aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-06-04misc: Add ssh_list_count()Andreas Schneider3-0/+26
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04knownhosts: Add ssh_known_hosts_read_entries()Andreas Schneider2-0/+117
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04knownhosts: Introduce new known hosts managing functionsAndreas Schneider5-0/+538
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04tortrue: Add ed25519 hostkey to sshdAndreas Schneider1-0/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04threads: Fix compiler warningAndreas Schneider1-1/+4
Use a protype for libcrypto_lock_callback(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04tests: Fix size for bob_ssh_certAndreas Schneider1-1/+1
Fixes a gcc8 warning. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-30Add builds for opensuse tumbleweedJim McDonough1-0/+53
Signed-off-by: Jim McDonough <jmcdonough@suse.com>
2018-05-14wrapper: Fix memory leak when freeing server_pubkeyAndreas Schneider1-1/+1
Thanks to John McVann. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07torture: Increase wait time for process termination to 10msAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07connector: Add missing check for POLLHUP to detect EOFAndreas Schneider1-1/+2
Thanks to Chris Townsend. Fixes T81 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07auth: Handle SSH_AUTH_PARTIAL in agent auth correctlyAndreas Schneider1-2/+4
Thanks to Orion Poplawski. Fixes T82 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07server: Fix segfault in dh_handshake_server()Andreas Schneider1-1/+11
Thanks to Felix Jones Fixes T91 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07tests: We should only init and finalize libssh onceAndreas Schneider1-4/+4
This should fix a segfault with gcrypt. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-25pki: Fix duplicating ed25519 public keysAndreas Schneider2-12/+80
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-20server: Fix session pubkey importAndreas Schneider1-1/+1
This is a regression introduced by 16217454d576511f37f39c3169963629f9d5082f We import the pubkey into current_crypto which is NULL instead of next_crypto. Fixes T90 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18Introduce a gitlab CI for centos7, debian and FedoraNikos Mavrogiannopoulos1-0/+145
This introduces builds for: centos7 with openssl 1.0.x (x86-64) fedora28 with openssl 1.1.x (x86-64) fedora28 with libgcrypt (x86-64) - disabled debian with openssl 1.0.x (aarch64) address-sanitizer (gcc) - disabled undefined-sanitizer (gcc) static-analyzer (clang) See https://gitlab.com/libssh/libssh-mirror/ Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18README: Added markdown readmine with gitlab CI badgeNikos Mavrogiannopoulos1-0/+44
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18kex1: Add missing NULL check in make_rsa1_string()Andreas Schneider1-0/+4
CID 1388445 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18packet_cb: Fix the if check in ssh_packet_newkeys()Andreas Schneider1-1/+1
CID 1388446 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18known_hosts: Do not leak pubkey_buffer in check_public_key()Andreas Schneider1-0/+1
CID: 1388447 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18server: Do not leak pubkey_blob in ssh_get_key_params()Andreas Schneider1-0/+1
CID 1388448 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18buffer: Do not call explicit_bzero with null argumentsNikos Mavrogiannopoulos1-1/+3
This allows compiling and testing with undefined sanitizer. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18buffer: Do not call memcpy with null argumentsNikos Mavrogiannopoulos1-3/+5
This allows compiling and testing with undefined sanitizer. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18buffer: Apply coding style to ssh_buffer_reinit()Andreas Schneider1-10/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18buffer: Apply coding style to realloc_buffer()Andreas Schneider1-30/+30
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-17kex1: Use libcrypto-compat.h for RSA_get0_key with OpenSSLNikos Mavrogiannopoulos1-0/+4
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-17torture_path_expand_tilde_unix: use getpwuid() if no env variablesNikos Mavrogiannopoulos1-1/+11
This allows operating under environments where the username variables are not present. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-10Fix ssh_event_add_session() when session socket has two pollhandlersMeng Tan1-5/+18
Signed-off-by: Meng Tan <mtan@wallix.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-10channels: add ssh_channel_request_send_break to support RFC 4335Axel Eppe2-0/+50
Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-10cmake: Fix libfuzzer linking with clang6Andreas Schneider2-38/+10
This is always available using -fsanitize=fuzzer now. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-28kex1: Use new dh pubkey import functionsAndreas Schneider1-3/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-28kex1: Fix building with OpenSSL 1.1+Andreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-28channels1: Add missing config.h includeAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21Add a NODELAY optionAlberto Aguirre5-2/+36
Add a new option SSH_OPTIONS_NODELAY to enable or disable the Nagle Algorithm (TCP_NODELAY) on the session socket. Improved performance can be achieved for some applications like sftp servers by enabling SSH_OPTIONS_NODELAY as typically, the next request won't arrive until the server replies, which are typically small writes. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21tests: Fix mixed code compiler warning in torture_randAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21torture: Increase wait time for the sshd process to exitAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21crypto: Change the type of server_pubkey to ssh_keyAndreas Schneider9-73/+191
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11misc: Use SecureZeroMemory if available for explicit_bzeroAlberto Aguirre3-0/+7
Useful on Windows platforms where SecureZeroMemory is available. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11misc: Use memset_s if available for explicit_bzeroAlberto Aguirre3-0/+8
Useful on OSX where memset_s is available. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11tests: fix OSX build errors when enabling testsAlberto Aguirre1-2/+10
Fix OSX build error about embedding a directive within macro arguments. Apparently, snprintf is implemented as a macro on that platform. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-07connector: ensure channel callbacks are removedAlberto Aguirre1-9/+9
ssh_connector_free fails to remove the in/out channel callbacks as ssh_connector_remove_event sets the in/out channel variables to NULL. Have ssh_connector_free, remove the channel callbacks first before invoking ssh_connector_remove_event. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-07connector: Check for POLLHUP on in_fdAlberto Aguirre1-1/+1
POLLHUP needs to be checked on in_fd, which may be a pipe. A pipe in Linux signals EOF through POLLHUP (see: http://www.greenend.org.uk/rjk/tech/poll.html) Without checking POLLHUP, a client could spin up indefinetely doing ssh_event_dopoll. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-07pki: Add mbedTLS ECDSA key comparison supportJuraj Vijtiuk3-24/+28
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-02priv: Implement explicit_bzero as a function if not availableAndreas Schneider3-16/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Alberto Aguirre <albaguirre@gmail.com>
2018-02-22priv: Fix explicit_bzero macro if we pass a functionAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-22sftp: Remove stray semi-colon in sftp.h headerAlberto Aguirre1-1/+1
The stray semi-colon in sftp.h is flagged when using -pedantic which affects clients that include the header and use -pedantic and -Werror on their codebase. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-16cmake: Mark LIBSSH_LIBRARIES and LIBSSH_INCLUDE_DIR as advancedAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-16pki: Use explicit_bzero() to wipe privkey in memoryAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12tests: Fix segfault with mbedTLS built without threading supportjvijtiuk3-2/+26
torture_rand and torture_server_x11 call ssh_init without checking the return value. If mbedTLS is built without threading support ssh_init fails but the tests continue and then segfault since threading wasn't correctly initialised. Add a section that documents requirements for mbedTLS usage in a multi threaded environment to README.mbedtls. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider17-52/+48
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>