shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 04:40:31 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,109 Commits 12 Branches 62 Tags
628b529a91c30bde22d9bb774aa5c1476cecdfbe
Commit Graph

4109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakub Jelen
628b529a91 Revert "pkd: Generate host keys in old format" 
This is no longer needed since libssh can read the private keys
in new OpenSSH format.

This reverts commit 100c9c98ce.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2307be32cf)
 2018-09-18 10:17:32 +02:00
Jakub Jelen
7e25963130 tests: Verify the keys loaded from new OpenSSH format 
This runs the same test that are ran on the legacy PEM files
also with the new OpenSSH key files.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit eaaa4131de)
 2018-09-18 10:17:32 +02:00
Jakub Jelen
91d8f1a256 pki: Allow reading keys in new OpenSSH format 
This implements reading the OpenSSH key format accross the
cryptographic backends. Most of the code is shared and moved
to pki.c, just the building of the keys is implemented in
pki_privkey_build_*() functions.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 39102224b2)
 2018-09-18 10:17:31 +02:00
Jakub Jelen
61dcc023b0 tests: Provide testing keys also in OpenSSH format 
This extends the torture API to provide a way to request
keys in different formats. This extends the keys with
private keys in the new OpenSSH format (default since
OpenSSH 7.8).

This also needs modifications to the ed25519 tests, which
do not support PEM format and expected the new format out of the
box.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e365aed6d2)
 2018-09-18 10:17:31 +02:00
Jakub Jelen
4468a78ee2 pki: Use unpack to simplify public key reading 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d23bda8181)
 2018-09-18 10:17:31 +02:00
Jakub Jelen
8f18063b6d buffer: Make sure unpack of secure buffers securely cleans up 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 86d521cbe7)
 2018-09-18 10:17:31 +02:00
Andreas Schneider
a167faee3e libmbedcrypto: Fix creating evp hash 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 856dc698a9)
 2018-09-18 10:17:31 +02:00
Jakub Jelen
0e8f6aaee5 buffer: Reformat ssh_buffer_get_ssh_string 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4d09c6dc31)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
f0a1b94d0d tests: Use stdbool for with_passphrase argument 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 03a66b8599)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
5d1ddf5920 pki_crypto: Clarify that memory passed with set0 is managed by openssl objects 
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c04eac40f3)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
152ae623c2 pki_mbedcrypto: pki_pubkey_build_rsa: properly clean up on error 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8cc0672c0c)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
e7bd9d02bc pki: Initialize pointers to NULL 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8f7214a584)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
9196639940 tests: Drop duplicate ed25519 key creation 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 9d2de880ec)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
786d7e39a3 buffer: Fix typo 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 039c066da5)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
c33710d112 tests: Verify the pubkey authentication works with ECDSA keys 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 6efbf7a30e)
 2018-09-17 19:00:31 +02:00
Andreas Schneider
a14a80f35f auth: Fix ecdsa pubkey auth 
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit e5170107c9)
 2018-09-17 19:00:31 +02:00
Andreas Schneider
0389ff6d9d tests: Do not call sftp_canonicalize_path() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 30df04a8a5)
 2018-09-17 19:00:31 +02:00
Andreas Schneider
8954fccfdb tests: Add a sftp benchmark test for write/read 
The tests writes and reads a file of 128M.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aaca395bd3)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
332df98fc9 sftp: Move the packet payload to the message 
This reduces memory allocations and copying.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0762057eb9)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
d4cc3f69c6 sftp: Use SSH_BUFFER_FREE in sftp_message_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 57153f6481)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
534c58c475 sftp: Reformat sftp_message_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4c32befd93)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
84fd910423 sftp: Allocate a new buffer in sftp_packet_read() if needed 
We will move the buffer to the message instead of duplicating the
memory.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit be8302e2f3)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
d51f77c2b1 sftp: Reformat sftp_read_and_dispatch() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 97d2e1f4cb)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
47376cbc77 sftp: Validate the packet handle before we allocate memory 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 12fc0ea1bf)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
85c3db3e89 sftp: Reformat sftp_get_message() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 573eab0d51)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
3f8a522c7f sftp: Use bool for is_eof in sftp_packet_read() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0e317e612f)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
eb08802b7c sftp: Use 's' only in the scope it is needed 
This revaled a bug when reading the packet type.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 01135703a3)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
dc587045bf sftp: Use 16K for the transfer buffer size 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c070414309)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
9b495b72c5 sftp: Get the packet type directly from the buffer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d2cc4eccc7)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
2ce6c56609 sftp: Limit packet size to 256 MB 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 38781f69b0)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
9caef95899 sftp: Directly read and validate the packet size from the bufffer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit dc4faf9952)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
66c2630aaf sftp: Use read_packet from sftp handle 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cbbc6ddcb6)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
b8f63ee2df sftp: Simplify the code for reading data 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a7456bf4d5)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
68adb49996 sftp: Reformat sftp_packet_read() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit afc14fe003)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
12e94bfd18 sftp: Keep a ssh_packet for reading in the sftp handle 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 79a3fcac72)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
4fc3d7a27f sftp: Remove ZERO_STRUCTP from sftp_free() 
The structure doesn't hold any sensitive data and this would be
optimized away anyway.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 945afaa6b4)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
466bb332c1 sftp: Reformat sftp_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d840a05be3)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
ff25b45367 sftp: Reformat sftp_new() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 662c30eb72)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
df83f4fb57 include: Add SSH_BUFFER_FREE 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 29b5477849)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
5bda3ab9f6 cmake: Correctly detect if glob has gl_flags member 
Thanks to Baruch Siach.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2e8f2f03e7)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
9a057159a2 config: Fix size type 
src/config.c:562:12: error: assuming signed overflow does not occur when
    simplifying conditional to constant [-Werror=strict-overflow]

