| #
1fe4d70d |
| 25-Feb-2021 |
djm@openbsd.org |
upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
but me.
OpenBSD-Regress-ID: cad
upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
but me.
OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9
show more ...
|
| #
3a923129 |
| 09-Jan-2021 |
dtucker@openbsd.org |
upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize
options which provide more fine grained MaxStartups limits. Man page help
jmc@, feedback & ok djm@
OpenBSD-Commit-I
upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize
options which provide more fine grained MaxStartups limits. Man page help
jmc@, feedback & ok djm@
OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b
show more ...
|
| #
d9a2bc71 |
| 09-Jan-2021 |
dtucker@openbsd.org |
upstream: Move address handling functions out into their own file
in order to reuse them for per-source maxstartups limiting. Supplement with
some additional functions from djm's flowto
upstream: Move address handling functions out into their own file
in order to reuse them for per-source maxstartups limiting. Supplement with
some additional functions from djm's flowtools that we'll also need. ok djm@
(as part of a larger diff).
OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf
show more ...
|
| #
2c71cec0 |
| 28-Dec-2020 |
djm@openbsd.org |
upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tiny
upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are
disabled by default)
OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
show more ...
|
|
Revision tags: V_8_4_P1 |
|
| #
a2f3ae38 |
| 05-Sep-2020 |
Sebastian Andrzej Siewior |
Move the local m4 macros
The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is
present.
Move the current aclocal.m4 which contains local macros into the m4/
fol
Move the local m4 macros
The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is
present.
Move the current aclocal.m4 which contains local macros into the m4/
folder. With this change the aclocal.m4 will be re-created during
changes to the m4/ macro.
This is needed so the `aclocal' can fetch m4 macros from the system if
they are references in the configure script. This is a prerequisite to
use PKG_CHECK_MODULES.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
show more ...
|
| #
eaf8672b |
| 20-Aug-2020 |
Darren Tucker |
Remove check for 'ent' command.
It was added in 8d1fd57a9 for measuring entropy of ssh_prng_cmds which
has long since been removed and there are no other references to it.
|
| #
976c4f86 |
| 26-Jun-2020 |
djm@openbsd.org |
upstream: avoid spurious error message when ssh-keygen creates files
outside ~/.ssh; with dtucker@
OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08
|
| #
80610e97 |
| 19-Jun-2020 |
Darren Tucker |
Hook sshsig tests up to Portable Makefiles.
|
|
Revision tags: V_8_3_P1 |
|
| #
08ce6b22 |
| 12-May-2020 |
Darren Tucker |
Skip building sk-dummy library if no SK support.
|
| #
102d106b |
| 12-May-2020 |
Damien Miller |
explicitly manage .depend and .depend.bak
Bring back removal of .depend to give the file a known state before
running makedepend, but manually move aside the current .depend file
and
explicitly manage .depend and .depend.bak
Bring back removal of .depend to give the file a known state before
running makedepend, but manually move aside the current .depend file
and restore it as .depend.bak afterwards so the stale .depend check
works as expected.
show more ...
|
| #
7c0bbed9 |
| 12-May-2020 |
Damien Miller |
revert removal of .depend before makedepend
Commit 83657eac4 started removing .depend before running makedepend
to reset the contents of .depend to a known state. Unfortunately
this
revert removal of .depend before makedepend
Commit 83657eac4 started removing .depend before running makedepend
to reset the contents of .depend to a known state. Unfortunately
this broke the depend-check step as now .depend.bak would only ever
be created as an empty file.
ok dtucker
show more ...
|
| #
83657eac |
| 02-May-2020 |
Darren Tucker |
Remove use of tail for 'make depend'.
Not every tail supports +N and we can do with out it so just remove it.
Prompted by mforney at mforney.org.
|
| #
cecde6a4 |
| 21-Apr-2020 |
Darren Tucker |
Put the values from env vars back.
This merges the values from the recently removed environment into make's
command line arguments since we actually need those.
|
| #
300c4322 |
| 21-Apr-2020 |
Darren Tucker |
Pass configure's egrep through to test-exec.sh.
Use it to create a wrapper function to call it from tests. Fixes the
keygen-comment test on platforms with impoverished default egrep (eg
Pass configure's egrep through to test-exec.sh.
Use it to create a wrapper function to call it from tests. Fixes the
keygen-comment test on platforms with impoverished default egrep (eg
Solaris).
show more ...
|
| #
c8d9796c |
| 21-Apr-2020 |
Darren Tucker |
Remove unneeded env vars from t-exec invocation.
|
| #
abe2b245 |
| 03-Apr-2020 |
Damien Miller |
prefer libcrypto chacha20-poly1305 where possible
|
|
Revision tags: V_8_2_P1 |
|
| #
99aa8035 |
| 25-Jan-2020 |
djm@openbsd.org |
upstream: factor out reading/writing sshbufs to dedicated
functions; feedback and ok markus@
OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
|
| #
633778d5 |
| 13-Dec-2019 |
Damien Miller |
only link ssh-sk-helper against libfido2
|
| #
7b47b40b |
| 13-Dec-2019 |
Damien Miller |
adapt Makefile to ssh-sk-client everywhere
|
| #
5e3abff3 |
| 10-Dec-2019 |
Darren Tucker |
Sort .depend when rebuilding.
This makes diffs more stable between makedepend implementations.
|
| #
44384815 |
| 28-Nov-2019 |
Damien Miller |
compile sk-dummy.so with no-PIE version of LDFLAGS
This lets it pick up the -L path to libcrypto for example.
|
| #
b218055e |
| 28-Nov-2019 |
Damien Miller |
(yet) another x-platform fix for sk-dummy.so
Check for -fPIC support from compiler
Compile libopenbsd-compat -fPIC
Don't mix -fPIE and -fPIC when compiling
|
| #
ef3853bb |
| 28-Nov-2019 |
Damien Miller |
another attempt at sk-dummy.so working x-platform
include a fatal() implementation to satisfy libopenbsd-compat
clean up .lo and .so files
.gitignore .lo and .so files
|
| #
d46ac56f |
| 28-Nov-2019 |
djm@openbsd.org |
upstream: lots of dependencies go away here with ed25519 no longer
needing the ssh_digest API.
OpenBSD-Regress-ID: 785847ec78cb580d141e29abce351a436d6b5d49
|
| #
5ca52c0f |
| 28-Nov-2019 |
Damien Miller |
$< doesn't work as` I thought; explicily list objs
|