aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-06-05pkd: move chacha20-poly1305@openssh.com tests to OPENSSHONLY sectionchacha20Jon Simons1-10/+9
Dropbear does not currently implement the 'chacha20-poly1305@openssh.com' cipher, so move it into the OPENSSHONLY suite.
2015-06-05pkd: rename AES192 cipher suite -> OPENSSHONLYJon Simons1-13/+13
2015-06-05pkd: add passes for chacha20-poly1305@openssh.com cipherJon Simons1-1/+9
2015-06-05tests: send more packets of various sizesAris Adamantiadis1-0/+13
2015-06-05tests: packet encryption unit testingAris Adamantiadis2-0/+192
That code is really ugly, but it wasn't meant to be modular at all in the first place.
2015-06-05tests: use the same host and port number in all testsAris Adamantiadis13-104/+148
2015-06-05tests: test for chacha20-poly1305@openssh.comAris Adamantiadis1-4/+11
2015-06-05libgcrypt: make it compatible with chacha20Aris Adamantiadis3-0/+17
2015-06-05chacha: packet decryptionAris Adamantiadis7-99/+183
2015-06-05chacha: packet encryptionAris Adamantiadis11-56/+221
2015-06-05packet: add more debuggingAris Adamantiadis1-1/+9
2015-06-05buffer: ssh_buffer_allocate functionAris Adamantiadis2-1/+32
2015-06-05cmake: detect "bounded" compiler attributeAris Adamantiadis4-4/+24
2015-06-05cmake: add WITH_PACKET_DEBUG optionAris Adamantiadis3-0/+8
2015-06-04libcrypto: use c99 style structuresAris Adamantiadis1-110/+81
2015-06-04ChaCha and Poly1305 implementations from OpenSSHAris Adamantiadis7-0/+433
2015-06-03channels: fix exit-status not correctly setAris Adamantiadis1-5/+3
2015-05-29Comment that ssh_forward_cancel() is deprecated.Mike DePaulo1-0/+1
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
2015-05-29Reintroduce ssh_forward_listen() (Fixes: #194)Mike DePaulo1-0/+5
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
2015-05-08cpack: Use application version.Andreas Schneider1-3/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06Bump version to 0.7.0Andreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06Update ChangeLogAndreas Schneider1-1/+63
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06valgrind: Add suppression for openssl FIPS dlopen leakAndreas Schneider1-0/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06valgrind: Ignore valgrind free bug on exitAndreas Schneider1-0/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06tests: Migrate torture_keyfiles to testkey functionsAndreas Schneider1-16/+31
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06torture: Move TORTURE_TESTKEY_PASSWORD to headerAndreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06tests: Fix memory leak in torture_server_x11 testAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05kex: also compare host keys for 'first_kex_packet_follows'Jon Simons1-21/+23
Also consider the host key type at hand when computing whether a 'first_kex_packet_follows' packet matches the current server settings. Without this change libssh may incorrectly believe that guessed settings which match by kex algorithm alone fully match: the host key types must also match. Observed when testing with dropbear clients. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT caseJon Simons1-0/+1
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be ignored. That is, for the case that the initial 'first_kex_packet_follows' guess is incorrect. Before this change sessions served with libssh can be observed to error out unexpectedly early when testing with dropbear clients that send an incompatible guess. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05tests: Only link against threading library if availableAndreas Schneider1-10/+14
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05cmake: Add missing OpenSSL include directoryAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05cmake: Add --enable-stdcall-fixup for MinGW buildsAndreas Schneider1-0/+4
This fixes warnings for getaddrinfo() and freeaddrinfo(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05include: Fix variadic macro issues with MSVCAndreas Schneider1-1/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05tests: Apply umask before calling mkstemp()Andreas Schneider2-1/+8
CID: #978660 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05example: Fix a use after free in the scp exampleAndreas Schneider1-0/+1
CID: #1032343 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05example: Check return value of ssh_get_fd()Andreas Schneider1-2/+11
CID: #1199454 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05sftp: Fix size checkAndreas Schneider1-5/+7
CID: #1296588 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Fix resetting the stateAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Make sure we burn buffers in bcryptAndreas Schneider1-5/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Fix a possible buffer overrun in bcrypt_pbkdfAndreas Schneider1-3/+9
CID: #1250106 This fixes a 1 byte output overflow for large key length (not reachable in libssh). Pulled from OpenBSD BCrypt PBKDF implementation. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04sftp: Add bound check for sizeAndreas Schneider1-1/+2
CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04buffer: Cleanup vaargs in ssh_buffer_unpack_va()Andreas Schneider1-0/+1
CID: #1267977 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04string: Improve ssh_string_len() to avoid tainted variablesAndreas Schneider1-4/+11
CID: #1278978 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04pki_container: Fix a memory leakAndreas Schneider1-2/+9
CID: #1267980 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04pki_container: Add check for return valueAndreas Schneider1-1/+4
CID: #1267982 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04tests: Fix ctest default scriptAndreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04cmake: Add support for Address SanitizerAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04config: Add missing HAVE_ARPA_INET_H defineAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-23buffers: Fix a possible null pointer dereferenceAris Adamantiadis1-0/+8
This is an addition to CVE-2015-3146 to fix the null pointer dereference. The patch is not required to fix the CVE but prevents issues in future. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-23CVE-2015-3146: Fix state validation in packet handlersAris Adamantiadis2-9/+15
The state validation in the packet handlers for SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. The issue has been found and reported by Mariusz Ziule. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>