Andreas Schneider
3d2d777e26
torture: Fix a warning
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 2bd65015
2018-10-05 12:09:45 +02:00
Aris Adamantiadis
8520adf609
osx: fix compilation
...
(cherry-picked from commit 886fdc8b
2018-10-05 12:09:45 +02:00
Justus Winter
c0be59f876
tests: Make test suite work out of the box on Debian
...
* tests/torture.c (torture_setup_create_sshd_config): Rework how the
location of the sftp server is discovered, and add the Debian-specific
location.
Signed-off-by: Justus Winter <justus@g10code.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit e37fd832
2018-10-05 12:09:45 +02:00
Andreas Schneider
2983b21996
torture: Fix ssh version detection
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit de309c51
2018-10-05 12:09:45 +02:00
Andreas Schneider
88ae595583
torture: Set sshd debug level to DEBUG3
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 06343074
2018-10-05 12:09:45 +02:00
Andreas Schneider
a228c3f728
torture: Also write stderr to a file
...
This allows to capture debug information of the wrappers.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit c365ff3d
2018-10-05 12:09:45 +02:00
Andreas Schneider
53ed121a9c
torture: Add additional sftp-server path for BSD
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 1bbfe058
2018-10-05 12:09:45 +02:00
Andreas Schneider
5a1ebdec9d
tests: Wait for sshd to start before connecting
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit a3557b81
2018-10-05 12:09:45 +02:00
Andreas Schneider
bf2a33b21e
tests: Turn on PAM support in sshd with pam_wrapper
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 7aa84318
2018-10-05 12:09:45 +02:00
Andreas Schneider
130194aa0e
torture: Improve process termination function
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 0e98f121
2018-10-05 12:09:45 +02:00
Andreas Schneider
1ebfd3834a
tests: Support other openssh versions ...
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 6e7eae96
2018-10-05 12:09:45 +02:00
Andreas Schneider
1eeeace975
cmake: Configure nss_wrapper and uid_wrapper
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 21b0d29e
2018-10-02 16:35:28 +02:00
Andreas Schneider
73ebcb3ab8
torture: Start sshd as root
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit a30d16c4
2018-10-02 16:35:08 +02:00
Andreas Schneider
bd7b509278
torture: Enable old host key algos for testing
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit c1fb9483
2018-10-02 16:34:49 +02:00
Andreas Schneider
652acbeb21
torture: Enable old cipher and kex algos in sshd
...
We need to test them, so enable them in the sshd.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit dd0d04ae
2018-10-02 16:34:23 +02:00
Andreas Schneider
96e04d4691
torture: Create a torture_terminate_process() function
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit ae89b6c0
2018-10-02 16:34:02 +02:00
Andreas Schneider
7113074ae4
torture: Add torture_teardown_sshd_server().
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 14f1ce2e
2018-10-02 16:33:40 +02:00
Andreas Schneider
2db325eb74
torture: Restrict files to we write to our user.
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 62b0f58d
2018-10-02 16:33:18 +02:00
Andreas Schneider
9937d0b552
torture: Add function to setup sshd server
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit c3f963e7
2018-10-02 16:32:45 +02:00
Andreas Schneider
ae3e2a19c8
torture: Add torture_teardown_socket_dir().
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit fd09c4cb
2018-10-02 16:32:04 +02:00
Andreas Schneider
3567524fb2
torture: Add torture_setup_socket_dir().
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 13f68fc2
2018-10-02 16:31:32 +02:00
Andreas Schneider
4814c188eb
tests: Add ssh host keys for test environment.
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit c2d63627
2018-10-02 16:31:16 +02:00
Andreas Schneider
a317188cb7
cmake: Search for cwrap and sshd.
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 6596d27e
2018-10-02 16:29:17 +02:00
Andreas Schneider
1d4151e51f
libcrypt: Add missing header for compat
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-30 14:10:32 +02:00
Andreas Schneider
c228fa7631
pki: Fix duplicating ed25519 public keys
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 816234350d
2018-06-29 17:18:12 +02:00
Andreas Schneider
9658d36087
kex1: Add missing NULL check in make_rsa1_string()
...
CID 1388445
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c705fb6e3b
2018-06-29 17:17:27 +02:00
Nikos Mavrogiannopoulos
bbaa3dc869
kex1: Use libcrypto-compat.h for RSA_get0_key with OpenSSL
...
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit a95bc8a016
2018-06-29 17:17:03 +02:00
Andreas Schneider
4f10d6cd57
kex1: Fix building with OpenSSL 1.1+
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 8d65edb41f
2018-06-29 17:16:49 +02:00
Meng Tan
2209fcace3
Set channel as bound when accepting channel open request
...
