tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,684 Commits 7 Branches 18 Tags 96 MiB
Commit Graph

604 Commits

Author SHA1 Message Date
Damien Miller bc42cc6fe7 kludge around tun API mismatch betterer 2015-01-15 03:08:29 +11:00
Damien Miller 0cdc5a3eb6 unbreak across API change 2015-01-15 02:35:33 +11:00
Damien Miller 72ef7c148c support --without-openssl at configure time 
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
 2015-01-15 02:28:36 +11:00
Damien Miller 81bfbd0bd3 support --without-openssl at configure time 
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
 2015-01-14 21:48:18 +11:00
Damien Miller 462082eacb avoid uninitialised free of ldns_res 
If an invalid rdclass was passed to getrrsetbyname() then
this would execute a free on an uninitialised pointer.
OpenSSH only ever calls this with a fixed and valid rdclass.

Reported by Joshua Rogers
 2014-12-30 08:16:11 +11:00
Damien Miller 01b6349880 pull updated OpenBSD BCrypt PBKDF implementation 
Includes fix for 1 byte output overflow for large key length
requests (not reachable in OpenSSH).

Pointed out by Joshua Rogers
 2014-12-29 18:10:18 +11:00
Damien Miller 7de5991aa3 upstream libc change 
revision 1.2
date: 2014/12/08 03:45:00;  author: bcook;  state: Exp;  lines: +2 -2;  commitid: 7zWEBgJJOCZ2hvTV;
avoid left shift overflow in reallocarray.

Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting
1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with
(size_t)1 so that we get the correct constant size for the platform.

