Commit Graph

816 Commits

Author SHA1 Message Date
Damien Miller
a5ab488234 remove built-in support for md5crypt()
Users of MD5-hashed password should arrange for ./configure to link
against libxcrypt or similar. Though it would be better to avoid use
of MD5 password hashing entirely, it's arguably worse than DEScrypt.

feedback and ok dtucker@
2021-10-28 16:16:13 +11:00
Damien Miller
489741dc68 enable security key support for --without-openssl 2021-10-01 16:36:24 +10:00
Darren Tucker
696aadc854 Look for clang after cc and gcc. 2021-09-29 20:00:30 +10:00
Darren Tucker
c9172193ea Remove TEST_SSH_ECC.
Convert the only remaining user of it to runtime detection using ssh -Q.
2021-09-29 18:33:38 +10:00
Darren Tucker
39f2111b1d Add new compiler hardening flags.
Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of
compiler hardening flags that configure checks for.  These are supported
by clang and gcc, and make ROP gadgets less useful and mitigate
stack-based infoleaks respectively.  ok djm@
2021-09-29 10:53:55 +10:00
David Carlier
2d678c5e3b Disable tracing on FreeBSD using procctl.
Placed at the start of platform_disable_tracing() to prevent declaration
after code errors from strict C89 compilers (in the unlikely event that
more than one method is enabled).
2021-09-09 18:13:27 +10:00
Darren Tucker
7acb3578cd Correct version_num for OpenSSL dev branch. 2021-09-05 20:45:42 +10:00
Darren Tucker
864ed0d5e0 OpenSSL development is now 3.1.* 2021-09-05 19:33:22 +10:00
Darren Tucker
95401eea85 Replace shell function with ssh-keygen -A.
Prevents the init script in the SysV package from trying (and failing)
to generate unsupported key types.  Remove now-unused COMMENT_OUT_ECC.
ok tim@
2021-08-20 18:14:13 +10:00
Darren Tucker
464ba22f1e Check compiler for c99 declarations after code.
The sntrup761 reference code contains c99-style declarations after code
so don't try to build that if the compiler doesn't support it.
2021-08-18 12:51:30 +10:00
Darren Tucker
f5fc6a4c34 Add configure-time detection for SSH_TIME_T_MAX.
Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms
were time_t is a long long.  The limit used is for the signed type, so if
some system has a 32bit unsigned time_t then the lower limit will still
be imposed and we would need to add some way to detect this.  Anyone using
an unsigned 64bit can let us know when it starts being a problem.
2021-07-12 18:21:26 +10:00
John Ericson
e860978134 Re-indent krb5 section after pkg-config addition. 2021-07-09 15:35:13 +10:00
John Ericson
32dd2daa56 Support finding Kerberos via pkg-config
This makes cross compilation easier.
2021-07-09 15:27:09 +10:00
Darren Tucker
c867706507 Add pselect implementation for platforms without.
This is basically the existing notify_pipe kludge from serverloop.c
moved behind a pselect interface.  It works by installing a signal
handler that writes to a pipe that the select is watching, then calls
the original handler.

The select call in serverloop will become pselect soon, at which point the
kludge will be removed from thereand will only exist in the compat layer.
Original code by markus, help from djm.
2021-06-04 18:39:48 +10:00
Damien Miller
493339a940 detech BSD libc hash functions in libbsd / libmd
Some Linux distributions are shipping the BSD-style hashing functions
(e.g. SHA256Update) in libbsd and/or libmd. Detect this situation to
avoid header/replacement clashes later. ok dtucker@
2021-02-26 15:46:47 +11:00
Damien Miller
324449a68d support OpenSSL 3.x cipher IV API change
OpenSSL renamed the "get current CIPHER_CTX" IV operation in 3.x.
This uses the new name if available.

https://github.com/openssl/openssl/issues/13411

bz#3238 ok dtucker@
2021-02-18 12:06:25 +11:00
Damien Miller
845fe9811c prefer login_getpwclass() to login_getclass()
FreeBSD has login_getpwclass() that does some special magic for
UID=0. Prefer this to login_getclass() as its easier to emulate
the former with the latter.

Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@
2021-02-18 11:27:09 +11:00
David Carlier
1cb6ce98d6 Using explicit_memset for the explicit_bzero compatibility layer.
Favoriting the native implementation in this case.
2021-02-05 17:07:03 +11:00
Darren Tucker
48d0d7a4dd Disable sntrup761 if compiler doesn't support VLAs.
The sntrup761 code sourced from supercop uses variable length
arrays.  Although widely supported, they are not part of the ANSI
C89 spec so if the compiler does not support VLAs, disable the
sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
functions with no-op ones similar to what we do in kexecdh.c.

This should allow OpenSSH to build with a plain C89 compiler again.
Spotted by tim@, ok djm@.
2021-01-26 14:48:07 +11:00
Darren Tucker
9880f3480f Restore correct flags during localtime_r check.
We were restoring the wrong thing CPPFLAGS (we used CFLAGS) for any
platform that doesn't have localtime_r.
2020-11-20 17:27:46 +11:00
Darren Tucker
2992e4e701 Remove use of TIME_WITH_SYS_TIME.
It was only set by the recently removed AC_HEADER_TIME macro, replace
with simple inclusions of both sys/time.h and time.h.  Should prevent
mis-detection of struct timespec.
2020-11-13 17:56:11 +11:00
Damien Miller
e3f27006f1 Revert "detect Linux/X32 systems"
This reverts commit 5b56bd0aff.

The approach used was incorrect; discussion in bz#3085
2020-11-13 14:20:43 +11:00
Darren Tucker
b79add37d1 Remove obsolete AC_HEADER_TIME macro.
AC_HEADER_TIME is marked as obsolete in autoconf-2.70 and as far as I
can tell everything we have that might be old enough to need it doesn't.
2020-11-13 13:43:30 +11:00
Darren Tucker
6d2564b94e Fix function body for variadic macro test.
AC_LANG_PROGRAM puts its second argument inside main() so we don't need
to do it ourselves.
2020-11-06 17:11:16 +11:00
Darren Tucker
586f9bd2f5 Remove AC_PROC_CC_C99 obsoleted in autoconf 2.70.
Since we only use it to make sure we can handle variadic macros,
explicitly check only for that.  with & ok djm@
2020-11-06 16:53:24 +11:00
Darren Tucker
771b7795c0 Move AC_PROG_CC_C99 to immediately afer AC_PROG_CC.
This puts the related C version selection output in the same place.
2020-11-06 13:55:33 +11:00
Darren Tucker
e5591161f2 AC_CHECK_HEADER() is obsoleted in autoconf 2.70.
Replace with the non-obsoleted AC_CHECK_HEADERS().
2020-11-06 13:54:17 +11:00
Damien Miller
33267feaff Remove checks for strict POSIX mkdtemp()
We needed a mkdtemp() that accepted template paths that did not
end in XXXXXX a long time ago for KRB4, but that code is long
deprecated. We no longer need to replace mkdtemp() for strictly
following POSIX. ok dtucker@
2020-10-27 16:50:38 +11:00
Damien Miller
f812a36cee check for and require a C99 capable compiler
recent logging changes use __VA_ARGS__.
2020-10-17 12:03:34 +11:00
pedro martelletto
dc098405b2 configure.ac: add missing includes
when testing, make sure to include the relevant header files that
declare the types of the functions used by the test:

