Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/OPENSSH]: src/crypto/external/bsd/openssh/dist Import OpenSSH-8.6:
details: https://anonhg.NetBSD.org/src/rev/ed6e18e7022e
branches: OPENSSH
changeset: 961442:ed6e18e7022e
user: christos <christos%NetBSD.org@localhost>
date: Mon Apr 19 14:38:27 2021 +0000
description:
Import OpenSSH-8.6:
Future deprecation notice
=========================
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.
In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
OpenSSH will disable this signature scheme by default in the near
future.
Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.
This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs that is still
enabled by default.
The better alternatives include:
* The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
algorithms have the advantage of using the same key type as
"ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
supported since OpenSSH 7.2 and are already used by default if the
client and server support them.
* The RFC8709 ssh-ed25519 signature algorithm. It has been supported
in OpenSSH since release 6.5.
* The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
have been supported by OpenSSH since release 5.7.
To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.
OpenSSH recently enabled the UpdateHostKeys option by default to assist
the client by automatically migrating to better algorithms.
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
Security
========
* sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
option was enabled with a set of patterns that activated logging
in code that runs in the low-privilege sandboxed sshd process, the
log messages were constructed in such a way that printf(3) format
strings could effectively be specified the low-privilege code.
An attacker who had sucessfully exploited the low-privilege
process could use this to escape OpenSSH's sandboxing and attack
the high-privilege process. Exploitation of this weakness is
highly unlikely in practice as the LogVerbose option is not
enabled by default and is typically only used for debugging. No
vulnerabilities in the low-privilege process are currently known
to exist.
Thanks to Ilja Van Sprundel for reporting this bug.
Changes since OpenSSH 8.5
=========================
This release contains mostly bug fixes.
New features
------------
* sftp-server(8): add a new limits%openssh.com@localhost protocol extension
that allows a client to discover various server limits, including
maximum packet size and maximum read/write length.
* sftp(1): use the new limits%openssh.com@localhost extension (when available)
to select better transfer lengths in the client.
* sshd(8): Add ModuliFile keyword to sshd_config to specify the
location of the "moduli" file containing the groups for DH-GEX.
* unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to
enable printing of the elapsed time in seconds of each test.
Bugfixes
--------
* ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in
manual pages with the current default. GHPR#174
* ssh(1): ensure that pkcs11_del_provider() is called before exit.
GHPR#234
* ssh(1), sshd(8): fix problems in string->argv conversion. Multiple
backslashes were not being dequoted correctly and quoted space in
the middle of a string was being incorrectly split. GHPR#223
* ssh(1): return non-zero exit status when killed by signal; bz#3281
* sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are not explicitly
banned by the spec.
Portability
-----------
* sshd(8): don't mistakenly exit on transient read errors on the
network socket (e.g. EINTR, EAGAIN); bz3297
* Create a dedicated contrib/gnome-ssk-askpass3.c source instead of
building it from the same file as used for GNOME2. Use the GNOME3
gdk_seat_grab() to manage keyboard/mouse/server grabs for better
compatibility with Wayland.
