shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 21:00:33 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,465 Commits 12 Branches 62 Tags
154eb9191408a63483481efeafa633d3b467da18
Commit Graph

1800 Commits

Author SHA1 Message Date
Aris Adamantiadis
154eb91914 dh: move state changes inside DH code 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:56:23 +01:00
Aris Adamantiadis
9c88769707 dh: Do some basic refactoring 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:56:23 +01:00
Aris Adamantiadis
a6c47099b7 buffer: Support bignums in ssh_buffer_unpack() 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:53:22 +01:00
Aris Adamantiadis
2f8239ade3 mbedcrypto: fixed nasty RNG bugs 2019-01-24 11:53:22 +01:00
Aris Adamantiadis
afe2673cfa bignum: harmonize gcrypt, libcrypto and libmcrypt bignum 
Ensure most of the abstraction around the 3 libs are consistent.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:04:44 +01:00
Aris Adamantiadis
43a4f86b6e dh: move unrelated functions out of dh.c 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 09:34:18 +01:00
Aris Adamantiadis
e42a423a24 kex: use runtime callbacks (server) 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 09:19:59 +01:00
Aris Adamantiadis
602a1defea kex: use runtime callbacks (client) 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 09:11:30 +01:00
Andreas Schneider
e91e221d02 pcap: Correctly initialize sockaddr_in in ssh_pcap_context_set_file() 
Error: CLANG_WARNING:
src/pcap.c:329:22: warning: The left operand of '!=' is a garbage value

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-22 13:12:25 +01:00
Andreas Schneider
79fe88bfb8 pcap: Reformat ssh_pcap_context_connect() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-22 13:12:25 +01:00
Andreas Schneider
86849c0883 bind: Check for POLLRDHUP on the server if available 
This is a feature on modern Linux.

Thanks to Ludovic Courtès <ludo@gnu.org> for the pointer.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-15 15:44:50 +01:00
Andreas Schneider
0e9add9a89 bind: Reformat ssh_bind_get_poll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-15 15:44:48 +01:00
Marcin Szalowicz
4b4fb638f8 Fix cleaning up HMAC context for openssl < 1.1 remove old compatibility code for openssl < 0.9.7 
Signed-off-by: Marcin Szalowicz <marcin.szalowicz@oracle.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-11 15:56:02 +01:00
Andreas Schneider
0170ed8883 socket: Set socket error to get better error messages 
We do not want an error for ssh_socket_close() here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:50:24 +01:00
Andreas Schneider
de54a88ee1 poll: Return early for timeout and count every revent 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:50:24 +01:00
Andreas Schneider
51f035aa3f poll: Do not generate SIGPIPE with recv() in bsd_poll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:50:24 +01:00
Andreas Schneider
edc7b96b2f poll: Improve checks for POLLHUP and POLLERR 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:50:21 +01:00
Andreas Schneider
ab269f036e poll: Zero (read|write|expect)fds in bsd_poll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:43:39 +01:00
Andreas Schneider
4512a3fead poll: Reformat bsd_poll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:43:37 +01:00
Andreas Schneider
fc840d8d69 poll: Fix size type 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:42:43 +01:00
Andreas Schneider
0e7a962417 poll: Reformat ssh_poll_ctx_dopoll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 15:42:33 +01:00
Jakub Jelen
531b80a60b kex: List also the SHA2 extension when ordering hostkey algorithms 
By default, the list of already stored known host types is preferred,
but this selection so far ignored the SHA2 extension and excluded these
keys in the KEXINIT list leading to not using this extension if not
explicitly enabled from configuration.

This commit extends the default list with the SHA2 signatures algoritms
and compares only base types so they can be listed in the KEXINIT list.

This adjust the tests to expect the full list of algorithms to pass.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:18:05 +01:00
Jakub Jelen
27fe60954c server: Correctly handle extensions 
If the server had an RSA host key, it provided unconditionally SHA2
signatures without consulting the client proposed list of supported host
keys.

