summaryrefslogtreecommitdiff
path: root/moduli.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2007-06-12 16:16:35 +0000
committerColin Watson <cjwatson@debian.org>2007-06-12 16:16:35 +0000
commitb7e40fa9da0b5491534a429dadb321eab5a77558 (patch)
treebed1da11e9f829925797aa093e379fc0b5868ecd /moduli.c
parent4f84beedf1005e44ff33c854abd6b711ffc0adb7 (diff)
parent086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff)
* New upstream release (closes: #395507, #397961, #420035). Important
changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi.
Diffstat (limited to 'moduli.c')
-rw-r--r--moduli.c86
1 files changed, 49 insertions, 37 deletions
diff --git a/moduli.c b/moduli.c
index d53806ea6..8fa545daf 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */ 1/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */
2/* 2/*
3 * Copyright 1994 Phil Karn <karn@qualcomm.com> 3 * Copyright 1994 Phil Karn <karn@qualcomm.com>
4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> 4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -38,11 +38,20 @@
38 */ 38 */
39 39
40#include "includes.h" 40#include "includes.h"
41#include "xmalloc.h" 41
42#include "log.h" 42#include <sys/types.h>
43 43
44#include <openssl/bn.h> 44#include <openssl/bn.h>
45 45
46#include <stdio.h>
47#include <stdlib.h>
48#include <string.h>
49#include <stdarg.h>
50#include <time.h>
51
52#include "xmalloc.h"
53#include "log.h"
54
46/* 55/*
47 * File output defines 56 * File output defines
48 */ 57 */
@@ -301,21 +310,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
301 largewords = (largememory << SHIFT_MEGAWORD); 310 largewords = (largememory << SHIFT_MEGAWORD);
302 } 311 }
303 312
304 TinySieve = calloc(tinywords, sizeof(u_int32_t)); 313 TinySieve = xcalloc(tinywords, sizeof(u_int32_t));
305 if (TinySieve == NULL) {
306 error("Insufficient memory for tiny sieve: need %u bytes",
307 tinywords << SHIFT_BYTE);
308 exit(1);
309 }
310 tinybits = tinywords << SHIFT_WORD; 314 tinybits = tinywords << SHIFT_WORD;
311 315
312 SmallSieve = calloc(smallwords, sizeof(u_int32_t)); 316 SmallSieve = xcalloc(smallwords, sizeof(u_int32_t));
313 if (SmallSieve == NULL) {
314 error("Insufficient memory for small sieve: need %u bytes",
315 smallwords << SHIFT_BYTE);
316 xfree(TinySieve);
317 exit(1);
318 }
319 smallbits = smallwords << SHIFT_WORD; 317 smallbits = smallwords << SHIFT_WORD;
320 318
321 /* 319 /*
@@ -329,20 +327,26 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
329 327
330 /* validation check: count the number of primes tried */ 328 /* validation check: count the number of primes tried */
331 largetries = 0; 329 largetries = 0;
332 q = BN_new(); 330 if ((q = BN_new()) == NULL)
331 fatal("BN_new failed");
333 332
334 /* 333 /*
335 * Generate random starting point for subprime search, or use 334 * Generate random starting point for subprime search, or use
336 * specified parameter. 335 * specified parameter.
