ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
5 206 коммитов 3 Ветки 1 Тег 7,9 MiB
cc953ff7e4
Граф коммитов

5206 Коммитов

This Branch
This Branch
Все ветки
Автор SHA1 Сообщение Дата
Jakub Jelen
7e692ee1b6 libgcrypt: Do not leak memory with invalid key lengths 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
dd54ffb2f1 pki_gcrypt: Do not confuse static analyzers 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
3642224ee5 legacy,keys: Fix the macro conditions 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
9b858f57c5 mbedcrypto_missing: Always check return values 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
13c88a2e0a mbedcrypto_missing: Avoid potential memory leaks as reported by csbuild 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
059b6851dc pki_mbedtls: Avoid potential memory leaks 
reported by csbuild

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
71ba61cc5b pki_mbedtls: Do not warn about unused arguments 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
30cc1568f4 options: Avoid needless assignment as reported by csbuild 
The error was

 src/options.c:971:13: warning: Value stored to 'u' is never read
 #            u = 0;
 #            ^   ~
 src/options.c:971:13: note: Value stored to 'u' is never read
 #            u = 0;
 #            ^   ~
 #  969|           case SSH_OPTIONS_KBDINT_AUTH:
 #  970|           case SSH_OPTIONS_GSSAPI_AUTH:
 #  971|->             u = 0;
 #  972|               if (value == NULL) {
 #  973|                   ssh_set_error_invalid(session);

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
8eda4165cf tests: Do not require strict host key checking in openssh 
as nothing really sets these keys up and they are probably preserverd
from some previous test, which is really not a good testing strategy.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
1563bddf88 tests: Avoid needless assignment as reported by csbuild 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
e2841908fb kex: Avoid always-false comparisons as reported by csbuild 
/builds/jjelen/libssh-mirror/src/kex.c:360:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] <--[cc]
  360 |         if (len < 0) {
      |                 ^
/builds/jjelen/libssh-mirror/src/kex.c:372:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] <--[cc]
  372 |         if (len < 0) {
      |                 ^

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
2892b49a37 tests: Use the path to SSH executable consistently 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
4b85934198 examples: Enable strict build 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Aris Adamantiadis
9e7de14d59 pkd client run user executable 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Aris Adamantiadis
bba5fa18ed pkd: fix snprintf compiler warning 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Aris Adamantiadis
1089948346 tests: use detected sshd path 
The static sshd directory wasn't matching the detected sshd and prevented the testcases to be run against local OpenSSH builts

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Aris Adamantiadis
7ec67011c5 tests: use OpenSSH-provided ciphers 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Aris Adamantiadis
177e76f753 tests: search for netcat binary 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Aris Adamantiadis
3d2570ff5f pkd: use detected OpenSSH supported key types 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Aris Adamantiadis
3063a57fc8 tests: detect OpenSSH supported ciphers 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Aris Adamantiadis
23c529c888 tests: fix typos 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Sahana Prasad
2b76abb74c clienttest: Adds a client test that authenticates to the ssh server using ssh_connect through key obtained through PKCS11 URIs. 
Signed-Off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:18:31 +01:00
Sahana Prasad
fa95fe3e1b unittests: Adds unitests for ecdsa and rsa with PKCS11 URIs. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:18:31 +01:00
Sahana Prasad
cc1175a9af torture: Add a helper function to setup tokens using softhsm. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:18:23 +01:00
Sahana Prasad
4ea09256f6 src: Implements PKCS11 URI support 
Imports private and public keys from the engine via PKCS11 URIs. Uses
the imported keys to authenticate to the ssh server.

