Commit Graph

2363 Commits

Author SHA1 Message Date
christos 469af362c9 use the version in the source tree, instead of the build host 2013-02-01 21:02:48 +00:00
tteras b889f6fc93 Fix handling of deletion notification. 2013-01-24 06:47:50 +00:00
christos 387f092185 print only the version as the full version confuses pkgconfig. 2013-01-22 13:51:45 +00:00
apb 5950e8a8de FILESBUILD_<filename>=yes can replace both
CLEANFILES+=<filename> and realall: <filename>
2013-01-19 21:57:55 +00:00
christos 4aa8d00fa6 add a dependency to realall from Takeshi Nakayama 2013-01-19 21:05:46 +00:00
christos 98c3902e37 Add pkgconfig gluons 2013-01-18 18:09:55 +00:00
christos 9109786ace #!/bin/sh 2013-01-18 17:56:11 +00:00
tteras b607d37b51 Fix errors from automake 1.13 2013-01-08 12:42:31 +00:00
tteras 252bdda2a4 Don't derefence the directory symlink which we might be recreating. 2013-01-08 12:38:40 +00:00
martin 1c77afcb0e Compile bignum.c with -O1 only on ia64 to avoid a gcc bug 2012-12-27 14:16:16 +00:00
tteras c577d46f00 From Götz Babin-Ebell <g.babin-ebell@novamedia.de>: Smarter X.509 subject
name compare.
2012-12-24 14:50:04 +00:00
tteras 411eef5f44 From Götz Babin-Ebell <g.babin-ebell@novamedia.de:
Require OpenSSL 0.9.8s or higher
2012-12-24 08:46:27 +00:00
christos fb2eb83f75 make sure that our hpn patches are up-to-date 2012-12-12 18:19:25 +00:00
christos 2649c70094 update to 6.1
This is primarily a bugfix release.

Features:

 * sshd(8): This release turns on pre-auth sandboxing sshd by default for
   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
 * ssh-keygen(1): Add options to specify starting line number and number of
   lines to process when screening moduli candidates, allowing processing
   of different parts of a candidate moduli file in parallel
 * sshd(8): The Match directive now supports matching on the local (listen)
   address and port upon which the incoming connection was received via
   LocalAddress and LocalPort clauses.
 * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
   and {Allow,Deny}{Users,Groups}
 * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
   an argument to refuse all port-forwarding requests.
 * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
 * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
   to append some arbitrary text to the server SSH protocol banner.

Bugfixes:

 * ssh(1)/sshd(8): Don't spin in accept() in situations of file
   descriptor exhaustion. Instead back off for a while.
 * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
   they were removed from the specification. bz#2023,
 * sshd(8): Handle long comments in config files better. bz#2025
 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
   picked up. bz#1995
 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
   on platforms that use login_cap.
2012-12-12 17:42:39 +00:00
christos 03f1b832fc From ftp.openbsd.org 2012-12-12 16:52:23 +00:00
agc 28853c6d2d Make the mp_digit type an "unsigned long" so that it works for ILP32 and
LP64.

Fixes problems showing up on regression tests on i386 (which work fine on
amd64) i.e. turn:

	t_netpgpverify (1/1): 2 test cases
	    netpgpverify_dsa: [0.309746s] Failed: atf-check failed; see the output of the test for details
	    netpgpverify_rsa: [0.183148s] Passed.
	[0.495102s]

	Failed test cases:
	    t_netpgpverify:netpgpverify_dsa

	Summary for 1 test programs:
	    1 passed test cases.
	    1 failed test cases.
	    0 expected failed test cases.
	    0 skipped test cases.

into:

	t_netpgpverify (1/1): 2 test cases
	    netpgpverify_dsa: [0.236076s] Passed.
	    netpgpverify_rsa: [0.154680s] Passed.
	[0.393034s]

	Summary for 1 test programs:
	    2 passed test cases.
	    0 failed test cases.
	    0 expected failed test cases.
	    0 skipped test cases.
2012-12-03 18:02:22 +00:00
wiz 43e793251e Bump date for previous. 2012-11-30 08:19:01 +00:00
vanhu 2bdb1d3e0a Added support for AES GCM 16 in phase2 negociations. Code from Christophe Carre / NETASQ 2012-11-29 15:31:24 +00:00
wiz 759d63f41f Remove trailing whitespace, sort SEE ALSO, comment out reference
to non-existing libbz2(3).

XXX: bn(3) references correct? (man page doesn't exist in NetBSD)
2012-11-28 09:23:14 +00:00
agc 054ef4df4b revert previous change for LIBDPLIBS until I have a chance to work out the
order for building pre-req libs
2012-11-22 21:20:44 +00:00
martin 6747337601 Initialize "ok" (and thereby fix the vax build) 2012-11-22 11:26:28 +00:00
agc ef7daf19a9 link libz and libbz2 into the netpgpverify library, rather than into the
executable, via LIBDPLIBS.
2012-11-22 04:05:57 +00:00
agc 53475f6b40 Fix some lint 2012-11-22 00:38:45 +00:00
agc e5e8eae465 Fix some lint - from Havard Eidnes 2012-11-22 00:37:55 +00:00
agc 2752da196a fix problem on 32-bit problems - with thanks to Alan Barrett and
Jonathan Kollasch
2012-11-20 18:45:37 +00:00
agc 9bf07868ef don't assume every platform is 64-bit - just use standard integer arithmetic 2012-11-20 17:57:40 +00:00
agc 640eb22bcb Merge netpgpverify(1) and libnetpgpverify(3) from the
agc-netpgp-standalone branch.

