lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-09 15:41:10 +03:00
Code Activity
6,080 Commits 12 Branches 62 Tags
fe53cdfabdc82fd8bd50d263a653a15d9439b79c
Commit Graph

6080 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakub Jelen
aa1e136ea3 session: Avoid memory leak of agent_socket from configuration file 
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48268

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-08 10:11:16 +02:00
Jakub Jelen
a07ec441fd fuzz: Do not expect the channel open and request succeed 
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45109
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-08 10:11:15 +02:00
Jakub Jelen
5dd8c03b3a Do not accept too long inputs that fill socket buffers 
There are long-standing issues with fuzzing, which cause the send() not writing
all the provided bytes and causing the fuzzer driver to crash. This can be
simply solved by limiting the input size to reasonably large value.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21967

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-08 10:11:14 +02:00
Jakub Jelen
33bcd8e81c fuzz: Reformat 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-08 10:11:13 +02:00
Norbert Pocs
4d96c667bc gitlab-ci: Enable environment variable in centos9 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-08-03 19:42:27 +02:00
Norbert Pocs
2e8e666b1d torture.c Add environment variable to server fork 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-08-03 19:42:26 +02:00
Jakub Jelen
66be590657 tests: Refactor and provide plain PKCS8 PEM format 
This also allows testing mbedtls with the PKCS8 PEM files

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Jakub Jelen
f193e6840d examples: Update keygen2 example to show fingerprints 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Jakub Jelen
0982715bb5 curve25519: Do not check for openssl functions when other crypto backend is used 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Jakub Jelen
ebeee7631d pki: Do not check for DSA headers when DSA is not built in 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Jakub Jelen
aca482a5a5 mbedcrypto: Refactor PEM parsing 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Jakub Jelen
355e29d881 session: Initialize pointers 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Anderson Toshiyuki Sasaki
163951d869 init: Free global init mutex in the destructor on Windows 
Fixes: #57 (T238)

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-08-02 15:43:35 +02:00
Norbert Pocs
84df28ee31 .gitlab-ci: Add centos9 image 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-28 15:55:58 +02:00
Norbert Pocs
224298a4d0 .gitlab-ci: Remove remaining rawhide lines 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-28 15:55:58 +02:00
Jakub Jelen
8f6b283582 Try to describe our coding style using clang-format 
How to use:

Install 'git-format-clang' which is part of the clang suite (Fedora:
git-clang-format, openSUSE: clang-tools).

Now do your changes and stage them with `git add`. Once they are staged
format the code using `git clang-format` before you commit.

Now the formatting changed can be viewed with `git diff` against the
staged changes.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-19 16:06:43 +02:00
Jakub Jelen
c09b02c573 Move digest functions into separate file 
The external ed25519 requires also the sha512 functions to work.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-19 15:21:50 +02:00
Jakub Jelen
0da54f2908 Build external override library with all symbols 
The curve25519 depends on ssh_get_random, which is normally built into libssh.
For the external override tests to build, we need to have them in separate
source file that can be included for this test.

For some reason, this did not happen on CI builds, but it did happen in koji
during RPM builds.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-19 15:21:50 +02:00
Andreas Schneider
b42e9a19a3 packet: Check hmac return codes in ssh_packet_hmac_verify() 
CID #1490530

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-14 13:09:25 +02:00
Andreas Schneider
e27ee9d0a4 packet: Use consistent return codes in ssh_packet_hmac_verify() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-14 13:08:57 +02:00
Andreas Schneider
4a7791b784 packet: Reformat ssh_packet_hmac_verify() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-14 13:08:27 +02:00
Norbert Pocs
9a4c5203af Make it work with openssl3.0 
The KDF was changed in the new API, fetching the algorithm first
then creating the context using it.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-12 11:30:24 +02:00
Norbert Pocs
8343a43edc Change cmake files for new openssl API 
The new API does not provide EVP_KDF_CTX_new_id function, insted
it works with EVP_KDF_CTX_new and fetching the algorithm.
Adding a check for both to make it work with the new API too.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-12 11:17:45 +02:00
Norbert Pocs
964df4dc29 torture_options: Add test for '@' in login name 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-12 10:44:27 +02:00
Norbert Pocs
bb5f7e2707 options: Parse hostname by last '@' 
The login name can have '@' char in it

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-12 10:44:27 +02:00
Norbert Pocs
e53a2711d3 bind.c: Add missing size constant to err_msg 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-12 10:41:50 +02:00
Andreas Schneider
a0c0efaf2e gitlab-ci: Drop the rawhide runner 
Fedora 36 is using OpenSSL 3.0 now.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-08 12:57:51 +02:00
Andreas Schneider
21ef488121 tests: Setup Leak Sanitizer suppressions for OpenSSL 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-08 12:57:51 +02:00
Andreas Schneider
0128ed0d2c cmake: Build curve25519_ref.c if we build with libgcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-08 09:09:18 +02:00
Andreas Schneider
6a25f07777 pki: Fix building pki_ed25519.c with libgcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-08 09:09:14 +02:00
Andreas Schneider
cc0939df73 src: Fix building curve25519 with libgcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-08 08:59:09 +02:00
Andreas Schneider
eccedf8f79 cmake: Bump version to 0.10.90 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 15:54:40 +02:00
Andreas Schneider
ced93a09d1 Bump version to 0.10.0 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-07 15:27:23 +02:00
Andreas Schneider
3cff0eaa25 Update CHANGELOG for 0.9 changes 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-07 15:19:49 +02:00
Andreas Schneider
51c7816bea Rename ChangeLog 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-07 15:19:49 +02:00
Norbert Pocs
11a7c7b45b libgcrypt: Remove useless comparison 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
78d109596c pki_crypto: Fix segfault error when pkcs11 
EVP_PKEY_dup can't be used with ENGINE generated keys and
the key can't be freed because it is passing the main key
from the struct.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
b80ad81d8e .gitlab-ci: Add fedora rawhide to gitlab CI 
Rawhide has openssl 3.0 support which can test the new changes.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
20c13a2c76 Change const bignum to bignum 
Openssl3.0 API retrieves bignum variables from a key.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
a9dddd89aa Use EVP_PKEY as a key type in key structs 
Merge multiple key variables into one variable.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
7792d38157 Port functions to openssl3.0 
Remove usage of deprecated functions.
Exceptions are:
  - pkcs11 (no openssl provider support yet)
  - ec (no support for uncompressed EC keys
    https://github.com/openssl/openssl/pull/16624)

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
fdf518435c Define EC name constants for openssl3 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
debd0ea4d3 Update HMAC function parameter type 
New openssl API, libmbedtls, libgcrypt use size_t for
HMAC len pameter.

New helper functions were added in libcrypto.c to avoid
code duplication. (the header pki.h is needed for this
reason)

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Jakub Jelen
51c940adc9 misc: FreeBSD compatible strerror_r usage 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:38:09 +02:00
Norbert Pocs
d30cf11cb6 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
e5bc5ffd04 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
4b92d48085 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
a2a037a821 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
4719c09e6a Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
4f09bb3660 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00