aboutsummaryrefslogtreecommitdiff
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Merge OpenSSL 1.1.1g.Jung-uk Kim2020-04-2138-614/+1739
|\ | | | | | | Notes: svn path=/head/; revision=360175
| * Import OpenSSL 1.1.1g.vendor/openssl/1.1.1gJung-uk Kim2020-04-2113-192/+1240
| | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=360173 svn path=/vendor-crypto/openssl/1.1.1g/; revision=360174; tag=vendor/openssl/1.1.1g
* | Fix OpenSSL remote denial of service.Gordon Tetlow2020-04-211-1/+1
| | | | | | | | | | | | | | | | | | | | See https://www.openssl.org/news/secadv/20200421.txt for details. Approved by: so Security: CVE-2020-1967 Notes: svn path=/head/; revision=360146
* | Merge OpenSSL 1.1.1f.Jung-uk Kim2020-03-3126-242/+267
|\| | | | | | | Notes: svn path=/head/; revision=359486
| * Import OpenSSL 1.1.1f.vendor/openssl/1.1.1fJung-uk Kim2020-03-3114-217/+192
| | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=359482 svn path=/vendor-crypto/openssl/1.1.1f/; revision=359483; tag=vendor/openssl/1.1.1f
* | openssh: -fno-common fix from upstream f47d72ddadKyle Evans2020-03-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days Notes: svn path=/head/; revision=359424
* | Merge OpenSSL 1.1.1e.Jung-uk Kim2020-03-18901-2971/+6878
|\| | | | | | | Notes: svn path=/head/; revision=359060
| * Import OpenSSL 1.1.1e.vendor/openssl/1.1.1eJung-uk Kim2020-03-17730-3949/+2328
| | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=359051 svn path=/vendor-crypto/openssl/1.1.1e/; revision=359052; tag=vendor/openssl/1.1.1e
* | Add a note about deleted files in OpenSSH upgrade instructionsEd Maste2020-02-251-0/+5
| | | | | | | | Notes: svn path=/head/; revision=358323
* | Update version in openssh FREEBSD-vendor metadataEd Maste2020-02-141-1/+1
| | | | | | | | | | | | | | | | | | It appears that FREEBSD-vendor is an idea that never really took off and we should probably just remove it, but until then we might as well record the correct version. Notes: svn path=/head/; revision=357939
* | Update OpenSSH upgrade instructions to use https, not ftpEd Maste2020-02-141-1/+1
| | | | | | | | | | | | | | ftp://ftp.openbsd.org/ does not work. Notes: svn path=/head/; revision=357932
* | Upgrade to OpenSSH 7.9p1.Ed Maste2020-02-1481-1756/+2557
|\ \ | | | | | | | | | | | | | | | | | | | | | MFC after: 2 months Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=357926
* | | sshd: add upgrade process note about TCP wrappersEd Maste2020-02-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to add user-facing deprecation notices for TCP wrappers; start with a note in the upgrade process docmentation. Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=357925
* | | openssh: add a note about libwrap in config.hEd Maste2020-02-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LIBWRAP is defined by the Makefile based on MK_TCP_WRAPPERS and should not be defined in config.h. PR: 210141 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=357922
* | | sshd: make getpwclass wrapper MON_ISAUTH not MON_AUTHEd Maste2019-11-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In r339216 a privsep wrapper was added for login_getpwclass to address PR 231172. Unfortunately the change used the MON_AUTH flag in the wrapper, and MON_AUTH includes MON_AUTHDECIDE which triggers an auth_log() on each invocation. getpwclass() does not participate in the authentication decision, so should be MON_ISAUTH instead. PR: 234793 Submitted by: Henry Hu Reviewed by: Yuichiro NAITO MFC after: 1 week Notes: svn path=/head/; revision=354897
* | | Merge OpenSSL 1.1.1d.Jung-uk Kim2019-09-10269-10545/+2999
|\ \ \ | | |/ | |/| | | | Notes: svn path=/head/; revision=352191
| * | Import OpenSSL 1.1.1d.vendor/openssl/1.1.1dJung-uk Kim2019-09-10100-9867/+1673
| | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=352163 svn path=/vendor-crypto/openssl/1.1.1d/; revision=352164; tag=vendor/openssl/1.1.1d
* | | Complete LOCAL_PEERCRED support. Cache pid of the remote process in theDmitry Chagin2019-05-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | struct xucred. Do not bump XUCRED_VERSION as struct layout is not changed. PR: 215202 Reviewed by: tijl MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D20415 Notes: svn path=/head/; revision=348419
* | | Merge OpenSSL 1.1.1c.Jung-uk Kim2019-05-28168-2108/+3528
|\| | | | | | | | | | | Notes: svn path=/head/; revision=348340
| * | Import OpenSSL 1.1.1c.vendor/openssl/1.1.1cJung-uk Kim2019-05-2872-754/+1882
| | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=348333 svn path=/vendor-crypto/openssl/1.1.1c/; revision=348334; tag=vendor/openssl/1.1.1c
