ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
4 637 коммитов 3 Ветки 1 Тег 7,9 MiB
8152c6aba4
Граф коммитов

4637 Коммитов

This Branch
This Branch
Все ветки
Автор SHA1 Сообщение Дата
Andreas Schneider
0170ed8883 socket: Set socket error to get better error messages 
We do not want an error for ssh_socket_close() here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:50:24 +01:00
Andreas Schneider
de54a88ee1 poll: Return early for timeout and count every revent 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:50:24 +01:00
Andreas Schneider
51f035aa3f poll: Do not generate SIGPIPE with recv() in bsd_poll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:50:24 +01:00
Andreas Schneider
edc7b96b2f poll: Improve checks for POLLHUP and POLLERR 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:50:21 +01:00
Andreas Schneider
ab269f036e poll: Zero (read|write|expect)fds in bsd_poll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:43:39 +01:00
Andreas Schneider
4512a3fead poll: Reformat bsd_poll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:43:37 +01:00
Andreas Schneider
fc840d8d69 poll: Fix size type 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:42:43 +01:00
Andreas Schneider
0e7a962417 poll: Reformat ssh_poll_ctx_dopoll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:42:33 +01:00
Jakub Jelen
531b80a60b kex: List also the SHA2 extension when ordering hostkey algorithms 
By default, the list of already stored known host types is preferred,
but this selection so far ignored the SHA2 extension and excluded these
keys in the KEXINIT list leading to not using this extension if not
explicitly enabled from configuration.

This commit extends the default list with the SHA2 signatures algoritms
and compares only base types so they can be listed in the KEXINIT list.

This adjust the tests to expect the full list of algorithms to pass.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:18:05 +01:00
Jakub Jelen
27fe60954c server: Correctly handle extensions 
If the server had an RSA host key, it provided unconditionally SHA2
signatures without consulting the client proposed list of supported host
keys.

This commit implements more fine-grained detection of the extension
to provide the client with valid signatures according to RFC 8332
Section 3.1.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:17:31 +01:00
Jakub Jelen
ca62632170 dh: Make sure we do not access uninitialized memory 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:16:50 +01:00
Andreas Schneider
fae1ed7ded gitlab-ci: Disable debian cross mips runner 
This runner always times out.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:15:44 +01:00
Jakub Jelen
851c580cf5 gitlab-ci: Run the Windows machines for me too 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:15:44 +01:00
Jakub Jelen
40b63f7c39 tests: Verify rekeying initialized by the server works 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:15:44 +01:00
Jakub Jelen
8012afd5e4 tests: Allow to modify sshd config from the test 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:15:44 +01:00
Jakub Jelen
7e41d08f26 packet: Dump also the packet type 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:31:49 +01:00
Jakub Jelen
347af845ab tests: Verify that rekey limits are effective from the client side 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
 2019-01-09 10:31:49 +01:00
Jakub Jelen
bfff7db5ff options: Update documentation for rekey limits 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:31:49 +01:00
Jakub Jelen
58cae2366a packet: Implement rekeying based on the recommendation from RFC's 
The default rekeying recommendations are specified in
RFC4344 Section 3 (First and Second Rekeying Recommendations).
Additionally, the rekeying can be specified in configuration
file/options allowing us to turn the rekeying off, base it
on time or make it more strict.

The code is highly inspired by the OpenSSH rekeying code.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:31:49 +01:00
Jakub Jelen
c86a00d06b packet: Provide a function to switch crypto in separate directions 
This also fixes the test using the crypto directly

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:31:45 +01:00
Jakub Jelen
8e0c047031 packet: Introduce a new function to access crypto 
And remove most of the direct access to the structure throughout the code

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
8d90266661 server: Reformat ssh_auth_reply_success 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
836982358a packet: Adjust the packet filter to allow client-initialized rekey 
If the rekey is initialized by client, it sends the first KEXINIT
message, changes to the INIT_SENT state and waits for the KEXINIT
message from the server. This was not covered in the current filter.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
a61368a06a packet: Prepare counters to handle rekeying limits 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
92e978f2f3 tests: Verify we can parse RekeyLimit configuration option 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
1a92c4bc64 config: Parse rekey limits and apply them 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
e973f95b37 options: Introduce new options for handling rekey limits 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
78427a9264 priv: Provide PRIu32 for Visual Studio 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
b3ae5e06ee tests: Allow to generate unencrypted PCAP files from testsuite 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
d4e5644e21 tests: Reproducer for T122 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
42c92074b9 tests: Do not run SSHD with PAM when not needed 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
81fdb574e7 packet: Write also incoming packets to .pcap files 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
fff2e85ab2 pcap: Reformat ssh_pcap_context_write() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
1be9618f4e kex: Correctly check for the rekey (amends 83f2ac4a) 
This is more reliable fix than 83f2ac4a, which was failing for the
server initialized rekeying, because the session_state is altered
by receiving the KEXINIT from server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Andreas Schneider
b26ca652f5 client: Happy new year! 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-05 13:18:12 +01:00
Andreas Schneider
9f1718e159 Revert "sftp: Set error if invalid session pointer is passed to sftp_new()" 
This reverts commit d011b780c3.
 2019-01-05 13:17:32 +01:00
Andreas Schneider
d011b780c3 sftp: Set error if invalid session pointer is passed to sftp_new() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-04 13:31:34 +01:00
Andreas Schneider
c6460cc955 Bump SO version to 4.7.3 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-24 07:58:20 +01:00
Andreas Schneider
b5f1949480 gitlab-ci: Build with blowfish cipher support on fedora 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2018-12-19 14:57:36 +01:00
Andreas Schneider
dea6fe3d89 crypto: Disable blowfish support by default 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2018-12-19 14:57:29 +01:00
Andreas Schneider
6cd8d4a24a channels: Don't call ssh_channel_close() twice 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-12 18:31:31 +01:00
Andreas Schneider
0bd404bcbd gitlab-ci: Add minimal build 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-12 18:29:14 +01:00
Jakub Jelen
c9bdb9a01e tests: Do not segfault when built without ZLIB 
Signed-off-by: Jakub Jelen <jakuje@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 20:28:01 +01:00
Jakub Jelen
973da84a47 tests: Verify we can parse the ProxyJump configuration option 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:56:07 +01:00
Jakub Jelen
990794c580 config: Parse ProxyJump configuration option and implement it using ProxyCommand with OpenSSH 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:56:05 +01:00
Jakub Jelen
9b1852f728 tests: Verify ProxyCommand works with ssh 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00
Jakub Jelen
055bf830db tests: Use torture_server_address() in proxycommand test 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00
Jakub Jelen
8c812dbfa3 tests: Verify all the options are copied over 
The ssh_options_copy() function was missing several options that were added
in recent years.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00
Jakub Jelen
9128ecf397 options: Copy also the new options 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00
Jakub Jelen
48aede2a31 options: Check for null 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00