Signed-off-by: Meng Tan <mtan@wallix.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit f19158cadf
2018-06-29 17:16:06 +02:00
Andreas Schneider
a1847660a3
pki: Fix random memory corruption
...
Fixes T78
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 1444ae5add
2018-06-29 17:12:46 +02:00
Jon Simons
e2b48dc662
libcrypto: fix resource leak in hmac_final
...
Fix a resource leak in `hmac_final`: say `HMAC_CTX_free` instead
of `HMAC_CTX_reset`. This matches the error handling as done in
`hmac_init`. Introduced with cf1e808e2fhttps://red.libssh.org/issues/252 .
Cherry-picked from a64ddff3fejon@jonsimons.org >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jon Simons
1a5b6ac472
libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0
...
On older OpenSSL versions, the EVP_MD_CTX fields within an HMAC_CTX
structure are contained inlined (change here [1]): be sure to not
try to free those fields on those builds.
Found running the `pkd_hello` test with:
valgrind ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default
^ valgrind will cite "Invalid free() ..." errors which are present
before this fix and absent after, when building with OpenSSL 1.0.1.
[1] 6e59a892db25384e9558jon@jonsimons.org >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Andreas Schneider
0dd7a963a9
cmake: Only build libcrypto and libcrypto-compat when needed
...
This also fixes the gcrypt build.
Cherry-picked from 2f6a866373asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Andreas Schneider
1642cec280
cmake: Use configure check for CRYPTO_ctr128_encrypt
...
Cherry-picked from 3daf1760a1asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
2f1c6668e7
pki_crypto: Use getters and setters for opaque keys and signatures
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from 3341f49a49jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
fbeecf388c
libcrypto: Use a pointer for EVP_MD_CTX
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from 607c671f67jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
7933756b5a
libcrypto: Use newer API for HMAC
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from cf1e808e2fjjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
837e367d2d
libcrypto: Introduce a libcrypto compat file
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from b6cfde8987jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
f81c3ada9c
libcrypto: Remove AES_ctr128_encrypt()
...
This is for OpenSSL 1.1.0.
Cherry-picked from d73f665eddjjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Artyom V. Poptsov
83663895f4
config: Bugfix: Don't skip unseen opcodes
...
libssh fails to read the configuration from a config file due to a
wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
effectively skipping every opcode (and therefore every option) from
the file. The change fixes that behaviour.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 5333be5988
2018-06-29 17:08:54 +02:00
Andreas Schneider
239d0f75b5
messages: Do not leak memory of previously allocated answers
...
Found by ozz-fuzz
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 7c79b5c154
2017-04-25 16:21:11 +02:00
Andreas Schneider
d88cc720fb
messages: Do not leak memory if answeres had been allocated previously
...
Found by ozz-fuzz
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 5eb41492c4
2017-04-24 13:28:17 +02:00
Andreas Schneider
ee13becf9c
messages: Do not leak memory if answered had been allocated previously
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c78c6c6542
2017-04-21 11:14:51 +02:00
Andreas Schneider
95b2dbbeca
misc: Validate integers converted from the SSH banner
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1181
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit d5d8349224
2017-04-21 11:14:46 +02:00
Andreas Schneider
02c0a3b99b
messages: Fix memory leaks in the ssh_packet_global_request callback
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1208
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 67a2ba6f99
2017-04-21 11:14:42 +02:00
Andreas Schneider
419731a189
auth: Use calloc in ssh_userauth_agent_pubkey()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 79437fa0c9
2017-04-21 11:14:39 +02:00
Peter Volpe
2ac987bce9
session: Free session->kbdint in ssh_free()
...
Makes sure we free pending keyboard auth prompts
so prompts that have not be replied to do not leak.
Signed-off-by: Peter Volpe <pvolpe@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 76ba2b0055
2017-04-20 17:04:54 +02:00
Andreas Schneider
0588cbf9d4
Bump version to 0.7.5
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2017-04-13 16:33:04 +02:00
Andreas Schneider
a7cce77550
buffer: Validate the length before before memory allocation
...
Check if the size the other party sent is a valid size in the
transmitted buffer.
Thanks to Alex Gaynor for finding and reporting the issue.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 68b7ca6e92
2017-04-13 16:28:18 +02:00
Andreas Schneider
5e63b40cde
buffer: Create ssh_buffer_validate_length()
...
This functions allows if a given length can be obtained from the buffer.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c165c396de
2017-04-13 16:27:33 +02:00
