shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 12:50:30 +09:00
Code Issues Packages Projects Releases Wiki Activity
6,256 Commits 12 Branches 62 Tags
8c8d3ceef72d3e7f7ea8288714d935fe49aaa3a4
Commit Graph

6256 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Praneeth Sarode
8c8d3ceef7 tests: add unit test for forwarded-tcpip callback 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-07 10:57:21 +02:00
Praneeth Sarode
0d0ed4b1f8 curve25519: add support for gcrypt's Curve25519 implementation 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-03 11:28:44 +02:00
Arek Ouzounian
8dc234c909 Add clarification to INSTALL for unit testing on Windows via the cmocka dependency 
Signed-off-by: Arek Ouzounian <agouzo777@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-03 11:27:45 +02:00
Praneeth Sarode
2e686c5cea cmake: fix MbedTLS version detection 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-03 11:27:08 +02:00
Jakub Jelen
d3706d5940 Add missing symbol to the map 
This was omitted from the 84d02e74 and caused issues to build when abimap is
not present.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-04-02 10:59:53 +02:00
Praneeth Sarode
d92a057090 tests: fix torture_server_x11 and add it to tests 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-01 10:19:14 +02:00
Jakub Jelen
1434f24911 auth: Avoid forward-null pointer dereference 
This could happen only if the function would really be called with the NULL
session, but this was never the case as the session is dereferenced already on
all code paths toward this place.

This is just to make the scanner happy that the session can not really be NULL
here.

Thanks coverity!

CID 1593926

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-03-31 11:05:37 +02:00
Aditya Sinha
cce600f980 test for ssh_get_kex_algo() 
Signed-off-by: Aditya Sinha <aditya072006@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:10:53 +02:00
Aditya Sinha
95150b1137 Adding the missing Algorithms to ssh_get_kex_algo() function 
Signed-off-by: Aditya Sinha <aditya072006@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:10:52 +02:00
Aditya Sinha
65b2591b91 Reformatting the ssh_get_kex_aglo() function 
Signed-off-by: Aditya Sinha <aditya072006@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:10:51 +02:00
Praneeth Sarode
a5e9529ca7 curve25519: refactor mbedTLS code to remove code duplication 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:04:48 +02:00
Praneeth Sarode
49a355c272 curve25519: Use mbedTLS curve25519 for ECDH, if available 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:04:47 +02:00
David Wedderwille
84d02e7440 kex: Make existing convenience features available 
Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 12:17:42 +02:00
David Wedderwille
0b91ba779c kex: Improved naming of variables. 
Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 12:17:41 +02:00
Yuvraj Saxena
d02163546d fuzz: Add ProxyJump misconfiguration cases to ssh_client_config_fuzzer_corpus 
This commit adds test cases to catch issues where ProxyJump configurations lead to infinite loops or incorrect username usage, as reported in issue #287, and issue #291

Signed-off-by: Yuvraj Saxena <ysaxenax@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 12:14:37 +02:00
AsadaShino
a93e84efb9 authenticate_console:Stop authentication after SSH session disconnection to avoid hanging up in poll 
Signed-off-by: AsadaShino <1164429449@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-20 15:29:59 +01:00
Eshan Kelkar
a59d587060 sftpserver.c: Add support for O_TRUNC while opening files 
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 18:13:52 +01:00
Eshan Kelkar
6c4e4a9e1c torture_sftpserver.c: Add test for O_TRUNC while opening files 
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 18:13:51 +01:00
Abdallah Alhadad
aa681c268e extensions: Host-bound public key authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 17:34:04 +02:00
Abdallah Alhadad
fe381d6aa4 refactor: Extract build_pubkey_auth_request function for public key authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 17:33:57 +02:00
Abdallah Alhadad
1f76cc0c6a reformat: functions related to pubkey authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-15 22:16:46 +00:00
John Thacker
bf2b8954e8 CMake: Add Requires.private information for GSSAPI to .pc file 
Try to find GSSAPI via pkg-config. If found, add the appropriate
module name, depending on the flavor, to the libssh.pc file so that
the pkg-config can report the list of libraries needed when linking
against the static library version of libssh.

