1
1
Граф коммитов

3975 Коммитов

Автор SHA1 Сообщение Дата
Jakub Jelen
594c62d718 tests: PUBLICKEY_ACCEPTED_TYPES are effective
Verify the PUBLICKEY_ACCEPTED_TYPES option is handled correctly
and affects the signature algorithm selection based on the
extensions and can be used to limit list of offered mechanisms
to the server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
4169be45eb pki: Allow filtering accepted public key types based on the configuration
This effectively allows to disable using the SHA2 extension, disable
other old public key mechanisms out of the box (hello DSA) or force
the new SHA2-based key algorithm types if needed.

This exposes the  default_methods  array from  kex.c.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
5d53f519bc tests: Cover PubkeyAcceptedTypes configuration option
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
37864b6575 config: Accept the PubkeyAcceptedTypes configuration option
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
4521ab73b6 options: The new option SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES
This option allows to specify acceptable public key algorithms
and reflects the PubkeyAcceptedTypes configuration option from
OpenSSH.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
9ca6127b91 kex: The public key algorithms are no longer only host keys
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
ebb01549d0 SHA2 extension in the ssh-agent interface
The new constants for flags are defined in draft-miller-ssh-agent-02
are active if the SHA2 extension is negotiated with the server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
945469c9e0 tests: SHA2 extension signatures
This introduces a new test case for RSA unit tests, verifying that
libraries are able to provide and verify the RSA signatures with
SHA2 hash algorithms.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
82da0c3361 auth: Support SHA2 extension for pubkey authentication (RFC 8332)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
1f08aabe43 pki: RSA signatures with SHA2 hash algorithms (RFC 8332)
* This change introduces a new API to request signature using
   one key and different hash algorithms. This is used only with
   RSA keys, that used to have SHA1 hardcoded, but the new
   algorithsms allow to use the SHA2 hashes, if the extension
   is negotiated.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
3ca7e1eea9 kex: Offer SHA2 extension signature algorithms by default
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
fa60827840 pki: Support RSA verification using different hash algorithms
This changes the private API by adding one more argument to function

  pki_signature_from_blob()

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
761225712a client: Handle the MSG_EXT_INFO packet signalling supported extensions
RFC 8308: The extension negotiation in Secure Shell (SSH) Protocol

RFC 8332: Use of RSA Keys with SHA-256 and SHA-512
          in the Secure Shell (SSH) Protocol

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
df13d8c61f kex: Signalize support for the extension negotiation in client (RFC 8308)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
cbccae795d pkd: Produce more useful logs
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
100c9c98ce pkd: Generate host keys in old format
This is required to work against OpenSSH 7.8, which is now
writing keys in new openssh format by default

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Andreas Schneider
d7a64b9519 tests: Ignore SIGPIPE in pkd
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Andreas Schneider
fc212d73ed cmake: Use -fstack-protector-strong if possible
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Andreas Schneider
2b05e46b62 examples: Reformat ssh_client
The example should be clean code if possible.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 10:21:06 +02:00
Andreas Schneider
8d8b64cc3f doc: Update that_style
We don't need the source css files.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 08:04:24 +02:00
Andreas Schneider
11d87238b8 poll: Fix size types in ssh_event_free()
src/poll.c:1024:9: error: assuming signed overflow does not occur when
    simplifying conditional to constant [-Werror=strict-overflow]

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-30 08:52:42 +02:00
Andreas Schneider
8243030c55 poll: Reformat ssh_event_free()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-30 08:51:33 +02:00
Andreas Schneider
111d06eac5 cmake: Set version to 0.8.90
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-30 08:21:25 +02:00
Andreas Schneider
20ca6e09dd cmake: VERSION_GREATER_EQUAL is not suppored by cmake 3.3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-30 07:34:16 +02:00
Andreas Schneider
66a0f14a0c cmake: Only support building docs the on cmake >= 3.9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 21:51:42 +02:00
Andreas Schneider
aba6e34b63 cmake: Fix SSP compiler flag check
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 21:21:17 +02:00
Andreas Schneider
4fcc0bd407 Bump library version to 4.6.0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Andreas Schneider
7960b8ed1b cmake: Fix final map generation
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Anderson Toshiyuki Sasaki
2aeee5194c cmake: Fix target to make sure copy runs in the end
The target created to copy the file must be the one make dist is
depending on.  Otherwise it will not copy the generated files to the
desired path.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Anderson Toshiyuki Sasaki
ca925588b0 cmake: Fix extract_symbols COPY_TO
Moved the symbols list formatting to the ExtractSymbols.cmake.  The
resulting list of symbols is sorted and printed in a more readable way
(one symbol per line).  Fixed the script to copy the generated symbols.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Andreas Schneider
5b07c1aa2c examples: Use ssh_print_hash()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Jan-Niklas Burfeind
9510a538c2 tests: Add torture_hashes for pubkey hashes
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Jan-Niklas Burfeind
f32cb70675 dh: Add ssh_print_hash() function which can deal with sha256
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Jan-Niklas Burfeind
1499b38aef dh: Add SSH_PUBLICKEY_HASH_SHA256 to ssh_get_publickey_hash()
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Andreas Schneider
509331ec81 sftp: Use strndup()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Andreas Schneider
247983e982 misc: Add strndup implementation if not provides by the OS
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 19:04:44 +02:00
Andreas Schneider
f0e99961b6 cmake: Require at least abimap-0.3.1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 18:08:59 +02:00
Andreas Schneider
2291c75ab0 cmake: Detect abimap version
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 18:08:59 +02:00
Andreas Schneider
77b4801e11 cmake: Fix typo in doc file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 18:08:59 +02:00
Andreas Schneider
a3c8dac6b6 tests: Fix size types in pkd
tests/pkd/pkd_hello.c:743:12: error: assuming signed overflow does not
    occur when simplifying conditional to constant [-Werror=strict-overflow]

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 11:07:08 +02:00
Andreas Schneider
5334cb9d55 doc: Update doxygen documentation
This fixes some issues with the new docs and uses a new modern style.

https://github.com/jl-wynen/that_style

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 11:05:47 +02:00
Andreas Schneider
9a73fa885a doc: Remove obsolete Doxyfile.in
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29 11:05:47 +02:00
Alex Hermann
23f60a56f3 misc: Set default port to 22 in ssh_path_expand_escape()
Fixes, among others, ProxyCommand with %p when no port is used on
commandline or config file, thus using the default port.

Fixes T94

Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-28 15:44:37 +02:00
Andreas Schneider
648f5cf400 cmake: Fix doxygen generation
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-27 16:46:01 +02:00
Anderson Toshiyuki Sasaki
f49bb1b6a3 cmake: Fix FindABIMap targets
Fix the targets and output files handling to make the symbols to be
updated correctly when a symbol is added or removed.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-27 14:42:56 +02:00
Jakub Jelen
f0a4c1e888 doc: There is no hostbased authentication implemented
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-27 11:29:20 +02:00
Andreas Schneider
a0fec81221 auth: Reset errors on successful authentication
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-27 11:29:20 +02:00
Andreas Schneider
0aad4de5f4 error: Add ssh_reset_error() function
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-27 11:29:18 +02:00
Andreas Schneider
280519af29 auth: Also log the current auth method
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-27 11:25:29 +02:00
Andreas Schneider
0ae376f133 auth: Fix the pending_call_state of ssh_userauth_password()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-27 11:25:08 +02:00