aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-01-24kex: use runtime callbacks (server)Aris Adamantiadis11-178/+299
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24kex: use runtime callbacks (client)Aris Adamantiadis11-59/+99
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Add test for server interactive authenticationAnderson Toshiyuki Sasaki2-0/+764
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-01-22tests: Add test for server auth method noneAnderson Toshiyuki Sasaki1-0/+33
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Test server pubkey authenticationAnderson Toshiyuki Sasaki3-6/+86
The default pubkey authentication callback is not checking anything. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Added functions to get the default callbacksAnderson Toshiyuki Sasaki2-33/+111
This makes easier to create test cases using callbacks based on the default callbacks (e.g. using the default callbacks but replacing one specific callback) Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Provide the server state to callbacksAnderson Toshiyuki Sasaki2-0/+11
This aims to make it easier to implement custom callbacks. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Reproducer for cockpit issue, where server provides an invalid signatureJakub Jelen1-0/+80
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Check return valuesJakub Jelen1-2/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2019-01-22tests: Initialize allocated memoryJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2019-01-22tests: Added test serverAnderson Toshiyuki Sasaki9-0/+2440
The server can be configured through command line options or by providing a state structure with the desired values set. Currently supports only password based authentication. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-01-22pcap: Correctly initialize sockaddr_in in ssh_pcap_context_set_file()Andreas Schneider1-1/+6
Error: CLANG_WARNING: src/pcap.c:329:22: warning: The left operand of '!=' is a garbage value Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22pcap: Reformat ssh_pcap_context_connect()Andreas Schneider1-33/+56
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Fix uninitialized warning in torture_threads_pki_rsaAndreas Schneider1-8/+8
Error: CLANG_WARNING: tests/unittests/torture_threads_pki_rsa.c:520:5: warning: 1st function call argument is an uninitialized value Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22cmake: Add -Wmissing-field-initializers compile flagAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-15bind: Check for POLLRDHUP on the server if availableAndreas Schneider2-3/+16
This is a feature on modern Linux. Thanks to Ludovic Courtès <ludo@gnu.org> for the pointer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-15bind: Reformat ssh_bind_get_poll()Andreas Schneider1-5/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11Update ChangeLogAndreas Schneider1-0/+7
2019-01-11Fix cleaning up HMAC context for openssl < 1.1 remove old compatibility code ↵Marcin Szalowicz1-10/+3
for openssl < 0.9.7 Signed-off-by: Marcin Szalowicz <marcin.szalowicz@oracle.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11tests: Refactor test so that all RSA + hash combinations are testedTilo Eckert1-64/+58
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11tests: Fix incorrect hash type parameter on signature importTilo Eckert1-3/+8
RSA with SHA-256/512 signatures have been interpreted as RSA with SHA-1 Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11tests: Refactor the sftp initilization to avoid invalid memory access on ↵Jakub Jelen1-49/+57
sftp failures Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09socket: Set socket error to get better error messagesAndreas Schneider1-1/+4
We do not want an error for ssh_socket_close() here. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09poll: Return early for timeout and count every reventAndreas Schneider1-1/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09poll: Do not generate SIGPIPE with recv() in bsd_poll()Andreas Schneider1-1/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09poll: Improve checks for POLLHUP and POLLERRAndreas Schneider1-14/+55
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09poll: Zero (read|write|expect)fds in bsd_poll()Andreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09poll: Reformat bsd_poll()Andreas Schneider1-96/+112
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09poll: Fix size typeAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09poll: Reformat ssh_poll_ctx_dopoll()Andreas Schneider1-50/+55
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09kex: List also the SHA2 extension when ordering hostkey algorithmsJakub Jelen2-20/+26
By default, the list of already stored known host types is preferred, but this selection so far ignored the SHA2 extension and excluded these keys in the KEXINIT list leading to not using this extension if not explicitly enabled from configuration. This commit extends the default list with the SHA2 signatures algoritms and compares only base types so they can be listed in the KEXINIT list. This adjust the tests to expect the full list of algorithms to pass. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09server: Correctly handle extensionsJakub Jelen3-8/+25
If the server had an RSA host key, it provided unconditionally SHA2 signatures without consulting the client proposed list of supported host keys. This commit implements more fine-grained detection of the extension to provide the client with valid signatures according to RFC 8332 Section 3.1. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09dh: Make sure we do not access uninitialized memoryJakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09gitlab-ci: Disable debian cross mips runnerAndreas Schneider1-1/+1
This runner always times out. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09gitlab-ci: Run the Windows machines for me tooJakub Jelen1-0/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Verify rekeying initialized by the server worksJakub Jelen1-0/+138
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Allow to modify sshd config from the testJakub Jelen2-19/+112
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Dump also the packet typeJakub Jelen1-2/+7
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Verify that rekey limits are effective from the client sideJakub Jelen2-0/+386
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com>
2019-01-09options: Update documentation for rekey limitsJakub Jelen1-2/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Implement rekeying based on the recommendation from RFC'sJakub Jelen6-6/+248
The default rekeying recommendations are specified in RFC4344 Section 3 (First and Second Rekeying Recommendations). Additionally, the rekeying can be specified in configuration file/options allowing us to turn the rekeying off, base it on time or make it more strict. The code is highly inspired by the OpenSSH rekeying code. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Provide a function to switch crypto in separate directionsJakub Jelen5-117/+176
This also fixes the test using the crypto directly Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Introduce a new function to access cryptoJakub Jelen11-92/+150
And remove most of the direct access to the structure throughout the code Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09server: Reformat ssh_auth_reply_successJakub Jelen1-24/+28
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Adjust the packet filter to allow client-initialized rekeyJakub Jelen1-0/+2
If the rekey is initialized by client, it sends the first KEXINIT message, changes to the INIT_SENT state and waits for the KEXINIT message from the server. This was not covered in the current filter. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Prepare counters to handle rekeying limitsJakub Jelen4-1/+59
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Verify we can parse RekeyLimit configuration optionJakub Jelen1-0/+98
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09config: Parse rekey limits and apply themJakub Jelen2-1/+139
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09options: Introduce new options for handling rekey limitsJakub Jelen3-0/+38
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09priv: Provide PRIu32 for Visual StudioJakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 05:23:01 +0000