aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-12-20unittest: Adds unit tests for ssh_strreplace().Sahana Prasad1-0/+50
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20misc: Add ssh_strreplace()Andreas Schneider2-0/+51
Pair-Programmed-With: Sahana Prasad <sahana@redhat.com> Signed-Off-by: Sahana Prasad <sahana@redhat.com> Signed-Off-By: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-20misc: Add ssh_tmpname()Andreas Schneider2-0/+52
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-16libgcrypt: fix cipher handle leaks on setkey error pathsJussi Kivilinna1-1/+7
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-16libgcrypt: Implement chacha20-poly1305@openssh.com cipher using libgcryptJussi Kivilinna3-1/+348
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and provides fast assembler implementations. v3: - initialize pointers to NULL - use 'bool' for chacha20_poly1305_keysched.initialized - pass error codes from libgcrypt calls to variable - add SSH_LOG on error paths v2: - use braces for one-line blocks - use UNUSED_PARAM/UNUSED_VAR instead of cast to void - use calloc instead of malloc+memset Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-16tests: add crypto unittest for chacha20poly1305Jussi Kivilinna1-0/+194
v3: - add tests for malformed encrypted inputs v2: - use proper size key for chacha20poly1305 - make copy of cleartext for chacha20poly1305 test-case - update chacha20_encrypted Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-13curve25519: fix uninitialized arg to EVP_PKEY_deriveJon Simons1-4/+2
Ensure that the `keylen` argument as provided to `EVP_PKEY_derive` is initialized, otherwise depending on stack contents, the function call may fail. Fixes T205. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-11torture: Accept whole pid_t rangeJakub Jelen1-2/+8
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-11tests: bigger sshd config buffer (fixes #T180)Aris Adamantiadis1-1/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-11include: Rename __unused__ to __attr_unused__Andreas Schneider1-6/+6
This avoids a collision with valgrind.h Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-10init: Fix documentation about return values of void functionsJakub Jelen1-3/+0
Fixes T203 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-10Fix link for bug trackerJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09cpack: Ignore patch filesAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09config: Ignore empty lines to avoid OOB array accessJakub Jelen1-0/+5
Fixes T187 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09tests: Check behavior of match_pattern()Jakub Jelen1-0/+85
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09match: Limit possible recursion when parsing wildcards to a sensible numberJakub Jelen1-5/+7
Fixes T186 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09match: Avoid recursion with many asterisks in patternJakub Jelen1-3/+9
Partially fixes T186 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09pki: Fix possible information leak via uninitialized stack bufferAndreas Schneider1-2/+2
Fixes T190 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09pki_container_openssh: Initialize pointers to NULLAndreas Schneider1-2/+2
Fixes T190 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09SSH-01-012: Fix information leak via uninitialized stack bufferAndreas Schneider1-2/+2
Fixes T190 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09SSH-01-010: Improve documentation for fingerprinting functionsAndreas Schneider1-10/+13
Fixes T184 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09doc: Use https where possibleJakub Jelen7-34/+35
Related to T196 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09doc: Update the list of RFCs and clearly mention which are not implemented ↵Jakub Jelen1-12/+39
in libssh Fixes T196 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09tests: Add a test for SCP with protocol message injectionAnderson Toshiyuki Sasaki1-1/+72
Test if the file name is correctly escaped to avoid protocol message injection. Fixes T189 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09scp: Do not allow newlines in pushed files namesAnderson Toshiyuki Sasaki1-9/+74
When pushing files or directories, encode the newlines contained in the names as the string "\\n". This way the user cannot inject protocol messages through the file name. Fixes T189 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09misc: Add a function to encode newlinesAnderson Toshiyuki Sasaki3-0/+63
Given a string, the added function encodes existing newline characters ('\n') as the string "\\n" and puts into a given output buffer. The output buffer must have at least 2 times the length of the input string plus 1 for the terminating '\0'. In the worst case, each character can be replaced by 2 characters. Fixes T189 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09gzip: Use SSH_BUFFER_FREE()Andreas Schneider1-11/+11
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09knownhosts: Use SSH_BUFFER_FREE()Andreas Schneider1-2/+2
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09pcap: Use SSH_BUFFER_FREE()Andreas Schneider1-3/+3
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09base64: Use SSH_BUFFER_FREE()Andreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09packet: Use SSH_BUFFER_FREE()Andreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09socket: Use SSH_BUFFER_FREE()Andreas Schneider1-3/+3
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09examples: Use SSH_STRING_FREE_CHAR()Andreas Schneider2-9/+9
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09tests: Use SSH_STRING_FREE()Andreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09dh-gex: Use SSH_STRING_FREE()Andreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09message: Use SSH_BUFFER_FREE()Andreas Schneider1-3/+3
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09message: Use SSH_STRING_FREE()Andreas Schneider1-11/+11
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09pki_container_openssh: Use SSH_BUFFER_FREE()Andreas Schneider1-9/+9
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09pki_container_openssh: Use SSH_STRING_FREEAndreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09gssapi: Use SSH_BUFFER_FREE()Andreas Schneider1-4/+4
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09gssapi: Use SSH_STRING_FREE()Andreas Schneider1-7/+7
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09kex: Use SSH_BUFFER_FREE()Andreas Schneider1-3/+3
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09kex: Use SSH_STRING_FREE()Andreas Schneider1-7/+7
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09agent: Use SSH_BUFFER_FREE()Andreas Schneider1-26/+26
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09agent: Use SSH_STRING_FREE()Andreas Schneider1-6/+6
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09server: Use SSH_STRING_FREE()Andreas Schneider1-4/+4
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09ecdh_mbedcrypto: Use SSH_STRING_FREE()Andreas Schneider1-4/+4
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09dh: Use SSH_STRING_FREE()Andreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09ecdh: Use SSH_STRING_FREE()Andreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09channels: Use SSH_BUFFER_FREE()Andreas Schneider1-19/+19
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>