* Fix portability build errors bz3293 bz3292 bz3291 bz3278
* sshd(8): soft-disallow the fstatat64 syscall in the Linux
seccomp-bpf sandbox. bz3276
* unit tests: enable autoopt and misc unit tests that were
previously skipped
diffstat:
crypto/external/bsd/openssh/dist/addrmatch.c | 4 +-
crypto/external/bsd/openssh/dist/auth-krb5.c | 6 +-
crypto/external/bsd/openssh/dist/auth-options.c | 4 +-
crypto/external/bsd/openssh/dist/auth.c | 4 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 7 +-
crypto/external/bsd/openssh/dist/auth2.c | 6 +-
crypto/external/bsd/openssh/dist/chacha.h | 4 +-
crypto/external/bsd/openssh/dist/channels.c | 8 +-
crypto/external/bsd/openssh/dist/channels.h | 8 +-
crypto/external/bsd/openssh/dist/cipher.c | 9 +-
crypto/external/bsd/openssh/dist/clientloop.c | 4 +-
crypto/external/bsd/openssh/dist/dh.c | 25 +-
crypto/external/bsd/openssh/dist/dh.h | 3 +-
crypto/external/bsd/openssh/dist/hostfile.c | 4 +-
crypto/external/bsd/openssh/dist/kex.c | 4 +-
crypto/external/bsd/openssh/dist/kexgen.c | 4 +-
crypto/external/bsd/openssh/dist/log.c | 24 +-
crypto/external/bsd/openssh/dist/log.h | 11 +-
crypto/external/bsd/openssh/dist/misc.c | 13 +-
crypto/external/bsd/openssh/dist/misc.h | 13 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 148 ++++++++------
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 152 ++++++++------
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 144 ++++++-------
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 152 ++++++++-------
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 128 ++++++-----
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 126 ++++++------
crypto/external/bsd/openssh/dist/monitor.c | 22 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 9 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 5 +-
crypto/external/bsd/openssh/dist/mux.c | 10 +-
crypto/external/bsd/openssh/dist/packet.c | 16 +-
crypto/external/bsd/openssh/dist/readconf.c | 8 +-
crypto/external/bsd/openssh/dist/scp.c | 7 +-
crypto/external/bsd/openssh/dist/servconf.c | 24 +-
crypto/external/bsd/openssh/dist/servconf.h | 11 +-
crypto/external/bsd/openssh/dist/serverloop.c | 4 +-
crypto/external/bsd/openssh/dist/session.c | 4 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 118 ++++++++++-
crypto/external/bsd/openssh/dist/sftp-client.h | 13 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 160 +++++++++------
crypto/external/bsd/openssh/dist/sftp.c | 13 +-
crypto/external/bsd/openssh/dist/srclimit.c | 2 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 6 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 8 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 17 +-
crypto/external/bsd/openssh/dist/ssh-sk-client.c | 8 +-
crypto/external/bsd/openssh/dist/ssh.c | 6 +-
crypto/external/bsd/openssh/dist/ssh_api.c | 6 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 13 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 18 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 6 +-
crypto/external/bsd/openssh/dist/sshd.8 | 6 +-
crypto/external/bsd/openssh/dist/sshd.c | 14 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 19 +-
crypto/external/bsd/openssh/dist/sshkey-xmss.c | 41 ++--
crypto/external/bsd/openssh/dist/sshkey-xmss.h | 12 +-
crypto/external/bsd/openssh/dist/sshkey.c | 22 +-
crypto/external/bsd/openssh/dist/umac.c | 4 +-
crypto/external/bsd/openssh/dist/utf8.h | 10 +-
crypto/external/bsd/openssh/dist/version.h | 4 +-
crypto/external/bsd/openssh/dist/xmalloc.h | 7 +-
61 files changed, 943 insertions(+), 725 deletions(-)
diffs (truncated from 3260 to 300 lines):
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/addrmatch.c
--- a/crypto/external/bsd/openssh/dist/addrmatch.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/addrmatch.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: addrmatch.c,v 1.16 2021/01/09 11:58:50 dtucker Exp $ */
+/* $OpenBSD: addrmatch.c,v 1.17 2021/04/03 06:18:40 djm Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm%mindrot.org@localhost>
@@ -74,7 +74,7 @@
break;
} else if (r == 0) {
if (addr != NULL && addr_netmatch(&try_addr,
- &match_addr, masklen) == 0) {
+ &match_addr, masklen) == 0) {
foundit:
if (neg) {
ret = -1;
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/auth-krb5.c