* | | Add workaround for a QoS-related bug in VMWare Workstation.Dag-Erling Smørgrav2019-03-271-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | Submitted by: yuripv Differential Revision: https://reviews.freebsd.org/D18636 Notes: svn path=/head/; revision=345579
* | | Merge r345574 from vendor-crypto:Ed Maste2019-03-271-12/+270
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | upstream: when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}". "looks good to me" millert@ + in snaps for the last week courtesy deraadt@ OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e Discussed with: des Obtained from: OpenSSH-portable 3d896c157c722bc47adca51a58dca859225b5874 Notes: svn path=/head/; revision=345576
* | | Merge OpenSSL 1.1.1b.Jung-uk Kim2019-02-26301-3540/+5472
|\ \ \ | | |/ | |/| | | | Notes: svn path=/head/; revision=344602
| * | Import OpenSSL 1.1.1b.vendor/openssl/1.1.1bJung-uk Kim2019-02-26100-2915/+4309
| | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=344595 svn path=/vendor-crypto/openssl/1.1.1b/; revision=344596; tag=vendor/openssl/1.1.1b
* | | scp: validate filenames provided by server against wildcard in clientEd Maste2019-02-212-11/+42
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSH-portable commits: check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user. This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules. For this reason, this also adds a new -T flag to disable the check. reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@ OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda Minor patch conflict (getopt) resolved. Obtained from: OpenSSH-portable 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc scp: add -T to usage(); OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899 Obtained from: OpenSSH-portable 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8 PR: 234965 Approved by: des MFC after: 3 days Obtained from: OpenSSH-portable 391ffc4b9d, 2c21b75a7b Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D19076 Notes: svn path=/head/; revision=344449
* | | scp: disallow empty or current directoryEd Maste2019-01-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Obtained from: OpenBSD scp.c 1.198 Security: CVE-2018-20685 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=343043
* | | Remove unused sqlite3 bundled with heimdal.Cy Schubert2019-01-096-139196/+0
| | | | | | | | | | | | | | | | | | | | | Reported by: delphij@ Notes: svn path=/head/; revision=342871
* | | Do not complain when /dev/crypto does not exist.Jung-uk Kim2018-12-141-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now the new devcrypto engine is enabled since r342009, many users started seeing "Could not open /dev/crypto: No such file or directory". Disable the annoying error message as it is not very useful anyway. Note the patch was submitted upstream. https://github.com/openssl/openssl/pull/7896 Notes: svn path=/head/; revision=342057
* | | Merge OpenSSL 1.1.1a.Jung-uk Kim2018-11-20145-1026/+2062
|\ \ \ | | |/ | |/| | | | Notes: svn path=/head/; revision=340703
| * | Import OpenSSL 1.1.1a.vendor/openssl/1.1.1aJung-uk Kim2018-11-2052-392/+734
| | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=340690 svn path=/vendor-crypto/openssl/1.1.1a/; revision=340691; tag=vendor/openssl/1.1.1a
* | | Update SHLIB_VERSION_NUMBER following the OpenSSL shared libraryGlen Barber2018-10-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | number bump. Reported by: jkim Discussed with: kib MFC after: immediate Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339741
* | | Try harder to sanitize the environment before running configure.Dag-Erling Smørgrav2018-10-101-12/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | Remove a workaround for older Unbound versions that used sbrk. Approved by: re (gjb) Notes: svn path=/head/; revision=339294
* | | Merge the remainder of the projects/openssl111 branch to head.Glen Barber2018-10-092809-356114/+356456
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Update OpenSSL to version 1.1.1. - Update Kerberos/Heimdal API for OpenSSL 1.1.1 compatibility. - Bump __FreeBSD_version. Approved by: re (kib) Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339270
| * | | Regenerate ssh_namespace.h for OpenSSL 1.1.1 updateEd Maste2018-10-091-29/+0
| | | | | | | | | | | | | | | | Notes: svn path=/projects/openssl111/; revision=339259
| * | | MFH r338661 through r339253.Glen Barber2018-10-091-5/+35
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/openssl111/; revision=339255
| * | | | MFH r339206-r339212, r339215-r339239Glen Barber2018-10-089-34/+222
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/openssl111/; revision=339240