337 */ 336 */
338 largebase = BN_new(); 337 if ((largebase = BN_new()) == NULL)
339 if (start == NULL) 338 fatal("BN_new failed");
340 BN_rand(largebase, power, 1, 1); 339 if (start == NULL) {
341 else 340 if (BN_rand(largebase, power, 1, 1) == 0)
342 BN_copy(largebase, start); 341 fatal("BN_rand failed");
342 } else {
343 if (BN_copy(largebase, start) == NULL)
344 fatal("BN_copy: failed");
345 }
343 346
344 /* ensure odd */ 347 /* ensure odd */
345 BN_set_bit(largebase, 0); 348 if (BN_set_bit(largebase, 0) == 0)
349 fatal("BN_set_bit: failed");
346 350
347 time(&time_start); 351 time(&time_start);
348 352
@@ -426,8 +430,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
426 continue; /* Definitely composite, skip */ 430 continue; /* Definitely composite, skip */
427 431
428 debug2("test q = largebase+%u", 2 * j); 432 debug2("test q = largebase+%u", 2 * j);
429 BN_set_word(q, 2 * j); 433 if (BN_set_word(q, 2 * j) == 0)
430 BN_add(q, q, largebase); 434 fatal("BN_set_word failed");
435 if (BN_add(q, q, largebase) == 0)
436 fatal("BN_add failed");
431 if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, 437 if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE,
432 largetries, (power - 1) /* MSB */, (0), q) == -1) { 438 largetries, (power - 1) /* MSB */, (0), q) == -1) {
433 ret = -1; 439 ret = -1;
@@ -472,20 +478,21 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
472 478
473 time(&time_start); 479 time(&time_start);
474 480
475 p = BN_new(); 481 if ((p = BN_new()) == NULL)
476 q = BN_new(); 482 fatal("BN_new failed");
477 ctx = BN_CTX_new(); 483 if ((q = BN_new()) == NULL)
484 fatal("BN_new failed");
485 if ((ctx = BN_CTX_new()) == NULL)
486 fatal("BN_CTX_new failed");
478 487
479 debug2("%.24s Final %u Miller-Rabin trials (%x generator)", 488 debug2("%.24s Final %u Miller-Rabin trials (%x generator)",
480 ctime(&time_start), trials, generator_wanted); 489 ctime(&time_start), trials, generator_wanted);
481 490
482 res = 0; 491 res = 0;
483 lp = xmalloc(QLINESIZE + 1); 492 lp = xmalloc(QLINESIZE + 1);
484 while (fgets(lp, QLINESIZE, in) != NULL) { 493 while (fgets(lp, QLINESIZE + 1, in) != NULL) {
485 int ll = strlen(lp);
486
487 count_in++; 494 count_in++;
488 if (ll < 14 || *lp == '!' || *lp == '#') { 495 if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {
489 debug2("%10u: comment or short line", count_in); 496 debug2("%10u: comment or short line", count_in);
490 continue; 497 continue;
491 } 498 }
@@ -522,10 +529,13 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
522 case QTYPE_SOPHIE_GERMAIN: 529 case QTYPE_SOPHIE_GERMAIN:
523 debug2("%10u: (%u) Sophie-Germain", count_in, in_type); 530 debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
524 a = q; 531 a = q;
525 BN_hex2bn(&a, cp); 532 if (BN_hex2bn(&a, cp) == 0)
533 fatal("BN_hex2bn failed");
526 /* p = 2*q + 1 */ 534 /* p = 2*q + 1 */
527 BN_lshift(p, q, 1); 535 if (BN_lshift(p, q, 1) == 0)
528 BN_add_word(p, 1); 536 fatal("BN_lshift failed");
537 if (BN_add_word(p, 1) == 0)
538 fatal("BN_add_word failed");
529 in_size += 1; 539 in_size += 1;
530 generator_known = 0; 540 generator_known = 0;
531 break; 541 break;
@@ -536,9 +546,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
536 case QTYPE_UNKNOWN: 546 case QTYPE_UNKNOWN:
537 debug2("%10u: (%u)", count_in, in_type); 547 debug2("%10u: (%u)", count_in, in_type);
538 a = p; 548 a = p;
539 BN_hex2bn(&a, cp); 549 if (BN_hex2bn(&a, cp) == 0)
550 fatal("BN_hex2bn failed");
540 /* q = (p-1) / 2 */ 551 /* q = (p-1) / 2 */
541 BN_rshift(q, p, 1); 552 if (BN_rshift(q, p, 1) == 0)
553 fatal("BN_rshift failed");
542 break; 554 break;
543 default: 555 default:
544 debug2("Unknown prime type"); 556 debug2("Unknown prime type");
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-30 17:31:43 +0000