lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-06 13:20:57 +03:00
Code Activity
6,454 Commits 12 Branches 62 Tags
acc080ac03a86d09152f307a90bea468fd1e11b0
Commit Graph

612 Commits

Author SHA1 Message Date
Praneeth Sarode
acc080ac03 tests(fido2): add tests for the usb-hid security key callbacks 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
 2025-11-13 15:11:46 +05:30
Jakub Jelen
491cd81a32 kex: Place PQC KEX methods first 
The ML-KEMx25519 is now preferred algorithm in OpenSSH so follow the suit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-11-06 16:24:47 +01:00
Jakub Jelen
b9c6701c68 tests: Avoid needless pthread_exit() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-11-05 17:52:24 +01:00
Sahana Prasad
a9c8f942a5 kex: Implement mlkem768x25519-sha256 
The implementation largely follows that of sntrup761x25519-sha512.

Most of the work was done by Sahana with the help of Claude,
Pavol provided fixes to match specs and did a final clean up.

Co-Authored-By: Sahana Prasad <sahana@redhat.com>
Co-Authored-By: Pavol Žáčik <pzacik@redhat.com>
Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-11-05 17:44:33 +01:00
Praneeth Sarode
f3d70e54e9 tests(string): add tests for ssh_string_from_data function 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-10-10 14:00:22 +02:00
Jakub Jelen
00f1d6fac2 Add RequiredRsaSize configuration option 
to both client and server configuration file

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-10-01 16:06:43 +02:00
Praneeth Sarode
8541b6584f test(buffer): add unit tests for ssh_buffer_dup function 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-09-25 15:04:18 +02:00
Jakub Jelen
6ca59307d4 Add non-namespaced alias sntrup761x25519-sha512 that is being standardized 
The specification is now in the last call, data point is allocated so there is
no need to stick to the namespaces alias anymore

https://datatracker.ietf.org/doc/draft-ietf-sshm-ntruprime-ssh/

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-09-10 12:23:08 +02:00
Praneeth Sarode
e8bbd194c7 refactor(pki): Define RSA_MIN_KEY_SIZE and update related checks 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-09-09 12:53:43 +02:00
Jakub Jelen
d1bf9068a9 Use calloc instead of zeroizing structure after malloc 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-06 11:16:58 +02:00
Praneeth Sarode
cc667021e5 tests(pki): add torture tests for security keys 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-08-01 15:28:58 +05:30
Praneeth Sarode
09155adb19 tests(string): add unit tests for ssh_string_cmp function 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 16:06:32 +02:00
Jakub Jelen
82c8bbc504 tests: Add missing header file to unbreak build on freebsd 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-07-24 11:13:35 +02:00
Nicolas Graves
aeb0b2ec6f Add unittests for sshsig functions 
Signed-off-by: Nicolas Graves <ngraves@ngraves.fr>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
 2025-07-10 11:21:44 +02:00
Theo Buehler
ccb8cf88c8 Unbreak torture_config_make_absolute() on OpenBSD 
The torture_config_make_absolute() and its _no_sshdir() version both
segfault on OpenBSD. The reason for this is that the storage returned
by getpwuid() is backed by mmap and is unapped by the getpwnam() call
in ssh_path_expand_tilde(), so a later access to home segfaults. The
possibility of this happening (getpwnam() overwriting values returned
by getpwuid()) is explicitly called out in POSIX.

A simple fix is to work with copies of username and homedir.