- stdio.h for printf();
- stdlib.h for exit();
- string.h for strcmp();
- unistd.h for unlink(), _exit(), fork(), getppid(), sleep().
2020-09-18 08:57:29 +02:00
Sebastian Andrzej Siewior
a2f3ae386b Move the local m4 macros
The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is
present.
Move the current aclocal.m4 which contains local macros into the m4/
folder. With this change the aclocal.m4 will be re-created during
changes to the m4/ macro.
This is needed so the `aclocal' can fetch m4 macros from the system if
they are references in the configure script. This is a prerequisite to
use PKG_CHECK_MODULES.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
2020-09-11 13:18:42 +10:00
pedro martelletto
c1c44eeecd configure.ac: fix libfido2 back-compat
- HAVE_FIDO_CRED_PROD -> HAVE_FIDO_CRED_PROT;
- check for fido_dev_get_touch_begin(), so that
  HAVE_FIDO_DEV_GET_TOUCH_BEGIN gets defined.
2020-09-02 12:27:27 +10:00
Damien Miller
ce178be0d9 tweak back-compat for older libfido2 2020-08-27 20:01:52 +10:00
Damien Miller
bbcc858ded degrade semi-gracefully when libfido2 is too old 2020-08-27 12:37:12 +10:00
Darren Tucker
eaf8672b1b Remove check for 'ent' command.
It was added in 8d1fd57a9 for measuring entropy of ssh_prng_cmds which
has long since been removed and there are no other references to it.
2020-08-21 00:07:48 +10:00
Damien Miller
ea1f649046 support NetBSD's utmpx.ut_ss address field
bz#960, ok dtucker
2020-08-05 08:58:57 +10:00
Darren Tucker
ae7527010c Remove AC_REVISION.
It hasn't been useful since we switched to git in 2014.  ok djm@
2020-07-31 15:19:56 +10:00
Darren Tucker
89fc3f414b Use argv in OSSH_CHECK_CFLAG_COMPILE test.
configure.ac is not detecting -Wextra in compilers that implement the
option. The problem is that -Wextra implies -Wunused-parameter, and the
C excerpt used by aclocal.m4 does not use argv.  Patch from pedro at
ambientworks.net, ok djm@
2020-07-28 19:40:30 +10:00
Damien Miller
5b56bd0aff detect Linux/X32 systems
This is a frankenstein monster of AMD64 instructions/calling conventions
but with a 4GB address space. Allegedly deprecated but people still run
into it causing weird sandbox failures, e.g. bz#3085
2020-07-17 13:21:56 +10:00
Damien Miller
6fcfd303d6 add check for fido_cred_set_prot() to configure 2020-07-03 15:28:27 +10:00
djm@openbsd.org
976c4f8628 upstream: avoid spurious error message when ssh-keygen creates files
outside ~/.ssh; with dtucker@

OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08
2020-06-26 15:44:47 +10:00
Andreas Schwab
3de02be39e Add support for AUDIT_ARCH_RISCV64 2020-06-05 13:31:17 +10:00
Darren Tucker
08ce6b2210 Skip building sk-dummy library if no SK support. 2020-05-13 13:56:45 +10:00
Darren Tucker
4fa9e048c2 Ensure SA_SIGNAL test only signals itself.
When the test's child signals its parent and it exits the result of
getppid changes.  On Ubuntu 20.04 this results in the ppid being that
of the GDM session, causing it to exit.  Analysis and testing from pedro
at ambientworks.net
2020-05-08 21:50:43 +10:00
Darren Tucker
59d531553f Check if -D_REENTRANT is needed for localtime_r.
On at least HP-UX 11.11, the localtime_r declararation is behind
ifdef _REENTRANT.  Check for and add if needed.
2020-05-07 15:39:00 +10:00
Darren Tucker
e9dc986372 Use LONG_LONG_MAX and friends if available.
If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX}
then use those instead.  We do calculate these values in configure,
but it turns out that at least one compiler (old HP ANSI C) can't
parse "-9223372036854775808LL" without mangling it. (It can parse
"-9223372036854775807LL" which is presumably why its limits.h defines
LONG_LONG_MIN as the latter minus 1.)

Fixes rekey test when compiled with the aforementioned compiler.
2020-05-01 18:41:40 +10:00
Darren Tucker
6c6072ba8b See if SA_RESTART signals will interrupt select().
On some platforms (at least older HP-UXes such as 11.11, possibly others)
setting SA_RESTART on signal handers will cause it to not interrupt
select(), at least for calls that do not specify a timeout.  Try to
detect this and if found, don't use SA_RESTART.

POSIX says "If SA_RESTART has been set for the interrupting signal, it
is implementation-dependent whether select() restarts or returns with
[EINTR]" so this behaviour is within spec.
2020-05-01 15:09:26 +10:00
Darren Tucker
7f23f42123 Include sys/byteorder.h for htons and friends.
These are usually in netinet/in.h but on HP-UX they are not defined if
_XOPEN_SOURCE_EXTENDED is set.  Only needed for netcat in the regression
tests.
2020-05-01 12:51:36 +10:00
Damien Miller
abe2b245b3 prefer libcrypto chacha20-poly1305 where possible 2020-04-03 17:26:29 +11:00
Darren Tucker
0eaca933ae Include fido.h when checking for fido/credman.h.
It's required for fido_dev_t, otherwise configure fails with
when given --with-security-key-builtin.
2020-03-14 20:58:46 +11:00