1
1
Граф коммитов

4215 Коммитов

Автор SHA1 Сообщение Дата
Jakub Jelen
1226de875b pki: Implement reading public key from OpenSSH private key container
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
2307be32cf Revert "pkd: Generate host keys in old format"
This is no longer needed since libssh can read the private keys
in new OpenSSH format.

This reverts commit 100c9c98ce.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
eaaa4131de tests: Verify the keys loaded from new OpenSSH format
This runs the same test that are ran on the legacy PEM files
also with the new OpenSSH key files.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
39102224b2 pki: Allow reading keys in new OpenSSH format
This implements reading the OpenSSH key format accross the
cryptographic backends. Most of the code is shared and moved
to pki.c, just the building of the keys is implemented in
pki_privkey_build_*() functions.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
e365aed6d2 tests: Provide testing keys also in OpenSSH format
This extends the torture API to provide a way to request
keys in different formats. This extends the keys with
private keys in the new OpenSSH format (default since
OpenSSH 7.8).

This also needs modifications to the ed25519 tests, which
do not support PEM format and expected the new format out of the
box.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
d23bda8181 pki: Use unpack to simplify public key reading
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
86d521cbe7 buffer: Make sure unpack of secure buffers securely cleans up
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Andreas Schneider
856dc698a9 libmbedcrypto: Fix creating evp hash
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:51:41 +02:00
Jakub Jelen
4d09c6dc31 buffer: Reformat ssh_buffer_get_ssh_string
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
03a66b8599 tests: Use stdbool for with_passphrase argument
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
c04eac40f3 pki_crypto: Clarify that memory passed with set0 is managed by openssl objects
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
8cc0672c0c pki_mbedcrypto: pki_pubkey_build_rsa: properly clean up on error
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
8f7214a584 pki: Initialize pointers to NULL
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
9d2de880ec tests: Drop duplicate ed25519 key creation
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
039c066da5 buffer: Fix typo
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
6efbf7a30e tests: Verify the pubkey authentication works with ECDSA keys
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2018-09-17 16:39:38 +02:00
Andreas Schneider
e5170107c9 auth: Fix ecdsa pubkey auth
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2018-09-17 16:39:12 +02:00
Andreas Schneider
30df04a8a5 tests: Do not call sftp_canonicalize_path()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 14:35:39 +02:00
Andreas Schneider
aaca395bd3 tests: Add a sftp benchmark test for write/read
The tests writes and reads a file of 128M.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
0762057eb9 sftp: Move the packet payload to the message
This reduces memory allocations and copying.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
57153f6481 sftp: Use SSH_BUFFER_FREE in sftp_message_free()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
4c32befd93 sftp: Reformat sftp_message_free()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
be8302e2f3 sftp: Allocate a new buffer in sftp_packet_read() if needed
We will move the buffer to the message instead of duplicating the
memory.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
97d2e1f4cb sftp: Reformat sftp_read_and_dispatch()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
12fc0ea1bf sftp: Validate the packet handle before we allocate memory
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
573eab0d51 sftp: Reformat sftp_get_message()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
0e317e612f sftp: Use bool for is_eof in sftp_packet_read()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
01135703a3 sftp: Use 's' only in the scope it is needed
This revaled a bug when reading the packet type.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
c070414309 sftp: Use 16K for the transfer buffer size
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
d2cc4eccc7 sftp: Get the packet type directly from the buffer
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
38781f69b0 sftp: Limit packet size to 256 MB
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
dc4faf9952 sftp: Directly read and validate the packet size from the bufffer
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
cbbc6ddcb6 sftp: Use read_packet from sftp handle
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
a7456bf4d5 sftp: Simplify the code for reading data
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
afc14fe003 sftp: Reformat sftp_packet_read()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
79a3fcac72 sftp: Keep a ssh_packet for reading in the sftp handle
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
945afaa6b4 sftp: Remove ZERO_STRUCTP from sftp_free()
The structure doesn't hold any sensitive data and this would be
optimized away anyway.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
d840a05be3 sftp: Reformat sftp_free()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
662c30eb72 sftp: Reformat sftp_new()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
29b5477849 include: Add SSH_BUFFER_FREE
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
2e8f2f03e7 cmake: Correctly detect if glob has gl_flags member
Thanks to Baruch Siach.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
983d1189d0 gitlab-ci: Add builds with gcc7
It looks like gcc7 has more warning enabled or something is broken in
gcc8.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-10 13:02:40 +02:00
Andreas Schneider
7b2e1c7fb7 gitlab-ci: Big cleanup
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-10 12:02:08 +02:00
Andreas Schneider
ceecd3fd6f config: Fix size type
src/config.c:562:12: error: assuming signed overflow does not occur when
    simplifying conditional to constant [-Werror=strict-overflow]

         if (args < 1) {
            ^

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-06 08:28:24 +02:00
Andreas Schneider
bfd33ecf29 cmake: Use -Wpedantic and remove -pedantic-errors
We get -Werror if -DPICKY_DEVELOPER=ON is set.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-06 08:28:24 +02:00
Jakub Jelen
56317caafc tests: UsePrivilegeSeparation has no effect since OpenSSH 7.5
Additionally, we can already work around the privilege separation.

http://www.openssh.com/txt/release-7.5

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 15:43:11 +02:00
Jakub Jelen
ca4fb9c6f8 tests: Do not trace sshd
OpenSSH's sshd does not work well under valgrind so lets avoid tracing it.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 15:43:00 +02:00
Andreas Schneider
91800eb243 cmake: Move CompilerFlags to own file
They need to be included before the project() call.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 15:28:29 +02:00
Andreas Schneider
2923ad59f9 cmake: Update defaults
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 15:21:34 +02:00
Jakub Jelen
556ad59a5a tests: Verify the Match keyword from configuration file
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 11:43:05 +02:00