Darren Tucker
482f73be10
Include relevant env vars on command line.
...
Makes it easier to reproduce a build by cut/pasting the configure line.
2021-10-07 15:55:04 +11:00
Darren Tucker
ef5916b8ac
Only enable sk-* key types if ENABLE_SK is defined
2021-10-07 14:28:02 +11:00
Darren Tucker
52d4232b49
Disable security key on minix3.
...
The test doesn't work so disable.
2021-10-06 18:14:37 +11:00
Darren Tucker
7cd062c3a2
Add USE_LIBC_SHA2 for (at least) NetBSD 9.
2021-10-06 17:45:28 +11:00
Darren Tucker
639c440f6c
Define OPENSSL_NO_SHA including OpenSSL from test.
...
We don't use SHA256 from OpenSSL in the sk-dummy module and the
definitions can conflict with system sha2.h (eg on NetBSD) so define
OPENSSL_NO_SHA so we don't attempt to redefine them.
2021-10-06 17:09:31 +11:00
Darren Tucker
8f4be526a3
Disable security key on NetBSD4 test.
...
sk-dummy used for the security key test includes both sha2.h and OpenSSL
causing the definitions conflict so disable security key support on this
platform.
2021-10-06 15:40:58 +11:00
Damien Miller
3b353ae58a
clean regress/misc/sk-dummy in cleandir target
2021-10-06 15:07:01 +11:00
dtucker@openbsd.org
57680a2ab4
upstream: Dynamically allocate encoded HashKnownHosts and free as
...
appropriate. Saves 1k of static storage and prevents snprintf "possible
truncation" warnings from newer compilers (although in this case it's false
positive since the actual sizes are limited by the output size of the SHA1).
ok djm@
OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4
2021-10-06 14:40:32 +11:00
djm@openbsd.org
e3e62deb54
upstream: use libc SHA256 functions; make this work when compiled
...
!WITH_OPENSSL
OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890
2021-10-06 14:40:26 +11:00
dtucker@openbsd.org
12937d8670
upstream: Add test for ssh hashed known_hosts handling.
...
OpenBSD-Regress-ID: bcef3b3cd5a1ad9899327b4b2183de2541aaf9cf
2021-10-06 14:39:32 +11:00
Damien Miller
5a37cc118f
fix broken OPENSSL_HAS_ECC test
...
spotted by dtucker
2021-10-06 13:16:21 +11:00
Damien Miller
16a25414f3
make sk-dummy.so work without libcrypto installed
2021-10-01 22:40:06 +10:00
Damien Miller
dee22129bb
make OPENSSL_HAS_ECC checks more thorough
...
ok dtucker
2021-10-01 16:36:24 +10:00
Damien Miller
872595572b
fix FIDO key support for !OPENSSL_HAS_ECC case
...
ok dtucker
2021-10-01 16:36:24 +10:00
Damien Miller
489741dc68
enable security key support for --without-openssl
2021-10-01 16:36:24 +10:00
Damien Miller
c978565c85
need stdlib.h for free(3)
2021-10-01 16:36:24 +10:00
dtucker@openbsd.org
76a398edfb
upstream: Fix up whitespace left by previous
...
change removing privsep. No other changes.
OpenBSD-Regress-ID: 87adec225d8afaee4d6a91b2b71203f52bf14b15
2021-10-01 14:55:12 +10:00
dtucker@openbsd.org
ddcb53b7a7
upstream: Remove references to privsep.
...
This removes several do..while loops but does not change the
indentation of the now-shallower loops, which will be done in a separate
whitespace-only commit to keep changes of style and substance separate.
OpenBSD-Regress-ID: 4bed1a0249df7b4a87c965066ce689e79472a8f7
2021-10-01 14:55:12 +10:00
dtucker@openbsd.org
ece2fbe486
upstream: Use "skip" instead of "fatal"
...
if SUDO isn't set for the *-command tests. This means running "make tests"
without SUDO set will perform all of the tests that it can instead of
failing on the ones it cannot run.
OpenBSD-Regress-ID: bd4dbbb02f34b2e8c890558ad4a696248def763a
2021-10-01 14:55:12 +10:00
djm@openbsd.org
bb754b470c
upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds;
...
ok dtucker@
OpenBSD-Commit-ID: 6323a5241728626cbb2bf0452cf6a5bcbd7ff709
2021-10-01 14:53:24 +10:00
Darren Tucker
207648d7a6
Include stdlib.h for arc4random_uniform prototype.
2021-09-29 20:03:58 +10:00
Darren Tucker
696aadc854
Look for clang after cc and gcc.
2021-09-29 20:00:30 +10:00
Darren Tucker
a3c6375555
Use backticks instead of $(..) for portability.
...
Older shells (eg /bin/sh on Solaris 10) don't support $() syntax.
2021-09-29 19:30:59 +10:00
Darren Tucker
958aaa0387
Skip file-based tests by default on Mac OS.
...
The file-based tests need OpenSSL so skip them.
2021-09-29 18:53:32 +10:00
Darren Tucker
55c8bdf6e9
Build without OpenSSL on Mac OS.
