Commit Graph

40 Commits

Author SHA1 Message Date
Damien Miller
6c21c51c48 - (djm) autoconf hacking:
- We don't support --without-zlib currently, so don't allow it.
   - Rework cryptographic random number support detection. We now detect
     whether OpenSSL seeds itself. If it does, then we don't bother with
     the ssh-rand-helper program. You can force the use of ssh-rand-helper
     using the --with-rand-helper configure argument
   - Simplify and clean up ssh-rand-helper configuration
2002-01-22 21:57:53 +11:00
Damien Miller
62116dcc0a - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
solar@openwall.com
 - (djm) Rework entropy code. If the OpenSSL PRNG is has not been
   internally seeded, execute a subprogram "ssh-rand-helper" to obtain
   some entropy for us. Rewrite the old in-process entropy collecter as
   an example ssh-rand-helper.
 - (djm) Always perform ssh_prng_cmds path lookups in configure, even if
   we don't end up using ssh_prng_cmds (so we always get a valid file)
2001-12-24 01:41:47 +11:00
Damien Miller
2ab5924d1f - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
a fast UltraSPARC.
2001-08-06 16:51:49 +10:00
Damien Miller
79b332dd67 - (djm) Fix a few warnings the above turned up 2001-06-27 23:36:08 +10:00
Damien Miller
60bc517356 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
2001-03-19 09:38:15 +11:00
Damien Miller
d0ccb989c2 - Allow PRNGd entropy collection from localhost TCP socket. Replace
"--with-egd-pool" configure option with "--with-prngd-socket" and
   "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2001-03-04 00:29:20 +11:00
Damien Miller
3456d32a92 avoid warning 2001-02-27 11:00:52 +11:00
Damien Miller
248131ae99 - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
<markm@swoon.net>
2001-02-27 09:47:16 +11:00
Damien Miller
767c7fc27c - (djm) fatal() on OpenSSL version mismatch 2001-02-27 09:20:57 +11:00
Damien Miller
fbd884a80d - (djm) Fix up POSIX saved uid support. Report from Mark Miller
<markm@swoon.net>
 - (djm) Search for -lcrypt on FreeBSD too
2001-02-27 08:39:07 +11:00
Damien Miller
bb7c976202 - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
Based on patch from Tim Rice <tim@multitalents.net>
2001-02-26 20:49:58 +11:00
Kevin Steves
4679f5b94f - (stevesk) entropy.c: typo; should be SIGPIPE 2001-02-18 11:34:32 +00:00
Damien Miller
a1072a8e37 - (djm) Move entropy.c over to mysignal() 2001-02-18 15:28:11 +11:00
Damien Miller
b3ffc5f1d4 - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
Todd C. Miller <Todd.Miller@courtesan.com>
2001-02-18 12:44:29 +11:00
Kevin Steves
ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Ben Lindstrom
cb577331b4 20010123
- (bal) regexp.h typo in configure.in.  Should have been regex.h
 - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
2001-01-22 21:06:19 +00:00
Ben Lindstrom
226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Damien Miller
21de450853 - (djm) Only write random seed file at exit 2001-01-17 09:37:15 +11:00
Damien Miller
d592b63296 give up privs when reading seed file 2000-11-25 10:09:32 +11:00
Damien Miller
52dc96b717 - (djm) Make inability to read/write PRNG seedfile non-fatal 2000-10-16 20:13:43 +11:00
Damien Miller
cb5e44a440 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
tidy necessary differences. Use Markus' new debugN() in entropy.c
2000-09-29 12:12:36 +11:00
Damien Miller
9d5705a4b3 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
password change patch.
 - (djm) Bring licenses on my stuff in line with OpenBSD's
2000-09-16 16:09:27 +11:00
Damien Miller
ecbb26d3d4 - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
- Include floatingpoint.h for entropy.c
   - strerror replacement
2000-07-15 14:59:14 +10:00
Damien Miller
f9b625c36e - (djm) Fix pam sprintf fix
- (djm) Cleanup entropy collection code a little more. Split initialisation
   from seeding, perform intialisation immediatly at start, be careful with
   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
2000-07-09 22:42:32 +10:00
Damien Miller
0800647391 Fix fixed egd code 2000-06-26 13:55:31 +10:00
Damien Miller
6468125052 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-06-26 13:01:33 +10:00
Damien Miller
7b22d65034 - (djm) Add summary of configure options to end of ./configure run
- (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
   Michael Stone <mstone@cs.loyola.edu>
 - (djm) rusage is a privileged operation on some Unices (incl.
   Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
 - (djm) Avoid PAM failures when running without a TTY. Report from
   Martin Petrak <petrak@spsknm.schools.sk>
 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
   Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
2000-06-18 14:07:04 +10:00
Damien Miller
14c12cb000 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
list of commands (by default). Removed verbose debugging (by default).
 - (djm) Increased command entropy estimates and default entropy collection
   timeout
2000-06-07 22:20:23 +10:00
Damien Miller
1ea8ac7b90 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
update credits
2000-05-31 11:24:34 +10:00
Damien Miller
f3c6cf1383 - Avoid WCOREDUMP complation errors for systems that lack it
- Avoid SIGCHLD warnings from entropy commands
2000-05-17 22:08:29 +10:00
Damien Miller
8d1fd57a97 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
- Fixes command line printing segfaults (spotter: Bladt Norbert)
  - Fixes erroneous printing of debug messages to syslog
  - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
  - Gives useful error message if PRNG initialisation fails
  - Reduced ssh startup delay
  - Measures cumulative command time rather than the time between reads
	 after select()
  - 'fixprogs' perl script to eliminate non-working entropy commands, and
	 optionally run 'ent' to measure command entropy
2000-05-17 21:34:07 +10:00
Damien Miller
accfeb3afe - Fix for prng_seed permissions checking from Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-05-11 19:10:58 +10:00
Damien Miller
0437b33e54 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
gathering commands from a text file
2000-05-02 09:56:41 +10:00
Damien Miller
fc0b11b5aa - Irix portability fixes - don't include netinet headers more than once
- Make sure we don't save PRNG seed more than once
2000-05-02 00:03:55 +10:00
Damien Miller
4018c1985d - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
patch.
   - Adds timeout to entropy collection
   - Disables slow entropy sources
   - Load and save seed file
 - Changed entropy seed code to user per-user seeds only (server seed is
   saved in root's .ssh directory)
 - Use atexit() and fatal cleanups to save seed on exit
2000-04-30 09:30:44 +10:00
Damien Miller
5f05637b0e - Reduce diff against OpenBSD source
- All OpenSSL includes are now unconditionally referenced as
     openssl/foo.h
   - Pick up formatting changes
   - Other minor changed (typecasts, etc) that I missed
2000-04-16 12:31:48 +10:00
Damien Miller
bc7c7cceea - Avoid some compiler warnings in fake-get*.c
- Add IPTOS macros for systems which lack them
2000-04-08 17:48:56 +10:00
Damien Miller
74a333bbe1 - Generate manpages before make install not at the end of make all
- Don't seed the rng quite so often
 - Always reseed rng when requested
2000-04-04 15:04:09 +10:00
Damien Miller
ecf6240b6d remove debugging junk 2000-04-03 15:07:32 +10:00
Damien Miller
040f3831fc - Wrote entropy collection routines for systems that lack /dev/random
and EGD
2000-04-03 14:50:43 +10:00