aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-10-30include: Add stddef.h for size_tv0-7Andreas Schneider1-0/+2
Fixes T119 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-29Bump version to 0.7.7libssh-0.7.7Andreas Schneider3-3/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-28libcrypto: Fix memory leak in evp_final()Andreas Schneider1-0/+1
Fixes T116 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit a2807474621e51b386ea26ce2a01d2b1aa295c7b)
2018-10-26gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)Meng Tan1-0/+1
Signed-off-by: Meng Tan <mtan@wallix.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit bce8d567053232debd6ec490af5a7d27e1160f39)
2018-10-24server: Fix compile errorAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-19examples: Explicitly track auth state in samplesshd-kbdintAndreas Schneider1-4/+16
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 0ff566b6dde5cd27653aa35280feceefad5d5224)
2018-10-19messages: Check that the requested service is 'ssh-connection'Andreas Schneider1-0/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 9c200d3ef4f62d724d3bae2563b81c38cc31e215)
2018-10-19server: Set correct state after sending INFO_REQUEST (Kbd Interactive)Meng Tan1-0/+1
Signed-off-by: Meng Tan <mtan@wallix.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 4ea46eecce9f4e676150fe27fec34e1570b70ace)
2018-10-19packet: Add missing break in ssh_packet_incoming_filter()Andreas Schneider1-0/+1
CID 1396239 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit fe618a35dc4be3e73ddf29d0c4a96b98d3b9c48f)
2018-10-17misc: Add strndup implementation if not provides by the OSAndreas Schneider4-0/+29
Fixes T112 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 247983e9820fd264cb5a59c14cc12846c028bd08)
2018-10-16Bump version to 0.7.6libssh-0.7.6Andreas Schneider3-3/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-16cpack: Fix ignore filesAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09CVE-2018-10933: Add tests for packet filteringAnderson Toshiyuki Sasaki2-0/+501
Created the test torture_packet_filter.c which tests if packets are being correctly filtered. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-10-09CVE-2018-10933: Introduced packet filteringAnderson Toshiyuki Sasaki2-2/+791
The packet filter checks required states for the incoming packets and reject them if they arrived in the wrong state. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-10-09CVE-2018-10933: Check channel state when OPEN_FAILURE arrivesAnderson Toshiyuki Sasaki1-0/+11
When a SSH2_MSG_OPEN_FAILURE arrives, the channel state is checked to be in SSH_CHANNEL_STATE_OPENING. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-10-09CVE-2018-10933: Check channel state when OPEN_CONFIRMATION arrivesAnderson Toshiyuki Sasaki1-0/+9
When a SSH2_MSG_OPEN_CONFIRMATION arrives, the channel state is checked to be in SSH_CHANNEL_STATE_OPENING. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-10-09CVE-2018-10933: Set correct state after sending MICAnderson Toshiyuki Sasaki1-1/+1
After sending the client token, the auth state is set as SSH_AUTH_STATE_GSSAPI_MIC_SENT. Then this can be expected to be the state when a USERAUTH_FAILURE or USERAUTH_SUCCESS arrives. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-10-09CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENTAnderson Toshiyuki Sasaki2-1/+5
The introduced auth state allows to identify when a request without authentication information was sent. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-10-09CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENTAnderson Toshiyuki Sasaki2-1/+5
The introduced auth state allows to identify when authentication using password was tried. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-10-09CVE-2018-10933: Introduced new auth statesAnderson Toshiyuki Sasaki2-11/+25
Introduced the states SSH_AUTH_STATE_PUBKEY_OFFER_SENT and SSH_AUTH_STATE_PUBKEY_AUTH_SENT to know when SSH2_MSG_USERAUTH_PK_OK and SSH2_MSG_USERAUTH_SUCCESS should be expected. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-10-09dh: Use ssh_get_fingerprint_hash() in ssh_print_hash()Andreas Schneider1-23/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 92aa2cf4963b714d0f30d4fb0f9e609200224f7a)
2018-10-09dh: Add ssh_get_fingerprint_hash()Andreas Schneider2-0/+76
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit bbed139ecab26cb46b0bb3a21fa4cd2a4f12dadd)
2018-10-09dh: Add ssh_print_hash() function which can deal with sha256Jan-Niklas Burfeind2-0/+81
