Age | Commit message (Collapse) | Author | |
---|---|---|---|
2001-06-23 | sync skeyzero proto with recent changes | Todd C. Miller | |
2001-06-23 | skeyzero() never uses its 2nd arg so remove it. Since the only thing | Todd C. Miller | |
that calls skeyzero() is skeyinit and I just updated the libskey major I am not going to bump the major again here... | |||
2001-06-23 | Document our S/Key library. | Todd C. Miller | |
2001-06-23 | getskeyprompt() is gone | Todd C. Miller | |
2001-06-23 | Get rid of f_HASH() and fold its functionality into keycrunch_HASH(). | Todd C. Miller | |
This means we now only need to add one new function when adding a new hash type. Somehow missed from last S/Key commit (changes are static to skeysubr.c). | |||
2001-06-20 | major number bump | Todd C. Miller | |
2001-06-20 | We don't need an f() for each hash, just overload the per-hash | Todd C. Miller | |
keycrunch() function to do this. | |||
2001-06-20 | o Do per-record locking instead of whole file locking | Todd C. Miller | |
o Use said locking to prevent a partial guess race as required by RFC 2289. We now lock the record in skeylookup(), skeygetnext(), and skeyverify(). o A little KNF o Kill deprecated getskeyprompt() function o Provide a function to unlock a record, skey_unlock() o Timeout reading of the passphrase in skey_authenticate() and skey_passcheck() since we have the record locked (uses select, not alarm). o Convert old-style md4 entries (that lack an explicit hash) into new-style ones with the hash specified if there is space on the line. | |||
2001-06-20 | o Add a length parameter to struct skey and rearrange some other structs | Todd C. Miller | |
o Protect from duplicate inclusion and use __{BEGIN,END}_DECLS o Prototype new skey_unlock() function and remove proto for getskeyprompt() which has been removed. | |||
2001-01-26 | SHA1 is a big endian algorithm but RFC2289 mandates that results be | Todd C. Miller | |
stored in little endian form (like MD4/MD5). So, instead of having SHA1Final copy the result buffer, we do it ourselves with a loop stolen from RFC2289, Appendix A. Closes PR1650. | |||
2001-01-04 | grammar | Todd T. Fries | |
2000-11-20 | Move fake prompt generation from skey_authenticate() to skeychallenge() | Todd C. Miller | |
and getskeyprompt(). This means that when you get a challenge the result parameter is always filled in, even if the use is not in the skeykeys file. | |||
2000-06-23 | set mp->keyfile = NULL if stat fails | Markus Friedl | |
2000-03-02 | $OpenBSD$ | Todd T. Fries | |
1999-12-06 | fd leak | Theo de Raadt | |
1999-11-26 | fix descriptor leaks and double fclose(); markus and I; ok from millert | Theo de Raadt | |
1999-08-16 | don't need sys/file.h now that we include fcntl.h | Todd C. Miller | |
1999-08-16 | missing fcntl.h | Todd C. Miller | |
1999-07-15 | change /etc/host.random to /var/db/host.random | Niels Provos | |
1998-07-05 | replace open + fstat with stat | Todd C. Miller | |
1998-07-05 | if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This ↵ | Todd C. Miller | |
is much better than the old fake challenge. | |||
1998-07-03 | Change the random file path, add a sanity check on file size. | Angelos D. Keromytis | |
1998-07-03 | Fix my fix to return sane values. | Angelos D. Keromytis | |
1998-07-03 | produce credible seeds for non-existent users. | Todd C. Miller | |
1998-07-03 | Fix some of my indentation badness. | Angelos D. Keromytis | |
1998-07-03 | Remove user existance disclosure through "s/key" challenges. | Angelos D. Keromytis | |
1998-02-24 | Allow superuser to disable skey by unlnking /etc/skeykeys. | Todd C. Miller | |
1997-09-12 | Don't let strncpy() get a negative length. Noted by Theo. | Todd C. Miller | |
1997-09-04 | Don't unlock skeys file before closing it. The lock is released | Todd C. Miller | |
when the file is closed anyway and explicately unlocking before the file gets flushed defeats the purpose of locking in the first place. | |||
1997-07-29 | This case of version number update is a little special and was not well-known | Niklas Hallqvist | |
before. A new general rule has been formed: When you change a library to *use* a new API of another library (which may there only have given need to a minor number crank), you must crank the *major*. The specific scenario that was seen this time was: I libc 16 started without the SHA interface II libskey 0 did obviously not use it III installation of libc 16 and libskey 0 IV software installed that uses libskey V libc 16 got SHA added, minor number update VI libskey 0 was changed to use it VII libc was cranked to 17 for other reasons VIII installation of libc 17 and newer libskey 0 IX use of the software installed in IV fails! This is due to the fact that the libskey using software searches for the most current libskey 0, which uses the SHA interface, and the most current libc 16 which was the old one installed in III, which does not provide SHA, and thus gets two incompatible libraries linked with it. Crash! One could argue that people should install all library versions that is made available, but that is really not feasible. One have to recognize that people may build their systems at arbitrary points in time and then go on to install software they know work at their lib revision levels. A later build should not break this software, that may only be available in binary versions. | |||
1997-07-27 | Remove debugging info, whoops. | Todd C. Miller | |
1997-07-27 | bump minor | Todd C. Miller | |
1997-07-27 | - Do coarse locking on /etc/skeykeys. Fixes a race that could allow | Todd C. Miller | |
a replay attempt to succeed. - OpenBSD tags | |||
1997-07-27 | Fix search and replace error introduced in version 1.16. | Todd C. Miller | |
1997-07-26 | Convert upper -> lower case in seed for fake s/key propt. | Todd C. Miller | |
1997-07-26 | - int -> long fixes | Todd C. Miller | |
- restore priority correctly after setpriority (assumed start pri was 0) - rfc-compliant challenge when faking it for those w/o a keyfile entry on machines with short hostnames or non-alphanum hostnames. | |||
1997-07-24 | Fix one instance of bad strncpy() usage and some KNF. | Todd C. Miller | |
1997-07-23 | Fix skeygetnext() | Todd C. Miller | |
1997-07-23 | _PATH_SKEYKEYS now lives in <paths.h> | Todd C. Miller | |
Add skeygetnext() for iterating over the key file. | |||
1997-07-23 | Mode 0600 /etc/skeykeys | Todd C. Miller | |
1997-07-23 | Increase max hashname length for rmd160. | Todd C. Miller | |
1997-07-17 | Add RIPEMD-160 (rmd160) support to OTP (s/key). | Todd C. Miller | |
1997-07-11 | Remove #if 0'd code | Todd C. Miller | |
1997-07-10 | Use new SHA1* functions. | Todd C. Miller | |
1997-07-10 | Need err.h for warnx proto. | Todd C. Miller | |
1997-04-27 | COPY -> INSTALL_COPY and STRIP -> INSTALL_STRIP | Todd C. Miller | |
This fixes namespace problems where STRIP is sometimes used as the name of the strip(1) to use and other times used as the flag to send install(1) when stripping (or not). COPY doesn't have this problem (yet) but was poorly named. | |||
1996-12-08 | install -> ${INSTALL}, -c -> ${COPY} | Jason Downs | |
1996-11-03 | Add a bunch of length/size macros and use them. | Todd C. Miller | |
1996-10-22 | Fake an s/key challenge if user doesn't have an entry. Stops info | Todd C. Miller | |
gathering attack. | |||
1996-10-22 | Don't need the extra newline since we never turn off echo for s/key | Todd C. Miller | |