libssh

Автор	SHA1	Сообщение	Дата
Eric Bentley	db67fcbe88	examples: add public key authentication to ssh_server_fork I noticed that there was no example showing server side public key encryption in the examples so I added this one. I used authorizedkeys as a global to minimize the changes to the original code as well as I was not sure the correct methodology of determining the .ssh directory location for a user not using Linux. One code using the user parameter to determine the location to use instead if desired. Signed-off-by: Eric Bentley <ebentley66@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 17:48:04 +01:00
Jakub Jelen	be9943132e	tests: Extend negative test cases for config Match keyword Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 15:15:39 +01:00
Jakub Jelen	893510db35	tests: Use assert_ssh_return_code() in config test Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 15:15:35 +01:00
Jakub Jelen	e989c4afff	config: Add new Match final keyword from OpenSSH 8.0 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 15:15:18 +01:00
Jakub Jelen	3ce31532eb	config: Fail if there is missing argument for some of the match keywords Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 15:13:30 +01:00
Aris Adamantiadis	3b5f9ef8d6	pkd: dh-group-exchange testcases	2019-01-24 13:06:33 +01:00
Aris Adamantiadis	53c88375fe	dh-gex: Add server implementation Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 13:06:33 +01:00
Aris Adamantiadis	40faa98c5e	wrapper: Move dh cleanup into dh.c Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 12:56:14 +01:00
Aris Adamantiadis	9407065879	tests: Added moduli file parsing tests Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 12:56:09 +01:00
Aris Adamantiadis	b36219369d	dh-gex: Add support for moduli file parsing Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 12:51:54 +01:00
Aris Adamantiadis	31da8025b2	tests: Add dh-group-exchange algorithm tests Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 11:56:23 +01:00
Aris Adamantiadis	574bfb5459	dh-gex: Add client implementation Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 11:56:23 +01:00
Aris Adamantiadis	154eb91914	dh: move state changes inside DH code Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 11:56:23 +01:00
Aris Adamantiadis	9c88769707	dh: Do some basic refactoring Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 11:56:23 +01:00
Aris Adamantiadis	a6c47099b7	buffer: Support bignums in ssh_buffer_unpack() Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 11:53:22 +01:00
Aris Adamantiadis	2f8239ade3	mbedcrypto: fixed nasty RNG bugs	2019-01-24 11:53:22 +01:00
Aris Adamantiadis	afe2673cfa	bignum: harmonize gcrypt, libcrypto and libmcrypt bignum Ensure most of the abstraction around the 3 libs are consistent. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 11:04:44 +01:00
Aris Adamantiadis	43a4f86b6e	dh: move unrelated functions out of dh.c Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 09:34:18 +01:00
Aris Adamantiadis	e42a423a24	kex: use runtime callbacks (server) Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 09:19:59 +01:00
Aris Adamantiadis	602a1defea	kex: use runtime callbacks (client) Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 09:11:30 +01:00
Anderson Toshiyuki Sasaki	fd5770973f	tests: Add test for server interactive authentication Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2019-01-22 13:12:26 +01:00
Anderson Toshiyuki Sasaki	416d03b19e	tests: Add test for server auth method none Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:26 +01:00
Anderson Toshiyuki Sasaki	db1a999852	tests: Test server pubkey authentication The default pubkey authentication callback is not checking anything. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:25 +01:00
Anderson Toshiyuki Sasaki	29445e4ff1	tests: Added functions to get the default callbacks This makes easier to create test cases using callbacks based on the default callbacks (e.g. using the default callbacks but replacing one specific callback) Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:25 +01:00
Anderson Toshiyuki Sasaki	13aa791e7b	tests: Provide the server state to callbacks This aims to make it easier to implement custom callbacks. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:25 +01:00
Jakub Jelen	7f18a27504	tests: Reproducer for cockpit issue, where server provides an invalid signature Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:25 +01:00
Jakub Jelen	2113dc9d23	tests: Check return values Signed-off-by: Jakub Jelen <jjelen@redhat.com>	2019-01-22 13:12:25 +01:00
Jakub Jelen	1f7a15ffb1	tests: Initialize allocated memory Signed-off-by: Jakub Jelen <jjelen@redhat.com>	2019-01-22 13:12:25 +01:00