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit f32cb706752d8dc35ad53a64f51e432cc0bc41cd)
2018-10-09dh: Add SSH_PUBLICKEY_HASH_SHA256 to ssh_get_publickey_hash()Jan-Niklas Burfeind2-1/+25
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 1499b38aef17beac8b438522535daf428600d529)
2018-10-05Assorted changes to make the proxycommand test passJakub Jelen2-9/+37
Cherry-picked from the following commit: e4653b82bdb63469fd7279cc2b37c48a9d838665
2018-10-05Assorted changes to make the sftp_read test workingJakub Jelen2-12/+31
CHerry-picked from the following commit: 571f547556ad9e2aee38ce894057cca042e8f154
2018-10-05Assorted changes to make the sftp_dir test workingJakub Jelen2-12/+34
Cherry-picked from the following commit: af3de262b69f44ba84009b9aba644b5f1cf3b1a7
2018-10-05Assorted changes to make the torture_forward test passJakub Jelen2-19/+38
Cherry-picked from the following commit: be25b58380d8dc7106864102059da58e6c5899e9
2018-10-05Assorted changes to make torture_request_env passJakub Jelen3-13/+32
Cherry-picked from the following commit: 4bc6af6c1756c347f46b8a3374d66eb632fad9b7
2018-10-05torture: Fix torture_ssh_session() for cwrap testingAndreas Schneider1-8/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 66f51df9)
2018-10-05tests: Add public keys for bobAndreas Schneider3-0/+35
This also allows bob to auth as alice. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit ee866441)
2018-10-05Assorted changes to make knownhosts test workJakub Jelen2-29/+38
Cherry-picked from the following commit: b65dcb3a358aa432c8f455de9a04d3c8d6cd9766
2018-10-05tortrue: Add ed25519 hostkey to sshdAndreas Schneider1-0/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 250bf37a)
2018-10-05Assorted changes from master to make torture_algorithms test workingJakub Jelen4-18/+55
Cherry-picked from the following commits: cbd75c3e350e2e0e5589d4865f31101588da0473 3014e3c458dee09ebf1deae560c354eb1ecdd703
2018-10-05torture: Fix building on WindowsAndreas Schneider1-25/+27
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit b74a1841)
2018-10-05tests: UsePrivilegeSeparation has no effect since OpenSSH 7.5Jakub Jelen1-1/+0
Additionally, we can already work around the privilege separation. http://www.openssh.com/txt/release-7.5 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 56317caa)
2018-10-05tests: Do not trace sshdJakub Jelen1-0/+1
OpenSSH's sshd does not work well under valgrind so lets avoid tracing it. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit ca4fb9c6)
2018-10-05tests: Temporarily build chroot_wrapperJakub Jelen2-1/+18
(cherry-picked from commit 094aa5eb)
2018-10-05tests: Always start tests as root so we can switch to a userAndreas Schneider2-3/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 1729d4a1)
2018-10-05tests: Do not generate pcap file by defaultJakub Jelen1-1/+4
pcap file is generated by the processes writing to the sockets, which is not allowed for privilege-separated process in new OpenSSH servers (confined by seccomp filter). Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 5d3ab421)
2018-10-05tests: Give server more time to startJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit f8f7989c)
2018-10-05tests: Do not test blowfish ciphers with OpenSSH 7.6 and newerJakub Jelen2-0/+8
(cherry-picked from commit b92c4996)
2018-10-05torture: Add support to specify verbosity level via env variableAndreas Schneider1-1/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 2a9c3966)
2018-10-05torture: Fix a warningAndreas Schneider1-45/+45
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 2bd65015)
2018-10-05osx: fix compilationAris Adamantiadis1-2/+8
(cherry-picked from commit 886fdc8b)
2018-10-05tests: Make test suite work out of the box on DebianJustus Winter1-9/+14
* tests/torture.c (torture_setup_create_sshd_config): Rework how the location of the sftp server is discovered, and add the Debian-specific location. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit e37fd832)
2018-10-05torture: Fix ssh version detectionAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit de309c51)
2018-10-05torture: Set sshd debug level to DEBUG3Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 06343074)
2018-10-05torture: Also write stderr to a fileAndreas Schneider1-2/+2
This allows to capture debug information of the wrappers. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit c365ff3d)
2018-10-05torture: Add additional sftp-server path for BSDAndreas Schneider1-2/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 1bbfe058)