Commit Graph

9 Commits

Author SHA1 Message Date
Darren Tucker
1bdf86725b Remove seed_rng calls from scp, sftp, sftp-server.
These binaries don't use OpenSSL's random functions.  The next step
will be to stop linking them against libcrypto.  ok djm@
2022-07-27 16:22:30 +10:00
Darren Tucker
a061792a6e Remove unintended changes.
I inadvertently included a couple of local changes with the OpenSSL
3.0.4 change.  Revert, anything that should be there will be committed
separately.
2022-07-14 19:22:47 +10:00
Darren Tucker
76f4e48631 Only refuse to use OpenSSL 3.0.4 on x86_64.
The potential RCE only impacts x86_64, so only refuse to use it if we're
targetting a potentially impacted architecture.  ok djm@
2022-07-13 13:17:47 +10:00
otto@openbsd.org
0323d9b619 upstream: Replace calls to ssh_malloc_init() by a static init of
malloc_options. Prepares for changes in the way malloc is initialized.  ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2019-06-08 00:25:42 +10:00
Damien Miller
42c5ec4b97 refactor libcrypto initialisation
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev
2018-11-23 10:42:05 +11:00
dtucker@openbsd.org
ffb1e7e896 upstream commit
Add a function to enable security-related malloc_options.
  With and ok deraadt@, something similar has been in the snaps for a while.

Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16 10:44:00 +11:00
Damien Miller
9eab9564d5 - (djm) OpenBSD CVS Sync
- tobias@cvs.openbsd.org 2009/02/21 19:32:04
     [misc.c sftp-server-main.c ssh-keygen.c]
     Added missing newlines in error messages.
     ok dtucker
2009-02-22 08:47:02 +11:00
Damien Miller
bc98185cde - (djm) Fix RCS ident in sftp-server-main.c 2008-03-27 10:45:49 +11:00
Damien Miller
d8cb1f184f - djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
     [sshd_config.5]
     add sshd_config ChrootDirectory option to chroot(2) users to a directory
     and tweak internal sftp server to work with it (no special files in
     chroot required). ok markus@
2008-02-10 22:40:12 +11:00