Anderson Toshiyuki Sasaki	37262b98ef	tests: Added test server The server can be configured through command line options or by providing a state structure with the desired values set. Currently supports only password based authentication. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2019-01-22 13:12:25 +01:00
Andreas Schneider	e91e221d02	pcap: Correctly initialize sockaddr_in in ssh_pcap_context_set_file() Error: CLANG_WARNING: src/pcap.c:329:22: warning: The left operand of '!=' is a garbage value Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:25 +01:00
Andreas Schneider	79fe88bfb8	pcap: Reformat ssh_pcap_context_connect() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:25 +01:00
Andreas Schneider	98a8bf771d	tests: Fix uninitialized warning in torture_threads_pki_rsa Error: CLANG_WARNING: tests/unittests/torture_threads_pki_rsa.c:520:5: warning: 1st function call argument is an uninitialized value Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:25 +01:00
Andreas Schneider	0ceda043ce	cmake: Add -Wmissing-field-initializers compile flag Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-22 13:12:25 +01:00
Andreas Schneider	86849c0883	bind: Check for POLLRDHUP on the server if available This is a feature on modern Linux. Thanks to Ludovic Courtès <ludo@gnu.org> for the pointer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-15 15:44:50 +01:00
Andreas Schneider	0e9add9a89	bind: Reformat ssh_bind_get_poll() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-15 15:44:48 +01:00
Andreas Schneider	2eb0dc6446	Update ChangeLog	2019-01-11 15:56:02 +01:00
Marcin Szalowicz	4b4fb638f8	Fix cleaning up HMAC context for openssl < 1.1 remove old compatibility code for openssl < 0.9.7 Signed-off-by: Marcin Szalowicz <marcin.szalowicz@oracle.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-11 15:56:02 +01:00
Tilo Eckert	f118ea010b	tests: Refactor test so that all RSA + hash combinations are tested Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-11 15:56:02 +01:00
Tilo Eckert	481d749559	tests: Fix incorrect hash type parameter on signature import RSA with SHA-256/512 signatures have been interpreted as RSA with SHA-1 Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-11 15:56:02 +01:00
Jakub Jelen	c7aba3a716	tests: Refactor the sftp initilization to avoid invalid memory access on sftp failures Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-11 15:06:56 +01:00
Andreas Schneider	0170ed8883	socket: Set socket error to get better error messages We do not want an error for ssh_socket_close() here. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 15:50:24 +01:00
Andreas Schneider	de54a88ee1	poll: Return early for timeout and count every revent Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 15:50:24 +01:00
Andreas Schneider	51f035aa3f	poll: Do not generate SIGPIPE with recv() in bsd_poll() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 15:50:24 +01:00
Andreas Schneider	edc7b96b2f	poll: Improve checks for POLLHUP and POLLERR Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 15:50:21 +01:00
Andreas Schneider	ab269f036e	poll: Zero (read\|write\|expect)fds in bsd_poll() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 15:43:39 +01:00
Andreas Schneider	4512a3fead	poll: Reformat bsd_poll() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 15:43:37 +01:00
Andreas Schneider	fc840d8d69	poll: Fix size type Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 15:42:43 +01:00
Andreas Schneider	0e7a962417	poll: Reformat ssh_poll_ctx_dopoll() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 15:42:33 +01:00
Jakub Jelen	531b80a60b	kex: List also the SHA2 extension when ordering hostkey algorithms By default, the list of already stored known host types is preferred, but this selection so far ignored the SHA2 extension and excluded these keys in the KEXINIT list leading to not using this extension if not explicitly enabled from configuration. This commit extends the default list with the SHA2 signatures algoritms and compares only base types so they can be listed in the KEXINIT list. This adjust the tests to expect the full list of algorithms to pass. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 13:18:05 +01:00
Jakub Jelen	27fe60954c	server: Correctly handle extensions If the server had an RSA host key, it provided unconditionally SHA2 signatures without consulting the client proposed list of supported host keys. This commit implements more fine-grained detection of the extension to provide the client with valid signatures according to RFC 8332 Section 3.1. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 13:17:31 +01:00

1 2 3 4 5 ...

4477 Коммитов