summaryrefslogtreecommitdiffstats
path: root/Makefile.in (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream commitdjm@openbsd.org2016-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
* hook match and utf8 unittests up to MakefileDamien Miller2016-08-231-0/+34
|
* upstream commitmarkus@openbsd.org2016-08-141-3/+3
| | | | | | remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
* Explicitly specify source files for regress tools.Darren Tucker2016-07-181-4/+4
| | | | | | Since adding $(REGRESSLIBS), $? is wrong because it includes only the changed source files. $< seems like it'd be right however it doesn't seem to work on some non-GNU makes, so do what works everywhere.
* Add dependency on libs for unit tests.Darren Tucker2016-07-181-4/+6
| | | | Makes "./configure && make tests" work again. ok djm@
* Correct location for kexfuzz in clean target.Darren Tucker2016-07-181-1/+2
|
* Map umac_ctx struct name too.Darren Tucker2016-07-151-1/+1
| | | | Prevents size mismatch linker warnings on Solaris 11.
* Move platform_disable_tracing into its own file.Darren Tucker2016-06-151-2/+2
| | | | | Prevents link errors resolving the extern "options" when platform.o gets linked into ssh-agent when building --with-pam.
* Move prctl PR_SET_DUMPABLE into platform.c.Darren Tucker2016-06-091-2/+2
| | | | | This should make it easier to add additional platform support such as Solaris (bz#2584).
* Fix utf->utf8 typo.Darren Tucker2016-06-061-1/+1
|
* upstream commitschwarze@openbsd.org2016-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter. This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream. Using feedback from djm@ and martijn@, various aspects discussed with many others. deraadt@ says it should go in now, i probably already hesitated too long Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
* Pass supported malloc options to connect-privsep.Darren Tucker2016-03-141-0/+1
| | | | | This allows us to activate only the supported options during the malloc option portion of the connect-privsep test.
* make a regress-binaries targetDamien Miller2016-03-081-3/+2
| | | | | Easier to build all the regression/unit test binaries in one pass than going through all of ${REGRESS_BINARIES}
* hook unittests/misc/kexfuzz into buildDamien Miller2016-03-041-1/+13
|
* Disable tests where fs perms are incorrectDamien Miller2016-02-231-0/+5
| | | | | | | | | | | Some tests have strict requirements on the filesystem permissions for certain files and directories. This adds a regress/check-perm tool that copies the relevant logic from sshd to exactly test the paths in question. This lets us skip tests when the local filesystem doesn't conform to our expectations rather than continuing and failing the test run. ok dtucker@
* upstream commitmarkus@openbsd.org2016-01-271-9/+6
| | | | | | remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
* Support Illumos/Solaris fine-grained privilegesDamien Miller2016-01-081-2/+4
| | | | | | | Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
* upstream commitjmc@openbsd.org2015-11-091-6/+0
| | | | | | remove slogin links; ok deraadt markus djm Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
* upstream commitderaadt@openbsd.org2015-10-131-1/+1
| | | | | | Change all tame callers to namechange to pledge(2). Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
* hook tame(2) sandbox up to buildDamien Miller2015-10-071-1/+1
| | | | OpenBSD only for now
* Use ssh-keygen -A when generating host keys.Darren Tucker2015-09-141-31/+9
| | | | | | Use ssh-keygen -A instead of per-keytype invocations when generating host keys. Add tests when doing host-key-force since we can't use ssh-keygen -A since it can't specify alternate locations. bz#2459, ok djm@
* Revert "Work around finicky USL linker so netcat will build."Tim Rice2015-02-251-1/+1
| | | | | | This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b. No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
* Work around finicky USL linker so netcat will build.Tim Rice2015-02-241-1/+1
|
* mkdir kex unit test directory so testing out of tree builds worksTim Rice2015-02-221-0/+2
|
* mkdir hostkey and bitmap unit test directoriesDamien Miller2015-02-211-6/+10
|
* hook up hostkeys unittest to portable MakefilesDamien Miller2015-02-171-0/+16
|
* fix kex testDamien Miller2015-01-201-4/+5
|
* upstream commitmarkus@openbsd.org2015-01-191-2/+17
| | | | finally enable the KEX tests I wrote some years ago...
