aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-12-15Add new optionsAris Adamantiadis9-19/+343
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15tests: Temporarily build chroot_wrapperJakub Jelen2-1/+18
2017-12-15tests: Do not generate pcap file by defaultJakub Jelen1-1/+4
pcap file is generated by the processes writing to the sockets, which is not allowed for privilege-separated process in new OpenSSH servers (confined by seccomp filter). Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15tests: Give server more time to startJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15tests: Do not test blowfish ciphers with OpenSSH 7.6 and newerJakub Jelen2-0/+8
2017-11-16client: Add missing language tag in disconnect messageAndreas Schneider1-2/+3
Fixes T74 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-09test: ssh_userauth_kbdint_setanswer() does not network interactionAndreas Schneider1-3/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-09sftp: Check for NULL path and give correct errorAndreas Schneider1-0/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-08examples: Build server examples on Linux tooAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-08pki_crypto: Avoid potential memory leakJakub Jelen1-1/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07examples: Rename samplessh to ssh-clientAndreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07doc: Missing new Host Key algorithmsJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07doc: Missing new MAC algorithms in documentationJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07doc: Missing new ECDH algorithms in documentationJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07pki_crypto: Avoid segfault with OpenSSL 1.1.0Jakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29ecdh: fix build for old libgcryptJon Simons1-2/+2
Summary: Fix a typo for old libgcrypt builds `k_length` -> `k_len`. Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Spotted this last-minute typo bug in local testing. Reviewers: asn Reviewed By: asn Differential Revision: https://bugs.libssh.org/D10
2017-10-29ecdh: fix build for old libgcryptJon Simons1-2/+2
Summary: Fix a typo for old libgcrypt builds `k_length` -> `k_len`. Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Spotted this last-minute typo bug in local testing. Reviewers: asn Differential Revision: https://bugs.libssh.org/D10
2017-10-29dh: Don't use deprecated function with newer OpenSSLAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29pki_crypto: Don't use deprecated function with newer OpenSSLAndreas Schneider1-0/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29torture_algorithms: deduplicate kex method passesJon Simons1-90/+49
Summary: Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Re-ran the `torture_algorithms` test. Reviewers: asn Reviewed By: asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D8
2017-10-29torture_algorithms: deduplicate kex method passesJon Simons1-90/+49
Summary: Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Re-ran the `torture_algorithms` test. Reviewers: asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D8
2017-10-29server: expose 'ssh_server_init_kex' APIJon Simons2-6/+39
Expose an API 'ssh_server_init_kex' which allows one to change the set of key exchange, hostkey, ciphers, MACs, and compression algorithms currently configured for the ssh_session at hand, after having started the 'ssh_handle_key_exchange' process. One can use this API from the already-existing 'connect_status_function' callback to dynamically modify the set of algorithms used after having received the client banner, but before sending out the initial KEXINIT message. For example, one might want to prevent advertising the curve25519 key exchange algorithm for older OpenSSH clients due to interop bugs. Fixes T25 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-28Fix config.h includesAndreas Schneider47-21/+92
We need stdlib.h and string.h in priv.h for free() and memset(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-12cmake: Fix parsing the gcrypt versionAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-12cmake: Bump version numbersAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11README.Coding: Add section about pointersAndreas Schneider1-0/+21
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11sftp-server: Fix LIBSSH_APIDavidWed1-10/+10
Fixes T44 Signed-off-by: DavidWedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11pkd_daemon.c: force close pkd_state.server_fd upon stopJon Simons1-0/+1
There's a race window between the accept loop's call to accept(2) and it checking `ctx.keep_going`. Forcefully close the server socket such that any raced `accept` ends up failing. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11pkd_daemon.c: split final close loop; wait for client to closeJon Simons1-2/+12
Sometimes, but not always, the pkd tests will fail because they close the socket at hand a bit too early for the client. The client in turn may exit non-zero when that happens. Split up the final close loop so that pkd waits to receive a channel close from the client, and then socket close, before finally returning. With this change I observe that tests are now passing in environments that would previously tickle the above race and fail. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11pkd_hello.c: fix return code upon test failureJon Simons1-4/+5
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11auth: fix double-free in ssh_userauth_agent_publickeyJon Simons1-0/+1
Fixes T72 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11config: fix memory leak with repeated opcodesJon Simons2-1/+21
Fix a memory leak in the path where parsing returns early due to seeing a repeated opcode. A testcase is added which demonstrates the leak and fix with valgrind. Resolves CID 1374267. Signed-off-by: Jon Simons <jon@jonsimons.org>
2017-08-25match: Add missing return statementAndreas Schneider1-0/+1