--- a/crypto/external/bsd/openssh/dist/auth-krb5.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-krb5.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-krb5.c,v 1.23 2018/07/09 21:35:50 markus Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.24 2021/04/03 06:18:40 djm Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
@@ -82,7 +82,7 @@
goto out;
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
- krb5_mcc_ops.prefix, NULL, &ccache);
+ krb5_mcc_ops.prefix, NULL, &ccache);
if (problem)
goto out;
@@ -102,7 +102,7 @@
goto out;
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
- krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
+ krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
if (problem)
goto out;
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.94 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.95 2021/04/03 06:18:40 djm Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
*
@@ -807,7 +807,7 @@
(r = serialise_nullable_string(m,
untrusted ? NULL : opts->required_from_host_cert)) != 0 ||
(r = serialise_nullable_string(m,
- untrusted ? NULL : opts->required_from_host_keys)) != 0)
+ untrusted ? NULL : opts->required_from_host_keys)) != 0)
return r;
/* Array options */
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/auth.c
--- a/crypto/external/bsd/openssh/dist/auth.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.151 2020/12/22 00:12:22 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.152 2021/04/03 06:18:40 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -424,7 +424,7 @@
if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
if (log_missing || errno != ENOENT)
debug("Could not open %s '%s': %s", file_type, file,
- strerror(errno));
+ strerror(errno));
return NULL;
}
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/auth2-pubkey.c
--- a/crypto/external/bsd/openssh/dist/auth2-pubkey.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-pubkey.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.106 2021/01/27 10:05:28 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.107 2021/04/03 06:18:40 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -671,7 +671,8 @@
goto fail_reason;
}
if (sshkey_cert_check_authority(key, 0, 0, 0,
- keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0)
+ keyopts->cert_principals == NULL ? pw->pw_name : NULL,
+ &reason) != 0)
goto fail_reason;
verbose("Accepted certificate ID \"%s\" (serial %llu) "
@@ -782,7 +783,7 @@
found_principal = 1;
/* If principals file or command is specified, then require a match */
use_authorized_principals = principals_file != NULL ||
- options.authorized_principals_command != NULL;
+ options.authorized_principals_command != NULL;
if (!found_principal && use_authorized_principals) {
reason = "Certificate does not contain an authorized principal";
goto fail_reason;
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/auth2.c
--- a/crypto/external/bsd/openssh/dist/auth2.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.160 2021/01/27 10:05:28 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.161 2021/04/03 06:18:40 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -218,7 +218,7 @@
double delay;
(void)snprintf(b, sizeof b, "%llu%s",
- (unsigned long long)options.timing_secret, user);
+ (unsigned long long)options.timing_secret, user);
if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
fatal_f("ssh_digest_memory");
/* 0-4.2 ms of delay */
@@ -656,7 +656,7 @@
auth2_record_info(Authctxt *authctxt, const char *fmt, ...)
{
va_list ap;
- int i;
+ int i;
free(authctxt->auth_method_info);
authctxt->auth_method_info = NULL;
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/chacha.h
--- a/crypto/external/bsd/openssh/dist/chacha.h Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/chacha.h Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: chacha.h,v 1.4 2016/08/27 04:04:56 guenther Exp $ */
+/* $OpenBSD: chacha.h,v 1.5 2021/04/03 05:54:14 djm Exp $ */
/*
chacha-merged.c version 20080118
@@ -16,7 +16,7 @@
u_int input[16];
};
-#define CHACHA_MINKEYLEN 16
+#define CHACHA_MINKEYLEN 16
#define CHACHA_NONCELEN 8
#define CHACHA_CTRLEN 8
#define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN)
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/channels.c
--- a/crypto/external/bsd/openssh/dist/channels.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/channels.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.405 2021/02/15 20:43:15 markus Exp $ */