discussed with tedu@ & deraadt@
 2014-12-18 11:44:06 +11:00
Darren Tucker 642652d280 Add reallocarray to compat library 2014-12-10 01:32:23 +11:00
Damien Miller 703b98a267 - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c] 
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
   _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
   ok dtucker@
 2014-10-01 09:43:07 +10:00
Damien Miller 2a8699f37c - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG 2014-09-04 03:46:05 +10:00
Damien Miller d7c81e216a - (djm) [openbsd-compat/openssl-compat.h] add include guard 2014-08-30 04:18:28 +10:00
Damien Miller 51c77e2922 - (djm) [openbsd-compat/openssl-compat.h] add 
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
 2014-08-30 02:30:30 +10:00
Damien Miller 3d673d103b - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero() 
using memset_s() where possible; improve fallback to indirect bzero
   via a volatile pointer to give it more of a chance to avoid being
   optimised away.
 2014-08-27 06:32:01 +10:00
Damien Miller 4d69aeabd6 - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/ 
definition mismatch) and warning for broken/missing snprintf case.
 2014-08-22 17:48:27 +10:00
Darren Tucker 5573171352 - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits 
needed to build AES CTR mode against OpenSSL 0.9.8f and above.  ok djm
 2014-07-21 02:24:59 +10:00
Tim Rice 74e2868271 - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used 
in servconf.h.
 2014-07-18 20:00:11 -07:00
Damien Miller 8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21 
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
 2014-07-02 15:28:02 +10:00
Darren Tucker 316fac6f18 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h} 
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
   Move the OpenSSL header/library version test into its own function and add
   tests for it. Fix it to allow fix version upgrades (but not downgrades).
   Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
   ok djm@ chl@
 2014-06-17 23:06:07 +10:00
Darren Tucker eb012ac581 - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an 
assigment that might get optimized out.  ok djm@
 2014-06-11 13:10:00 +10:00
Damien Miller 6482d90a65 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] 
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
         separation user at runtime, since it may need to be a domain account.
            Patch from Corinna Vinschen.
 2014-05-27 14:34:42 +10:00
Darren Tucker 4a20959d2e - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat 
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
 2014-02-13 16:38:32 +11:00
Darren Tucker 8d36f9ac71 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL 
before freeing since free(NULL) is a no-op.  ok djm.
 2014-02-06 10:44:13 +11:00
Damien Miller bf7e0f03be - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o 2014-02-04 11:37:50 +11:00
Damien Miller 1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19 
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
 2014-02-04 11:18:20 +11:00
Damien Miller ee87838786 - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a 
platform that is expected to use the reuse-argv style setproctitle
   hack surprises us by providing a setproctitle in libc; ok dtucker
 2014-01-22 16:30:15 +11:00
Darren Tucker 1411c9263f - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function 
declarations that stopped being included when we stopped including
   <windows.h> from openbsd-compat/bsd-cygwin_util.h.  Patch from vinschen at
   redhat.com.
 2014-01-18 21:03:59 +11:00
Darren Tucker 5055699c7f - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we 
need them to cut down on the name collisions.
 2014-01-17 18:48:22 +11:00
Darren Tucker a5cf1e220d - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c 
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
   to be useful (and for the regression tests to pass) on platforms that
   have statfs and fstatfs.  ok djm@
 2014-01-17 18:10:58 +11:00
Darren Tucker 1357d71d7b - (dtucker) Fix typo in #ifndef. 2014-01-17 18:00:40 +11:00
Darren Tucker d23a91ffb2 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c 
openbsd-compat/openssl-compat.h]  Add compatibility layer for older
   openssl versions.  ok djm@
 2014-01-17 17:32:30 +11:00
Darren Tucker c3ed065ce8 - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside 
#ifdef HAVE_STDINT_H.
 2014-01-17 14:18:45 +11:00
Damien Miller 7e6e42fb53 - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna 
Vinschen
 2013-12-08 08:23:08 +11:00
Damien Miller f104da263d - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in] 
[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
       Linux
 2013-12-07 12:37:53 +11:00
Damien Miller 1ff130dac9 - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c] 
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
   [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
   portable.
 2013-12-07 11:51:51 +11:00
Darren Tucker 8c333ec23b - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile 
warnings.
 2013-11-08 21:12:58 +11:00
Darren Tucker ccdb9bec46 - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of 
arc4random_stir for platforms that have arc4random but don't have
   arc4random_stir (right now this is only OpenBSD -current).
 2013-11-08 18:54:38 +11:00
Darren Tucker 710f374735 - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd 
vsnprintf.  From eric at openbsd via chl@.
 2013-11-03 17:20:34 +11:00
Darren Tucker d527704523 - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep. 
From OpenSMTPD where it prevents "implicit declaration" warnings (it's
   a no-op in OpenSSH).  From chl at openbsd.
 2013-11-03 16:30:46 +11:00
Damien Miller 720711960b - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c] 
[openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
   implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
   tested tim@
 2013-10-09 10:44:47 +11:00
Damien Miller 9159310087 - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull 
in OpenBSD implementation of arc4random, shortly to replace the existing
   bsd-arc4random.c
 2013-10-09 10:42:32 +11:00
Damien Miller 43968a8e66 - (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits 
until we have configure support.
 2013-08-28 14:00:54 +10:00
Damien Miller 04be8b9e53 - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the 
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
   start to use them in the future.
 2013-08-28 12:49:43 +10:00
Darren Tucker f3ab2c5f9c - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support 
for building with older Heimdal versions.  ok djm.
 2013-08-04 21:48:41 +10:00
Darren Tucker ae133d4b31 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for 
platforms that don't have multibyte character support (specifically,
    mblen).
 2013-06-06 08:30:20 +10:00
Darren Tucker f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c 
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
 2013-06-02 08:07:31 +10:00
Darren Tucker c0c3373216 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to 
using openssl's DES_crpyt function on platorms that don't have a native
   one, eg Android.  Based on a patch from Nathan Osman.
 2013-06-02 06:28:03 +10:00
Darren Tucker efdf534214 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null 
implementation of endgrent for platforms that don't have it (eg Android).
    Loosely based on a patch from Nathan Osman, ok djm
 2013-05-30 08:29:08 +10:00
Darren Tucker 8654dd2d73 - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits. 2013-05-17 16:03:48 +10:00
Darren Tucker e194ba4111 - (dtucker) [configure.ac readconf.c servconf.c 
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
 2013-05-16 20:47:31 +10:00
Darren Tucker 0abfb559e3 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c 
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
  in to use it when we're using our own getopt.
 2013-05-10 18:08:49 +10:00