This avoids csbuild failures due to new source files added. Previously
in some runs, csbuild would try to reuse the existing cmake cache file
which could contain added dependencies to new source files, leading to
failure in the run.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Do not print crypto debug information to reduce size of generated logs.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
They aren't needed and perhaps some compilers will issue "Unreachable
code" warnings.
Signed-off-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This makes sure the content will be zero after successful allocation.
Resolves T134
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
When using OpenSSL, the bignums generated during group exchange are
duplicated and don't transfer the memory management responsibility to
the back-end. The original generated bignums can be freed.
The leak was detectable by running:
$ valgrind --leak-check=full ./tests/pkd/pkd_hello -i1 \
-t torture_pkd_openssh_rsa_rsa_diffie_hellman_group_exchange_sha256
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The added option is an alias for the previously existing option
PubkeyAcceptedTypes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This allows the global client (ssh_session) configuration file path to
be set in configuration time by defining GLOBAL_CLIENT_CONFIG when
calling cmake. If it is not defined, the default path is set as
"/etc/ssh/ssh_config".
usage example:
$ cmake -DGLOBAL_CLIENT_CONFIG=/etc/my/custom/path ..
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Do not allow using SSH_DIGEST_AUTO for any algorithm other than
ed25519.
Do not allow using incompatible hash algorithms when signing or
verifying signatures.
Added negative tests for all combinations of signature and hash
algorithms.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Previously in the tests the private key structure would be used for
signature verification. Use the corresponding public key instead.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
pki_sign_data() uses the given private key and hash algorithm to sign
the data using the OpenSSL EVP interface. The corresponding function
pki_verify_data_signature() receives the signature, the signed data, and
the public key to verify the signature.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Store the raw signature instead of the internal backend structure.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Store the raw signature instead of the internal backend structure.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This is a preparation to store the raw signature for all algorithms in
the same place in ssh_signature.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This makes pki_do_sign() and pki_signature_verify() to receive the
original input instead of the pre-calculated hash. The hash is then
calculated internally.
The hash to be used inside the signature is decided earlier, when all
the information about the signature to be generated/verified is
available.
Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid().
The tests were modified to use pki_do_sign() instead of
pki_do_sign_hash().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The goal here is to avoid errors due to fall through when
HAVE_OPENSSL_ECC is not defined.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Refactor pki_signature_to_blob() without behaviour changes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Refactor the code without behaviour changes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The goal of this change is to make pki_signature_from_*_blob()
consistent.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Remove duplicate code previously used only in server side to generate
signatures. Currently the code used to generate the signature is the
same for both client and server.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Refactor ssh_srv_pki_do_sign_sessionid() without behaviour changes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added ECDSA key types to ssh_key_type_to_hash(). Refactor
ssh_pki_do_sign() without behaviour changes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Upon SSH_OK, callers of `ssh_dh_keypair_set_keys` expect for ownership
of the `priv` and `pub` values to be transferred away and eventually
later managed by way of the `struct dh_ctx` at hand.
The mbedTLS and gcrypt builds transfer ownership of these values in
that way, but the libcrypto `ssh_dh_keypair_set_keys` is copying the
given values with `BN_dup`. This causes a memory leak that can be
seen with pkd and valgrind:
valgrind --leak-check=full \
./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_diffie_hellman_group16_sha512
Fix the leak by replacing the `BN_dup` with direct assignment.
Now the bignums will eventually be freed via `ssh_dh_cleanup`.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to free the `dh_ctx` member in `ssh_dh_cleanup` to match
the allocation in `ssh_dh_init_common`.
The before-and-after of this change can be observed with the pkd
tests and valgrind:
valgrind --leak-check=full \
./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_diffie_hellman_group16_sha512
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
CID 1401095
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
CID 1401096
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Fix libssh server sending SSH_MSG_EXT_INFO messages upon rekey: clients
do not expect that message during rekey, and OpenSSH in particular will
log error messages along the lines of:
"kex protocol error: type 7 seq 15"
when the message is received during a rekey.
To fix, check against the session connected flag, which only transitions
to non-zero following the first successful authentication.
bf2c7128ab67cca007b2ba6a59fbfb82afb8c8c6 adds logic to resolve this
issue, but it turns out that checking the session_state to avoid
sending the message is insufficient, because that state is re-set
to SSH_SESSION_STATE_KEXINIT_RECEIVED during rekey.
The before-and-after effects of this change can be observed using the
pkd --rekey flag as so:
./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256 \
-i1 --rekey=16 -v -v -v 2>&1 |
grep -e 'KEY' -e 'EXT'
^ where before the change, multiple SSH_MSG_EXT_INFO send messages are
logged; after, there is only a single SSH_MSG_EXT_INFO logged once upon
the first initial key exchange.
Cross-reference: https://bugs.libssh.org/T121.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