Rewrite the netpgpverify(1) functionality from RFC4880 up.  This is a
completely new implementation, and uses its own bignum library derived
from libtommath.  Apart from libz and libbz2, it just uses its own
library and is self-contained - this makes it easier to embed, and to
use from scripting languages.

netpgpverify(1) now verifies all the signed files i've thrown at it,
and the added bonus of using no functionality from libcrypto - all of
its bignum functionality comes from its own libnetpgpverify.so.
netpgpverify(1) now verifies not only signatures on binary files, but
also signatures on text documents.  This fixes PR/46930.  Please don't
start me on the hoops I had to jump through to calculate the digests
on text files; trust me, you will regret it.

% supersize `which netpgpverify`
   text    data     bss     dec     hex filename
   4452     860      72    5384    1508 /usr/bin/netpgpverify
  79542    1408       0   80950   13c36 /usr/lib/libz.so.1
  43994     984     488   45466    b19a /usr/lib/libgcc_s.so.1
1318116   49644   69272 1437032  15ed68 /usr/lib/libc.so.12
  57253    4184       0   61437    effd /usr/lib/libbz2.so.1
 108726    1712       0  110438   1af66 /usr/lib/libnetpgpverify.so.4
  1612083    58792   69832   1740707   0x1a8fa3   total
%

% make t
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16
diff expected16 output16
rm -f output16
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17
diff expected17 output17
rm -f output17
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18
diff expected18 output18
rm -f output18
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19
diff expected19 output19
rm -f output19
...
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45
diff expected45 output45
rm -f output45
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46
diff expected46 output46
rm -f output46
cd tests/netpgpverify && make && atf-run
atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa
atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile
t_netpgpverify:netpgpverify_rsa  ->  passed  [0.221s]
t_netpgpverify:netpgpverify_dsa  ->  passed  [0.117s]

2/2 passed (0 failed)
Committed action 19
%
2012-11-20 05:26:24 +00:00
christos c254700c5c wait for trousers 2012-11-04 19:46:42 +00:00
christos df3a32c7fb use LIBDPLIBS 2012-11-04 19:45:58 +00:00
christos 452fa9e672 Hook in TPM utils 2012-11-04 16:29:12 +00:00
christos 0ccc9c4c06 Don't forget to re-assign sock after dup2(); from Jarle Greipsland 2012-10-26 12:42:10 +00:00
christos 839f71d992 Take better care of closing file descriptors in the agent child and dealing
with dup2 and std{in,out,err}.
2012-09-18 15:18:01 +00:00
christos ff8ddb8d69 fix MKREPRO build not to put Generated from ${NETBSDSRCDIR} in files. 2012-09-05 19:31:04 +00:00
tteras 880340da60 From Roman Hoog Antink <rha@open.ch>: Accept DPD messages with cookies
also in reversed order for compatiblity. At least Cisco 836 running
IOS 12.3(8)T does this.
2012-08-29 12:01:30 +00:00
tteras 6c437507a2 From Roman Hoog Antink <rha@open.ch>: add remote's IP address to the
"certificate not verified" error message.
2012-08-29 11:34:37 +00:00
tteras f2b1919eeb From Roman Hoog Antink <rha@open.ch>: do not print unnecessary warning
about non-verified certificate when using raw plain-rsa.
2012-08-29 11:24:11 +00:00
manu 5fe2cf73eb Fix make test on powermac G5. Patch from Nakano Takaharu 2012-08-15 14:51:30 +00:00
christos cd376cd5d3 Prefer SIXTY_FOUR_BIT_LONG instead of SIXTY_FOUR_BIT as before 2012-08-12 17:24:59 +00:00
christos bfc28188e6 define OPENSSL_THREADS, from drochner. 2012-08-12 12:43:49 +00:00
joerg e16a720f89 Don't depend on HAVE_GCC being always defined. 2012-08-10 12:20:10 +00:00
christos cd27e50e59 add #include <machine/asm.h>, use PIC_PLT() 2012-08-04 11:03:34 +00:00
christos faf72548c4 add this directory to the search path 2012-07-31 11:08:34 +00:00
christos 1a28d260d0 - -m64 is needed for ghash
- add montgomery multiplication assembly
2012-07-31 10:33:45 +00:00
matt d19212c5d5 Fix mips asm to not use outdated stuff. 2012-07-30 18:40:36 +00:00
christos 6cced2a43a make sure alloca is undefed on SSP 2012-07-30 17:16:23 +00:00
christos f87f89779c only use alloca if not __SSP__ 2012-07-30 17:15:45 +00:00
martin a1e40c3f35 Do not use dots in identifiers (replace by _) 2012-07-30 15:00:39 +00:00
matt fcff60e41a Add sparccpuid.S 2012-07-30 13:53:19 +00:00
christos c77791c047 fix the generation 2012-07-30 10:25:24 +00:00
matt 72331d9777 Fix init call to OPENSSL_cpuid_setup.
XXX why are using a globally visible routine in a constructor?
2012-07-29 13:17:53 +00:00