summaryrefslogtreecommitdiffstats
path: root/moduli.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Always call fclose on checkpoints.dtucker@openbsd.org2023-03-021-5/+8
| | | | | | | | In the case of an fprintf failure we would not call fclose which would leak the FILE pointer. While we're there, try to clean up the temp file on failure. Spotted by Coverity, ok djm@ OpenBSD-Commit-ID: 73c7ccc5d4fcc235f54c6b20767a2815408525ef
* upstream: fix some integer overflows in sieve_large() that show up whendjm@openbsd.org2022-05-021-7/+7
| | | | | | | trying to generate modp groups > 16k bits. Reported via GHPR#306 by Bertram Felgenhauer, but fixed in a different way. feedback/ok tb@ OpenBSD-Commit-ID: 81cbc6dd3a21c57bd6fadea10e44afe37bca558e
* upstream: remove most uses of BN_CTXdjm@openbsd.org2019-11-161-8/+4
| | | | | | | We weren't following the rules re BN_CTX_start/BN_CTX_end and the places we were using it didn't benefit from its use anyway. ok dtucker@ OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
* upstream: Check for gmtime failure in moduli generation. Based ondtucker@openbsd.org2019-10-041-1/+3
| | | | | | patch from krishnaiah.bommu@intel.com, ok djm@ OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
* upstream: snprintf/vsnprintf return < 0 on error, rather than -1.deraadt@openbsd.org2019-07-051-2/+2
| | | | OpenBSD-Commit-ID: a261c421140a0639bb2b66bbceca72bf8239749d
* upstream: Remove 3 as a guess for possible generator during modulidtucker@openbsd.org2019-01-241-3/+1
| | | | | | | | generation. It's not mentioned in RFC4419 and it's not possible for Sophie-Germain primes greater than 5. bz#2330, from Christian Wittenhorst , ok djm@ tb@ OpenBSD-Commit-ID: 1467652e6802ad3333b0959282d8d49dfe22c8cd
* upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 ontb@openbsd.org2019-01-211-5/+14
| | | | | | | | | | | error. Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, dtucker OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8
* upstream commitderaadt@openbsd.org2017-12-121-3/+3
| | | | | | time_t printing needs %lld and (long long) casts ok djm OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7
* upstream commitderaadt@openbsd.org2016-09-121-3/+2
| | | | | | | | Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
* upstream commitderaadt@openbsd.org2015-01-261-4/+5
| | | | | Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
* support --without-openssl at configure timeDamien Miller2015-01-141-0/+4
| | | | | | | | Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
* upstream commitdoug@openbsd.org2014-10-131-1/+2
| | | | | | Free resources on error in mkstemp and fdopen ok djm@
* - dtucker@cvs.openbsd.org 2013/10/24 00:49:49Damien Miller2013-10-241-14/+92
| | | | | | [moduli.c] Periodically print progress and, if possible, expected time to completion when screening moduli for DH groups. ok deraadt djm
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-011-5/+5
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - dtucker@cvs.openbsd.org 2012/07/06 00:41:59Damien Miller2012-07-061-5/+13
| | | | | | | [moduli.c ssh-keygen.1 ssh-keygen.c] Add options to specify starting line number and number of lines to process when screening moduli candidates. This allows processing of different parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
* - djm@cvs.openbsd.org 2011/10/19 00:06:10Darren Tucker2011-11-041-6/+6
| | | | | [moduli.c] s/tmpfile/tmp/ to make this -Wshadow clean
* - stsp@cvs.openbsd.org 2011/10/16 15:51:39Damien Miller2011-10-181-1/+3
| | | | | [moduli.c] add missing includes to unbreak tree; fix from rpointel
* - dtucker@cvs.openbsd.org 2011/10/16 11:02:46Damien Miller2011-10-181-3/+66
| | | | | [moduli.c ssh-keygen.1 ssh-keygen.c] Add optional checkpoints for moduli screening. feedback & ok deraadt
* - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] AddDarren Tucker2010-12-041-0/+2
| | | | | shims for the new, non-deprecated OpenSSL key generation functions for platforms that don't have the new interfaces.