...
Modern versions don't ship enough libcrypto to build against.
2021-09-29 18:42:47 +10:00
Darren Tucker
c9172193ea
Remove TEST_SSH_ECC.
...
Convert the only remaining user of it to runtime detection using ssh -Q.
2021-09-29 18:33:38 +10:00
Darren Tucker
5e6d28b787
Split c89 test openssl setting out.
2021-09-29 17:48:09 +10:00
Darren Tucker
c4ac7f98e2
Expand TEST_SHELL consistently with other vars.
2021-09-29 17:40:50 +10:00
Darren Tucker
cfe5f7b0eb
Replace `pwd` with make variable in regress cmd.
2021-09-29 17:26:50 +10:00
Darren Tucker
899be59da5
Get BUILDDIR from autoconf.
...
Use this to replace `pwd`s in regress test command line.
2021-09-29 17:14:33 +10:00
Darren Tucker
c8d92d3d4f
Add make clean step to tests.
2021-09-29 13:28:56 +10:00
Darren Tucker
360fb41ef8
Test all available clang and gcc versions.
2021-09-29 12:05:50 +10:00
djm@openbsd.org
4fb49899d7
upstream: Test certificate hostkeys held in ssh-agent too. Would have
...
caught regression fixed in sshd r1.575
ok markus@
OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed
2021-09-29 11:35:18 +10:00
djm@openbsd.org
ce4854e12e
upstream: add some debug output showing how many key file/command lines
...
were processed. Useful to see whether a file or command actually has keys
present
OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c
2021-09-29 11:35:11 +10:00
dtucker@openbsd.org
15abdd5235
upstream: Make prototype for rijndaelEncrypt match function
...
including the bounds. Fixes error in portable where GCC>=11 takes notice of
the bounds. ok deraadt@
OpenBSD-Commit-ID: cdd2f05fd1549e1786a70871e513cf9e9cf099a6
2021-09-29 11:09:27 +10:00
dtucker@openbsd.org
d1d29ea1d1
upstream: Import regenerated moduli.
...
OpenBSD-Commit-ID: 4bec5db13b736b64b06a0fca704cbecc2874c8e1
2021-09-29 11:00:50 +10:00
Darren Tucker
39f2111b1d
Add new compiler hardening flags.
...
Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of
compiler hardening flags that configure checks for. These are supported
by clang and gcc, and make ROP gadgets less useful and mitigate
stack-based infoleaks respectively. ok djm@
2021-09-29 10:53:55 +10:00
Damien Miller
bf944e3794
initgroups needs grp.h
2021-09-27 00:03:19 +10:00
djm@openbsd.org
8c5b565514
upstream: openssh-8.8
...
OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4
2021-09-27 00:03:12 +10:00
djm@openbsd.org
f3cbe43e28
upstream: need initgroups() before setresgid(); reported by anton@,
...
ok deraadt@
OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
2021-09-27 00:02:42 +10:00
Damien Miller
8acaff41f7
update version numbers for release
2021-09-26 22:16:36 +10:00
kn@openbsd.org
d39039ddc0
upstream: RSA/SHA-1 is not used by default anymore
...
OK dtucker deraadt djm
OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6
2021-09-26 21:13:28 +10:00
Darren Tucker
9b2ee74e3a
Move the fgrep replacement to hostkey-rotate.sh.
...
The fgrep replacement for buggy greps doesn't work in the sftp-glob test
so move it to just where we know it's needed.
2021-09-24 11:08:03 +10:00
Darren Tucker
f703954157
Replacement function for buggy fgrep.
...
GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will
occasionally fail to find ssh host keys in the hostkey-rotate test.
If we have those versions, use awk instead.
2021-09-24 08:06:48 +10:00
David Manouchehri
f6a660e5bf
Don't prompt for yes/no questions.
2021-09-24 07:52:04 +10:00
djm@openbsd.org
7ed1a3117c
upstream: fix missing -s in SYNOPSYS and usage() as well as a
...
capitalisation mistake; spotted by jmc@
OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710
2021-09-21 08:06:09 +10:00
dtucker@openbsd.org
8c07170135
upstream: Fix "Allocated port" debug message
...
for unix domain sockets. From peder.stray at gmail.com via github PR#272,
ok deraadt@
OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e
2021-09-20 14:31:57 +10:00
djm@openbsd.org
277d3c6adf
upstream: Switch scp back to use the old protocol by default, ahead of
...
release. We'll wait a little longer for people to pick up sftp-server(8) that
supports the extension that scp needs for ~user paths to continue working in
SFTP protocol mode. Discussed with deraadt@
OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871
2021-09-20 12:03:17 +10:00
djm@openbsd.org
ace19b34cc
upstream: better error message for ~user failures when the
...
sftp-server lacks the expand-path extension; ok deraadt@
OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc
2021-09-19 17:21:59 +10:00
djm@openbsd.org
6b1238ba97
upstream: make some more scp-in-SFTP mode better match Unix idioms
...
suggested by deraadt@
OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87
2021-09-19 17:21:59 +10:00