Signed-off-by: Theo Buehler <tb@openbsd.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-01 20:50:25 +02:00
Praneeth Sarode
b43392c31d tests(string): add unit tests for ssh_string functions 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-01 20:49:39 +02:00
Nicolas Graves
4135154b6d cmocka_unit_test_setup_teardown: Comply with codespell style. 
Signed-off-by: Nicolas Graves <ngraves@ngraves.fr>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-05-30 20:11:51 +02:00
Lucas Mulling
d758990d39 misc: Fix OpenSSH banner parsing 
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-28 14:56:27 -03:00
Andreas Schneider
bfae56634c tests:unittests: Fix tests on FreeBSD 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-24 10:47:26 +02:00
Jakub Jelen
bd10ec1162 tests: Use fseek instead of rewind to simplify error checking 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-16 17:41:22 +02:00
Jakub Jelen
3b4b8033de tests: Make the static ananlyzers happy with the threads 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-16 17:41:22 +02:00
Praneeth Sarode
344235c954 fix(tests): improve synchronization in torture_forwarded_tcpip_callback tests 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-16 14:49:40 +02:00
Jakub Jelen
b14018ecab tests: Do not build zlib test when built without 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-15 16:15:52 +02:00
Jakub Jelen
184dad101d Move the PKCS#11 provider environment variable where it needs to be 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-15 16:15:52 +02:00
Praneeth Sarode
f3b389d112 tests: add unit test for direct-tcpip channel open request 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-07 14:02:41 +02:00
Praneeth Sarode
8c8d3ceef7 tests: add unit test for forwarded-tcpip callback 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-07 10:57:21 +02:00
Praneeth Sarode
d92a057090 tests: fix torture_server_x11 and add it to tests 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-01 10:19:14 +02:00
Jakub Jelen
a25f9d211d tests: Fix variable names to avoid codespell issues 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
3a52bf1679 tests: Reproducer for graceful failure on ignored Match arguments 
https://gitlab.com/libssh/libssh-mirror/-/issues/291#note_2376323499
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
f7bdd779d6 config: Be less strict when parsing unknown Match keywords 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
c1a7de78d1 tests: Add PKCS#11 URI tests with Ed25519 keys 
This will work only with pkcs11 provider. Not tested with engines.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
9735f074ba tests: Skip Ed25519 keys in FIPS mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
f14568262a tests: Update PKCS#11 tests to follow global verbosity 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
8922e43578 tests: Improve logging on failures in ed25519 test 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
7f045e2d91 tests: Unit test nested quotes 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-11 13:20:20 +01:00
Jakub Jelen
2b916b3b88 tests: Reformat test list 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-11 12:17:34 +01:00
Jakub Jelen
a10553ae57 Reproducer for #291 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-11 12:17:34 +01:00
Jakub Jelen
0cda1c0e83 bignum: Make sure the padding is large enough for the number 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Simon Josefsson
4becc8eb82 kex: Add sntrup761x25519-sha512@openssh.com. 
All of the initial work was done by Simon. Jakub cleaned up the
formatting issues, resolved the padding of bignum to match specs
and be interoperable with OpenSSH (and few more minor details).

Closes: #194.

Signed-off-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Simon Josefsson
7e3263d995 tests: Check buffer bignum behaviour. 
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Simon Josefsson
16fd55b4b2 tests: Check ssh_make_padded_bignum_string. 
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Andreas Schneider
e9b76ff1bd torture_config: Use getpwuid() instead of env variables 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-15 13:24:41 +01:00
Andreas Schneider
e9046fc069 torture_misc: Do not rely on environment variables 
The safest way is to use getpwuid().

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-15 13:22:38 +01:00
Jakub Jelen
e795849299 tests: fix spelling error 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-01-13 17:00:42 +01:00
Jakub Jelen
8bf908a56f tests: Make sure to pass right type to buffer_pack 
For some reason, the mingw64 builds were failing on these inputs quite reliably
as the passed value was interpretted as a value larger than UINT32_MAX.

This was not caught before because the value is casted from size_t to uint32_t
implicitly so the MSBs were not affecting the result.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-01-03 15:18:53 +01:00
Jakub Jelen
b7018c17c7 Fix implicit type conversions and warnings on windows builds 
The visual studio windows builds spit dozens of lines of warnings
on these.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-01-03 15:18:53 +01:00
Jakub Jelen
a15c977cdc tests: Test vectors for related documentation 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-01-02 11:39:18 +01:00
Jakub Jelen
874b75429f tests: Fix random failure on too fast systems 
On mingw we are frequently getting a failure like this:

[  ERROR   ] --- 451 is not within the range 1-450

This means the 50ms sleep did not manage to elapse the 50ms in the timeout
structure. Extending the range to 460 will give use more wiggle room if the
clock is not as it should be.

Related: #273
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2024-12-20 10:29:08 +01:00
Andreas Schneider
2966a4a33c tests: Call disable_secmem() before ssh_init() 
ssh_init calls ssh_crypto_init() which initializes the secure memory of
gcrypt. Those should actually be just called by the application once.
Lets do that.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-12-03 15:19:51 +01:00
Andreas Schneider
867630750c tests: Reformat cmocka_unit_test calls in torture_threads_pki_rsa.c 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-12-03 15:19:51 +01:00