aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-09-18tests: Verify the localuser match worksJakub Jelen2-5/+26
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-18config: Support match localuserJakub Jelen1-1/+23
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-18config: Make the matching case sensitive as documented in ssh_config manual ↵Jakub Jelen1-4/+1
pages > note that keywords are case-insensitive and arguments are case-sensitive Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-16Skip the proxycommand test in case the netcat is not avaliableJakub Jelen1-1/+9
Fixes: T142 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-16sftp: Improve the documentation of sftp_init() and sftp_new()Jakub Jelen1-2/+10
Fixes: T137 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-16known_hosts: Avoid using deprecated functions (even from deprecated functions)Jakub Jelen1-6/+11
Fixes: T165 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-08-08gitlab-ci: Turn DEBUG_CRYPTO on for standard crypto lib buildsAndreas Schneider1-2/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-08-08dh: Add ssh_dh_debug_crypto()Andreas Schneider5-25/+48
We should call it where we have access to the crypto structure. Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-08-07bignum: Pass const to ssh_print_bignum()Andreas Schneider5-5/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-08-07pki_mbedcrypto: Add missing misc.h header fileAndreas Schneider1-0/+1
For ssh_log_hexdump(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-08-06tests: Skip testing 1024 bits key generation in FIPS modeAnderson Toshiyuki Sasaki1-13/+15
In torture_threads_pki_rsa, skip the test which generates 1024 bits RSA key pair when in FIPS mode. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-06knownhosts: Use ssh_mkdirs() instead of ssh_mkdir()Anderson Toshiyuki Sasaki3-45/+107
Previously, if the path to known_hosts file set through SSH_OPTIONS_KNOWNHOSTS included missing directories, ssh_session_update_known_hosts() would fail. The added test case checks that this is not the case anymore. The logic of checking if the directory is accessible before creating it was replaced by creating the directory if opening the file failed. This is to minimize the risk of TOCTOU race conditions. Fixes: T166 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-06misc: Introduce internal function ssh_mkdirs()Anderson Toshiyuki Sasaki3-5/+166
If the given path includes missing directories, ssh_mkdirs() tries to create them recursively. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-06misc: Introduce internal function ssh_dir_writeable()Anderson Toshiyuki Sasaki3-0/+98
The introduced internal function checks if the provided path is for an existing directory which is accessible for writing. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30misc: Allow %% to escape a single % in paths.Richard W.M. Jones2-0/+16
For example "%d/config%%1" is expanded to "~/.ssh/config%1". Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30libcrypto: Avoid incompatible pointersJakub Jelen1-2/+6
Fixes: T164 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30pki_container_openssh: Avoid bogus newline in debug messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30pki_container_openssh: Reformat whitespaceJakub Jelen1-14/+14
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30examples: Load ED25519 key when loading all keysJakub Jelen1-0/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30Replace ssh_print_hexa() with ssh_log_hexdump()Anderson Toshiyuki Sasaki11-59/+59
Replace all occurrences of the deprecated function ssh_print_hexa() with the introduced ssh_log_hexdump(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30misc: Introduce ssh_log_hexdump()Anderson Toshiyuki Sasaki2-0/+188
The introduced internal function is intended to be a replacement for the deprecated function ssh_print_hexa(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-29tests: Try PEM files with leading white spacesAnderson Toshiyuki Sasaki3-0/+116
This adds a reproducer for T123. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-29pki: Search OpenSSH header not only at the beginningAnderson Toshiyuki Sasaki2-4/+88
Try to find the OpenSSH private key header not only at the beginning of the file. This makes the parser to skip comments and white spaces. Fixes: T76 Fixes: T123 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-15gitlab-ci: Test installation at least on one runnerAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-09tests: Do not use internal macros in the fuzzerAndreas Schneider1-6/+7
It should be buildable without internal headers. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08tests: Use the correct assert function in test serverAndreas Schneider1-2/+2
CID 1398983 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-08tests: Fix #ifdef in torture_server_configAndreas Schneider1-5/+2
This should stop detecting it as dead code. CID 1402934 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-08examples: Fix freeing the channel in ssh_clientAndreas Schneider1-1/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-08examples: Update header in ssh_clientAndreas Schneider1-12/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08tests: Add ssh_client_fuzzerAndreas Schneider2-0/+168
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08exmples: Use SSH_CONNECTOR_STDINOUT in client exampleAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08include: Add define for SSH_CONNECTOR_STDINOUTAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08gitlab-ci: Run the fuzzer with AddressSanitzerAndreas Schneider1-3/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08ctest: Run the ssh_server_fuzzer to check it worksAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08tests: Fix memory leak in ssh_server_fuzzerAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08cmake: We don't have to define the ssh link librariesAndreas Schneider2-4/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08cmake: Fix linking shared and static librariesAndreas Schneider1-1/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-05dh_crypto: Use size_t for loop variableAndreas Schneider1-1/+3
Also don't declare the variable in the loop. Fixes #157 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04libcrypto: fix compilation with LibreSSLStefan Strogin3-0/+11
LibreSSL does not support FIPS mode, check for FIPS_mode() in ConfigureChecks.cmake. Signed-off-by: Stefan Strogin <steils@gentoo.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04tests: Use C99 initilizer in test_server.cAndreas Schneider1-1/+3
This fixes a clang build warning. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04cmake: Write libssh-config.cmake using EXPORTSAndreas Schneider3-22/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04cmake: Use GNUInstallDirs for installationAndreas Schneider7-136/+16
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04tests: Improve fuzzer testAndreas Schneider1-20/+116
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04gitlab-ci: Enable building the ssh_server_fuzzer with clangAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04cmake: Fix building the ssh_server_fuzzerAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04config: Increase debug level for unkown and unsupported optionsAndreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04kex: Do not ignore keys in known_hosts filesAnderson Toshiyuki Sasaki2-90/+223
Previously, if the SSH_OPTIONS_HOSTKEYS option was set by any mean, including the client configuration file, the keys in known_hosts files wouldn't be considered before advertising the list of wanted host keys. This could result in the client requesting the server to provide a signature using a key not present in the known_hosts files (e.g. when the first wanted algorithm in SSH_OPTIONS_HOSTKEYS is not present in the known_hosts files), causing a host key mismatch and possible key rejection. Now, the keys present in the known_hosts files are prioritized over the other wanted keys. This do not change the fact that only keys of types present in the list set in SSH_OPTIONS_HOSTKEYS will be accepted and prioritized following the order defined by such list. The new wanted list of hostkeys is given by: - The keys present in known_hosts files, ordered by preference defined in SSH_OPTIONS_HOSTKEYS. If the option is not set, a default order of preference is used. - The other keys present in the same option are appended without adding duplicates. If the option is not set, the default list of keys is used. Fixes: T156 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04knownhosts: Introduced ssh_known_hosts_get_algorithms_names()Anderson Toshiyuki Sasaki3-0/+170
The added internal function obtain a newly allocated string containing a list of the signature types that can be generated by the keys present in the known_hosts files, separated by commas. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04token: Added function to remove duplicatesAnderson Toshiyuki Sasaki3-2/+278
Added a function to remove duplicates from lists. This function is used in a new provided function to append lists removing duplicates. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04knownhosts: Read knownhosts file only if foundAnderson Toshiyuki Sasaki1-2/+2
Avoid trying to open the files if they are not accessible. This was already treated as a non-error, but with this we save one function call. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>