* upstream commitmarkus@openbsd.org2015-01-191-7/+9
| | | | add experimental api for packet layer; ok djm@
* upstream commitmarkus@openbsd.org2015-01-191-2/+2
| | | | | | | | update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* make bitmap test compileDamien Miller2015-01-151-1/+1
|
* upstream commitdjm@openbsd.org2015-01-151-1/+15
| | | | unit tests for KRL bitmap
* support --without-openssl at configure timeDamien Miller2015-01-141-2/+2
| | | | | | | | Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
* upstream commitdjm@openbsd.org2015-01-141-2/+4
| | | | | avoid BIGNUM in KRL code by using a simple bitmap; feedback and ok markus
* include and use OpenBSD netcat in regress/Damien Miller2014-12-221-0/+5
|
* - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@Damien Miller2014-08-301-3/+3
|
* - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too.Damien Miller2014-08-211-2/+2
|
* - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather thanDamien Miller2014-08-201-2/+2
| | | | -L/-l; fixes linking problems on some platforms
* - (dtucker) [Makefile.in] Add a t-exec target to run just the executableDarren Tucker2014-07-181-2/+2
| | | | tests.
* - djm@cvs.openbsd.org 2014/06/24 01:14:17Damien Miller2014-07-021-5/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Makefile.in regress/Makefile regress/unittests/Makefile] [regress/unittests/sshkey/Makefile] [regress/unittests/sshkey/common.c] [regress/unittests/sshkey/common.h] [regress/unittests/sshkey/mktestdata.sh] [regress/unittests/sshkey/test_file.c] [regress/unittests/sshkey/test_fuzz.c] [regress/unittests/sshkey/test_sshkey.c] [regress/unittests/sshkey/tests.c] [regress/unittests/sshkey/testdata/dsa_1] [regress/unittests/sshkey/testdata/dsa_1-cert.fp] [regress/unittests/sshkey/testdata/dsa_1-cert.pub] [regress/unittests/sshkey/testdata/dsa_1.fp] [regress/unittests/sshkey/testdata/dsa_1.fp.bb] [regress/unittests/sshkey/testdata/dsa_1.param.g] [regress/unittests/sshkey/testdata/dsa_1.param.priv] [regress/unittests/sshkey/testdata/dsa_1.param.pub] [regress/unittests/sshkey/testdata/dsa_1.pub] [regress/unittests/sshkey/testdata/dsa_1_pw] [regress/unittests/sshkey/testdata/dsa_2] [regress/unittests/sshkey/testdata/dsa_2.fp] [regress/unittests/sshkey/testdata/dsa_2.fp.bb] [regress/unittests/sshkey/testdata/dsa_2.pub] [regress/unittests/sshkey/testdata/dsa_n] [regress/unittests/sshkey/testdata/dsa_n_pw] [regress/unittests/sshkey/testdata/ecdsa_1] [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp] [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub] [regress/unittests/sshkey/testdata/ecdsa_1.fp] [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb] [regress/unittests/sshkey/testdata/ecdsa_1.param.curve] [regress/unittests/sshkey/testdata/ecdsa_1.param.priv] [regress/unittests/sshkey/testdata/ecdsa_1.param.pub] [regress/unittests/sshkey/testdata/ecdsa_1.pub] [regress/unittests/sshkey/testdata/ecdsa_1_pw] [regress/unittests/sshkey/testdata/ecdsa_2] [regress/unittests/sshkey/testdata/ecdsa_2.fp] [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb] [regress/unittests/sshkey/testdata/ecdsa_2.param.curve] [regress/unittests/sshkey/testdata/ecdsa_2.param.priv] [regress/unittests/sshkey/testdata/ecdsa_2.param.pub] [regress/unittests/sshkey/testdata/ecdsa_2.pub] [regress/unittests/sshkey/testdata/ecdsa_n] [regress/unittests/sshkey/testdata/ecdsa_n_pw] [regress/unittests/sshkey/testdata/ed25519_1] [regress/unittests/sshkey/testdata/ed25519_1-cert.fp] [regress/unittests/sshkey/testdata/ed25519_1-cert.pub] [regress/unittests/sshkey/testdata/ed25519_1.fp] [regress/unittests/sshkey/testdata/ed25519_1.fp.bb] [regress/unittests/sshkey/testdata/ed25519_1.pub] [regress/unittests/sshkey/testdata/ed25519_1_pw] [regress/unittests/sshkey/