ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
5 234 коммитов 3 Ветки 1 Тег 7,9 MiB
e20fe54f3f
Граф коммитов

5234 Коммитов

This Branch
This Branch
Все ветки
Автор SHA1 Сообщение Дата
Sahana Prasad
fa95fe3e1b unittests: Adds unitests for ecdsa and rsa with PKCS11 URIs. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:18:31 +01:00
Sahana Prasad
cc1175a9af torture: Add a helper function to setup tokens using softhsm. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:18:23 +01:00
Sahana Prasad
4ea09256f6 src: Implements PKCS11 URI support 
Imports private and public keys from the engine via PKCS11 URIs. Uses
the imported keys to authenticate to the ssh server.

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:17:33 +01:00
Sahana Prasad
6bf4ada240 src: Helper funtions to detect PKCS #11 URIs 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:41:02 +01:00
Sahana Prasad
86a0dfa65b src: Adds the Engine header file and invokes cleanup of the engine 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:40:51 +01:00
Sahana Prasad
89ec52f5b1 torture_key: Adds public keys in PEM format - as required by p11tool. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:40:38 +01:00
Sahana Prasad
bbc72ed3b6 tests/CMakeLists: Adds keys to authorized hosts list. copies script used to setup tokens. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:40:25 +01:00
Sahana Prasad
843052dd23 etc: Adds a new user Charlie 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:39:56 +01:00
Sahana Prasad
317cf070e2 tests/pkcs11: Adds a script to setup PKCS11 tokens using softhsm and p11tool. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:57 +01:00
Sahana Prasad
2a22211e7f keys: Adds new keys to generate PKCS11 URIs used to authenticate with the ssh server. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:45 +01:00
Sahana Prasad
105e6f05ba gitlab-ci: adds the PKCS11 URI option to build options 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:34 +01:00
Sahana Prasad
ac22e51e5a cmake: Add cmake module to find softhsm 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:20 +01:00
Sahana Prasad
fa6fb83c87 cmake: Add new option for PKCS11 URI support 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:36:04 +01:00
Sahana Prasad
314448786e unittest: Adds unit tests for ssh_strreplace(). 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:35:41 +01:00
Andreas Schneider
35216e7254 misc: Add ssh_strreplace() 
Pair-Programmed-With: Sahana Prasad <sahana@redhat.com>
Signed-Off-by: Sahana Prasad <sahana@redhat.com>
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-20 14:35:18 +01:00
Andreas Schneider
5317ebf0fc misc: Add ssh_tmpname() 
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-20 14:35:04 +01:00
Jussi Kivilinna
08f4469e21 libgcrypt: fix cipher handle leaks on setkey error paths 
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:45:45 +02:00
Jussi Kivilinna
de4b8f88a2 libgcrypt: Implement chacha20-poly1305@openssh.com cipher using libgcrypt 
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and
provides fast assembler implementations.

v3:
 - initialize pointers to NULL
 - use 'bool' for chacha20_poly1305_keysched.initialized
 - pass error codes from libgcrypt calls to variable
 - add SSH_LOG on error paths
v2:
 - use braces for one-line blocks
 - use UNUSED_PARAM/UNUSED_VAR instead of cast to void
 - use calloc instead of malloc+memset

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:31:54 +02:00
Jussi Kivilinna
af5de2d37e tests: add crypto unittest for chacha20poly1305 
v3:
 - add tests for malformed encrypted inputs
v2:
 - use proper size key for chacha20poly1305
 - make copy of cleartext for chacha20poly1305 test-case
 - update chacha20_encrypted

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:31:17 +02:00
Jon Simons
b94ecf18bd curve25519: fix uninitialized arg to EVP_PKEY_derive 
Ensure that the `keylen` argument as provided to `EVP_PKEY_derive`
is initialized, otherwise depending on stack contents, the function
call may fail.

Fixes T205.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-13 20:00:37 -05:00
Jakub Jelen
d2a32ca6d3 torture: Accept whole pid_t range 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-11 11:38:21 +01:00
Aris Adamantiadis
e42307bbe3 tests: bigger sshd config buffer (fixes #T180) 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-11 11:38:21 +01:00
Andreas Schneider
742d81ec5d include: Rename __unused__ to __attr_unused__ 
This avoids a collision with valgrind.h

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-11 11:38:16 +01:00
Jakub Jelen
b03818aaed init: Fix documentation about return values of void functions 
Fixes T203

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-10 21:13:07 +01:00
Jakub Jelen
8c3996ef38 Fix link for bug tracker 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-10 16:50:39 +01:00
Andreas Schneider
ecc78ec154 cpack: Ignore patch files 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 19:25:38 +01:00
Jakub Jelen
574690ae2e config: Ignore empty lines to avoid OOB array access 
Fixes T187

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Jakub Jelen
c7cacf986f tests: Check behavior of match_pattern() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Jakub Jelen
31f9c39479 match: Limit possible recursion when parsing wildcards to a sensible number 
Fixes T186

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Jakub Jelen
cf0beff987 match: Avoid recursion with many asterisks in pattern 
Partially fixes T186

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
178b53f924 pki: Fix possible information leak via uninitialized stack buffer 
Fixes T190

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
e065d2bb3f pki_container_openssh: Initialize pointers to NULL 
Fixes T190

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
9d67ca251c SSH-01-012: Fix information leak via uninitialized stack buffer 
Fixes T190

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
cb0ccf372e SSH-01-010: Improve documentation for fingerprinting functions 
Fixes T184

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Jakub Jelen
1fa1a467ed doc: Use https where possible 
Related to T196

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Jakub Jelen
606a97c4d6 doc: Update the list of RFCs and clearly mention which are not implemented in libssh 
Fixes T196

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Anderson Toshiyuki Sasaki
cc9db5b56c tests: Add a test for SCP with protocol message injection 
Test if the file name is correctly escaped to avoid protocol message
injection.

Fixes T189

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Anderson Toshiyuki Sasaki
bab7ba0146 scp: Do not allow newlines in pushed files names 
When pushing files or directories, encode the newlines contained in the
names as the string "\\n".  This way the user cannot inject protocol
messages through the file name.

Fixes T189

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Anderson Toshiyuki Sasaki
c9ce8fa40b misc: Add a function to encode newlines 
Given a string, the added function encodes existing newline characters
('\n') as the string "\\n" and puts into a given output buffer.

The output buffer must have at least 2 times the length of the input
string plus 1 for the terminating '\0'. In the worst case, each
character can be replaced by 2 characters.

Fixes T189

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
6c79ed9801 gzip: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
7ae47df16a knownhosts: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
6734516278 pcap: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
3cf665a53d base64: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
35799bb1c6 packet: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
476bde4d69 socket: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
0938d397be examples: Use SSH_STRING_FREE_CHAR() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
4e809ef122 tests: Use SSH_STRING_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
80d092037f dh-gex: Use SSH_STRING_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
45d9802e1b message: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
5db5e7e527 message: Use SSH_STRING_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00