This makey the compiler happy. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-25examples: Fix fallthrough compiler warningsAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-25packet: Fix fallthrough compiler warningsAndreas Schneider2-1/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-25cmake: Add check for fallthrough attributeAndreas Schneider2-0/+29
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24ecdh: enable ecdh_sha2_nistp{384,521} kex methodsJon Simons11-12/+184
Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Reviewed By: asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
2017-08-24ecdh: enable ecdh_sha2_nistp{384,521} kex methodsJon Simons11-12/+184
Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
2017-08-24options: Use ssh_key_type_e in ssh_options_set_algo()Andreas Schneider2-15/+19
Review with 'git show -b' Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24kex: Use ssh_kex_types_e in ssh_verify_existing_algo()Andreas Schneider2-3/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24torture_options: test the setting of ciphers and MACsNikos Mavrogiannopoulos1-0/+40
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-08-24ssh_options_set_algo: ensure we only set known algorithms internallyNikos Mavrogiannopoulos3-7/+81
That way, we will not fail later on key exchange phase when something unknown is negotiated. Fixes T37 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-24priv: Add macro for MAXAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24INSTALL: mention the way to testNikos Mavrogiannopoulos1-1/+5
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24tests: added unit test on including config filesNikos Mavrogiannopoulos2-0/+96
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24config: add support for recursive including of filesNikos Mavrogiannopoulos1-2/+40
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-21arcconfig: Add missing commaAndreas Schneider1-1/+1
2017-08-18arc: Make the history immutableAndreas Schneider1-0/+1
Under an immutable history the history will not be rewritten. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-17tests: plug leak in torture_bind_options_import_keyJon Simons1-1/+2
Summary: Hello, this is a resend for a quick memory leak fix for one of the unit tests, originally sent to the mailing list here: * https://www.libssh.org/archive/libssh/2017-07/0000017.html Test Plan: * Before the fix and running the test with valgrind: ``` [simonsj@simonsj-lx5 : unittests] valgrind --leak-check=full ./torture_options >/dev/null ==93134== Memcheck, a memory error detector ==93134== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==93134== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==93134== Command: ./torture_options ==93134== [ PASSED ] 10 test(s). [ PASSED ] 1 test(s). ==93134== ==93134== HEAP SUMMARY: ==93134== in use at exit: 80 bytes in 1 blocks ==93134== total heap usage: 977 allocs, 976 frees, 75,029 bytes allocated ==93134== ==93134== 80 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==93134== at 0x4C28C20: malloc (vg_replace_malloc.c:296) ==93134== by 0x41BAB0: ssh_key_new (pki.c:107) ==93134== by 0x40DF90: torture_bind_options_import_key (torture_options.c:222) ==93134== by 0x4E3AA3A: cmocka_run_one_test_or_fixture (cmocka.c:2304) ==93134== by 0x4E3ACEA: cmocka_run_one_tests (cmocka.c:2412) ==93134== by 0x4E3B036: _cmocka_run_group_tests (cmocka.c:2517) ==93134== by 0x40E9E3: torture_run_tests (torture_options.c:276) ==93134== by 0x40DE68: main (torture.c:1100) ==93134== ==93134== LEAK SUMMARY: ==93134== definitely lost: 80 bytes in 1 blocks ==93134== indirectly lost: 0 bytes in 0 blocks ==93134== possibly lost: 0 bytes in 0 blocks ==93134== still reachable: 0 bytes in 0 blocks ==93134== suppressed: 0 bytes in 0 blocks ==93134== ==93134== For counts of detected and suppressed errors, rerun with: -v ==93134== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ``` * And after: ``` [simonsj@simonsj-lx5 : unittests] valgrind --leak-check=full ./torture_options >/dev/null ==93294== Memcheck, a memory error detector ==93294== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==93294== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==93294== Command: ./torture_options ==93294== [ PASSED ] 10 test(s). [ PASSED ] 1 test(s). ==93294== ==93294== HEAP SUMMARY: ==93294== in use at exit: 0 bytes in 0 blocks ==93294== total heap usage: 977 allocs, 977 frees, 75,029 bytes allocated ==93294== ==93294== All heap blocks were freed -- no leaks are possible ==93294== ==93294== For counts of detected and suppressed errors, rerun with: -v ==93294== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ``` Reviewers: asn Reviewed By: asn Differential Revision: https://bugs.libssh.org/D3
2017-08-17pkd: a few improvements and fixupsJon Simons3-29/+58
Summary: Hello, resending this patch series for the `pkd` tests, originally sent to the mailing list here: * https://www.libssh.org/archive/libssh/2017-07/0000011.html Here are a few improvements and fixups for the `pkd` tests, including a new flag `-m` that can be used to run only certain subsets of the test passes. Jon Simons (5): pkd: rename AES192 cipher suite -> OPENSSHONLY pkd_daemon.c: mark `pkd_ready` field as volatile pkd: fixups for updated CMocka CMUnitTest struct pkd: refactor -t testname lookup-by-name pkd: support -m to match multiple tests tests/pkd/pkd_daemon.c | 2 +- tests/pkd/pkd_daemon.h | 1 + tests/pkd/pkd_hello.c | 84 +++++++++++++++++++++++++++++++++----------------- 3 files changed, 58 insertions(+), 29 deletions(-) -- Test Plan: * I've been using the new `-m` mode locally for a long time to run only certain groups of tests. * The CMocka struct fixes can be seen in the pkd output before and after: after, there are no more extraneous test output strings. * The fix for the `pkd_ready` field can be observed when building the libssh tests with `-Os` on a Debian system (before the fix, pkd would hang, after the fix, it runs as intended). Reviewers: asn Reviewed By: asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D2