Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2015-06-05 | pkd: move chacha20-poly1305@openssh.com tests to OPENSSHONLY sectionchacha20 | Jon Simons | 1 | -10/+9 | |
Dropbear does not currently implement the 'chacha20-poly1305@openssh.com' cipher, so move it into the OPENSSHONLY suite. | |||||
2015-06-05 | pkd: rename AES192 cipher suite -> OPENSSHONLY | Jon Simons | 1 | -13/+13 | |
2015-06-05 | pkd: add passes for chacha20-poly1305@openssh.com cipher | Jon Simons | 1 | -1/+9 | |
2015-06-05 | tests: send more packets of various sizes | Aris Adamantiadis | 1 | -0/+13 | |
2015-06-05 | tests: packet encryption unit testing | Aris Adamantiadis | 2 | -0/+192 | |
That code is really ugly, but it wasn't meant to be modular at all in the first place. | |||||
2015-06-05 | tests: use the same host and port number in all tests | Aris Adamantiadis | 13 | -104/+148 | |
2015-06-05 | tests: test for chacha20-poly1305@openssh.com | Aris Adamantiadis | 1 | -4/+11 | |
2015-06-05 | libgcrypt: make it compatible with chacha20 | Aris Adamantiadis | 3 | -0/+17 | |
2015-06-05 | chacha: packet decryption | Aris Adamantiadis | 7 | -99/+183 | |
2015-06-05 | chacha: packet encryption | Aris Adamantiadis | 11 | -56/+221 | |
2015-06-05 | packet: add more debugging | Aris Adamantiadis | 1 | -1/+9 | |
2015-06-05 | buffer: ssh_buffer_allocate function | Aris Adamantiadis | 2 | -1/+32 | |
2015-06-05 | cmake: detect "bounded" compiler attribute | Aris Adamantiadis | 4 | -4/+24 | |
2015-06-05 | cmake: add WITH_PACKET_DEBUG option | Aris Adamantiadis | 3 | -0/+8 | |
2015-06-04 | libcrypto: use c99 style structures | Aris Adamantiadis | 1 | -110/+81 | |
2015-06-04 | ChaCha and Poly1305 implementations from OpenSSH | Aris Adamantiadis | 7 | -0/+433 | |
2015-06-03 | channels: fix exit-status not correctly set | Aris Adamantiadis | 1 | -5/+3 | |
2015-05-29 | Comment that ssh_forward_cancel() is deprecated. | Mike DePaulo | 1 | -0/+1 | |
Signed-off-by: Aris Adamantiadis <aris@badcode.be> | |||||
2015-05-29 | Reintroduce ssh_forward_listen() (Fixes: #194) | Mike DePaulo | 1 | -0/+5 | |
Signed-off-by: Aris Adamantiadis <aris@badcode.be> | |||||
2015-05-08 | cpack: Use application version. | Andreas Schneider | 1 | -3/+3 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-06 | Bump version to 0.7.0 | Andreas Schneider | 2 | -2/+2 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-06 | Update ChangeLog | Andreas Schneider | 1 | -1/+63 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-06 | valgrind: Add suppression for openssl FIPS dlopen leak | Andreas Schneider | 1 | -0/+12 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-06 | valgrind: Ignore valgrind free bug on exit | Andreas Schneider | 1 | -0/+12 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-06 | tests: Migrate torture_keyfiles to testkey functions | Andreas Schneider | 1 | -16/+31 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-06 | torture: Move TORTURE_TESTKEY_PASSWORD to header | Andreas Schneider | 2 | -2/+2 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-06 | tests: Fix memory leak in torture_server_x11 test | Andreas Schneider | 1 | -0/+2 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | kex: also compare host keys for 'first_kex_packet_follows' | Jon Simons | 1 | -21/+23 | |
Also consider the host key type at hand when computing whether a 'first_kex_packet_follows' packet matches the current server settings. Without this change libssh may incorrectly believe that guessed settings which match by kex algorithm alone fully match: the host key types must also match. Observed when testing with dropbear clients. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT case | Jon Simons | 1 | -0/+1 | |
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be ignored. That is, for the case that the initial 'first_kex_packet_follows' guess is incorrect. Before this change sessions served with libssh can be observed to error out unexpectedly early when testing with dropbear clients that send an incompatible guess. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | tests: Only link against threading library if available | Andreas Schneider | 1 | -10/+14 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | cmake: Add missing OpenSSL include directory | Andreas Schneider | 1 | -0/+2 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | cmake: Add --enable-stdcall-fixup for MinGW builds | Andreas Schneider | 1 | -0/+4 | |
This fixes warnings for getaddrinfo() and freeaddrinfo(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | include: Fix variadic macro issues with MSVC | Andreas Schneider | 1 | -1/+9 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | tests: Apply umask before calling mkstemp() | Andreas Schneider | 2 | -1/+8 | |
CID: #978660 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | example: Fix a use after free in the scp example | Andreas Schneider | 1 | -0/+1 | |
CID: #1032343 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | example: Check return value of ssh_get_fd() | Andreas Schneider | 1 | -2/+11 | |
CID: #1199454 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-05 | sftp: Fix size check | Andreas Schneider | 1 | -5/+7 | |
CID: #1296588 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | external: Fix resetting the state | Andreas Schneider | 1 | -1/+1 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | external: Make sure we burn buffers in bcrypt | Andreas Schneider | 1 | -5/+4 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | external: Fix a possible buffer overrun in bcrypt_pbkdf | Andreas Schneider | 1 | -3/+9 | |
CID: #1250106 This fixes a 1 byte output overflow for large key length (not reachable in libssh). Pulled from OpenBSD BCrypt PBKDF implementation. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | sftp: Add bound check for size | Andreas Schneider | 1 | -1/+2 | |
CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | buffer: Cleanup vaargs in ssh_buffer_unpack_va() | Andreas Schneider | 1 | -0/+1 | |
CID: #1267977 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | string: Improve ssh_string_len() to avoid tainted variables | Andreas Schneider | 1 | -4/+11 | |
CID: #1278978 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | pki_container: Fix a memory leak | Andreas Schneider | 1 | -2/+9 | |
CID: #1267980 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | pki_container: Add check for return value | Andreas Schneider | 1 | -1/+4 | |
CID: #1267982 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | tests: Fix ctest default script | Andreas Schneider | 1 | -4/+4 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | cmake: Add support for Address Sanitizer | Andreas Schneider | 1 | -0/+7 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-05-04 | config: Add missing HAVE_ARPA_INET_H define | Andreas Schneider | 1 | -0/+3 | |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-04-23 | buffers: Fix a possible null pointer dereference | Aris Adamantiadis | 1 | -0/+8 | |
This is an addition to CVE-2015-3146 to fix the null pointer dereference. The patch is not required to fix the CVE but prevents issues in future. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | |||||
2015-04-23 | CVE-2015-3146: Fix state validation in packet handlers | Aris Adamantiadis | 2 | -9/+15 | |
The state validation in the packet handlers for SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. The issue has been found and reported by Mariusz Ziule. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> |