aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-03-02priv: Implement explicit_bzero as a function if not availableAndreas Schneider3-16/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Alberto Aguirre <albaguirre@gmail.com>
2018-02-22priv: Fix explicit_bzero macro if we pass a functionAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-22sftp: Remove stray semi-colon in sftp.h headerAlberto Aguirre1-1/+1
The stray semi-colon in sftp.h is flagged when using -pedantic which affects clients that include the header and use -pedantic and -Werror on their codebase. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-16cmake: Mark LIBSSH_LIBRARIES and LIBSSH_INCLUDE_DIR as advancedAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-16pki: Use explicit_bzero() to wipe privkey in memoryAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12tests: Fix segfault with mbedTLS built without threading supportjvijtiuk3-2/+26
torture_rand and torture_server_x11 call ssh_init without checking the return value. If mbedTLS is built without threading support ssh_init fails but the tests continue and then segfault since threading wasn't correctly initialised. Add a section that documents requirements for mbedTLS usage in a multi threaded environment to README.mbedtls. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider17-52/+48
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-04cmake: Build ssh_server_fuzzer if enabledAndreas Schneider4-2/+48
Fixes T67 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-04tests: Added a fuzzer for the serverAlex Gaynor1-0/+101
Fixes T67 Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
2018-02-01Set channel as bound when accepting channel open requestMeng Tan1-0/+1
Signed-off-by: Meng Tan <mtan@wallix.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-29libssh: Bump the version to 0.7.90Andreas Schneider2-3/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-18dh: Use calloc() instead of malloc()Andreas Schneider1-1/+1
2018-01-18pki_gcrypt: Use calloc() instead of malloc()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-18threads: Use calloc() instead of malloc()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-18sftpserver: Use calloc() instead of malloc()Andreas Schneider1-2/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-18server: Use calloc() instead of malloc()Andreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-18kex: Use calloc() instead of malloc()Andreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-18channels: Use calloc() instead of malloc()Andreas Schneider1-3/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-18auth: Use calloc() instead of malloc()Andreas Schneider1-4/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10torture_pki_ed25519: Add tests for private key with passphraseAndreas Schneider1-0/+43
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10torture_pki_ecdsa: Add tests for private key with passphraseAndreas Schneider1-0/+42
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10torture_key: Add ecdsa keys with passphraseAndreas Schneider1-3/+35
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10torture_pki_dsa: Add tests for private key with passphraseAndreas Schneider1-0/+42
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10torture_pki_rsa: Add tests for private key with passphraseAndreas Schneider1-0/+42
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10pki_crypto: Fix private key generation with passwordAndreas Schneider4-6/+6
We need to specify a cipher when we generate a key with a password. OpenSSH uses aes_128_cbc, so we should use the same. Thanks to Julian Lunz for the report. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10tests: Move torture keys to own fileAndreas Schneider11-335/+410
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10cmake: Move ed25519 tests into unix partAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10tests: Move rsa tests to own test fileAndreas Schneider3-523/+549
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10tests: Remove obsolete setup_both_keys()Andreas Schneider1-10/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10tests: Move ed25519 functions to the right fileAndreas Schneider2-289/+308
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10tests: Move ecdsa tests to own test fileAndreas Schneider3-487/+497
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10tests: Move dsa tests to own test fileAndreas Schneider3-387/+439
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10tests: Move helper functions to a common fileAndreas Schneider4-70/+101
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10libgcrypt: Add missing config.h includeAndreas Schneider2-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10torture: Give sshd more time to start upAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-04tests: Fix torture_pki with libcryptoAndreas Schneider1-1/+3
This stops asking for a passphrase on commandline. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-02Happy new year!Andreas Schneider1-3/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28pki: Fix accidental ECC switch case fallthroughs into ed25119 cases when ↵jvijtiuk2-3/+5
built without ECC Summary: When ed25519 was introduced in commit 93c7b81b4ea1046bd2f65f4a510d5966786e8d3d, the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to have relied on falling through to report an error, when HAVE_ECC is not defined. If HAVE_ECC is not defined, but ecdsa keys are used, with for example, ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: Unit tests passed. No memory leaks found with valgrind. Reviewers: asn Differential Revision: https://bugs.libssh.org/D13 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28config: Avoid long -> int -> long casting for timeout configuration optionJakub Jelen1-5/+6
Fixes: T80 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28add mbedtls crypto supportJuraj Vijtiuk42-10/+3526
Summary: This patch adds support for mbedTLS as a crypto backend for libssh. mbedTLS is an SSL/TLS library that has been designed to mainly be used in embedded systems. It is loosely coupled and has a low memory footprint. mbedTLS also provides a cryptography library (libmbedcrypto) that can be used without the TLS modules. The patch is unfortunately quite big, since several new files had to be added. DSA is disabled at compile time, since mbedTLS doesn't support DSA Patch review and feedback would be appreciated, and if any issues or suggestions appear, I'm willing to work on them. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: * The patch has been tested with a Debug and MinSizeRel build, with libssh unit tests, client tests and the pkd tests. * All the tests have been run with valgrind's memcheck, drd and helgrind tools. * The examples/samplessh client works when built with the patch. Reviewers: asn, aris Subscribers: simonsj Differential Revision: https://bugs.libssh.org/D1
2017-12-28options: Rewrite set() description to get()Jakub Jelen1-6/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21options: Move SSH_OPTIONS_ADD_IDENTITY to *set() function descriptionJakub Jelen1-14/+5
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21docs: correction for importing key fileEric Bentley1-1/+1
Signed-off-by: ebentley66@gmail.com Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/client/algorithms: Respect global verbosity settingsJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/config: Verify LogLevel from config is appliedJakub Jelen1-0/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/config: Newly parsed optionsJakub Jelen1-3/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/config: Enable and disable authentication methodsJakub Jelen1-0/+80
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests/config: Verify known_hosts files are appliedJakub Jelen1-0/+26
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21tests: HostkeyAlgorithms passed from config to optionsJakub Jelen2-0/+32
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21config: Add CMake check for glob()Jakub Jelen4-2/+25