4d2cbdb525
Include string.h and stdio.h for strerror.
2021-10-15 12:59:06 +11:00
fff13aaa26
Include error reason if trace disabling fails.
2021-10-15 12:43:36 +11:00
d4b38144c0
Add tcmalloc test target.
2021-10-12 23:01:40 +11:00
002d65b0a3
upstream: Document that CASignatureAlgorithms, ExposeAuthInfo and
...
PubkeyAuthOptions can be used in a Match block. Patch from eehakkin via
github PR#277.
OpenBSD-Commit-ID: c0a63f5f52e918645967ac022b28392da4b866aa
2021-10-09 22:01:49 +11:00
40bd3709dd
Skip SK unit tests when built without security-key
2021-10-07 15:55:49 +11:00
482f73be10
Include relevant env vars on command line.
...
Makes it easier to reproduce a build by cut/pasting the configure line.
2021-10-07 15:55:04 +11:00
ef5916b8ac
Only enable sk-* key types if ENABLE_SK is defined
2021-10-07 14:28:02 +11:00
52d4232b49
Disable security key on minix3.
...
The test doesn't work so disable.
2021-10-06 18:14:37 +11:00
7cd062c3a2
Add USE_LIBC_SHA2 for (at least) NetBSD 9.
2021-10-06 17:45:28 +11:00
639c440f6c
Define OPENSSL_NO_SHA including OpenSSL from test.
...
We don't use SHA256 from OpenSSL in the sk-dummy module and the
definitions can conflict with system sha2.h (eg on NetBSD) so define
OPENSSL_NO_SHA so we don't attempt to redefine them.
2021-10-06 17:09:31 +11:00
8f4be526a3
Disable security key on NetBSD4 test.
...
sk-dummy used for the security key test includes both sha2.h and OpenSSL
causing the definitions conflict so disable security key support on this
platform.
2021-10-06 15:40:58 +11:00
3b353ae58a
clean regress/misc/sk-dummy in cleandir target
2021-10-06 15:07:01 +11:00
57680a2ab4
upstream: Dynamically allocate encoded HashKnownHosts and free as
...
appropriate. Saves 1k of static storage and prevents snprintf "possible
truncation" warnings from newer compilers (although in this case it's false
positive since the actual sizes are limited by the output size of the SHA1).
ok djm@
OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4
2021-10-06 14:40:32 +11:00
e3e62deb54
upstream: use libc SHA256 functions; make this work when compiled
...
!WITH_OPENSSL
OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890
2021-10-06 14:40:26 +11:00
12937d8670
upstream: Add test for ssh hashed known_hosts handling.
...
OpenBSD-Regress-ID: bcef3b3cd5a1ad9899327b4b2183de2541aaf9cf
2021-10-06 14:39:32 +11:00
5a37cc118f
fix broken OPENSSL_HAS_ECC test
...
spotted by dtucker
2021-10-06 13:16:21 +11:00
16a25414f3
make sk-dummy.so work without libcrypto installed
2021-10-01 22:40:06 +10:00
dee22129bb
make OPENSSL_HAS_ECC checks more thorough
...
ok dtucker
2021-10-01 16:36:24 +10:00
872595572b
fix FIDO key support for !OPENSSL_HAS_ECC case
...
ok dtucker
2021-10-01 16:36:24 +10:00
489741dc68
enable security key support for --without-openssl
2021-10-01 16:36:24 +10:00
c978565c85
need stdlib.h for free(3)
2021-10-01 16:36:24 +10:00
76a398edfb
upstream: Fix up whitespace left by previous
...
change removing privsep. No other changes.
OpenBSD-Regress-ID: 87adec225d8afaee4d6a91b2b71203f52bf14b15
2021-10-01 14:55:12 +10:00
ddcb53b7a7
upstream: Remove references to privsep.
...
This removes several do..while loops but does not change the
indentation of the now-shallower loops, which will be done in a separate
whitespace-only commit to keep changes of style and substance separate.
OpenBSD-Regress-ID: 4bed1a0249df7b4a87c965066ce689e79472a8f7
2021-10-01 14:55:12 +10:00
ece2fbe486
upstream: Use "skip" instead of "fatal"
...
if SUDO isn't set for the *-command tests. This means running "make tests"
without SUDO set will perform all of the tests that it can instead of
failing on the ones it cannot run.
