1
1
Граф коммитов

5477 Коммитов

Автор SHA1 Сообщение Дата
Jakub Jelen
b657eeb65e tests: Prevent memory leaks from test
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit bc0c027ac0)
2022-08-25 17:36:16 +02:00
renmingshuai
4a87515026 tests: Ensure the mode of the created file is ...
what we set in open funtion by the argument mode. The mode of the created file
is (mode & ~umask), So we set umask to typical default value(octal 022).

Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1286a70e13)
2022-08-08 10:17:05 +02:00
Jakub Jelen
886ed379d8 session: Avoid memory leak of agent_socket from configuration file
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48268

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aa1e136ea3)
2022-08-08 10:17:00 +02:00
Norbert Pocs
9b9197d86b gitlab-ci: Enable environment variable in centos9
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 4d96c667bc)
2022-08-03 19:43:48 +02:00
Norbert Pocs
64e89affeb torture.c Add environment variable to server fork
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 2e8e666b1d)
2022-08-03 19:43:48 +02:00
Jakub Jelen
2c1ad3262a tests: Refactor and provide plain PKCS8 PEM format
This also allows testing mbedtls with the PKCS8 PEM files

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 66be590657)
2022-08-03 10:49:24 +02:00
Jakub Jelen
14ff31490f examples: Update keygen2 example to show fingerprints
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f193e6840d)
2022-08-03 10:49:22 +02:00
Jakub Jelen
3db3511467 curve25519: Do not check for openssl functions when other crypto backend is used
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0982715bb5)
2022-08-03 10:49:18 +02:00
Jakub Jelen
4c5da86f91 pki: Do not check for DSA headers when DSA is not built in
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ebeee7631d)
2022-08-03 10:49:17 +02:00
Jakub Jelen
2564246024 mbedcrypto: Refactor PEM parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aca482a5a5)
2022-08-03 10:49:15 +02:00
Jakub Jelen
146d1a620d session: Initialize pointers
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 355e29d881)
2022-08-03 10:49:14 +02:00
Anderson Toshiyuki Sasaki
19c43ff6b7 init: Free global init mutex in the destructor on Windows
Fixes: #57 (T238)

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 163951d869)
2022-08-02 16:03:06 +02:00
Norbert Pocs
58a2943d42 .gitlab-ci: Add centos9 image
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 84df28ee31)
2022-08-02 16:03:05 +02:00
Norbert Pocs
54c5472b53 .gitlab-ci: Remove remaining rawhide lines
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 224298a4d0)
2022-08-02 16:03:03 +02:00
Jakub Jelen
17e9cd70a5 Move digest functions into separate file
The external ed25519 requires also the sha512 functions to work.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c09b02c573)
2022-08-02 16:01:42 +02:00
Jakub Jelen
cee5c9f404 Build external override library with all symbols
The curve25519 depends on ssh_get_random, which is normally built into libssh.
For the external override tests to build, we need to have them in separate
source file that can be included for this test.

For some reason, this did not happen on CI builds, but it did happen in koji
during RPM builds.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0da54f2908)
2022-08-02 16:01:35 +02:00
Andreas Schneider
43fb1d7c8d packet: Check hmac return codes in ssh_packet_hmac_verify()
CID #1490530

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit b42e9a19a3)
2022-07-14 15:03:58 +02:00
Andreas Schneider
5c629f22f6 packet: Use consistent return codes in ssh_packet_hmac_verify()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit e27ee9d0a4)
2022-07-14 15:03:57 +02:00
Andreas Schneider
46e0703c6e packet: Reformat ssh_packet_hmac_verify()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 4a7791b784)
2022-07-14 15:03:55 +02:00
Norbert Pocs
cffa103378 Make it work with openssl3.0
The KDF was changed in the new API, fetching the algorithm first
then creating the context using it.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 9a4c5203af)
2022-07-13 15:36:07 +02:00
Norbert Pocs
ea6558b3a6 Change cmake files for new openssl API
The new API does not provide EVP_KDF_CTX_new_id function, insted
it works with EVP_KDF_CTX_new and fetching the algorithm.
Adding a check for both to make it work with the new API too.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 8343a43edc)
2022-07-13 15:36:04 +02:00
Norbert Pocs
33e12317c3 torture_options: Add test for '@' in login name
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 964df4dc29)
2022-07-12 10:45:35 +02:00
Norbert Pocs
d17c635617 options: Parse hostname by last '@'
The login name can have '@' char in it

