Age | Commit message (Collapse) | Author |
|
|
|
|
|
Create a persistent umac128.c source file: #define the
output size and the name of the entry points for UMAC-128 before including
umac.c. Idea from FreeBSD. ok dtucker@
OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1
|
|
Put an empty config.h into the dependency list to ensure that it's
always listed and consistent.
|
|
Adds a .depend file containing dependency information generated by
makedepend, which is appended to the generated Makefile by configure.
You can regen the file with "make -f Makefile.in depend" if necessary,
but we'll be looking at some way to automatically keep this up to date.
"no objection" djm@
|
|
|
|
Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir:
cannot create directory:... File exists" during "make install".
Patch from eb at emlix.com.
|
|
SSH1 support is now gone, remove SSH1 key generation.
Patch from eb at emlix.com.
|
|
platform.o is too heavy for libssh.a use; it calls into the server on
many platforms. Move just the function needed by misc.c into its own
file.
|
|
|
|
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
|
|
|
|
remove the (in)famous SSHv1 CRC compensation attack
detector.
Despite your cameo in The Matrix movies, you will not be missed.
ok markus
Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0
|
|
remove SSH1 make flag and associated files ok markus@
Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef
|
|
remove SSHv1 ciphers; ok markus@
Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
|
|
All supported versions of OpenSSL should now have SHA256 so remove our
EVP wrapper implementaion. ok djm@
|
|
|
|
|
|
Check for utf8 local support and if not found, do not attempt to run the
utf8 tests. Suggested by djm@
|
|
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
|
|
|
|
remove ssh1 server code; ok djm@
Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
|
|
Since adding $(REGRESSLIBS), $? is wrong because it includes only the
changed source files. $< seems like it'd be right however it doesn't
seem to work on some non-GNU makes, so do what works everywhere.
|
|
Makes "./configure && make tests" work again. ok djm@
|
|
|
|
Prevents size mismatch linker warnings on Solaris 11.
|
|
Prevents link errors resolving the extern "options" when platform.o
gets linked into ssh-agent when building --with-pam.
|
|
This should make it easier to add additional platform support such as
Solaris (bz#2584).
|
|
|
|
To prevent screwing up terminal settings when printing to
the terminal, for ASCII and UTF-8, escape bytes not forming characters and
bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
character sets, abort printing of the current string in these cases. In
particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
sanitize data received from the remote host; * sanitize filenames, usernames,
and similar data even locally; * take character display widths into account
for the progressmeter.
This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@,
various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
|
|
This allows us to activate only the supported options during the malloc
option portion of the connect-privsep test.
|
|
Easier to build all the regression/unit test binaries in one pass
than going through all of ${REGRESS_BINARIES}
|
|
|
|
Some tests have strict requirements on the filesystem permissions
for certain files and directories. This adds a regress/check-perm
tool that copies the relevant logic from sshd to exactly test
the paths in question. This lets us skip tests when the local
filesystem doesn't conform to our expectations rather than
continuing and failing the test run.
ok dtucker@
|
|
remove roaming support; ok djm@
Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
|
|
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.
ok dtucker@
|
|
remove slogin links; ok deraadt markus djm
Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
|
|
Change all tame callers to namechange to pledge(2).
Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
|
|
OpenBSD only for now
|
|
Use ssh-keygen -A instead of per-keytype invocations when generating host
keys. Add tests when doing host-key-force since we can't use ssh-keygen -A
since it can't specify alternate locations. bz#2459, ok djm@
|
|
This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
|
|
|
|
|
|
|
|
|
|
|
|
finally enable the KEX tests I wrote some years ago...
|
|
add experimental api for packet layer; ok djm@
|
|
update packet.c & isolate, introduce struct ssh a) switch
packet.c to buffer api and isolate per-connection info into struct ssh b)
(de)serialization of the state is moved from monitor to packet.c c) the old
packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
integrated into packet.c with and ok djm@
|
|
|