OpenBSD-Regress-ID: bd4dbbb02f34b2e8c890558ad4a696248def763a
2021-10-01 14:55:12 +10:00
bb754b470c
upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds;
...
ok dtucker@
OpenBSD-Commit-ID: 6323a5241728626cbb2bf0452cf6a5bcbd7ff709
2021-10-01 14:53:24 +10:00
207648d7a6
Include stdlib.h for arc4random_uniform prototype.
2021-09-29 20:03:58 +10:00
696aadc854
Look for clang after cc and gcc.
2021-09-29 20:00:30 +10:00
a3c6375555
Use backticks instead of $(..) for portability.
...
Older shells (eg /bin/sh on Solaris 10) don't support $() syntax.
2021-09-29 19:30:59 +10:00
958aaa0387
Skip file-based tests by default on Mac OS.
...
The file-based tests need OpenSSL so skip them.
2021-09-29 18:53:32 +10:00
55c8bdf6e9
Build without OpenSSL on Mac OS.
...
Modern versions don't ship enough libcrypto to build against.
2021-09-29 18:42:47 +10:00
c9172193ea
Remove TEST_SSH_ECC.
...
Convert the only remaining user of it to runtime detection using ssh -Q.
2021-09-29 18:33:38 +10:00
5e6d28b787
Split c89 test openssl setting out.
2021-09-29 17:48:09 +10:00
c4ac7f98e2
Expand TEST_SHELL consistently with other vars.
2021-09-29 17:40:50 +10:00
cfe5f7b0eb
Replace `pwd` with make variable in regress cmd.
2021-09-29 17:26:50 +10:00
899be59da5
Get BUILDDIR from autoconf.
...
Use this to replace `pwd`s in regress test command line.
2021-09-29 17:14:33 +10:00
c8d92d3d4f
Add make clean step to tests.
2021-09-29 13:28:56 +10:00
360fb41ef8
Test all available clang and gcc versions.
2021-09-29 12:05:50 +10:00
4fb49899d7
upstream: Test certificate hostkeys held in ssh-agent too. Would have
...
caught regression fixed in sshd r1.575
ok markus@
OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed
2021-09-29 11:35:18 +10:00
ce4854e12e
upstream: add some debug output showing how many key file/command lines
...
were processed. Useful to see whether a file or command actually has keys
present
OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c
2021-09-29 11:35:11 +10:00
15abdd5235
upstream: Make prototype for rijndaelEncrypt match function
...
including the bounds. Fixes error in portable where GCC>=11 takes notice of
the bounds. ok deraadt@
OpenBSD-Commit-ID: cdd2f05fd1549e1786a70871e513cf9e9cf099a6
2021-09-29 11:09:27 +10:00
d1d29ea1d1
upstream: Import regenerated moduli.
...
OpenBSD-Commit-ID: 4bec5db13b736b64b06a0fca704cbecc2874c8e1
2021-09-29 11:00:50 +10:00
39f2111b1d
Add new compiler hardening flags.
...
Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of
compiler hardening flags that configure checks for. These are supported
by clang and gcc, and make ROP gadgets less useful and mitigate
stack-based infoleaks respectively. ok djm@
2021-09-29 10:53:55 +10:00
bf944e3794
initgroups needs grp.h
2021-09-27 00:03:19 +10:00
8c5b565514
upstream: openssh-8.8
...
OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4
2021-09-27 00:03:12 +10:00
f3cbe43e28
upstream: need initgroups() before setresgid(); reported by anton@,
...
ok deraadt@
OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
2021-09-27 00:02:42 +10:00
8acaff41f7
update version numbers for release
2021-09-26 22:16:36 +10:00
d39039ddc0
upstream: RSA/SHA-1 is not used by default anymore
...
OK dtucker deraadt djm
OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6
2021-09-26 21:13:28 +10:00
9b2ee74e3a
Move the fgrep replacement to hostkey-rotate.sh.
...
The fgrep replacement for buggy greps doesn't work in the sftp-glob test
so move it to just where we know it's needed.
2021-09-24 11:08:03 +10:00
f703954157
Replacement function for buggy fgrep.
...
GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will
occasionally fail to find ssh host keys in the hostkey-rotate test.
If we have those versions, use awk instead.
2021-09-24 08:06:48 +10:00
f6a660e5bf
Don't prompt for yes/no questions.
2021-09-24 07:52:04 +10:00
Darren Tucker
dtucker@openbsd.org
Damien Miller
djm@openbsd.org
kn@openbsd.org
David Manouchehri