+/* $OpenBSD: channels.c,v 1.406 2021/04/03 06:18:40 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -2266,7 +2266,7 @@
chan_fn **pre, **post;
if ((pre = calloc(SSH_CHANNEL_MAX_TYPE, sizeof(*pre))) == NULL ||
- (post = calloc(SSH_CHANNEL_MAX_TYPE, sizeof(*post))) == NULL)
+ (post = calloc(SSH_CHANNEL_MAX_TYPE, sizeof(*post))) == NULL)
fatal_f("allocation failed");
pre[SSH_CHANNEL_OPEN] = &channel_pre_open;
@@ -2666,7 +2666,7 @@
goto out;
}
c = channel_new(ssh, "mux proxy", SSH_CHANNEL_MUX_PROXY,
- -1, -1, -1, 0, 0, 0, ctype, 1);
+ -1, -1, -1, 0, 0, 0, ctype, 1);
c->mux_ctx = downstream; /* point to mux client */
c->mux_downstream_id = id; /* original downstream id */
if ((r = sshbuf_put_cstring(modified, ctype)) != 0 ||
@@ -2693,7 +2693,7 @@
goto out;
}
c = channel_new(ssh, "mux proxy", SSH_CHANNEL_MUX_PROXY,
- -1, -1, -1, 0, 0, 0, "mux-down-connect", 1);
+ -1, -1, -1, 0, 0, 0, "mux-down-connect", 1);
c->mux_ctx = downstream; /* point to mux client */
c->mux_downstream_id = id;
c->remote_id = remote_id;
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/channels.h
--- a/crypto/external/bsd/openssh/dist/channels.h Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/channels.h Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.135 2020/09/20 05:47:25 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.137 2021/04/03 06:18:40 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
@@ -174,7 +174,7 @@
channel_filter_cleanup_fn *filter_cleanup;
/* keep boundaries */
- int datagram;
+ int datagram;
/* non-blocking connect */
/* XXX make this a pointer so the structure can be opaque */
@@ -184,7 +184,7 @@
mux_callback_fn *mux_rcb;
void *mux_ctx;
int mux_pause;
- int mux_downstream_id;
+ int mux_downstream_id;
};
#define CHAN_EXTENDED_IGNORE 0
@@ -286,7 +286,7 @@
/* file descriptor handling (read/write) */
void channel_prepare_select(struct ssh *, fd_set **, fd_set **, int *,
- u_int*, time_t*);
+ u_int*, time_t*);
void channel_after_select(struct ssh *, fd_set *, fd_set *);
void channel_output_poll(struct ssh *);
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/cipher.c
--- a/crypto/external/bsd/openssh/dist/cipher.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/cipher.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.118 2020/12/21 11:09:32 dtucker Exp $ */
+/* $OpenBSD: cipher.c,v 1.119 2021/04/03 06:18:40 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -480,11 +480,10 @@
if ((size_t)evplen != len)
return SSH_ERR_INVALID_ARGUMENT;
if (cipher_authlen(c)) {
- if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
- len, iv))
- return SSH_ERR_LIBCRYPTO_ERROR;
+ if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv))
+ return SSH_ERR_LIBCRYPTO_ERROR;
} else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
- return SSH_ERR_LIBCRYPTO_ERROR;
+ return SSH_ERR_LIBCRYPTO_ERROR;
#endif
return 0;
}
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/clientloop.c
--- a/crypto/external/bsd/openssh/dist/clientloop.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/clientloop.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.358 2021/01/27 10:05:28 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.359 2021/03/19 02:22:34 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -1415,7 +1415,7 @@
if (received_signal) {
verbose("Killed by signal %d.", (int) received_signal);
- cleanup_exit(0);
+ cleanup_exit(255);
}
/*
diff -r 5abec8d16d19 -r ed6e18e7022e crypto/external/bsd/openssh/dist/dh.c
--- a/crypto/external/bsd/openssh/dist/dh.c Fri Mar 05 17:45:24 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/dh.c Mon Apr 19 14:38:27 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.72 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.74 2021/04/03 06:18:40 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
@@ -38,6 +38,18 @@
#include "misc.h"
#include "ssherr.h"
+static const char *moduli_filename;
+
+void dh_set_moduli_file(const char *filename)
+{
+ moduli_filename = filename;
+}
+
+static const char * get_moduli_filename(void)
+{
+ return moduli_filename ? moduli_filename : _PATH_DH_MODULI;
+}
+
static int
parse_prime(int linenum, char *line, struct dhgroup *dhg)
{
@@ -145,9 +157,9 @@
int best, bestcount, which, linenum;
struct dhgroup dhg;
Home |
Main Index |
Thread Index |
Old Index