Merge ssh_key_type_from_signature_name() and ssh_key_hash_from_name()
into a single function ssh_key_type_and_hash_from_signature_name() to:
- Avoid double string comparisons on the same algorithm name
- Return SSH_ERROR on unknown/NULL input instead of silently returning SSH_DIGEST_AUTO
- Use strlen() before strcmp() to short-circuit string comparisons.
Handle GSSAPI "null" hostkey case in wrapper.c.
Add unit tests for the new function.
Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/355
Signed-off-by: Haythem666 <haythem.farhat@epfl.ch>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Implement support for the SSH2_AGENTC_REMOVE_IDENTITY
agent protocol message.
The implementation mirrors ssh_agent_sign_data()
and reuses agent_talk(). A single cleanup path is
used to ensure proper resource handling.
Signed-off-by: Madhav Vasisth <mv2363@srmist.edu.in>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
All newly reported leaks are categorized as
reachable and they mostly relate to global
variables in krb5 which are free'd before
each re-initialization.
Fixes#352.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add torture_server_sftp_opendir_handles_exhaustion test that
exercises the error path in process_opendir() when all SFTP
handles are occupied. This covers the memory leak fix for
h->name that was missing in the sftp_handle_alloc() failure path.
The test exhausts all 256 handle slots with sftp_open(), then
verifies that sftp_opendir() fails gracefully without crashing
or leaking memory.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This adds a new test suite 'torture_tinyssh' that verifies interoperability with the TinySSH server using various key exchange methods.
Fixes#271
Signed-off-by: Bulitha Kawushika De Zoysa <bulithakaushika99@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Changes also the reading of known_hosts to use the new helper function
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The specially crafted patterns (from configuration files) could cause
exhaustive search or timeouts.
Previous attempts to fix this by limiting recursion to depth 16 avoided
stack overflow, but not timeouts. This is due to the backtracking,
which caused the exponential time complexity O(N^16) of existing algorithm.
This is code comes from the same function from OpenSSH, where this code
originates from, which is not having this issue (due to not limiting the number
of recursion), but will also easily exhaust stack due to unbound recursion:
05bcd0cadf
This is an attempt to simplify the algorithm by preventing the backtracking
to previous wildcard, which should keep the same behavior for existing inputs
while reducing the complexity to linear O(N*M).
This fixes the long-term issue we had with fuzzing as well as recently reported
security issue by Kang Yang.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
When we use empty configuration file, some stuff go south in c10s
and for example fips mode detection does not work anymore.
Providing minimal configuration file avoids the issues of loading
the provider too early, while keeping fips mode activation working
and tests happy.
It also configures the pkcs11-provider to assume the token provides
FIPS approved crypto so the tests can work.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The maximal lenght of unix domain socket path is 108 characters. When
the build directory (and UID wrapper home directories) are too deep
in the filesystem, OpenSSH will fail to create the socket file,
which is failing this test.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
without explicitly setting the algorithms, they might be set by
some other configuration file, for example crypto policies pulled
from `/etc/libssh/libssh_server.config` during RPM build.
Log also the generated configuration file and change the other case
to use standard logging mechanism instead of fprintf.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