Fix #293

Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-12 15:05:57 +01:00
Jakub Jelen
7e3935e7d2 Add timeout extension requirement to the MR template 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-11 14:03:23 +01:00
Jakub Jelen
d38b471fd8 ci: Move MR template from webui to git 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-11 14:03:22 +01:00
Jakub Jelen
735a4368c2 Document the need to extend the CI timeout 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-11 14:03:21 +01:00
Jakub Jelen
a25f9d211d tests: Fix variable names to avoid codespell issues 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
3a52bf1679 tests: Reproducer for graceful failure on ignored Match arguments 
https://gitlab.com/libssh/libssh-mirror/-/issues/291#note_2376323499
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
f7bdd779d6 config: Be less strict when parsing unknown Match keywords 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
8ef249a4a4 config: Fix copy&paste error in error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 14:09:08 +01:00
Praneeth Sarode
d9da8f212d docs: Add section on ABI versioning and symbol management to CONTRIBUTING. 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-04 13:00:27 +01:00
Norbert Pocs
9613e9508d tests/torture_proxyjump: Fix codespell issues 
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-03 11:20:48 +01:00
Norbert Pocs
6b9a6529bd tests: Add torture_proxyjump_multiple_users_sshd_jump with Doe 
Tests proxyjump with two servers and two users.

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-03 11:20:48 +01:00
Norbert Pocs
b14cde6d2a tests: Add multiple server proxyjump testcase 
Tests proxyjump with the same user through two servers.

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-03 11:20:48 +01:00
Norbert Pocs
e01c32f41e tests: Add torture_setup_sshd_servers 
Starts a second sshd. This enables to test proxyjump through
multiple servers.

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-02-28 10:05:12 +01:00
Jakub Jelen
dd6a711354 Use windows-compatible access() function to unbreak windows build 
Fixes up 3372c2ad78 which did not properly check
the included header file.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-27 13:31:35 +01:00
Jakub Jelen
c1a7de78d1 tests: Add PKCS#11 URI tests with Ed25519 keys 
This will work only with pkcs11 provider. Not tested with engines.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
9735f074ba tests: Skip Ed25519 keys in FIPS mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
b2b56151c0 pki: Fail more gracefully when parsing Ed25519 keys in FIPS mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
de7903a633 Do not import Ed25519 keys in FIPS Mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
a089513e40 pki_crypto: OpenSSL 1.1.1 compatible Ed25519 key duplication 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
ec9d7d13fd Use Ed25519 in OpenSSL through the EVP_PKEY API 
... instead of keeping around public and private key blobs.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
f14568262a tests: Update PKCS#11 tests to follow global verbosity 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
257e8eb2c1 tests: Add PEM public Ed25519 key 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
99fcd56135 tests: Remove p11-kit remoting from pkcs11 tests 
The p11-kit remoting was initially introduced because softhsm
was crashing during cleanup with OpenSSL 3.0. This was resolved
since then and this code introduces a lot of complexity and
possible bugs, such as when using the mechanisms from PKCS#11 3.0
that are unknown to the p11-kit remoting tool. It decides to remove
them from the list as demonstrated here:

https://github.com/p11-glue/p11-kit/issues/668

This resulted in pkcs11-provider not registering EDDSA siganture
methods to the OpenSSL and failing when asked to provide a singature
by the Ed25519 key from the PKCS#11 token.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
8922e43578 tests: Improve logging on failures in ed25519 test 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
e36ca61e36 pki: Fix error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
02c092d3d9 pki: Avoid needless assignment 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
520f758902 pki_crypto: Reformat pki_key_compare 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
12b8eed093 pki_crypto: Reformat pki_private_key_to_pem 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Lucas Mulling
3372c2ad78 cmake: Add option WITH_HERMETIC_USR 
Add a cmake option to enable hermetic-usr, i.e., use of config files in /usr/.
If turned on, GLOBAL_*_CONFIG is prepended with /usr/ and defined as
USR_GLOBAL_*_CONFIG. Config lookup follows this path GLOBAL_*_CONFIG ->
USR_GLOBAL_*_CONFIG.

Introduce a ssh_config_parse primitive. This avoids convoluted checks for file
presence (without modifing the behaviour of ssh_config_parse_file) and allows
marking whether the config is global at the call site.

Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-02-27 10:24:42 +01:00