Rivoreo Source Code Repositories
src.rivoreo.one / security / openssh-library / 9173d0fbe44de7ebcad8a15618e13a8b8d78902e
commit9173d0fbe44de7ebcad8a15618e13a8b8d78902e[log] [download]
authordtucker@openbsd.org <dtucker@openbsd.org>Fri May 15 05:44:21 2015 +0000
committerDamien Miller <djm@mindrot.org>Thu May 21 14:58:29 2015 +1000
tree482505d35ca1340c86ef35fe2e29555224d4d778
parentd028d5d3a697c71b21e4066d8672cacab3caa0a8 [diff]
upstream commit

Use a salted hash of the lock passphrase instead of plain
 text and do constant-time comparisons of it. Should prevent leaking any
 information about it via timing, pointed out by Ryan Castellucci.  Add a 0.1s
 incrementing delay for each failed unlock attempt up to 10s.  ok markus@
 (earlier version), djm@

Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f
1 file changed
tree: 482505d35ca1340c86ef35fe2e29555224d4d778
  1. .cvsignore
  2. CREDITS
  3. INSTALL
  4. LICENCE
  5. Makefile.in
  6. OVERVIEW
  7. PROTOCOL
  8. PROTOCOL.agent
  9. PROTOCOL.certkeys
  10. PROTOCOL.chacha20poly1305
  11. PROTOCOL.key
  12. PROTOCOL.krl
  13. PROTOCOL.mux
  14. README
  15. README.dns
  16. README.platform
  17. README.privsep
  18. README.tun
  19. TODO
  20. aclocal.m4
  21. addrmatch.c
  22. atomicio.c
  23. atomicio.h
  24. audit-bsm.c
  25. audit-linux.c
  26. audit.c
  27. audit.h
  28. auth-bsdauth.c
  29. auth-chall.c
  30. auth-krb5.c
  31. auth-options.c
  32. auth-options.h
  33. auth-pam.c
  34. auth-pam.h
  35. auth-passwd.c
  36. auth-rh-rsa.c
  37. auth-rhosts.c
  38. auth-rsa.c
  39. auth-shadow.c
  40. auth-sia.c
  41. auth-sia.h
  42. auth-skey.c
  43. auth.c
  44. auth.h
  45. auth1.c
  46. auth2-chall.c
  47. auth2-gss.c
  48. auth2-hostbased.c
  49. auth2-kbdint.c
  50. auth2-none.c
  51. auth2-passwd.c
  52. auth2-pubkey.c
  53. auth2.c
  54. authfd.c
  55. authfd.h
  56. authfile.c
  57. authfile.h
  58. bitmap.c
  59. bitmap.h
  60. blocks.c
  61. bufaux.c
  62. bufbn.c
  63. bufec.c
  64. buffer.c
  65. buffer.h
  66. buildpkg.sh.in
  67. canohost.c
  68. canohost.h
  69. chacha.c
  70. chacha.h
  71. channels.c
  72. channels.h
  73. cipher-3des1.c
  74. cipher-aes.c
  75. cipher-aesctr.c
  76. cipher-aesctr.h
  77. cipher-bf1.c
  78. cipher-chachapoly.c
  79. cipher-chachapoly.h
  80. cipher-ctr.c
  81. cipher.c
  82. cipher.h
  83. cleanup.c
  84. clientloop.c
  85. clientloop.h
  86. compat.c
  87. compat.h
  88. config.guess
  89. config.sub
  90. configure.ac
  91. contrib/
  92. crc32.c
  93. crc32.h
  94. crypto_api.h
  95. deattack.c
  96. deattack.h
  97. defines.h
  98. dh.c
  99. dh.h
  100. digest-libc.c
  101. digest-openssl.c
  102. digest.h
  103. dispatch.c
  104. dispatch.h
  105. dns.c
  106. dns.h
  107. ed25519.c
  108. entropy.c
  109. entropy.h
  110. fatal.c
  111. fe25519.c
  112. fe25519.h
  113. fixalgorithms
  114. fixpaths
  115. fixprogs
  116. ge25519.c
  117. ge25519.h
  118. ge25519_base.data
  119. groupaccess.c
  120. groupaccess.h
  121. gss-genr.c
  122. gss-serv-krb5.c
  123. gss-serv.c
  124. hash.c
  125. hmac.c
  126. hmac.h
  127. hostfile.c
  128. hostfile.h
  129. includes.h
  130. install-sh
  131. kex.c
