abe2b245b3
prefer libcrypto chacha20-poly1305 where possible
2020-04-03 17:26:29 +11:00
0eaca933ae
Include fido.h when checking for fido/credman.h.
...
It's required for fido_dev_t, otherwise configure fails with
when given --with-security-key-builtin.
2020-03-14 20:58:46 +11:00
d081f017c2
upstream: spelling errors in comments; no code change from
...
OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
2020-03-14 19:39:09 +11:00
d4860ec4ef
Check if getpeereid is actually declared.
...
Check in sys/socket.h (AIX) and unistd.h (FreeBSD, DragonFLy and OS X).
Prevents undeclared function warning on at least some versions of AIX.
2020-02-17 22:48:50 +11:00
849a9b8714
Don't look for UINT32_MAX in inttypes.h
...
... unless we are actually going to use it. Fixes build on HP-UX
without the potential impact to other platforms of a header change
shortly before release.
2020-02-06 12:21:49 +11:00
bb63ff844e
Look in inttypes.h for UINT32_MAX.
...
Should prevent warnings on at least some AIX versions.
2020-01-30 18:54:42 +11:00
638a45b5c1
Wrap stdint.h in tests inside HAVE_STDINT_H.
2020-01-26 14:05:40 +11:00
633a2af47e
Plumb WITH_ZLIB into configure.
...
This allows zlib support to be disabled by ./configure --without-zlib.
2020-01-23 22:16:51 +11:00
0c428c0e99
configure.ac: fix ldns test
...
When running ./configure --with-ldns, if ldns-config cannot be found, we
add -Iyes/include to CPPFLAGS and -Lyes/lib to LDFLAGS. Fix that.
2020-01-21 10:46:11 +11:00
e0cedcad51
Improve search for 'struct timespec'.
...
Make struct timespec test consistent with existing timeval test.
Include time.h for timespec in compat header where required.
2020-01-14 14:28:01 +11:00
26b2675b0c
Remove configure test & compat code for ripemd160.
...
RIPEMD160 support was removed upstream in 2017, however we still had
a configure test and compat code for it, so clean those up now.
2020-01-14 12:05:00 +11:00
633778d567
only link ssh-sk-helper against libfido2
2019-12-14 08:40:58 +11:00
afffd31036
Check if memmem is declared in system headers.
...
If the system (or one of the dependencies) implements memmem but does
not define the header, we would not declare it either resulting in
compiler warnings. Check for declaration explicitly. bz#3102.
2019-12-11 13:22:06 +11:00
443848155f
compile sk-dummy.so with no-PIE version of LDFLAGS
...
This lets it pick up the -L path to libcrypto for example.
2019-11-29 15:10:21 +11:00
b218055e59
(yet) another x-platform fix for sk-dummy.so
...
Check for -fPIC support from compiler
Compile libopenbsd-compat -fPIC
Don't mix -fPIE and -fPIC when compiling
2019-11-29 12:32:23 +11:00
6cf1c40096
Enable -Wimplicit-fallthrough if supported
...
Suggested by djm.
2019-11-18 14:14:18 +11:00
39b87104cd
Add wrappers for other ultrix headers.
...
Wrappers protect against multiple inclusions for headers that don't do
it themselves.
2019-11-15 18:56:54 +11:00
9c6d0a3a1e
Remove ultrix realpath hack.
2019-11-15 17:13:19 +11:00
5c0bc273cb
configure flag to built-in security key support
...
Require --with-security-key-builtin before enabling the built-in
security key support (and consequent dependency on libfido2).
2019-11-15 16:08:00 +11:00
63a5b24f2d
don't fatal if libfido2 not found
...
spotted by dtucker@
2019-11-15 11:21:49 +11:00
6bff9521ab
upstream: directly support U2F/FIDO2 security keys in OpenSSH by
...
linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.
OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-15 09:57:30 +11:00
382c18c20c
statfs might be defined in sys/mount.h.
...
eg on old NetBSDs.
2019-11-03 00:09:21 +11:00
f5cc5816aa
Only enable U2F if OpenSSL supports ECC.
...
This requires moving the U2F bits to below the OpenSSL parts so we have
the required information. ok djm@
2019-11-02 16:39:38 +11:00
9cac151c2d
Add flags needed to build and work on Ultrix.
2019-11-01 18:27:37 +11:00
0e3c5bc509
Hook up fnmatch for platforms that don't have it.
