Age | Commit message (Collapse) | Author |
|
RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code
This fixes the build with configureed --without-openssl.
|
|
|
|
square brackets in case statements may be eaten by autoconf.
Report and fix from Filipp Gunbin; tweaked by naddy@
|
|
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
|
|
SIGINFO to resync with portable. (ID sync only).
OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16
|
|
trap for them. This allows multiple instances of tests to run without
colliding.
OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c
|
|
test "yes" and "sandbox".
OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da
|
|
UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing).
UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing).
UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names).
useful if you want to run the tests as a smoke test to exercise the
functionality without waiting for all the fuzzers to run.
OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e
|
|
It's unused in -portable, but having it out of sync makes other syncs
fail to apply.
|
|
loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported as errors, and
failure to load at least one host key remains a fatal error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103
ok markus@
OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
|
|
/dev/null. Fixes mosh in proxycommand mode that was broken by the previous
ProxyCommand change that was reported by matthieu@. ok djm@ danj@
OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6
|
|
started with ControlPersist; based on patch from Steffen Prohaska
OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
|
|
use-after-free faults if the ancestors are freed before the descendents.
Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn
OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2
|
|
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
|
|
Check for the presence of OPENSSL_init_crypto and all the flags we want
before trying to use it (bz#2931).
|
|
current directory; based on report/patch from Harry Sintonen
OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
|
|
socket around for the life of the connection; bz#2912; reported by Simon
Tatham; ok dtucker@
OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478
|
|
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were
specified, then authentication would always fail for RSA keys as the monitor
checks only the base key (not the signature algorithm) type against
*AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker
OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
|
|
commands; bz#2926; ok dtucker@
OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d
|
|
Mike Frysinger <vapier at gentoo dot org>
OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9
|
|
Colin Watson
OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758
|
|
OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87
|
|
OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403
|
|
key type at start of doc
OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324
|
|
If configure could not find a working OpenSSL installation it would
fall back to checking in /usr/local/ssl. This made sense back when
systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't
use that as a default any more. The fallback behaviour also meant
that if you pointed --with-ssl-dir at a specific directory and it
didn't work, it would silently use either the system libs or the ones
in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to
pass configure --with-ssl-dir=/usr/local/ssl. ok djm@
|
|
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
compile-time check for 1.0.1 to match.
|
|
bz#2922, patch from vinschen at redhat.com.
|
|
bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check
by vinschen at redhat.com.
|
|
|
|
Correct error message when OpenSSL doesn't support certain ECDSA key
lengths.
|
|
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
guarded by OPENSSL_HAS_ECC
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single
AC_CHECK_FUNCS. ok djm@
|
|
Prevents unnecessary redefinition. Patch from mforney at mforney.org.
|
|
|
|
|
|
|
|
Use detected functions in compat layer instead of guessing based on
versions. Really fixes builds with LibreSSL, not just configure.
|
|
Check for the existence of openssl version functions and use the ones
detected instead of trying to guess based on the int32 version
identifier. Fixes builds with LibreSSL.
|
|
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API
to obtain version number, but they don't.
|
|
Prompted by Rosen Penev
|
|
|
|
we're old, but we don't have to act it
OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec
|
|
bz#2921, patch from cotequeiroz
|
|
Patch from rosenp at gmail.com via openssh-unix-dev.
|
|
/path/certificate", include the algorithm that the CA used to sign the cert.
OpenBSD-Commit-ID: 1ea20b5048a851a7a0758dcb9777a211a2c0dddd
|
|
no need to check the size. OK kn, deraadt
OpenBSD-Commit-ID: 0aa56e92eb49c79f495b31a5093109ec5841f439
|
|
Previous versions have a bug with EVP_CipherInit() when passed a
NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613
ok dtucker@
|
|
Missing last argument to OPENSSL_init_crypto()
|
|
Current impementions of the gcc spectre mitigation flags cause
miscompilations when combined with other flags and do not provide much
protection. Found by fweimer at redhat.com, ok djm@
|
|
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
OPENSSL_init_crypto; pointed out by Jakub Jelen
|