summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/Makefile.inc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove crc32.{c,h} which were only used by the now-gone SSH1 protocol.dtucker2019-04-181-2/+1
| | | | Patch from yumkam at gmail.com, ok deraadt.
* merge kexkem[cs] into kexgendjm2019-01-211-6/+4
| | | | from markus@ ok djm@
* use KEM API for vanilla ECDHdjm2019-01-211-3/+1
| | | | from markus@ ok djm@
* use KEM API for vanilla DH KEXdjm2019-01-211-3/+1
| | | | from markus@ ok djm@
* use KEM API for vanilla c25519 KEXdjm2019-01-211-3/+1
|
* Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.orgdjm2019-01-211-1/+6
| | | | | | | | | using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
* remove last traces of old packet API!djm2019-01-191-2/+1
| | | | with & ok markus@
* Remove support for running ssh(1) setuid and fatal if attempted.dtucker2018-07-181-2/+1
| | | | | Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
* remove legacy buffer API emulation layer; ok djm@markus2018-07-091-5/+1
|
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-1/+13
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* group shared source files (e.g. SRCS_KEX) and allow compilation w/o OPENSSLmarkus2018-01-081-1/+86
| | | | ok djm@
* ssh/lib hasn't worked towards our code-sharing goals for a quit while,deraadt2017-12-101-11/+1
| | | | | | | | | perhaps it is too verbose? Change each */Makefile to specifying exactly what sources that program requires, compiling it seperate. Maybe we'll iterate by sorting those into seperatable chunks, splitting up files which contain common code + server/client specific code, or whatnot. But this isn't one step, or we'd have done it a long time ago.. ok dtucker markus djm
* rationalise the long list of manual CDIAGFLAGS that we add; most ofdjm2017-06-021-17/+4
| | | | these were redundant to -Wall -Wextra
* undo some local debugging stuff that I committed by accidentdjm2017-04-301-7/+15
|
* remove SSH1 make flag and associated filesdjm2017-04-301-8/+1
| | | | ok markus@
* unifdef WITH_SSH1djm2017-04-301-15/+6
| | | | ok markus@
* Change COMPILER_VERSION tests which limited additional warnings to gcc4jsg2017-04-171-2/+2
| | | | | to instead skip them on gcc3 as clang can handle -Wpointer-sign and -Wold-style-definition.
* Compile-time disable SSH v.1 againdjm2015-07-011-2/+2
|
* put back SSH1 for now - we want to make sure we don't regressdjm2015-05-291-2/+2
| | | | it for the 6.9 release; ok deraadt@
* Compile-time disable SSH protocol 1. You can turn it back on usingdjm2015-03-241-2/+2
| | | | the Makefile.inc knob if you need it to talk to ancient devices.
* add SSH1 Makefile knob to make it easier to build without SSH1 support;djm2015-03-031-2/+11
| | | | ok markus@
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+6
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* ssh has a target painted on it's back, so use -fstack-protector-allderaadt2014-03-311-1/+2
| | | | dtucker mentioned that -portable does this
* Absolutely do not override base system build features in this file!!deraadt2014-02-281-2/+1
| | | | Discovered by miod.
* -Wold-style-declaration is not supported by gcc 3.miod2014-02-071-2/+5
|
* remove experimental, never-enabled JPAKE code; ok markus@djm2014-01-291-7/+26
|
* Remove -Wbounded: it is now the compiler default.martynas2014-01-181-2/+1
|
* new private key format, bcrypt as KDF by default; details in PROTOCOL.key;markus2013-12-061-1/+3
| | | | feedback and lots help from djm; ok djm@
* turn off -g toodjm2010-10-011-2/+2
|
* oops, didn't mean to turn -Werror on for everyone.djm2010-10-011-2/+2
|
* adapt to API changes in openssl-1.0.0adjm2010-10-011-4/+4
|
* unbreak build for NOPIC systems; noticed, help and ok deraadt@markus2010-02-201-1/+5
|
* enable PKCS#11 code; ok djmmarkus2010-02-091-2/+2
|
* replace our obsolete smartcard code with PKCS#11.markus2010-02-081-3/+2
| | | | | | | | | ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
* Add support for an experimental zero-knowledge password authenticationdjm2008-11-041-1/+3
| | | | | | | | | | | | | | | | method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
* revert accidental commit (nearly 2 months ago!) thatdjm2008-06-281-3/+3
| | | | unconditionally enabled -Werror and -g
* Make the maximum number of sessions run-time controllable viadjm2008-05-081-3/+3
| | | | | | | | | | | | | | | | | a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
* turn on -Wstrict-prototypes -Wsign-compare -Wshadow now that we are cleandjm2005-06-171-4/+4
|
* comment out -Wshadow for now, gcc2 sucks. noticed by markusavsm2004-06-211-2/+2
|
* make ssh -Wshadow clean, no functional changesavsm2004-06-211-1/+2
| | | | markus@ ok
* include SSHFP lookup code (not enabled by default). ok markus@jakob2003-10-141-3/+1
|
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-2/+2
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@markus2003-09-181-1/+3
|
* add experimental support for verifying hos keys using DNS as describedjakob2003-05-141-1/+3
| | | | | in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
* undomarkus2002-03-061-2/+2
|
* compat.cmarkus2002-03-061-2/+2
|
* undo (disable debug again)markus2001-10-301-2/+2
|
* ssh.1markus2001-10-301-2/+2
|
* typo, add -Wunusedmarkus2001-07-291-2/+3
|
* CDIAGFLAGS. Okay markus@espie2001-07-261-7/+7
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.