Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.

Add and install skey(3).

remove superfluous CFLAGS line; WARNS=1 provides the same thing

branches: 1.3.2;
- pass gcc -Wall
- use the standard md4
- install skey.h in /usr/include

RCS id police.

skey, by <tsarna@endicor.com> and me

branches: 1.1.2;
file Version.map was initially added on branch agc-symver.

- pass gcc -Wall
- use the standard md4
- install skey.h in /usr/include

RCS id police.

Make a quick 64-bit safeness sweep. S/Key now works on the Alpha.

Prototypes (PR#1105) + some misc. reorganisation.

solve byte order problem

skey, by <tsarna@endicor.com> and me

- pass gcc -Wall
- use the standard md4
- install skey.h in /usr/include

RCS id police.

Make a quick 64-bit safeness sweep. S/Key now works on the Alpha.

skey, by <tsarna@endicor.com> and me

avoid an unlikely buffer truncation.

use strlcpy here; the destination string is passed to strtok_r, and if it
is not NUL terminated, bad things can happen.

branches: 1.13.90;
de-__P

Use (unsigned char) cast to sanitise arguments to ctype functions.

Fix a load of international alphabet problems with isxxx() and toupper()
Change isspace(*char_ptr) to isspace(*char_ptr & 0xff) so that the correct
piece of memory is looked at for the bit mask.
gcc optimises out the '& 0xff' (on i386 at least).
Fixes problems found by gcc when the splurious (int) cast is removed
from the #defines in ctype.h

use __RCSID()

use strtok_r, as strtok can interfere with outside users.

Bring s/key closer to RFC2289 conformance by pulling in changes
from OpenBSD to make use of different hash functions possible.
Also factored out some common code pieces, ANSIfied and
corrected SHA1 hash to make the result match up with the
regression examples in above RFC.

branches: 1.7.8;
More trailing white space.

const poisoning.

remove obsolete register declarations

- convert unsafe strcpy(), strcat() and sprintf() to the `n' versions.
- some KNF.

RCS id police.

Make a quick 64-bit safeness sweep. S/Key now works on the Alpha.

skey, by <tsarna@endicor.com> and me

bump shared libraries.

Revert minor to 0 since there is no abi change on request of thorpej.

Fix incorrect SHA1 calculation on big endian machines reported
in PR/12045 by John Valdes, who also provided the problem's
solution and a patch.

XXX This problem could have been caught about a year ago if we
XXX just ran the regression tests on every build!

Bring s/key closer to RFC2289 conformance by pulling in changes
from OpenBSD to make use of different hash functions possible.
Also factored out some common code pieces, ANSIfied and
corrected SHA1 hash to make the result match up with the
regression examples in above RFC.

branches: 1.3.10;
Add a note to update src/distrib/sets/lists/base/shl.*, and add a missing
RCS Id.

RCSID Police.

skey, by <tsarna@endicor.com> and me

Remove workaround for ancient HTML generation code.

Kill some extra spaces in function arguments.

branches: 1.9.4; 1.9.26;
Convert TNF licenses to new 2 clause variant

branches: 1.8.30;
Grammar, spelling, markup fixes from jmc@openbsd.

Use
.In header.h
instead of
.Fd #include \*[Lt]header.h\*[Gt]
Much easier to read and write, and supported by groff for ages.
Okayed by ross.

Use \-1 instead of -1.

repsonse -> response (from PR 19649)

New sentence, new line. From Robert Elz.

Generate <>& symbolically.

Misc. improvements, sort SEE ALSO.

Add and install skey(3).

branches: 1.1.4;
libskey: Add expected symbols list.

NOTE: There are some rather odd symbols in here like `Wp', `f', and
`rip'. Intentional? Should we slap on a version map to nix 'em?

PR lib/58838: shared libraries in base should all have expsym lists

Uses FILE *, needs stdio.h.

de-__P, slightly KNF, and make a bit of the formatting more consistent.

skey_keyinfo() returns a pointer to a static buffer, so
const'ify it.