2019-11-01 18:27:37 +11:00
79d46de9fb
Use sftp_realpath if no native realpath.
2019-11-01 18:27:37 +11:00
bb4f003ed8
Configure flags for haiku from haikuports.
...
Should build with the default flags with ./configure
2019-11-01 15:06:16 +11:00
764d51e044
autoconf pieces for U2F support
...
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
2019-11-01 13:35:34 +11:00
1bcd1169c5
Add implementation of localtime_r.
2019-10-29 20:48:46 +11:00
d561b0b2fa
Make sure we have struct statfs before using.
2019-10-28 16:27:53 +11:00
2912596aec
Define UINT32_MAX if needed.
2019-10-28 16:27:53 +11:00
9239a18f96
Add a function call stackprotector tests.
...
Including a function call in the test programs for the gcc stack
protector flag tests exercises more of the compiler and makes it more
likely it'll detect problems.
2019-10-24 14:39:49 +11:00
e0e7e3d0e2
tweak warning flags
...
Enable -Wextra if compiler supports it
Set -Wno-error=format-truncation if available to prevent expected
string truncations in openbsd-compat from breaking -Werror builds
2019-08-30 14:26:19 +10:00
28744182cf
proc_pidinfo()-based closefrom() for OS X
...
Refactor closefrom() to use a single brute-force close() loop fallback.
Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
2019-08-30 13:23:04 +10:00
11cba2a452
Re-apply portability changes to current sha2.{c,h}.
...
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
I imported the current versions directly then re-applied the portability
changes. This also allowed re-syncing digest-libc.c against upstream.
2019-07-23 22:06:24 +10:00
45478898f9
Hook memmem compat code into build.
...
This fixes builds on platforms that don't have it (at least old DragonFly,
probably others).
2019-07-16 09:21:20 +10:00
8729498a5d
fix typo that prevented detection of Linux VRF
...
Reported by hexiaowen AT huawei.com
2019-07-10 09:43:19 +10:00
4efe1adf05
remove realpath() compat replacement
...
We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.
OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.
ok dtucker@
2019-07-08 13:38:39 +10:00
6fd4aa2aaf
Fix typo in man page formatter selector.
2019-05-15 16:19:14 +10:00
285546b73e
Use "doc" man page format if mandoc present.
...
Previously configure would not select the "doc" man page format if
mandoc was present but nroff was not. This checks for mandoc first
and removes a now-superflous AC_PATH_PROG. Based on a patch from
vehk at vehk.de and feedback from schwarze at usta.de.
2019-05-10 15:04:42 +10:00
34e87fb5d9
Remove unused variables from RLIMIT_NOFILE test.
2019-04-30 12:27:57 +10:00
c882d74652
Allow building against OpenSSL dev (3.x) version.
2019-01-22 20:38:40 +11:00
2f0bad2bf8
Make --with-rpath take a flag instead of yes/no.
...
Linkers need various flags for -rpath and similar, so make --with-rpath
take an optional flag argument which is passed to the linker. ok djm@
2019-01-21 21:28:27 +11:00
e2cb445d78
conditionalise ECDSA PKCS#11 support
...
Require EC_KEY_METHOD support in libcrypto, evidenced by presence
of EC_KEY_METHOD_new() function.
2019-01-21 11:32:28 +11:00
c90a7928c4
Check for cc before gcc.
...
If cc is something other than gcc and is the system compiler prefer using
that, unless otherwise told via $CC. ok djm@
2019-01-21 09:22:36 +11:00
a6258e5dc3
Add minimal fchownat and fchmodat implementations.
...
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18 11:09:01 +11:00
091093d258
Add a minimal implementation of utimensat().
...
Some systems (eg older OS X) do not have utimensat, so provide minimal
implementation in compat layer. Fixes build on at least El Capitan.
2019-01-18 10:16:11 +11:00
98f878d227
Improve OpenSSL_add_all_algorithms check.
...
OpenSSL_add_all_algorithms() may be a macro so check for that too.
2018-11-25 14:05:08 +11:00
28c7b2cd05
fix configure test for OpenSSL version
...
square brackets in case statements may be eaten by autoconf.
Report and fix from Filipp Gunbin; tweaked by naddy@
2018-11-23 10:45:20 +11:00
42c5ec4b97
refactor libcrypto initialisation
...
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
2018-11-23 10:42:05 +11:00
Damien Miller
Darren Tucker
djm@openbsd.org
Ruben Kerkhof