1
1
Граф коммитов

3662 Коммитов

Автор SHA1 Сообщение Дата
Andreas Schneider
250bf37a28 tortrue: Add ed25519 hostkey to sshd
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:20:28 +02:00
Andreas Schneider
952c64b4c0 threads: Fix compiler warning
Use a protype for libcrypto_lock_callback().

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:18:12 +02:00
Andreas Schneider
bcaeaf17af tests: Fix size for bob_ssh_cert
Fixes a gcc8 warning.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:12:36 +02:00
Jim McDonough
f4e57a6e22 Add builds for opensuse tumbleweed
Signed-off-by: Jim McDonough <jmcdonough@suse.com>
2018-05-30 14:33:47 +02:00
Andreas Schneider
8457580f61 wrapper: Fix memory leak when freeing server_pubkey
Thanks to John McVann.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-14 08:17:08 +02:00
Andreas Schneider
f1ff9ae00c torture: Increase wait time for process termination to 10ms
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07 21:01:05 +02:00
Andreas Schneider
ed4ea51bb8 connector: Add missing check for POLLHUP to detect EOF
Thanks to Chris Townsend.

Fixes T81

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07 20:36:56 +02:00
Andreas Schneider
22a92da30d auth: Handle SSH_AUTH_PARTIAL in agent auth correctly
Thanks to Orion Poplawski.

Fixes T82

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07 20:32:13 +02:00
Andreas Schneider
362b20a0bc server: Fix segfault in dh_handshake_server()
Thanks to Felix Jones

Fixes T91

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07 20:09:56 +02:00
Andreas Schneider
72f6b34dbc tests: We should only init and finalize libssh once
This should fix a segfault with gcrypt.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07 08:33:32 +02:00
Andreas Schneider
816234350d pki: Fix duplicating ed25519 public keys
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-25 16:25:32 +02:00
Andreas Schneider
4aeb0cfd9c server: Fix session pubkey import
This is a regression introduced by 16217454d5

We import the pubkey into current_crypto which is NULL instead of
next_crypto.

Fixes T90

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-20 13:47:46 +02:00
Nikos Mavrogiannopoulos
be414423d7 Introduce a gitlab CI for centos7, debian and Fedora
This introduces builds for:
  centos7 with openssl 1.0.x (x86-64)
  fedora28 with openssl 1.1.x (x86-64)
  fedora28 with libgcrypt (x86-64) - disabled
  debian with openssl 1.0.x (aarch64)
  address-sanitizer (gcc) - disabled
  undefined-sanitizer (gcc)
  static-analyzer (clang)

See https://gitlab.com/libssh/libssh-mirror/

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:57:32 +02:00
Nikos Mavrogiannopoulos
abd1a1f372 README: Added markdown readmine with gitlab CI badge
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:51:43 +02:00
Andreas Schneider
c705fb6e3b kex1: Add missing NULL check in make_rsa1_string()
CID 1388445

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:33:55 +02:00
Andreas Schneider
1a36aa21ba packet_cb: Fix the if check in ssh_packet_newkeys()
CID 1388446

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:32:35 +02:00
Andreas Schneider
c2f8010b60 known_hosts: Do not leak pubkey_buffer in check_public_key()
CID: 1388447

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:29:21 +02:00
Andreas Schneider
64985f7bea server: Do not leak pubkey_blob in ssh_get_key_params()
CID 1388448

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:27:01 +02:00
Nikos Mavrogiannopoulos
3f562ee586 buffer: Do not call explicit_bzero with null arguments
This allows compiling and testing with undefined sanitizer.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:24:47 +02:00
Nikos Mavrogiannopoulos
eb796b4bbb buffer: Do not call memcpy with null arguments
This allows compiling and testing with undefined sanitizer.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:24:42 +02:00
Andreas Schneider
87b8d232bd buffer: Apply coding style to ssh_buffer_reinit()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:22:03 +02:00
Andreas Schneider
6f1f8d2bdb buffer: Apply coding style to realloc_buffer()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18 10:22:03 +02:00
Nikos Mavrogiannopoulos
a95bc8a016 kex1: Use libcrypto-compat.h for RSA_get0_key with OpenSSL
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-17 18:00:52 +02:00
Nikos Mavrogiannopoulos
f3a19d8c96 torture_path_expand_tilde_unix: use getpwuid() if no env variables
This allows operating under environments where the username variables
are not present.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-17 17:59:14 +02:00
Meng Tan
e005fd310f Fix ssh_event_add_session() when session socket has two pollhandlers
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-10 11:20:52 +02:00
Axel Eppe
fb2fefb3c6 channels: add ssh_channel_request_send_break to support RFC 4335
Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-10 11:16:23 +02:00
Andreas Schneider
6026fc8036 cmake: Fix libfuzzer linking with clang6
This is always available using -fsanitize=fuzzer now.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-10 11:13:57 +02:00
Andreas Schneider
2cc5b5865c kex1: Use new dh pubkey import functions
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-28 10:20:54 +02:00
Andreas Schneider
8d65edb41f kex1: Fix building with OpenSSL 1.1+
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-28 10:20:32 +02:00
Andreas Schneider
1247ba3398 channels1: Add missing config.h include
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-28 10:11:45 +02:00
Alberto Aguirre
be22c0d442 Add a NODELAY option
Add a new option SSH_OPTIONS_NODELAY to enable or disable the
Nagle Algorithm (TCP_NODELAY) on the session socket.

