Before this change, dangling pointers can be unintentionally left in the
respective next_crypto kex methods slots. Ensure to set all slots to
NULL in the error-out path.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix DSA signature extraction for the LIBGCRYPT build. Here, the same fix
that was applied to the LIBCRYPTO build for https://red.libssh.org/issues/144
is now adapted for pki_gcrypt. Additionally, ensure to set the resulting
output sig_blob buffer before returning.
Before this fix, one can observe the failure with the pkd test on a LIBGCRYPT
build as so:
# ./pkd_hello -i 1 -t torture_pkd_openssh_dsa_dsa_default
After, runs of 10000 back-to-back iterations of the same test are passing.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Disable the 'make_string_bn_inplace' helper function for the LIBGCRYPT
build, rather than using '#error' to fail the build completely.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.
BUG: https://red.libssh.org/issues/175
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix a build breakage when '-DWITH_SERVER=OFF' is set: skip building the
pkd test for that case. Add some missing includes for the OpenIndiana
and FreeBSD builds.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Introduce a sample public-key testing daemon to the 'pkd' test directory,
and add support code for cycling through various combinations of different
key exchange, cipher, and MAC algorithms.
The goal of the 'pkd_hello' test is to make it easy to test interactions
between non-libssh clients and a libssh-server, and to provide a starting
point for testing new implementations for key types, ciphers, MACs, and
so on. The thinking is that testing a new algorithm should be as simple
as adding a new line for it in the PKDTESTS_* lists.
Macros are used to generate the tests and helper functions for a couple of
clients -- here, OpenSSH and dropbear are included for the first cut. If
binaries are found for these clients, their test lists will be enabled;
when binaries are not found for a given client, those tests are skipped.
Tests are run in one large batch by default, but can also be run individually
to help with tracking down things like signature bugs that may take many
iterations to reproduce.
Each test logs its stdout and stderr to its own file, which is cleaned up
when a test succeeds. For failures, those logs can be combined with verbose
libssh output from pkd itself to start debugging things.
Some example usages:
pkd_hello
Run all tests with default number of iterations.
pkd_hello --list
List available individual test names.
pkd_hello -i 1000 -t torture_pkd_openssh_ecdsa_256_ecdh_sha2_nistp256
Run only the torture_pkd_openssh_ecdsa_256_ecdh_sha2_nistp256
testcase 1000 times.
pkd_hello -v -v -v -v -e -o
Run all tests with maximum libssh and pkd logging.
Included in the tests are passes for all existing kex, cipher, and MAC
algorithms.
BUG: https://red.libssh.org/issues/144
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Add missing initialization of 'type_c' field of a SSH signature in
'pki_do_sign_sessionid' procedure.
If libssh is compiled with GCrypt, 'dh_handshake_server' fails with
"Could not sign the session id" error. The change fixes that.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix a missing 'buffer_pack' formatter in 'ssh_message_auth_interactive_request'.
With this fix the 'examples/samplesshd-kbdint' program is working again for me.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Check the 'ssh_buffer_pack' return in ssh_pki_do_sign for the ED25519 case.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fail fast in 'pki_import_pubkey_buffer' for the ED25519 case if a buffer
sized ED25519_PK_LEN can not be retrieved. Before, the 'memcpy' could
have read beyond the bounds of 'ssh_string_data(pubkey)'.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to free the z_stream structures as allocated from
the gzip.c initcompress, initdecompress functions.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
