summaryrefslogtreecommitdiff
path: root/lib/libskey
AgeCommit message (Collapse)Author
2001-06-23sync skeyzero proto with recent changesTodd C. Miller
2001-06-23skeyzero() never uses its 2nd arg so remove it. Since the only thingTodd C. Miller
that calls skeyzero() is skeyinit and I just updated the libskey major I am not going to bump the major again here...
2001-06-23Document our S/Key library.Todd C. Miller
2001-06-23getskeyprompt() is goneTodd C. Miller
2001-06-23Get rid of f_HASH() and fold its functionality into keycrunch_HASH().Todd C. Miller
This means we now only need to add one new function when adding a new hash type. Somehow missed from last S/Key commit (changes are static to skeysubr.c).
2001-06-20major number bumpTodd C. Miller
2001-06-20We don't need an f() for each hash, just overload the per-hashTodd C. Miller
keycrunch() function to do this.
2001-06-20o Do per-record locking instead of whole file lockingTodd C. Miller
o Use said locking to prevent a partial guess race as required by RFC 2289. We now lock the record in skeylookup(), skeygetnext(), and skeyverify(). o A little KNF o Kill deprecated getskeyprompt() function o Provide a function to unlock a record, skey_unlock() o Timeout reading of the passphrase in skey_authenticate() and skey_passcheck() since we have the record locked (uses select, not alarm). o Convert old-style md4 entries (that lack an explicit hash) into new-style ones with the hash specified if there is space on the line.
2001-06-20o Add a length parameter to struct skey and rearrange some other structsTodd C. Miller
o Protect from duplicate inclusion and use __{BEGIN,END}_DECLS o Prototype new skey_unlock() function and remove proto for getskeyprompt() which has been removed.
2001-01-26SHA1 is a big endian algorithm but RFC2289 mandates that results beTodd C. Miller
stored in little endian form (like MD4/MD5). So, instead of having SHA1Final copy the result buffer, we do it ourselves with a loop stolen from RFC2289, Appendix A. Closes PR1650.
2001-01-04grammarTodd T. Fries
2000-11-20Move fake prompt generation from skey_authenticate() to skeychallenge()Todd C. Miller
and getskeyprompt(). This means that when you get a challenge the result parameter is always filled in, even if the use is not in the skeykeys file.
2000-06-23set mp->keyfile = NULL if stat failsMarkus Friedl
2000-03-02$OpenBSD$Todd T. Fries
1999-12-06fd leakTheo de Raadt
1999-11-26fix descriptor leaks and double fclose(); markus and I; ok from millertTheo de Raadt
1999-08-16don't need sys/file.h now that we include fcntl.hTodd C. Miller
1999-08-16missing fcntl.hTodd C. Miller
1999-07-15change /etc/host.random to /var/db/host.randomNiels Provos
1998-07-05replace open + fstat with statTodd C. Miller
1998-07-05if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This ↵Todd C. Miller
is much better than the old fake challenge.
1998-07-03Change the random file path, add a sanity check on file size.Angelos D. Keromytis
1998-07-03Fix my fix to return sane values.Angelos D. Keromytis
1998-07-03produce credible seeds for non-existent users.Todd C. Miller
1998-07-03Fix some of my indentation badness.Angelos D. Keromytis
1998-07-03Remove user existance disclosure through "s/key" challenges.Angelos D. Keromytis
1998-02-24Allow superuser to disable skey by unlnking /etc/skeykeys.Todd C. Miller
1997-09-12Don't let strncpy() get a negative length. Noted by Theo.Todd C. Miller
1997-09-04Don't unlock skeys file before closing it. The lock is releasedTodd C. Miller
when the file is closed anyway and explicately unlocking before the file gets flushed defeats the purpose of locking in the first place.
1997-07-29This case of version number update is a little special and was not well-knownNiklas Hallqvist
before. A new general rule has been formed: When you change a library to *use* a new API of another library (which may there only have given need to a minor number crank), you must crank the *major*. The specific scenario that was seen this time was: I libc 16 started without the SHA interface II libskey 0 did obviously not use it III installation of libc 16 and libskey 0 IV software installed that uses libskey V libc 16 got SHA added, minor number update VI libskey 0 was changed to use it VII libc was cranked to 17 for other reasons VIII installation of libc 17 and newer libskey 0 IX use of the software installed in IV fails! This is due to the fact that the libskey using software searches for the most current libskey 0, which uses the SHA interface, and the most current libc 16 which was the old one installed in III, which does not provide SHA, and thus gets two incompatible libraries linked with it. Crash! One could argue that people should install all library versions that is made available, but that is really not feasible. One have to recognize that people may build their systems at arbitrary points in time and then go on to install software they know work at their lib revision levels. A later build should not break this software, that may only be available in binary versions.
1997-07-27Remove debugging info, whoops.Todd C. Miller
1997-07-27bump minorTodd C. Miller
1997-07-27- Do coarse locking on /etc/skeykeys. Fixes a race that could allowTodd C. Miller
a replay attempt to succeed. - OpenBSD tags
1997-07-27Fix search and replace error introduced in version 1.16.Todd C. Miller
1997-07-26Convert upper -> lower case in seed for fake s/key propt.Todd C. Miller
1997-07-26 - int -> long fixesTodd C. Miller
- restore priority correctly after setpriority (assumed start pri was 0) - rfc-compliant challenge when faking it for those w/o a keyfile entry on machines with short hostnames or non-alphanum hostnames.
1997-07-24Fix one instance of bad strncpy() usage and some KNF.Todd C. Miller
1997-07-23Fix skeygetnext()Todd C. Miller
1997-07-23_PATH_SKEYKEYS now lives in <paths.h>Todd C. Miller
Add skeygetnext() for iterating over the key file.
1997-07-23Mode 0600 /etc/skeykeysTodd C. Miller
1997-07-23Increase max hashname length for rmd160.Todd C. Miller
1997-07-17Add RIPEMD-160 (rmd160) support to OTP (s/key).Todd C. Miller
1997-07-11Remove #if 0'd codeTodd C. Miller
1997-07-10Use new SHA1* functions.Todd C. Miller
1997-07-10Need err.h for warnx proto.Todd C. Miller
1997-04-27COPY -> INSTALL_COPY and STRIP -> INSTALL_STRIPTodd C. Miller
This fixes namespace problems where STRIP is sometimes used as the name of the strip(1) to use and other times used as the flag to send install(1) when stripping (or not). COPY doesn't have this problem (yet) but was poorly named.
1996-12-08install -> ${INSTALL}, -c -> ${COPY}Jason Downs
1996-11-03Add a bunch of length/size macros and use them.Todd C. Miller
1996-10-22Fake an s/key challenge if user doesn't have an entry. Stops infoTodd C. Miller
gathering attack.
1996-10-22Don't need the extra newline since we never turn off echo for s/keyTodd C. Miller