Improved performance can be achieved for some applications like
sftp servers by enabling SSH_OPTIONS_NODELAY as typically, the
next request won't arrive until the server replies, which are
typically small writes.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21 20:44:04 +01:00
Andreas Schneider
467d78a442 tests: Fix mixed code compiler warning in torture_rand
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21 20:41:16 +01:00
Andreas Schneider
a4aeee972c torture: Increase wait time for the sshd process to exit
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21 20:40:04 +01:00
Andreas Schneider
16217454d5 crypto: Change the type of server_pubkey to ssh_key
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21 20:40:02 +01:00
Alberto Aguirre
7e1e0e5098 misc: Use SecureZeroMemory if available for explicit_bzero
Useful on Windows platforms where SecureZeroMemory is available.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11 22:58:49 +01:00
Alberto Aguirre
3fa0e3959c misc: Use memset_s if available for explicit_bzero
Useful on OSX where memset_s is available.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11 22:58:13 +01:00
Alberto Aguirre
dd20253fec tests: fix OSX build errors when enabling tests
Fix OSX build error about embedding a directive within macro arguments.
Apparently, snprintf is implemented as a macro on that platform.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11 22:54:47 +01:00
Alberto Aguirre
85ab4ee53a connector: ensure channel callbacks are removed
ssh_connector_free fails to remove the in/out channel callbacks
as ssh_connector_remove_event sets the in/out channel variables
to NULL.

Have ssh_connector_free, remove the channel callbacks first before
invoking ssh_connector_remove_event.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-07 15:48:04 +01:00
Alberto Aguirre
25f31760aa connector: Check for POLLHUP on in_fd
POLLHUP needs to be checked on in_fd, which may be a pipe.
A pipe in Linux signals EOF through POLLHUP (see:
http://www.greenend.org.uk/rjk/tech/poll.html)

Without checking POLLHUP, a client could spin up indefinetely
doing ssh_event_dopoll.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-07 15:47:03 +01:00
Juraj Vijtiuk
d11869bdb6 pki: Add mbedTLS ECDSA key comparison support
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-07 15:44:05 +01:00
Andreas Schneider
81847bf513 priv: Implement explicit_bzero as a function if not available
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alberto Aguirre <albaguirre@gmail.com>
2018-03-02 18:07:42 +01:00
Andreas Schneider
bba40abc76 priv: Fix explicit_bzero macro if we pass a function
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-22 16:28:24 +01:00
Alberto Aguirre
0c12643466 sftp: Remove stray semi-colon in sftp.h header
The stray semi-colon in sftp.h is flagged when using -pedantic
which affects clients that include the header and use -pedantic
and -Werror on their codebase.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-22 16:28:24 +01:00
Andreas Schneider
1319d2ceb2 cmake: Mark LIBSSH_LIBRARIES and LIBSSH_INCLUDE_DIR as advanced
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-16 16:52:02 +01:00
Andreas Schneider
cc1f496741 pki: Use explicit_bzero() to wipe privkey in memory
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-16 16:51:37 +01:00
jvijtiuk
963111b836 tests: Fix segfault with mbedTLS built without threading support
torture_rand and torture_server_x11 call ssh_init without checking
the return value. If mbedTLS is built without threading support
ssh_init fails but the tests continue and then segfault since threading
wasn't correctly initialised.

Add a section that documents requirements for mbedTLS usage in a
multi threaded environment to README.mbedtls.

Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12 20:05:49 +01:00
Andreas Schneider
ebcff9fd63 src: Use explicit_bzero() if available on the platform
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12 14:41:27 +01:00
Andreas Schneider
25ff1214a4 cmake: Build ssh_server_fuzzer if enabled
Fixes T67

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-04 11:52:45 +01:00
Alex Gaynor
d84b0926f0 tests: Added a fuzzer for the server
Fixes T67

Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
2018-02-04 11:51:58 +01:00
Meng Tan
f19158cadf Set channel as bound when accepting channel open request
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-01 18:23:38 +01:00