aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-12-28add mbedtls crypto supportJuraj Vijtiuk42-10/+3526
Summary: This patch adds support for mbedTLS as a crypto backend for libssh. mbedTLS is an SSL/TLS library that has been designed to mainly be used in embedded systems. It is loosely coupled and has a low memory footprint. mbedTLS also provides a cryptography library (libmbedcrypto) that can be used without the TLS modules. The patch is unfortunately quite big, since several new files had to be added. DSA is disabled at compile time, since mbedTLS doesn't support DSA Patch review and feedback would be appreciated, and if any issues or suggestions appear, I'm willing to work on them. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: * The patch has been tested with a Debug and MinSizeRel build, with libssh unit tests, client tests and the pkd tests. * All the tests have been run with valgrind's memcheck, drd and helgrind tools. * The examples/samplessh client works when built with the patch. Reviewers: asn, aris Subscribers: simonsj Differential Revision: https://bugs.libssh.org/D1
2017-12-28options: Rewrite set() description to get()Jakub Jelen1-6/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21options: Move SSH_OPTIONS_ADD_IDENTITY to *set() function descriptionJakub Jelen1-14/+5
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21docs: correction for importing key fileEric Bentley1-1/+1
Signed-off-by: ebentley66@gmail.com Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/client/algorithms: Respect global verbosity settingsJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/config: Verify LogLevel from config is appliedJakub Jelen1-0/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/config: Newly parsed optionsJakub Jelen1-3/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/config: Enable and disable authentication methodsJakub Jelen1-0/+80
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/config: Verify known_hosts files are appliedJakub Jelen1-0/+26
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests: HostkeyAlgorithms passed from config to optionsJakub Jelen2-0/+32
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21config: Add CMake check for glob()Jakub Jelen4-2/+25
2017-12-21config: glob support for include with testNoName1152-1/+69
Signed-off-by: NoName115 <robert.kolcun@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15config: support for MACsJakub Jelen3-1/+23
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15tests/config: Text KexAlgorithms parsing in ssh_configJakub Jelen1-1/+5
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15tests/options: Verify key exchange algorithms are set properlyJakub Jelen1-0/+29
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15config: Set global log level from configuration fileJakub Jelen1-5/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15options: Typo. The expand character is %dJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15config: Remove MAC option (SSHv1)Jakub Jelen1-9/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15config: Add configuration options from current OpenSSH 7.5 (and fix typos)Jakub Jelen1-13/+17
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15options: Document SSH_OPTIONS_GLOBAL_KNOWNHOSTS and set default valueJakub Jelen1-1/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15Add new optionsAris Adamantiadis9-19/+343
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15tests: Temporarily build chroot_wrapperJakub Jelen2-1/+18
2017-12-15tests: Do not generate pcap file by defaultJakub Jelen1-1/+4
pcap file is generated by the processes writing to the sockets, which is not allowed for privilege-separated process in new OpenSSH servers (confined by seccomp filter). Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15tests: Give server more time to startJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15tests: Do not test blowfish ciphers with OpenSSH 7.6 and newerJakub Jelen2-0/+8
2017-11-16client: Add missing language tag in disconnect messageAndreas Schneider1-2/+3
Fixes T74 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-09test: ssh_userauth_kbdint_setanswer() does not network interactionAndreas Schneider1-3/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-09sftp: Check for NULL path and give correct errorAndreas Schneider1-0/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-08examples: Build server examples on Linux tooAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-08pki_crypto: Avoid potential memory leakJakub Jelen1-1/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07examples: Rename samplessh to ssh-clientAndreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07doc: Missing new Host Key algorithmsJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07doc: Missing new MAC algorithms in documentationJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07doc: Missing new ECDH algorithms in documentationJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07pki_crypto: Avoid segfault with OpenSSL 1.1.0Jakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29ecdh: fix build for old libgcryptJon Simons1-2/+2
Summary: Fix a typo for old libgcrypt builds `k_length` -> `k_len`. Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Spotted this last-minute typo bug in local testing. Reviewers: asn Reviewed By: asn Differential Revision: https://bugs.libssh.org/D10
2017-10-29ecdh: fix build for old libgcryptJon Simons1-2/+2
Summary: Fix a typo for old libgcrypt builds `k_length` -> `k_len`. Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Spotted this last-minute typo bug in local testing. Reviewers: asn Differential Revision: https://bugs.libssh.org/D10
2017-10-29dh: Don't use deprecated function with newer OpenSSLAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29pki_crypto: Don't use deprecated function with newer OpenSSLAndreas Schneider1-0/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29torture_algorithms: deduplicate kex method passesJon Simons1-90/+49
Summary: Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Re-ran the `torture_algorithms` test. Reviewers: asn Reviewed By: asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D8
2017-10-29torture_algorithms: deduplicate kex method passesJon Simons1-90/+49
Summary: Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Re-ran the `torture_algorithms` test. Reviewers: asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D8
2017-10-29server: expose 'ssh_server_init_kex' APIJon Simons2-6/+39
Expose an API 'ssh_server_init_kex' which allows one to change the set of key exchange, hostkey, ciphers, MACs, and compression algorithms currently configured for the ssh_session at hand, after having started the 'ssh_handle_key_exchange' process. One can use this API from the already-existing 'connect_status_function' callback to dynamically modify the set of algorithms used after having received the client banner, but before sending out the initial KEXINIT message. For example, one might want to prevent advertising the curve25519 key exchange algorithm for older OpenSSH clients due to interop bugs. Fixes T25 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-28Fix config.h includesAndreas Schneider47-21/+92
We need stdlib.h and string.h in priv.h for free() and memset(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-12cmake: Fix parsing the gcrypt versionAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-12cmake: Bump version numbersAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11README.Coding: Add section about pointersAndreas Schneider1-0/+21
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11sftp-server: Fix LIBSSH_APIDavidWed1-10/+10
Fixes T44 Signed-off-by: DavidWedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11pkd_daemon.c: force close pkd_state.server_fd upon stopJon Simons1-0/+1
There's a race window between the accept loop's call to accept(2) and it checking `ctx.keep_going`. Forcefully close the server socket such that any raced `accept` ends up failing. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11pkd_daemon.c: split final close loop; wait for client to closeJon Simons1-2/+12
Sometimes, but not always, the pkd tests will fail because they close the socket at hand a bit too early for the client. The client in turn may exit non-zero when that happens. Split up the final close loop so that pkd waits to receive a channel close from the client, and then socket close, before finally returning. With this change I observe that tests are now passing in environments that would previously tickle the above race and fail. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11pkd_hello.c: fix return code upon test failureJon Simons1-4/+5
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>