summaryrefslogtreecommitdiff
path: root/Makefile.in
AgeCommit message (Collapse)Author
2019-11-13upstream: implement ssh-ed25519-sk verification; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
2019-11-08upstream: Fill in missing man page bits for U2F security key support:naddy@openbsd.org
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
2019-11-03Put sftp-realpath in libssh.aDarren Tucker
and remove it from the specific binary targets.
2019-11-01upstream: ssh-agent support for U2F/FIDO keysdjm@openbsd.org
feedback & ok markus@ OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
2019-11-01upstream: U2F/FIDO middleware interfacedjm@openbsd.org
Supports enrolling (generating) keys and signatures. feedback & ok markus@ OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
2019-11-01upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org
Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
2019-09-06Provide explicit path to configure-check.Darren Tucker
On some platforms (at least OpenBSD) make won't search VPATH for target files, so building out-of-tree will fail at configure-check. Provide explicit path. ok djm@
2019-09-05revert config.h/config.h.in freshness checksDamien Miller
turns out autoreconf and configure don't touch some files if their content doesn't change, so the mtime can't be relied upon in a makefile rule
2019-09-05extend autoconf freshness testDamien Miller
make it cover config.h.in and config.h separately
2019-09-05check that configure/config.h is up to dateDamien Miller
Ensure they are newer than the configure.ac / aclocal.m4 source
2019-09-03portability fixes for sshsigDamien Miller
2019-09-03upstream: sshsig: lightweight signature and verification abilitydjm@openbsd.org
for OpenSSH This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@ OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
2019-07-29Report success of individual tests as well as all.Darren Tucker
This puts the "all tests passed" message back at the end where the test harnesses can find it.
2019-07-24Split test targets further.Darren Tucker
Splits test into file-tests, t-exec, unit and interop-tests and their respective dependencies. Should allow running any set individually without having to build the other dependencies that are not needed for that specific test.
2019-07-24Add lib dependencies for regress binary targets.Darren Tucker
2019-07-24Make "unit" a dependency of "test".Darren Tucker
2019-07-23Split regress-binaries into two targets.Darren Tucker
Split the binaries for the unit tests out into a regress-unit-binaries target, and add a dependency on it for only the unit tests. This allows us to run the integration tests only ("make t-exec") without building the unit tests, which allows us to run a subset of the tests when building --without-openssl without trying (and failing) to build the unit tests. This means there are two targets for "unit" which I *think* is valid (it works in testing, and makedepend will generate Makefiles of this form)a but I could be wrong.
2019-07-19Revert one dependency per line change.Darren Tucker
It turns out that having such a large number of lines in the .depend file will cause the memory usage of awk during AC_SUBST to blow up on at least NetBSD's awk, causing configure to fail.
2019-07-19Force dependencies one per line.Darren Tucker
Force makedepend to output one dependency per line, which will make reading diffs against it much easier. ok djm@
2019-07-16upstream: remove mostly vestigal uuencode.[ch]; moving the only uniquedjm@openbsd.org
functionality there (wrapping of base64-encoded data) to sshbuf functions; feedback and ok markus@ OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c
2019-07-08remove realpath() compat replacementDamien Miller
We shipped a BSD implementation of realpath() because sftp-server depended on its behaviour. OpenBSD is now moving to a more strictly POSIX-compliant realpath(2), so sftp-server now unconditionally requires its own BSD-style realpath implementation. As such, there is no need to carry another independant implementation in openbsd-compat. ok dtucker@
2019-07-08upstream: add a local implementation of BSD realpath() fordjm@openbsd.org
sftp-server use ahead of OpenBSD's realpath changing to match POSIX; ok deraadt@ (thanks for snaps testing) OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55
2019-05-08upstream: Remove crc32.{c,h} which were only used by the now-gonedtucker@openbsd.org
SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt. OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
2019-01-21upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org
KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21upstream: use KEM API for vanilla ECDHdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21upstream: use KEM API for vanilla DH KEXdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21upstream: Add support for a PQC KEX/KEM:djm@openbsd.org
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21pass TEST_SSH_SSHPKCS11HELPER to regress testsDamien Miller
2019-01-20upstream: remove last traces of old packet API!djm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 9bd10437026423eb8245636ad34797a20fbafd7d
2018-12-27upstream: move client/server SSH-* banners to buffers underdjm@openbsd.org
ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-09-12delete the correct thing; kexfuzz binaryDamien Miller
2018-08-23fix path in distclean targetDamien Miller
Patch from Jakub Jelen
2018-07-31Remove support for S/KeyDamien Miller
Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
2018-07-20Create control sockets in clean temp directoriesDamien Miller
Adds a regress/mkdtemp tool and uses it to create empty temp directories for tests needing control sockets. Patch from Colin Watson via bz#2660; ok dtucker
2018-07-19upstream: Remove support for running ssh(1) setuid and fatal ifdtucker@openbsd.org
attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@ OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
2018-07-13rm regress/misc/kexfuzz/*.o in distclean targetDamien Miller
2018-07-12upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-10upstream: remove legacy buffer API emulation layer; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9
2018-04-13Revert $REGRESSTMP changes.Darren Tucker
Revert 3fd2d229 and subsequent changes as they turned out to be a portability hassle.
2018-04-10Many typo fixes from Karsten WeissDamien Miller
Spotted using https://github.com/lucasdemarchi/codespell
2018-02-26Replace $(CURDIR) with $(PWD).Darren Tucker
The former doesn't work on Solaris or BSDs.
2018-02-26Fix breakage when REGRESSTMP not set.Darren Tucker
BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR instead. Pointed out by djm@.
2018-02-26object files end with .o - not .cDamien Miller
2018-02-26upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-23Use portable syntax for REGRESSTMP.Darren Tucker
2018-02-19Add REGRESSTMP make var override.Darren Tucker
Defaults to original location ($srcdir/regress) but allows overriding if desired, eg a directory in /tmp.
2018-02-15Remove remaining now-obsolete cvs $Ids.Darren Tucker
2017-12-19remove blocks.c from MakefileDamien Miller
2017-12-19upstream commitnaddy@openbsd.org
Create a persistent umac128.c source file: #define the output size and the name of the entry points for UMAC-128 before including umac.c. Idea from FreeBSD. ok dtucker@ OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1