         if (args < 1) {
            ^

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ceecd3fd6f)
 2018-09-06 09:25:05 +02:00
Andreas Schneider
9c0875dd5d cmake: Use -Wpedantic and remove -pedantic-errors 
We get -Werror if -DPICKY_DEVELOPER=ON is set.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bfd33ecf29)
 2018-09-06 09:25:03 +02:00
Jakub Jelen
1fa5a2a504 tests: UsePrivilegeSeparation has no effect since OpenSSH 7.5 
Additionally, we can already work around the privilege separation.

http://www.openssh.com/txt/release-7.5

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 56317caafc)
 2018-09-05 21:57:40 +02:00
Jakub Jelen
a08a2f52fb tests: Do not trace sshd 
OpenSSH's sshd does not work well under valgrind so lets avoid tracing it.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ca4fb9c6f8)
 2018-09-05 21:57:38 +02:00
Andreas Schneider
21d37f8605 cmake: Move CompilerFlags to own file 
They need to be included before the project() call.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 91800eb243)
 2018-09-05 21:57:35 +02:00
Andreas Schneider
e43586b4de cmake: Update defaults 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2923ad59f9)
 2018-09-05 21:57:24 +02:00
Jakub Jelen
dc7e1bdb39 tests: Verify the Match keyword from configuration file 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 556ad59a5a)
 2018-09-05 12:39:02 +02:00
Jakub Jelen
03d559b066 tests: No need to restore log level now 
Since the verbosity is now set from the setup phase, we do not
need to reset the verbosity, especially not to any arbirary value
such as WARNING.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fcb203cb2d)
 2018-09-05 12:39:02 +02:00
Jakub Jelen
3191c1f6be tests: Use global verbosity in tests 
This allows adjusting the log level of config and options tests using
environment variable LIBSSH_VERBOSITY as it works in most of the other
tests.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6dbcc21921)
 2018-09-05 12:39:02 +02:00
Jakub Jelen
d46f01cb7c tests: Missing unlink 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2eccd04ff6)
 2018-09-05 12:39:02 +02:00