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bb5f7e2707)
2022-07-12 10:45:34 +02:00
Norbert Pocs
dde5fd8d38 bind.c: Add missing size constant to err_msg
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e53a2711d3)
2022-07-12 10:43:25 +02:00
Andreas Schneider
46e78aaa3a gitlab-ci: Drop the rawhide runner
Fedora 36 is using OpenSSL 3.0 now.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit a0c0efaf2e)
2022-07-11 11:02:20 +02:00
Andreas Schneider
3107133d10 tests: Setup Leak Sanitizer suppressions for OpenSSL
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 21ef488121)
2022-07-11 11:02:18 +02:00
Andreas Schneider
b9ccaf6e23 cmake: Build curve25519_ref.c if we build with libgcrypt
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 0128ed0d2c)
2022-07-11 11:02:17 +02:00
Andreas Schneider
38b17e6e6e pki: Fix building pki_ed25519.c with libgcrypt
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 6a25f07777)
2022-07-11 11:02:16 +02:00
Andreas Schneider
db0a1d6811 src: Fix building curve25519 with libgcrypt
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit cc0939df73)
2022-07-11 11:02:14 +02:00
Andreas Schneider
ced93a09d1 Bump version to 0.10.0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-07 15:27:23 +02:00
Andreas Schneider
3cff0eaa25 Update CHANGELOG for 0.9 changes
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-07 15:19:49 +02:00
Andreas Schneider
51c7816bea Rename ChangeLog
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-07 15:19:49 +02:00
Norbert Pocs
11a7c7b45b libgcrypt: Remove useless comparison
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:39:39 +02:00
Norbert Pocs
78d109596c pki_crypto: Fix segfault error when pkcs11
EVP_PKEY_dup can't be used with ENGINE generated keys and
the key can't be freed because it is passing the main key
from the struct.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:39:39 +02:00
Norbert Pocs
b80ad81d8e .gitlab-ci: Add fedora rawhide to gitlab CI
Rawhide has openssl 3.0 support which can test the new changes.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:39:39 +02:00
Norbert Pocs
20c13a2c76 Change const bignum to bignum
Openssl3.0 API retrieves bignum variables from a key.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:39:39 +02:00
Norbert Pocs
a9dddd89aa Use EVP_PKEY as a key type in key structs
Merge multiple key variables into one variable.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:39:39 +02:00
Norbert Pocs
7792d38157 Port functions to openssl3.0
Remove usage of deprecated functions.
Exceptions are:
  - pkcs11 (no openssl provider support yet)
  - ec (no support for uncompressed EC keys
    https://github.com/openssl/openssl/pull/16624)

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:39:39 +02:00
Norbert Pocs
fdf518435c Define EC name constants for openssl3
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:39:39 +02:00
Norbert Pocs
debd0ea4d3 Update HMAC function parameter type
New openssl API, libmbedtls, libgcrypt use size_t for
HMAC len pameter.

New helper functions were added in libcrypto.c to avoid
code duplication. (the header pki.h is needed for this
reason)

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:39:39 +02:00
Jakub Jelen
51c940adc9 misc: FreeBSD compatible strerror_r usage
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07 08:38:09 +02:00
Norbert Pocs
d30cf11cb6 Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00
Norbert Pocs
e5bc5ffd04 Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00
Norbert Pocs
4b92d48085 Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00
Norbert Pocs
a2a037a821 Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00
Norbert Pocs
4719c09e6a Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00
Norbert Pocs
4f09bb3660 Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00
Norbert Pocs
594608f21b Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00
Norbert Pocs
c437ba5c28 Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00
Norbert Pocs
3efe7c3cfb Rewrite strerror to ssh_strerror
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-04 11:55:40 +02:00