aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-11-06cmake: Do not use cached LIBSSH_PUBLIC_INCLUDE_DIRSmaster-cmakeAndreas Schneider7-46/+21
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-06Revert "cmake: Don't cache LIBSSH_PUBLIC_INCLUDE_DIR"Andreas Schneider7-18/+39
This reverts commit 1b3747b5e00e46a454edb9e498a5198e5418dee3.
2019-11-06cmake: Don't cache LIBSSH_PUBLIC_INCLUDE_DIRAndreas Schneider7-39/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-06cmake: Rename static libraryAndreas Schneider3-9/+10
This is only compiled for tests and fuzzers! Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-06cmake: Create ssh library directly as libsshAndreas Schneider2-32/+28
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-06cmake: Add option to build shared libsAndreas Schneider2-0/+2
See https://cmake.org/cmake/help/latest/variable/BUILD_SHARED_LIBS.html Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-06cmake: Remove WITH_STATIC_LIBAndreas Schneider3-17/+2
We will honor BUILD_SHARED_LIBS from cmake next. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-05cmake: Don't cache LIBSSH_LINK_LIBRARIESAndreas Schneider1-5/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-05cmake:pkd: Don't use LIBSSH_LINK_LIBRARIESAndreas Schneider1-1/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-05cmake: Remove libsocketAndreas Schneider1-7/+0
This is already part of LIBSSH_REQUIRED_LIBRARIES Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-05cmake: Use target_include_directories()Andreas Schneider1-5/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-04gitlab-ci: Mips is deadAndreas Schneider1-28/+0
Debian removed the cross compiling toolchain. So lets drop it. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-11-04channel: Document ssh_channel_request_sftp()Andreas Schneider1-0/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-11-04auth: Add missing include for explicit_bzero()Andreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-10-25cmake: Link compile database to source dir for clangdAndreas Schneider3-1/+8
See https://github.com/ycm-core/YouCompleteMe https://github.com/abingham/emacs-ycmd Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-10-25tests: Do not parse global config in torture_ssh_session()Anderson Toshiyuki Sasaki1-1/+8
Do not parse global config file in sessions created by torture_ssh_session(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25tests: Do not parse global configuration when testing serverAnderson Toshiyuki Sasaki1-51/+0
This removes the tests which uses external configuration files. This makes the tests no not change behaviour depending on the environment they are being executed. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25tests: Do not process server config during testsAnderson Toshiyuki Sasaki1-0/+8
In pkd tests, avoid processing the global server configuration file. This is to allow testing with algorithms not allowed in the global server configuration. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25tests: Do not process config when reinitializing sessionAnderson Toshiyuki Sasaki1-0/+2
Do not process system-wide configuration when reinitializing a session during testing. This could lead to different settings set from the expected one (which was initialized during test setup). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25tests: Use temporary file for known_hostsAnderson Toshiyuki Sasaki2-75/+136
Previously, the tests were sharing the same file path to create the known_hosts file, which can create a race condition if the tests run in parallel. Such file was deleted between tests. By using different different files for each test, the risk of race conditions is eliminated. Moreover, it makes unnecessary to destroy the file between tests. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25packet: On failure, do not use uninitialized cryptoJakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-25packet_crypt: Avoid out of bounds access in debug functionsJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-25tests: Let shell resolve the absolute path to binaries in Exec testsJakub Jelen2-5/+5
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-07pki_crypto: Use temporary pointer when using i2d_*Anderson Toshiyuki Sasaki1-4/+35
These functions modify the provided pointer by advancing to the end of if (point to the byte after the last written). This makes the pointer invalid, making necessary to use a temporary variable. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-01callbacks: Improve documentation about callbacks handlingJakub Jelen1-1/+11
Fixes T103 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-01tests: Verify multiple match conditions can be present on a lineJakub Jelen1-3/+50
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-01tests: Verify match exec keyword works on itselfJakub Jelen2-4/+61
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-01config: Implement match exec keywordJakub Jelen1-7/+136