* - djm@cvs.openbsd.org 2010/11/10 01:33:07Damien Miller2010-11-201-4/+4
| | | | | | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. these have been around for years by this time. ok markus
* - djm@cvs.openbsd.org 2008/06/26 09:19:40Damien Miller2008-06-291-33/+16
| | | | | | | | [dh.c dh.h moduli.c] when loading moduli from /etc/moduli in sshd(8), check that they are of the expected "safe prime" structure and have had appropriate primality tests performed; feedback and ok dtucker@
* - ray@cvs.openbsd.org 2007/02/24 03:30:11Darren Tucker2007-02-251-5/+3
| | | | | | | [moduli.c] - strlen returns size_t, not int. - Pass full buffer size to fgets. OK djm@, millert@, and moritz@.
* - markus@cvs.openbsd.org 2006/11/06 21:25:28Darren Tucker2006-11-071-18/+34
| | | | | | [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/08/01 23:22:48Damien Miller2006-08-051-1/+2
| | | | | | | | | | | | | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/26 13:57:17Damien Miller2006-08-051-1/+2
| | | | | | | | | [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include <stdlib.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-1/+2
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/22 19:08:54Damien Miller2006-07-241-3/+8
| | | | | | [includes.h moduli.c progressmeter.c scp.c sftp-common.c] [sftp-server.c ssh-agent.c sshlogin.c] move #include <time.h> out of includes.h
* - djm@cvs.openbsd.org 2006/03/25 00:05:41Damien Miller2006-03-261-14/+3
| | | | | | | | | | | | | | | | [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] [xmalloc.c xmalloc.h] introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
* - djm@cvs.openbsd.org 2005/07/17 07:17:55Damien Miller2005-07-171-12/+12
| | | | | | | | [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] [sshconnect.c sshconnect2.c] knf says that a 2nd level indent is four (not three or five) spaces
* - avsm@cvs.openbsd.org 2005/05/23 22:44:01Damien Miller2005-05-261-5/+6
| | | | | | | [moduli.c ssh-keygen.c] - removes signed/unsigned comparisons in moduli generation - use strtonum instead of atoi where its easier - check some strlcpy overflow and fatal instead of truncate
* - dtucker@cvs.openbsd.org 2005/01/17 03:25:46Darren Tucker2005-01-201-3/+3
| | | | | [moduli.c] Correct spelling: SCHNOOR->SCHNORR; ok djm@
* - deraadt@cvs.openbsd.org 2004/07/11 17:48:47Darren Tucker2004-07-171-24/+24
| | | | | | | | [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces
* - markus@cvs.openbsd.org 2004/05/21 08:43:03Darren Tucker2004-05-241-1/+3
| | | | | [kex.h moduli.c tildexpand.c] add prototypes for -Wall; ok djm
* - djm@cvs.openbsd.org 2004/05/09 00:06:47Darren Tucker2004-05-131-4/+30
| | | | | [moduli.c ssh-keygen.c] removed: moduli.h zap another tiny header; ok deraadt@
* - djm@cvs.openbsd.org 2004/04/22 11:56:57Darren Tucker2004-05-021-6/+6
| | | | | | [moduli.c] Bugzilla #850: Sophie Germain is the correct name of the French mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
* - djm@cvs.openbsd.org 2003/12/22 09:16:58Darren Tucker2003-12-311-9/+18
| | | | | | [moduli.c ssh-keygen.1 ssh-keygen.c] tidy up moduli generation debugging, add -v (verbose/debug) option to ssh-keygen; ok markus@
* - dtucker@cvs.openbsd.org 2003/12/09 13:52:55Darren Tucker2003-12-091-1/+10
| | | | | | [moduli.c] Prevent ssh-keygen -T from outputting moduli with a generator of 0, since they can't be used for Diffie-Hellman. Assistance and ok djm@
* - djm@cvs.openbsd.org 2003/12/07 06:34:18Darren Tucker2003-12-091-10/+1
| | | | | [moduli.c] remove unused debugging #define templates
* more whitespace (tabs this time)Damien Miller2003-11-211-2/+2
|
* - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller2003-11-211-31/+31
| | | | | | [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
* - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile.Darren Tucker2003-08-021-0/+617
Should have added with this sync: - djm@cvs.openbsd.org 2003/07/28 09:49:56 [ssh-keygen.1 ssh-keygen.c] Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen. Based on code from Phil Karn, William Allen Simpson and Niels Provos. ok markus@, thanks jmc@