Commit Graph

5515 Commits

Author SHA1 Message Date
cc99c209fd Правила сборки для ЗОСРВ "Нейтрино" редакции 2020 2023-03-09 22:27:25 +03:00
Andreas Schneider
e8322817a9 Bump version to 0.10.4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2022-09-07 15:30:40 +02:00
Andreas Schneider
e0c2f2809b kdf: Avoid endianess issues
The key_type is only a letter, if we use and `int` and then cast it to
(const char *) we will end up with a 0 value on big endian.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-09-07 15:29:03 +02:00
Andreas Schneider
9bb91df20f tests: Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 for all tests
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-09-07 15:29:01 +02:00
Andreas Schneider
783f2b97a8 Bump version to 0.10.3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-09-05 14:27:29 +02:00
Andreas Schneider
8d05810255 tests: Add test with dss known_hosts file
We should not end up with an infinite loop here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit accbc91a86)
2022-09-05 14:25:24 +02:00
Andreas Schneider
1d29d4b627 knownhosts: Fix and infinite loop when iterating known host entries
Fixes #145

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 3e4c2205c5)
2022-09-05 14:25:22 +02:00
Andreas Schneider
787711a271 knownhosts: Give better warnings about unsupported key types
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 2d79c7a9d5)
2022-09-05 14:25:21 +02:00
Andreas Schneider
ddea657ba7 Bump version to 0.10.2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2022-09-02 10:00:11 +02:00
Andreas Schneider
9ae46bc364 tests: Fix rekey test so it passes on build systems
The test failed on Fedora Koji and openSUSE Build Service on i686 only. Probably
the rekey on the server needs longer here to collect enough entropy. So we need
to try harder before we stop :-)

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit b3b3fbfa1d)
2022-09-02 09:56:54 +02:00
Jakub Jelen
fd1563575f config: Expand tilde when handling include directives
Related: #93

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d69026d7a4)
2022-09-02 09:56:52 +02:00
Andreas Schneider
1f973320a8 tests: Use weak attribute for torture_run_tests() if available
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 7787dad9bd)
2022-09-02 09:56:50 +02:00
Andreas Schneider
4fc7ab4399 cmake: Check for weak attribute
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 23546e354c)
2022-09-02 09:56:48 +02:00
Jakub Jelen
87bac425a0 ci: Add apline linux target
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e5af9524e3)
2022-09-02 09:56:43 +02:00
Andreas Schneider
0e637e3327 src: Add ABI symbols for 4.9.1 2022-08-30 16:28:00 +02:00
Andreas Schneider
9b1f4e9bf6 Bump version to 0.10.1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-08-30 15:46:13 +02:00
Jakub Jelen
630f335415 libcrypto: Avoid unused variable warning
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f86727e06a)
2022-08-30 13:26:08 +02:00
Jakub Jelen
b7934ab370 socket: Remove needless typedef
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a69424d4c5)
2022-08-30 13:26:06 +02:00
Jakub Jelen
0aaad9eb25 wrapper: Avoid size_t to uint8 cast
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8aade7ce6f)
2022-08-30 13:26:05 +02:00
Jakub Jelen
8fe4cabb26 misc: Refactor ssh_strerror to check return values
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 41f2ee92c6)
2022-08-30 13:26:04 +02:00
Jakub Jelen
1689b83d0f Do not force GNU_SOURCE during build to fix #141
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8cf9c8162f)
2022-08-30 13:26:02 +02:00
Andreas Schneider
7c6105882b options: Use exec for the proxy command
This wont create a new process but replace the shell.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit bd2db30174)
2022-08-30 10:01:48 +02:00
Andreas Schneider
bb6d1b78dc socket: Add a comment about shells
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit d642b20d9c)
2022-08-30 10:01:46 +02:00
Andreas Schneider
5a884b8c5a socket: Add error message if execv fails
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 2546b62242)
2022-08-30 10:01:36 +02:00
Andreas Schneider
90128929e7 tests: Use ncat instead of nc
The ncat tool from nmap is available on all unix platforms. The nc
binary might link to ncat or something else. Settle on one we know
also the options can be used if needed.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 6268417ac6)
2022-08-30 10:01:30 +02:00
Andreas Schneider
a7d509ca50 tests: Add test for expanding port numbers
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 8c0be750db)
2022-08-30 10:00:54 +02:00
Andreas Schneider
d26f7253a9 session: Initialize the port with the standard port (22)
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit f306aafdc6)
2022-08-30 10:00:48 +02:00
Andreas Schneider
3ad2a21d13 misc: Fix expanding port numbers
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 648baf0f3c)
2022-08-30 10:00:38 +02:00
Andreas Schneider
7f6b3fab4e misc: Fix format truncation in ssh_path_expand_escape()
error: ‘%u’ directive output may be truncated writing between 1 and 10
bytes into a region of size 6.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 20406e51c9)
2022-08-26 14:10:39 +02:00
Jakub Jelen
cd7ccf93f0 Update changelog
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-08-26 11:34:08 +02:00
Jakub Jelen
5944124428 examples: Fix dereference after NULL check (CID 1461477)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8164e1ff9c)
2022-08-25 17:45:43 +02:00
renmingshuai
8c40b2491d session->socket_callbacks.data will be set to ssh_packet_socket_callback
in ssh_packet_register_socket_callback. Here is redundant.

Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 0799775185)
2022-08-25 17:36:45 +02:00
Timo Rothenpieler
3331b794bc misc: rename gettimeofday symbol
mingw does have this function, even though it appears to be deprecated.
So the symbol has to have a different name, or linking becomes
impossible.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 17aec429f5)
2022-08-25 17:36:42 +02:00
Jakub Jelen
02f1873b9e CMake: Do not build PKCS#11 URI support with OpenSSL <1.1.1
The old version is missing the EVP_PKEY_up_ref(), which is needed to keep track
of the EVP_PKEY references.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 6e2648af6b)
2022-08-25 17:36:38 +02:00
Jakub Jelen
5da93db25a pki: Rework handling of EVP_PKEYs in OpenSSL backend
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit a81e78aff4)
2022-08-25 17:36:36 +02:00
Jakub Jelen
b18495b56b Initialize pkcs11 engine only once
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 0800618f32)
2022-08-25 17:36:30 +02:00
Jakub Jelen
a96763b195 libcrypto: Skip unneccessary call to ENGINE_cleanup in OSSL>1.1
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit f721ee847b)
2022-08-25 17:36:26 +02:00
Jakub Jelen
540257b421 pki: Factor out the backend-specifics from cleaning the key structure
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 382ff38caa)
2022-08-25 17:36:22 +02:00
Jakub Jelen
b657eeb65e tests: Prevent memory leaks from test
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit bc0c027ac0)
2022-08-25 17:36:16 +02:00
renmingshuai
4a87515026 tests: Ensure the mode of the created file is ...
what we set in open funtion by the argument mode. The mode of the created file
is (mode & ~umask), So we set umask to typical default value(octal 022).

Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1286a70e13)
2022-08-08 10:17:05 +02:00
Jakub Jelen
886ed379d8 session: Avoid memory leak of agent_socket from configuration file
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48268

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aa1e136ea3)
2022-08-08 10:17:00 +02:00
Norbert Pocs
9b9197d86b gitlab-ci: Enable environment variable in centos9
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 4d96c667bc)
2022-08-03 19:43:48 +02:00
Norbert Pocs
64e89affeb torture.c Add environment variable to server fork
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 2e8e666b1d)
2022-08-03 19:43:48 +02:00
Jakub Jelen
2c1ad3262a tests: Refactor and provide plain PKCS8 PEM format
This also allows testing mbedtls with the PKCS8 PEM files

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 66be590657)
2022-08-03 10:49:24 +02:00
Jakub Jelen
14ff31490f examples: Update keygen2 example to show fingerprints
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f193e6840d)
2022-08-03 10:49:22 +02:00
Jakub Jelen
3db3511467 curve25519: Do not check for openssl functions when other crypto backend is used
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0982715bb5)
2022-08-03 10:49:18 +02:00
Jakub Jelen
4c5da86f91 pki: Do not check for DSA headers when DSA is not built in
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ebeee7631d)
2022-08-03 10:49:17 +02:00
Jakub Jelen
2564246024 mbedcrypto: Refactor PEM parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aca482a5a5)
2022-08-03 10:49:15 +02:00
Jakub Jelen
146d1a620d session: Initialize pointers
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 355e29d881)
2022-08-03 10:49:14 +02:00
Anderson Toshiyuki Sasaki
19c43ff6b7 init: Free global init mutex in the destructor on Windows
Fixes: #57 (T238)

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 163951d869)
2022-08-02 16:03:06 +02:00