The implementation does not work on Windows, where it still reports unsupported configuration option. On windows, separate code invoking subprocess needs to be implemented. Fixes T169 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-01tests: Verify functionality of low-level config parser functionsJakub Jelen1-0/+125
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-01config_parser: Implement more useful variant of get_token()Jakub Jelen1-2/+26
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-24pki_crypto: Support Ed25519 keys in PEM filesAnderson Toshiyuki Sasaki3-22/+229
This adds support for Ed25519 keys from files in PEM format when using OpenSSL with Ed25519 support. The default encoding for the PEM file is expected to be PKCS#8. Encrypted files are supported. For the lack of an API, it is not possible to export keys in PEM format, only in OpenSSH format. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24cmake: Do not build internal ed25519 when unnecessaryAnderson Toshiyuki Sasaki1-8/+18
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24curve25519: Use OpenSSL X25519 implementationAnderson Toshiyuki Sasaki1-45/+208
If supported, use OpenSSL X25519 implementation for the curve25519 key exchange. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24cmake: Detect OpenSSL X25519 supportAnderson Toshiyuki Sasaki2-0/+7
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki: Remove unused function pki_signature_verify()Anderson Toshiyuki Sasaki12-157/+35
This removes unused function pki_signature_verify() from pki_{crypto, mbedcrypto, gcrypt}. The function was also removed from include/libssh/pki_priv.h. The function ssh_pki_signature_verify() was changed to receive a const unsigned char *input. All tests calling pki_signature_verify() were changed to call ssh_pki_signature_verify() instead. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_crypto: Use OpenSSL for Ed25519 signaturesAnderson Toshiyuki Sasaki7-60/+343
Use OpenSSL to generate and verify Ed25519 signatures, if supported. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki: Move common Ed25519 functions to pki_ed25519_common.cAnderson Toshiyuki Sasaki7-192/+236
This is a preparation to use the Ed25519 implementation from OpenSSL. The function pki_ed25519_sig_to_blob() was renamed to pki_ed25519_signature_to_blob() and pki_ed25519_sig_from_blob() was renamed to pki_signature_from_ed25519_blob() to follow the naming for other algorithms. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24cmake: Detect OpenSSL support for Ed25519Anderson Toshiyuki Sasaki2-0/+7
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_mbedcrypto: Do not treat Ed25519 as a special caseAnderson Toshiyuki Sasaki1-11/+35
Generate and verify Ed25519 signatures along with the other signature types. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_gcrypt: Do not treat Ed25519 as a special caseAnderson Toshiyuki Sasaki1-10/+37
Verify the Ed25519 signature in pki_verify_data_signature() along with the other signature types. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_crypto: Use EVP_DigestSign* and EVP_DigestVerify*Anderson Toshiyuki Sasaki3-25/+64
Use the newer APIs EVP_DigestSign{Init}() and EVP_DigestVerify{Init}() to generate and verify signatures instead of the older EVP_Sign{Init, Update, Final} and EVP_Verify{Init, Update, Final} if supported. Also use the single shot signature/verification if supported as all the input is provided at once. This is a preparation to use Ed25519 implementation from OpenSSL. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24torture_pki_ed25519: Use public key to verify signaturesAnderson Toshiyuki Sasaki1-3/+7
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24gitlab-ci: Move cmake from prep to build command in csbuildAnderson Toshiyuki Sasaki1-2/+1
This is required to avoid csbuild scan failures when a commit removes source files. The command prep is run only once before all the builds, making csbuild to try to compile the old files using the configuration files generated for the newest version. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24buffer: Simplify handling of the return codesJakub Jelen1-6/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-09-24buffer: Avoid use of uninitialized valuesJakub Jelen1-6/+13
Fixes the following oss-fuzz bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17565 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-09-24dh-gex: Correctly free modulus and generator with opensslJakub Jelen1-6/+12
Fixes T176 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-24channels: Correctly reports failed channels openingJakub Jelen1-0/+5
Fixes T75 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-24Reformat channel_open()Jakub Jelen1-57/+67
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-24channels: Do not use deprecated functions in the example codeJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-19options: Do not attempt to expand percents in PKCS#11 URIsJakub Jelen1-0/+7
With the old token parser, the data was simply broken on the = sign even if the uri was in quotes and ignored. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>