testdata/ed25519_2] [regress/unittests/sshkey/testdata/ed25519_2.fp] [regress/unittests/sshkey/testdata/ed25519_2.fp.bb] [regress/unittests/sshkey/testdata/ed25519_2.pub] [regress/unittests/sshkey/testdata/pw] [regress/unittests/sshkey/testdata/rsa1_1] [regress/unittests/sshkey/testdata/rsa1_1.fp] [regress/unittests/sshkey/testdata/rsa1_1.fp.bb] [regress/unittests/sshkey/testdata/rsa1_1.param.n] [regress/unittests/sshkey/testdata/rsa1_1.pub] [regress/unittests/sshkey/testdata/rsa1_1_pw] [regress/unittests/sshkey/testdata/rsa1_2] [regress/unittests/sshkey/testdata/rsa1_2.fp] [regress/unittests/sshkey/testdata/rsa1_2.fp.bb] [regress/unittests/sshkey/testdata/rsa1_2.param.n] [regress/unittests/sshkey/testdata/rsa1_2.pub] [regress/unittests/sshkey/testdata/rsa_1] [regress/unittests/sshkey/testdata/rsa_1-cert.fp] [regress/unittests/sshkey/testdata/rsa_1-cert.pub] [regress/unittests/sshkey/testdata/rsa_1.fp] [regress/unittests/sshkey/testdata/rsa_1.fp.bb] [regress/unittests/sshkey/testdata/rsa_1.param.n] [regress/unittests/sshkey/testdata/rsa_1.param.p] [regress/unittests/sshkey/testdata/rsa_1.param.q] [regress/unittests/sshkey/testdata/rsa_1.pub] [regress/unittests/sshkey/testdata/rsa_1_pw] [regress/unittests/sshkey/testdata/rsa_2] [regress/unittests/sshkey/testdata/rsa_2.fp] [regress/unittests/sshkey/testdata/rsa_2.fp.bb] [regress/unittests/sshkey/testdata/rsa_2.param.n] [regress/unittests/sshkey/testdata/rsa_2.param.p] [regress/unittests/sshkey/testdata/rsa_2.param.q] [regress/unittests/sshkey/testdata/rsa_2.pub] [regress/unittests/sshkey/testdata/rsa_n] [regress/unittests/sshkey/testdata/rsa_n_pw] unit and fuzz tests for new key API
* - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller2014-07-021-2/+3
| | | | | | | | | | | | | | | | | | | | | | | [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
* - (djm) [Makefile.in] typo in pathDamien Miller2014-05-221-6/+6
|
* - (djm) [regress/Makefile Makefile.in]Damien Miller2014-05-151-7/+48
| | | | | | | | | | | | | | [regress/unittests/sshbuf/test_sshbuf.c [regress/unittests/sshbuf/test_sshbuf_fixed.c] [regress/unittests/sshbuf/test_sshbuf_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_misc.c] [regress/unittests/sshbuf/tests.c] [regress/unittests/test_helper/fuzz.c] [regress/unittests/test_helper/test_helper.c] Hook new unit tests into the build and "make tests"
* - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]Damien Miller2014-05-151-2/+10
| | | | [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
* - djm@cvs.openbsd.org 2014/01/29 06:18:35Damien Miller2014-02-041-3/+3
| | | | | | | [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c] [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h] [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c] remove experimental, never-enabled JPAKE code; ok markus@
* - markus@cvs.openbsd.org 2014/01/27 20:13:46Damien Miller2014-02-041-2/+2
| | | | | [digest.c digest-openssl.c digest-libc.c Makefile.in] rename digest.c to digest-openssl.c and add libc variant; ok djm@
* - markus@cvs.openbsd.org 2014/01/27 18:58:14Damien Miller2014-02-041-2/+2
| | | | | | [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] replace openssl HMAC with an implementation based on our ssh_digest_* ok and feedback djm@
* - (tim) [Makefile.in] build regress/setuid-allow.Tim Rice2014-01-311-2/+2
|
* - (dtucker) [Makefile.in] Remove trailing backslash which some makeDarren Tucker2014-01-271-2/+2
| | | | implementations (eg older Solaris) do not cope with.
* - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] MakeDamien Miller2014-01-241-1/+3
| | | | | the scp regress test actually test the built scp rather than the one in $PATH. ok dtucker@
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 12:07:16 +0100