was generated by cvs2svn to compensate for changes in r112439,Chris D. Faulhaber2003-03-201-13/+12
|\ \ | | | | | | | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=112440
| * | Import of PKCS #1 security fix.Chris D. Faulhaber2003-03-201-13/+12
| | | | | | | | | | | | | | | | | | | | | http://www.openssl.org/news/secadv_20030319.txt Notes: svn path=/vendor-crypto/openssl/dist/; revision=112439
* | | KerberosIV deorbit sequence: Re-entry. Thank you, faithful friend.Mark Murray2003-03-08657-148390/+0
| | | | | | | | | | | | | | | | | | | | | Enjoy your retirement in ports. Notes: svn path=/head/; revision=111993
* | | Unbreak Kerberos 5 authentication in telnet.Jacques Vidrine2003-03-061-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | (Credential forwarding is still broken.) PR: bin/45397 Notes: svn path=/head/; revision=111946
* | | Resolve conflicts after import of OpenSSL 0.9.7a.Jacques Vidrine2003-02-195-1/+27
| | | | | | | | | | | | Notes: svn path=/head/; revision=111150
* | | This commit was generated by cvs2svn to compensate for changes in r111147,Jacques Vidrine2003-02-19152-642/+1657
|\| | | | | | | | | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=111148
| * | Vendor import of OpenSSL 0.9.7a.Jacques Vidrine2003-02-19157-643/+1684
| | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=111147
* | | Paranoia: instead of a NULL conversation function, use one that alwaysDag-Erling Smørgrav2003-02-161-6/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | returns PAM_CONV_ERR; moreover, make sure we always have the right conversation function installed before calling PAM service functions. Also unwrap some not-so-long lines. MFC after: 3 days Notes: svn path=/head/; revision=110988
* | | When `des_read_pw_string' is a macro, as in OpenSSL 0.9.7,Jacques Vidrine2003-02-141-1/+1
| | | | | | | | | | | | | | | | | | | | | an attempt to declare a prototype for it will croak. Notes: svn path=/head/; revision=110868
* | | document the current default value for VersionAddendum.Dag-Erling Smørgrav2003-02-114-4/+4
| | | | | | | | | | | | Notes: svn path=/head/; revision=110692
* | | Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.Dag-Erling Smørgrav2003-02-071-0/+1
| | | | | | | | | | | | | | | | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=110506
* | | The manual page lists only 2 files, however it reads as `three files' which isTom Rhodes2003-02-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | obviously incorrect. PR: 46841 Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp> Notes: svn path=/head/; revision=110359
* | | Linux-PAM's pam_start(3) fails with a bogus error message if passed theDag-Erling Smørgrav2003-02-031-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pam_conv argument is NULL. OpenPAM doesn't care, but to make things easier for people porting this code to other systems (or -STABLE), use a dummy struct pam_conv instead of NULL. Pointed out by: Damien Miller <djm@mindrot.org> Notes: svn path=/head/; revision=110283
* | | Bump patch date to 2003-02-01 (the day after I fixed PAM authenticationDag-Erling Smørgrav2003-02-031-1/+1
| | | | | | | | | | | | | | | | | | | | | for ssh1) Notes: svn path=/head/; revision=110282
* | | Fix keyboard-interactive authentication for ssh1. The problem was twofold:Dag-Erling Smørgrav2003-01-312-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The PAM kbdint device sometimes doesn't know authentication succeeded until you re-query it. The ssh1 kbdint code would never re-query the device, so authentication would always fail. This patch has been submitted to the OpenSSH developers. - The monitor code for PAM sometimes forgot to tell the monitor that authentication had succeeded. This caused the monitor to veto the privsep child's decision to allow the connection. These patches have been tested with OpenSSH clients on -STABLE, NetBSD and Linux, and with ssh.com's ssh1 on Solaris. Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=110138
* | | Background:Jacques Vidrine2003-01-2910-494/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c). Now, finally get around to removing the dependencies on these interfaces. There were basically two cases: des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced. des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed. Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4. Notes: svn path=/head/; revision=110049
* | | This commit was generated by cvs2svn to compensate for changes in r110018,Jacques Vidrine2003-01-295-29/+33
|\| | | | | | | | | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=110019
| * | = Fix a bug in UI_UTIL_read_pw's error handling that causedJacques Vidrine2003-01-295-29/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | des_read_pw_string to break (and thus rather mysteriously breaking utilities such as kinit). = Enable the BSD /dev/crypto interface. (These changes are being imported on the vendor branch, as they have already been accepted and committed to the OpenSSL CVS repository.) Notes: svn path=/vendor-crypto/openssl/dist/; revision=110018
* | | Merge conflicts.Mark Murray2003-01-2829-1093/+1738
| | | | | | | | | | | | | | | | | | | | | This is cunning doublespeak for "use vendor code". Notes: svn path=/head/; revision=110007
* | | Remove files no longer on OpenSSL 0.9.7. crypto/des/rnd_keys.c isMark Murray2003-01-2849-6676/+0
| | | | | | | | | | | | | | | | | | | | | retained as it is still used. Notes: svn path=/head/; revision=110006
* | | This commit was generated by cvs2svn to compensate for changes in r109998,Mark Murray2003-01-28943-19690/+102016
|\| | | | | | | | | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=109999
| * | Vendor import of OpenSSL release 0.9.7. This release includesMark Murray2003-01-28965-20743/+103754
| | | | | | | | | | | | | | | | | | | | | support for AES and OpenBSD's hardware crypto. Notes: svn path=/vendor-crypto/openssl/dist/; revision=109998
* | | Make the Kerberos 4 bits build against OpenSSL 0.9.7. This requiredJacques Vidrine2003-01-2820-13/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | two basic changes (both of which should be no-ops until OpenSSL 0.9.7 is imported): = Define OPENSSL_DES_LIBDES_COMPATIBILITY wherever we include openssl/des.h. = Spell `struct des_ks_struct []' using the existing `des_key_schedule' typedef. When OpenSSL 0.9.7 is imported, `des_key_schedule' (among other things) will be a macro invocation instead of a typedef, and things should `just work'. Yes, this commit does take several files off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4. Notes: svn path=/head/; revision=109995
* | | Force early initialization of the resolver library, since the resolverDag-Erling Smørgrav2003-01-221-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | configuration files will no longer be available once sshd is chrooted. PR: 39953, 40894 Submitted by: dinoex MFC after: 3 days Notes: svn path=/head/; revision=109683
* | | This commit was generated by cvs2svn to compensate for changes in r109641,Jacques Vidrine2003-01-211-1/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=109642
| * | | Add a missing include, needed to get a prototype for `des_read_pw_string'.Jacques Vidrine2003-01-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is particularly important for OpenSSL 0.9.7, as `des_read_pw_string' is a macro there. (This fix brought in on the vendor branch, because I already committed it to Heimdal's CVS.) Notes: svn path=/vendor-crypto/heimdal/dist/; revision=109641
* | | | add more RFC defined telnet optionsBill Fumerola2003-01-181-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Reviewed by: ps Notes: svn path=/head/; revision=109466
generated by cgit v1.3 (git 2.53.0) at 2026-05-11 15:15:06 +0000