This commit implements more fine-grained detection of the extension
to provide the client with valid signatures according to RFC 8332
Section 3.1.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:17:31 +01:00
Jakub Jelen
ca62632170 dh: Make sure we do not access uninitialized memory 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 13:16:50 +01:00
Jakub Jelen
7e41d08f26 packet: Dump also the packet type 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:31:49 +01:00
Jakub Jelen
bfff7db5ff options: Update documentation for rekey limits 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:31:49 +01:00
Jakub Jelen
58cae2366a packet: Implement rekeying based on the recommendation from RFC's 
The default rekeying recommendations are specified in
RFC4344 Section 3 (First and Second Rekeying Recommendations).
Additionally, the rekeying can be specified in configuration
file/options allowing us to turn the rekeying off, base it
on time or make it more strict.

The code is highly inspired by the OpenSSH rekeying code.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:31:49 +01:00
Jakub Jelen
c86a00d06b packet: Provide a function to switch crypto in separate directions 
This also fixes the test using the crypto directly

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:31:45 +01:00
Jakub Jelen
8e0c047031 packet: Introduce a new function to access crypto 
And remove most of the direct access to the structure throughout the code

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
8d90266661 server: Reformat ssh_auth_reply_success 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
836982358a packet: Adjust the packet filter to allow client-initialized rekey 
If the rekey is initialized by client, it sends the first KEXINIT
message, changes to the INIT_SENT state and waits for the KEXINIT
message from the server. This was not covered in the current filter.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
a61368a06a packet: Prepare counters to handle rekeying limits 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
1a92c4bc64 config: Parse rekey limits and apply them 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
e973f95b37 options: Introduce new options for handling rekey limits 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
81fdb574e7 packet: Write also incoming packets to .pcap files 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
fff2e85ab2 pcap: Reformat ssh_pcap_context_write() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
1be9618f4e kex: Correctly check for the rekey (amends 83f2ac4a) 
This is more reliable fix than 83f2ac4a, which was failing for the
server initialized rekeying, because the session_state is altered
by receiving the KEXINIT from server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Andreas Schneider
b26ca652f5 client: Happy new year! 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-05 13:18:12 +01:00
Andreas Schneider
9f1718e159 Revert "sftp: Set error if invalid session pointer is passed to sftp_new()" 
This reverts commit d011b780c3.
 2019-01-05 13:17:32 +01:00
Andreas Schneider
d011b780c3 sftp: Set error if invalid session pointer is passed to sftp_new() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-04 13:31:34 +01:00
Andreas Schneider
c6460cc955 Bump SO version to 4.7.3 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-24 07:58:20 +01:00
Andreas Schneider
dea6fe3d89 crypto: Disable blowfish support by default 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2018-12-19 14:57:29 +01:00
Andreas Schneider
6cd8d4a24a channels: Don't call ssh_channel_close() twice 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-12 18:31:31 +01:00
Jakub Jelen
990794c580 config: Parse ProxyJump configuration option and implement it using ProxyCommand with OpenSSH 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:56:05 +01:00
Jakub Jelen
9128ecf397 options: Copy also the new options 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00
Jakub Jelen
48aede2a31 options: Check for null 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00
Anderson Toshiyuki Sasaki
fe309ba43f packet: Allow SSH2_MSG_EXT_INFO when authenticated 
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO.  This
message was being filtered out by the packet filtering.  This includes a
test to enforce the filtering rules for this packet type.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 16:42:26 +01:00
Andreas Schneider
c3067f8e73 channels: Send close if we received a remote close 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 16:42:22 +01:00
Andreas Schneider
1d5b222cc4 channels: Reformat ssh_channel_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 14:59:21 +01:00
Andreas Schneider
13b9d268d4 channel: Add SSH_CHANNEL_FLAG_CLOSED_LOCAL 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 14:59:21 +01:00