tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,256 Commits 6 Branches 20 Tags 99 MiB
Commit Graph

24 Commits

Author SHA1 Message Date
Darren Tucker 0fa803a1dd
Prefer OpenSSL's SHA256 in sk-dummy.so 
Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be
built without OpenSSL.  In many cases, however, including both libc's
and OpenSSL's headers together caused conflicting definitions.

We tried working around this (on OpenSSL <1.1 you could define
OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with
varying levels of success.  Since OpenSSL >=1.1 removed OPENSSL_NO_SHA
and including most OpenSSL headers would bring sha.h in, even if it
wasn't used directly this was a constant hassle.

Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at
all.  ok djm@
 2023-07-27 10:30:12 +10:00
dtucker@openbsd.org b500afcf00
upstream: Remove compat code for OpenSSL 1.0.* 
versions now that -portable has dropped support for those versions.

OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7
 2023-03-28 19:03:10 +11:00
Darren Tucker 727560e601
Prevent conflicts between Solaris SHA2 and OpenSSL. 
We used to prevent conflicts between native SHA2 headers and OpenSSL's
by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0
 2023-03-28 19:03:03 +11:00
Darren Tucker 46db8e14b7
Remove HEADER_SHA_H from previous... 
since it causes more problems than it solves.
 2023-03-28 12:44:03 +11:00
Darren Tucker 72bd68d373
Replace OPENSSL_NO_SHA with HEADER_SHA_H. 
Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we
don't want to include it, but OPENSSL_NO_SHA was removed beginning in
OpenSSL's 1.1 series.
 2023-03-28 10:35:18 +11:00
Damien Miller c46f6fed41 crank SSH_SK_VERSION_MAJOR in sk-dummy.so 2022-07-20 13:39:14 +10:00
djm@openbsd.org ed45a01686 upstream: crank SSH_SK_VERSION_MAJOR to match recent change in 
usr/bin/ssh

OpenBSD-Regress-ID: 113d181c7e3305e138db9b688cdb8b0a0019e552
 2021-11-03 10:10:09 +11:00
djm@openbsd.org ccd358e1e2 upstream: avoid signedness warning; spotted in -portable 
OpenBSD-Regress-ID: 4cacc126086487c0ea7f3d86b42dec458cf0d0c6
 2021-10-29 14:25:32 +11:00
djm@openbsd.org c5de1fffa6 upstream: increment SSH_SK_VERSION_MAJOR to match last change 
OpenBSD-Regress-ID: 17873814d1cbda97f49c8528d7b5ac9cadf6ddc0
 2021-10-28 13:57:52 +11:00
Darren Tucker 7cd062c3a2 Add USE_LIBC_SHA2 for (at least) NetBSD 9. 2021-10-06 17:45:28 +11:00
Darren Tucker 639c440f6c Define OPENSSL_NO_SHA including OpenSSL from test. 
We don't use SHA256 from OpenSSL in the sk-dummy module and the
definitions can conflict with system sha2.h (eg on NetBSD) so define
OPENSSL_NO_SHA so we don't attempt to redefine them.
 2021-10-06 17:09:31 +11:00
djm@openbsd.org e3e62deb54 upstream: use libc SHA256 functions; make this work when compiled 
!WITH_OPENSSL

OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890
 2021-10-06 14:40:26 +11:00
Damien Miller 5a37cc118f fix broken OPENSSL_HAS_ECC test 
spotted by dtucker
 2021-10-06 13:16:21 +11:00
Damien Miller 16a25414f3 make sk-dummy.so work without libcrypto installed 2021-10-01 22:40:06 +10:00
djm@openbsd.org 7c2e3d6de1 upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy 
security key middleware to be directly linked; useful for writing fuzzers,
etc.

OpenBSD-Regress-ID: 0ebd00159b58ebd85e61d8270fc02f1e45df1544
 2021-01-30 11:58:38 +11:00
djm@openbsd.org bbf20ac806 upstream: adapt to SSH_SK_VERSION_MAJOR crank 
OpenBSD-Regress-ID: 0f3e76bdc8f9dbd9d22707c7bdd86051d5112ab8
 2020-09-09 13:12:29 +10:00
djm@openbsd.org 9cbbdc12cb upstream: dummy firmware needs to match API version numner crank (for 
verify-required resident keys) even though it doesn't implement this feature

OpenBSD-Regress-ID: 86579ea2891e18e822e204413d011b2ae0e59657
 2020-08-27 12:16:23 +10:00
djm@openbsd.org a01817a9f6 upstream: adapt dummy FIDO middleware to API change; ok markus@ 
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
 2020-05-01 13:13:36 +10:00
Darren Tucker 1af3354aea Wrap stdint.h in ifdef HAVE_STDINT_H. 2020-01-15 16:22:36 +11:00
djm@openbsd.org dd2acc8b86 upstream: adapt sk-dummy to SK API changes 
also, make it pull prototypes directly from sk-api.c and #error
if the expected version changes. This will make any future regress
test breakage because of SK API changes much more apparent

OpenBSD-Regress-ID: 79b07055de4feb988e31da71a89051ad5969829d
 2020-01-06 13:12:46 +11:00
djm@openbsd.org 680eb7749a upstream: implement recent SK API change to support resident keys 
and PIN prompting in the dummy middleware that we use for the tests. Should
fix breakage spotted by dtucker@

OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484
 2020-01-03 13:47:32 +11:00
Darren Tucker fa7924008e Wrap ECC specific bits in ifdef. 
Fixes tests when built against an OpenSSL configured with no-ec.
 2019-12-06 14:17:26 +11:00
Damien Miller 37f5b5346e includes.h for sk-dummy.c, dummy 2019-11-29 14:48:46 +11:00
djm@openbsd.org c6efa8a91a upstream: add dummy security key middleware based on work by 
markus@

This will allow us to test U2F/FIDO2 support in OpenSSH without
requiring real hardware.

ok markus@

OpenBSD-Regress-ID: 88b309464b8850c320cf7513f26d97ee1fdf9aae
 2019-11-27 10:47:28 +11:00