| * | | | Update the existing heimdal implementation for OpenSSL 1.1.John Baldwin2018-10-0524-258/+557
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Existing work is underway to import a newer version of heimdal, but this patchset gets us to a fully working tree to enable more wide spread testing of OpenSSL 1.1 for now. I've also enabled WARNS=1 for kerberos (which is the reason for the change in libroken). Having -Werror enabled was useful during the 1.1 updates and we probably should have warnings enabled by default for kerberos anyway. This passes make tinderbox, and I have also done some very light runtime testing on amd64. Reviewed by: bjk, jkim, emaste Differential Revision: https://reviews.freebsd.org/D17276 Notes: svn path=/projects/openssl111/; revision=339198
| * | | | openssh: connect libressl-api-compat.c and regen config.hEd Maste2018-10-031-3/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Differential Revision: https://reviews.freebsd.org/D17390 Notes: svn path=/projects/openssl111/; revision=339157
| * | | | openssh: add openbsd-compat/libressl-api-compat.cEd Maste2018-10-031-0/+636
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Missed in migrating changeset from git to svn for r338811 Reported by: jhb Notes: svn path=/projects/openssl111/; revision=339154
| * | | | Add a hack to build on ARMv4 and ARMv5.Jung-uk Kim2018-09-231-1/+2
| | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/openssl111/; revision=338896
| * | | | openssh: cherry-pick OpenSSL 1.1.1 compatibilityEd Maste2018-09-1930-526/+1010
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upstream commits: 482d23bcac upstream: hold our collective noses and use the openssl-1.1.x 48f54b9d12 adapt -portable to OpenSSL 1.1x API 86e0a9f3d2 upstream: use only openssl-1.1.x API here too a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl. Trivial conflicts in sshkey.c and test_sshkey.c were resolved. Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/openssl111/; revision=338811
| * | | | openssh: rename local macro to avoid OpenSSL 1.1.1 conflictEd Maste2018-09-193-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Local changes introduced an OPENSSH_VERSION macro, but this conflicts with a macro of the same name introduced with OpenSSL 1.1.1. Notes: svn path=/projects/openssl111/; revision=338805
| * | | | Add generated header file for openssl(1).Jung-uk Kim2018-09-191-0/+508
| | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/openssl111/; revision=338767
| * | | | Add generated header files for FreeBSD.Jung-uk Kim2018-09-192-0/+55
| | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/openssl111/; revision=338765
| * | | | Update SHLIB_VERSION_NUMBER to 9.Jung-uk Kim2018-09-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prodded by: avg Notes: svn path=/projects/openssl111/; revision=338681
| * | | | Update OpenSSL to 1.1.1.Jung-uk Kim2018-09-132781-355967/+355475
| |\ \ \ \ | | | |/ / | | |/| | | | | | | | | | | | | | | | | | | | | | Note it does not update build infrastructure. Notes: svn path=/projects/openssl111/; revision=338663
| | * | | Import OpenSSL 1.1.1.vendor/openssl/1.1.1Jung-uk Kim2018-09-131373-174586/+165215
| | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=338658 svn path=/vendor-crypto/openssl/1.1.1/; revision=338659; tag=vendor/openssl/1.1.1
* | | | | Fix portability issues with the Capsicum patch committed in r339216:Dag-Erling Smørgrav2018-10-095-10/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Wrap access to pw_change and pw_expire in the appropriate #ifdefs. - Wrap calls to login_cap(3) API in appropriate #ifdefs. - Add wrapper for transferring time_t, which is still only 32 bits wide on FreeBSD i386. - Use a temporary variable to deserialize size_t. Approved by: re (gjb) Notes: svn path=/head/; revision=339263
* | | | | openssh: regenerate ssh-namespace.h after r339213 and r339216Ed Maste2018-10-091-5/+35
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Reported by: des Approved by: re (rgrimes) Notes: svn path=/head/; revision=339248
* | | | sshd: address capsicum issuesEd Maste2018-10-069-34/+222
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in capability mode. * Cache timezone data via caph_cache_tzdata() as we cannot access the timezone file. * Reverse resolve hostname before entering capability mode. PR: 231172 Submitted by: naito.yuichiro@gmail.com Reviewed by: cem, des Approved by: re (rgrimes) MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D17128 Notes: svn path=/head/; revision=339216
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 16:22:38 +0000