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:17:33 +01:00
Sahana Prasad
6bf4ada240 src: Helper funtions to detect PKCS #11 URIs 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:41:02 +01:00
Sahana Prasad
86a0dfa65b src: Adds the Engine header file and invokes cleanup of the engine 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:40:51 +01:00
Sahana Prasad
89ec52f5b1 torture_key: Adds public keys in PEM format - as required by p11tool. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:40:38 +01:00
Sahana Prasad
bbc72ed3b6 tests/CMakeLists: Adds keys to authorized hosts list. copies script used to setup tokens. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:40:25 +01:00
Sahana Prasad
843052dd23 etc: Adds a new user Charlie 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:39:56 +01:00
Sahana Prasad
317cf070e2 tests/pkcs11: Adds a script to setup PKCS11 tokens using softhsm and p11tool. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:57 +01:00
Sahana Prasad
2a22211e7f keys: Adds new keys to generate PKCS11 URIs used to authenticate with the ssh server. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:45 +01:00
Sahana Prasad
105e6f05ba gitlab-ci: adds the PKCS11 URI option to build options 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:34 +01:00
Sahana Prasad
ac22e51e5a cmake: Add cmake module to find softhsm 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:20 +01:00
Sahana Prasad
fa6fb83c87 cmake: Add new option for PKCS11 URI support 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:04 +01:00
Sahana Prasad
314448786e unittest: Adds unit tests for ssh_strreplace(). 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:35:41 +01:00
Andreas Schneider
35216e7254 misc: Add ssh_strreplace() 
Pair-Programmed-With: Sahana Prasad <sahana@redhat.com>
Signed-Off-by: Sahana Prasad <sahana@redhat.com>
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-20 14:35:18 +01:00
Andreas Schneider
5317ebf0fc misc: Add ssh_tmpname() 
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-20 14:35:04 +01:00
Jussi Kivilinna
08f4469e21 libgcrypt: fix cipher handle leaks on setkey error paths 
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:45:45 +02:00
Jussi Kivilinna
de4b8f88a2 libgcrypt: Implement chacha20-poly1305@openssh.com cipher using libgcrypt 
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and
provides fast assembler implementations.

v3:
 - initialize pointers to NULL
 - use 'bool' for chacha20_poly1305_keysched.initialized
 - pass error codes from libgcrypt calls to variable
 - add SSH_LOG on error paths
v2:
 - use braces for one-line blocks
 - use UNUSED_PARAM/UNUSED_VAR instead of cast to void
 - use calloc instead of malloc+memset

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:31:54 +02:00
Jussi Kivilinna
af5de2d37e tests: add crypto unittest for chacha20poly1305 
v3:
 - add tests for malformed encrypted inputs
v2:
 - use proper size key for chacha20poly1305
 - make copy of cleartext for chacha20poly1305 test-case
 - update chacha20_encrypted

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:31:17 +02:00
Jon Simons
b94ecf18bd curve25519: fix uninitialized arg to EVP_PKEY_derive 
Ensure that the `keylen` argument as provided to `EVP_PKEY_derive`
is initialized, otherwise depending on stack contents, the function
call may fail.

Fixes T205.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-13 20:00:37 -05:00
Jakub Jelen
d2a32ca6d3 torture: Accept whole pid_t range 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-11 11:38:21 +01:00
Aris Adamantiadis
e42307bbe3 tests: bigger sshd config buffer (fixes #T180) 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-11 11:38:21 +01:00
Andreas Schneider
742d81ec5d include: Rename __unused__ to __attr_unused__ 
This avoids a collision with valgrind.h

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-11 11:38:16 +01:00
Jakub Jelen
b03818aaed init: Fix documentation about return values of void functions 
Fixes T203

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-10 21:13:07 +01:00
Jakub Jelen
8c3996ef38 Fix link for bug tracker 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-10 16:50:39 +01:00
Andreas Schneider
ecc78ec154 cpack: Ignore patch files 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 19:25:38 +01:00
Jakub Jelen
574690ae2e config: Ignore empty lines to avoid OOB array access 
Fixes T187

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Jakub Jelen
c7cacf986f tests: Check behavior of match_pattern() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00