Bring s/key closer to RFC2289 conformance by pulling in changes
from OpenBSD to make use of different hash functions possible.
Also factored out some common code pieces, ANSIfied and
corrected SHA1 hash to make the result match up with the
regression examples in above RFC.

branches: 1.6.4;
Delint.

const poisoning.

- convert unsafe strcpy(), strcat() and sprintf() to the `n' versions.
- some KNF.

RCS id police.

Prototypes (PR#1105) + some misc. reorganisation.

skey, by <tsarna@endicor.com> and me

remove a spurious space in a function declaration

use __RCSID()

use strtok_r, as strtok can interfere with other callers. from openbsd

skey_keyinfo() returns a pointer to a static buffer, so
const'ify it.

Correct ctype(3) usage.
Passing "char" value is wrong. Use "unsigned char" instead.

Bring s/key closer to RFC2289 conformance by pulling in changes
from OpenBSD to make use of different hash functions possible.
Also factored out some common code pieces, ANSIfied and
corrected SHA1 hash to make the result match up with the
regression examples in above RFC.

branches: 1.13.4;
In skeyverify(), don't "restore" priority to 0, but restore it to the
previous priority. If we can't read the previous priority, leave it alone.
By Chris Jones, PR 4891.

Delint.

remove an incorrect comment and add another one.

More trailing white space.

branches: 1.9.2;
const poisoning.

- pass gcc -Wall
- use the standard md4
- install skey.h in /usr/include

- convert unsafe strcpy(), strcat() and sprintf() to the `n' versions.
- some KNF.

RCS id police.

Prototypes (PR#1105) + some misc. reorganisation.

from PR 952, by Thor Lancelot Simon: don't turn off echo when
inputting an S/KEY one-time password.

in a word, whoops

create file with nice mode

skey, by <tsarna@endicor.com> and me

s/charater/character/ in comment.

Add some more __dead as exposed by the recent WARN bumps.

Use C89 function definition

branches: 1.26.40; 1.26.42;
catch up with new location for rmd160.h header file

fix lint warning (assignment in conditional context)

Use crypto/rmd160.h.

de-__P

use __RCSID()

s/necesary/necessary/

Negative exit code cleanup: Replace exit(-x) with exit(x).
As seen on tech-userlevel.

Fix incorrect SHA1 calculation on big endian machines reported
in PR/12045 by John Valdes, who also provided the problem's
solution and a patch.

XXX This problem could have been caught about a year ago if we
XXX just ran the regression tests on every build!

Correct ctype(3) usage.
Passing "char" value is wrong. Use "unsigned char" instead.

size_t != unsigned int; from Motoyuki Konno in PR lib/10538.

Bring s/key closer to RFC2289 conformance by pulling in changes
from OpenBSD to make use of different hash functions possible.
Also factored out some common code pieces, ANSIfied and
corrected SHA1 hash to make the result match up with the
regression examples in above RFC.

branches: 1.15.4;
Delint.

More trailing white space.

const poisoning.

PR/4941: Greg Oster: Don't byte swap; it is not needed. This broke big
endian machines.

remove obsolete register declarations

branches: 1.10.2;
fix my own bugs :-) When I updated this to use the libc md4 library, I
did not account for the interface changes.

- pass gcc -Wall
- use the standard md4
- install skey.h in /usr/include

- convert unsafe strcpy(), strcat() and sprintf() to the `n' versions.
- some KNF.

RCS id police.

Make a quick 64-bit safeness sweep. S/Key now works on the Alpha.

sys/termios.h -> termios.h

Prototypes (PR#1105) + some misc. reorganisation.

from PR 952, by Thor Lancelot Simon: don't turn off echo when
inputting an S/KEY one-time password.

get rid of some horrible assumptions

skey, by <tsarna@endicor.com> and me