aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2020-05-05fuzz: Use none cipher and MACJakub Jelen2-1/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Allow example client and server to process different configuration filesJakub Jelen2-5/+27
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Cover ssh_options_getopt with unit testsJakub Jelen1-0/+148
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05options: Avoid memory leaks during modification of argvJakub Jelen1-8/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05options: Properly handle unknown options with argumentsJakub Jelen1-2/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Verify functionality of none cipher and macJakub Jelen1-8/+46
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Skip HMAC handling if none is selectedJakub Jelen2-23/+30
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Check if set_*_key functions exists before calling itJakub Jelen1-15/+19
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Use temporary variables to avoid long linesJakub Jelen1-14/+12
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Add basic support for none cipher and MACsJakub Jelen9-6/+85
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Drop none cipher and MAC as they are not implementedJakub Jelen1-2/+2
or not intended for production Related: T85 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Simplify definition of fuzzing targets and build them also with gccJakub Jelen2-21/+57
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Correctly sort members initialization to prevent GCC warningsJakub Jelen1-1/+1
tests/fuzz/ssh_client_fuzzer.cpp:45:1: error: designator order for field ‘ssh_callbacks_struct::userdata’ does not match declaration order in ‘ssh_callbacks_struct’ Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Enable all CASignatureAlgorithms as SHA1 certificates are now ↵Jakub Jelen1-0/+3
disabled in OpenSSH 8.2p1 This option is unknown to older OpenSSH versions (for example CentOS 7 with OpenSSH 7.4) so we can not add it everywhere. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05pki: Mark explicit fall throughJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05external: Do not confuse new gccJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05client: Properly indicate fall throughJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-24session: add missing return value documentationHeiko Thiery1-1/+2
Add SSH_AGAIN as return value to ssh_handle_packets documentation. Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-24tests: add testcases for ssh_channel_poll_timeout()Heiko Thiery1-0/+54
This adds testcases for the regression introduced in 3bad0607. Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-20config: Check null derefJakub Jelen1-0/+3
As reported by LGTM Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20channels: Avoid returning SSH_AGAIN from ssh_channel_poll_timeout()Jakub Jelen1-0/+6
This addresses a regression introduced in 3bad0607, partially fixed in 022409e9, but the function was still able to return SSH_AGAIN, which was not expected by callers. Based on discussion in [1] and [2] [1] https://gitlab.com/libssh/libssh-mirror/-/merge_requests/101 [2] https://www.libssh.org/archive/libssh/2020-03/0000029.html Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20channels: reformatJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20examples: Avoid unused parameter warnings and reformatJakub Jelen1-60/+116
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20gitlab-ci: Avoid passing artifacts between completely unrelated stagesJakub Jelen1-0/+2
The introduction of stages in gitlab-ci had quite a unfortune side effect that is described in the documentation [1]. The whole artifacts path (in our case obj/) is passed from one stage to another by default, which is causing very odd behavior as the previous results are only partially overwritten by the new cmake command and can even lead to execution of tests that are not supposed to run in particular job. [1] https://docs.gitlab.com/ee/ci/yaml/#dependencies Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20gitlab-ci: Fix typoJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20tests: Enable RSA SHA1 certs for testing against older OpenSSHJakub Jelen1-0/+6
The OpenSSH 7.4 or 7.6 in Ubuntu and CentOS 7 does not support SHA2 RSA certificates and libssh automatically falls back to SHA1, which is not allowed by default. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20tests: Update coverage of config_parserJakub Jelen1-7/+113
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20config_parser: Allow equal sign as a separator and eat up trailing whitespaceJakub Jelen1-10/+23
Probably fixes T210 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20Disable RSA and DSA keys with sha1 by defaultJakub Jelen2-23/+25
Fixes: T218 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20pkd: Enable all hostkeysJakub Jelen1-0/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20tests: Enable all host key algorithms in testing clientJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20Make the testing ping use all supported algorithmsJakub Jelen2-1/+15
Previously, it would use only the default set, which makes some tests failing including the DSA ones and disabled RSA with SHA1. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15Reformat ssh_bind_accept()Jakub Jelen1-25/+28
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15examples: Add missing includesJakub Jelen1-0/+2
Fixes: T225 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto-compat: Fix indentation and return valueJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto: remove deprecated API usageRosen Penev1-5/+4
EVP_CIPHER_CTX_init was replaced with _reset. Removed EVP_CIPHER_CTX_cleanup. The successive _free call handles that. Removed old SSLeay function usage. Signed-off-by: Rosen Penev <rosenp@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto-compat: add extra functionsRosen Penev2-0/+20
Added extra functions. The next commit will switch to them. Signed-off-by: Rosen Penev <rosenp@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15Fix FTBFS on hurd-i386Laurent Bigonville1-0/+4
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933015 Signed-off-by: Laurent Bigonville <bigon@bigon.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-15Make the documentation reproducibleLaurent Bigonville1-0/+1
Signed-off-by: Laurent Bigonville <bigon@bigon.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-15Correctly parse v4 subsecond timestampsStefanBruens1-15/+15
All subsecond timestamps are only in the packets if both the SUBSECOND_TIMES flag and the timestamp flag, e.g. ATTR_ACCESSTIME are set. SUBSECOND_TIMES are not very common across server implementations (e.g. openssh does not include it, nor does libssh's sftpserver implementation), but this interpretation of the SFTP protocol draft is used by WinSCP and lftp. Fixes T219. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-09client: Check if the library is initialized in ssh_connect()Anderson Toshiyuki Sasaki2-0/+40
If the library is not initialized, SSH_ERROR is returned and the error message is set properly. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09client: Reformat ssh_connect()Anderson Toshiyuki Sasaki1-99/+111
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09init: Introduce internal is_ssh_initialized()Anderson Toshiyuki Sasaki3-0/+45
The introduced function returns whether the library is initialized or not. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09init: Clarify the need to call ssh_{init, finalize}()Anderson Toshiyuki Sasaki1-7/+18
When libssh is statically linked, it is necessary to explicitly call ssh_init() before calling any other provided API. It is also necessary to call ssh_finalize() before exiting to free allocated resources. Fixes T222 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR keyAndreas Schneider1-2/+6
Fixes T213 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-06src/pki_crypto.c corrects the incorrect usage of enumSahana Prasad1-2/+2
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-06kex: Add support for diffie-hellman-group14-sha256Anderson Toshiyuki Sasaki11-2/+44
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-02dh-gex: Check return value of ssh_get_random()Andreas Schneider1-2/+7
CID #1422162 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-01cmake: Fix building with threading support on MinGWAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-03-30gitlab-ci: Add Coverity ScanAndreas Schneider1-0/+37
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>