  132. kex.h
  133. kexc25519.c
  134. kexc25519c.c
  135. kexc25519s.c
  136. kexdh.c
  137. kexdhc.c
  138. kexdhs.c
  139. kexecdh.c
  140. kexecdhc.c
  141. kexecdhs.c
  142. kexgex.c
  143. kexgexc.c
  144. kexgexs.c
  145. key.c
  146. key.h
  147. krl.c
  148. krl.h
  149. log.c
  150. log.h
  151. loginrec.c
  152. loginrec.h
  153. logintest.c
  154. mac.c
  155. mac.h
  156. match.c
  157. match.h
  158. md-sha256.c
  159. md5crypt.c
  160. md5crypt.h
  161. mdoc2man.awk
  162. misc.c
  163. misc.h
  164. mkinstalldirs
  165. moduli
  166. moduli.5
  167. moduli.c
  168. monitor.c
  169. monitor.h
  170. monitor_fdpass.c
  171. monitor_fdpass.h
  172. monitor_mm.c
  173. monitor_mm.h
  174. monitor_wrap.c
  175. monitor_wrap.h
  176. msg.c
  177. msg.h
  178. mux.c
  179. myproposal.h
  180. nchan.c
  181. nchan.ms
  182. nchan2.ms
  183. opacket.c
  184. opacket.h
  185. openbsd-compat/
  186. openssh.xml.in
  187. opensshd.init.in
  188. packet.c
  189. packet.h
  190. pathnames.h
  191. pkcs11.h
  192. platform.c
  193. platform.h
  194. poly1305.c
  195. poly1305.h
  196. progressmeter.c
  197. progressmeter.h
  198. readconf.c
  199. readconf.h
  200. readpass.c
  201. regress/
  202. rijndael.c
  203. rijndael.h
  204. roaming.h
  205. roaming_client.c
  206. roaming_common.c
  207. roaming_dummy.c
  208. roaming_serv.c
  209. rsa.c
  210. rsa.h
  211. sandbox-capsicum.c
  212. sandbox-darwin.c
  213. sandbox-null.c
  214. sandbox-rlimit.c
  215. sandbox-seccomp-filter.c
  216. sandbox-systrace.c
  217. sc25519.c
  218. sc25519.h
  219. scard/
  220. scp.1
  221. scp.c
  222. servconf.c
  223. servconf.h
  224. serverloop.c
  225. serverloop.h
  226. session.c
  227. session.h
  228. sftp-client.c
  229. sftp-client.h
  230. sftp-common.c
  231. sftp-common.h
  232. sftp-glob.c
  233. sftp-server-main.c
  234. sftp-server.8
  235. sftp-server.c
  236. sftp.1
  237. sftp.c
  238. sftp.h
  239. smult_curve25519_ref.c
  240. ssh-add.1
  241. ssh-add.c
  242. ssh-agent.1
  243. ssh-agent.c
  244. ssh-dss.c
  245. ssh-ecdsa.c
  246. ssh-ed25519.c
  247. ssh-gss.h
  248. ssh-keygen.1
  249. ssh-keygen.c
  250. ssh-keyscan.1
  251. ssh-keyscan.c
  252. ssh-keysign.8
  253. ssh-keysign.c
  254. ssh-pkcs11-client.c
  255. ssh-pkcs11-helper.8
  256. ssh-pkcs11-helper.c
  257. ssh-pkcs11.c
  258. ssh-pkcs11.h
  259. ssh-rsa.c
  260. ssh-sandbox.h
  261. ssh.1
  262. ssh.c
  263. ssh.h
  264. ssh1.h
  265. ssh2.h
  266. ssh_api.c
  267. ssh_api.h
  268. ssh_config
  269. ssh_config.5
  270. sshbuf-getput-basic.c
  271. sshbuf-getput-crypto.c
  272. sshbuf-misc.c
  273. sshbuf.c
  274. sshbuf.h
  275. sshconnect.c
  276. sshconnect.h
  277. sshconnect1.c
  278. sshconnect2.c
  279. sshd.8
  280. sshd.c
  281. sshd_config
  282. sshd_config.5
  283. ssherr.c
  284. ssherr.h
  285. sshkey.c
  286. sshkey.h
  287. sshlogin.c
  288. sshlogin.h
  289. sshpty.c
  290. sshpty.h
  291. sshtty.c
  292. survey.sh.in
  293. ttymodes.c
  294. ttymodes.h
  295. uidswap.c
  296. uidswap.h
  297. umac.c
  298. umac.h
  299. uuencode.c
  300. uuencode.h
  301. verify.c
  302. version.h
  303. xmalloc.c
  304. xmalloc.h