Andreas Schneider
1d4151e51f
libcrypt: Add missing header for compat
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-30 14:10:32 +02:00
Andreas Schneider
c228fa7631
pki: Fix duplicating ed25519 public keys
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 816234350d
2018-06-29 17:18:12 +02:00
Andreas Schneider
9658d36087
kex1: Add missing NULL check in make_rsa1_string()
...
CID 1388445
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c705fb6e3b
2018-06-29 17:17:27 +02:00
Nikos Mavrogiannopoulos
bbaa3dc869
kex1: Use libcrypto-compat.h for RSA_get0_key with OpenSSL
...
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit a95bc8a016
2018-06-29 17:17:03 +02:00
Andreas Schneider
4f10d6cd57
kex1: Fix building with OpenSSL 1.1+
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 8d65edb41f
2018-06-29 17:16:49 +02:00
Meng Tan
2209fcace3
Set channel as bound when accepting channel open request
...
Signed-off-by: Meng Tan <mtan@wallix.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit f19158cadf
2018-06-29 17:16:06 +02:00
Andreas Schneider
a1847660a3
pki: Fix random memory corruption
...
Fixes T78
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 1444ae5add
2018-06-29 17:12:46 +02:00
Jon Simons
e2b48dc662
libcrypto: fix resource leak in hmac_final
...
Fix a resource leak in `hmac_final`: say `HMAC_CTX_free` instead
of `HMAC_CTX_reset`. This matches the error handling as done in
`hmac_init`. Introduced with cf1e808e2fhttps://red.libssh.org/issues/252 .
Cherry-picked from a64ddff3fejon@jonsimons.org >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jon Simons
1a5b6ac472
libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0
...
On older OpenSSL versions, the EVP_MD_CTX fields within an HMAC_CTX
structure are contained inlined (change here [1]): be sure to not
try to free those fields on those builds.
Found running the `pkd_hello` test with:
valgrind ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default
^ valgrind will cite "Invalid free() ..." errors which are present
before this fix and absent after, when building with OpenSSL 1.0.1.
[1] 6e59a892db25384e9558jon@jonsimons.org >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Andreas Schneider
0dd7a963a9
cmake: Only build libcrypto and libcrypto-compat when needed
...
This also fixes the gcrypt build.
Cherry-picked from 2f6a866373asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Andreas Schneider
1642cec280
cmake: Use configure check for CRYPTO_ctr128_encrypt
...
Cherry-picked from 3daf1760a1asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
2f1c6668e7
pki_crypto: Use getters and setters for opaque keys and signatures
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from 3341f49a49jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
fbeecf388c
libcrypto: Use a pointer for EVP_MD_CTX
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from 607c671f67jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
7933756b5a
libcrypto: Use newer API for HMAC
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from cf1e808e2fjjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
837e367d2d
libcrypto: Introduce a libcrypto compat file
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from b6cfde8987jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
f81c3ada9c
libcrypto: Remove AES_ctr128_encrypt()
...
This is for OpenSSL 1.1.0.
Cherry-picked from d73f665eddjjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Artyom V. Poptsov
83663895f4
config: Bugfix: Don't skip unseen opcodes
...
libssh fails to read the configuration from a config file due to a
wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
effectively skipping every opcode (and therefore every option) from
the file. The change fixes that behaviour.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 5333be5988
2018-06-29 17:08:54 +02:00
Andreas Schneider
239d0f75b5
messages: Do not leak memory of previously allocated answers
...
Found by ozz-fuzz
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 7c79b5c154
2017-04-25 16:21:11 +02:00
Andreas Schneider
d88cc720fb
messages: Do not leak memory if answeres had been allocated previously
...
Found by ozz-fuzz
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 5eb41492c4
2017-04-24 13:28:17 +02:00
Andreas Schneider
ee13becf9c
messages: Do not leak memory if answered had been allocated previously
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c78c6c6542
2017-04-21 11:14:51 +02:00
Andreas Schneider
95b2dbbeca
misc: Validate integers converted from the SSH banner
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1181
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit d5d8349224
2017-04-21 11:14:46 +02:00
Andreas Schneider
02c0a3b99b
messages: Fix memory leaks in the ssh_packet_global_request callback
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1208
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 67a2ba6f99
2017-04-21 11:14:42 +02:00
Andreas Schneider
419731a189
auth: Use calloc in ssh_userauth_agent_pubkey()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 79437fa0c9
2017-04-21 11:14:39 +02:00
Peter Volpe
2ac987bce9
session: Free session->kbdint in ssh_free()
...
Makes sure we free pending keyboard auth prompts
so prompts that have not be replied to do not leak.
Signed-off-by: Peter Volpe <pvolpe@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 76ba2b0055
2017-04-20 17:04:54 +02:00
Andreas Schneider
a7cce77550
buffer: Validate the length before before memory allocation
...
Check if the size the other party sent is a valid size in the
transmitted buffer.
Thanks to Alex Gaynor for finding and reporting the issue.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 68b7ca6e92
2017-04-13 16:28:18 +02:00
Andreas Schneider
5e63b40cde
buffer: Create ssh_buffer_validate_length()
...
This functions allows if a given length can be obtained from the buffer.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c165c396de
2017-04-13 16:27:33 +02:00
Alex Hermann
7b8b5eb4ea
config: Only use first occurence of each parameter
...
ssh_config's manpage says:
"For each parameter, the first obtained value will be used."
Make libssh adhere to this rule.
BUG: https://red.libssh.org/issues/256
Signed-off-by: Alex Hermann <alex@hexla.nl >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 5f202d7ffa
2017-04-13 16:10:10 +02:00
Alex Hermann
8dc3d883b8
config: Don't expand Host variable
...
Tokens are not allowed (according to the manpage).
Expansion was introduced by a wrong fix for #127 .
This commit reverts part of 6eea08a9efalex@hexla.nl >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c3a8b5009f
2017-04-13 16:10:09 +02:00
Alex Hermann
24a3f7020c
config: Support expansion in the HostName variable
...
BUG: https://red.libssh.org/issues/127
The original "fix" for 127 was expanding the wrong variable: Host instead
of HostName.
Signed-off-by: Alex Hermann <alex@hexla.nl >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 9ef7e90821
2017-04-13 16:10:07 +02:00
Yanis Kurganov
f74d5d5df4
session: Add SSH1 support in ssh_send_debug()
...
Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com >
Reviewed-by: Andreas Schneider <asn@samba.org >
(cherry picked from commit 38cb19268a
2017-04-11 17:40:58 +02:00
Yanis Kurganov
7a21187fb9
session: Add SSH1 support in ssh_send_ignore()
...
Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com >
Reviewed-by: Andreas Schneider <asn@samba.org >
(cherry picked from commit 72fdb4867e
2017-04-11 17:40:57 +02:00
Max Bachmann
439d3039e3
messages: Utilize the message queue for SSH_REQUEST_GLOBAL.
...
Signed-off-by: Max Bachmann <mabahltm@gmail.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 3ec8babfaf
2017-04-11 09:55:46 +02:00
Andreas Schneider
ce029c0735
pki: Use byte mode for fopen()
...
BUG: https://red.libssh.org/issues/251
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit de369b46b1
2017-02-03 13:19:24 +01:00
Tilo Eckert
9d7f873fd3
session: Add missing ifdef that prevented Windows builds
...
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 4f392ebc7e
2016-11-25 13:11:37 +01:00
Andreas Schneider
c5d320811b
sftpserver: Fix SSH_FXP_FSTAT arguments
...
Thanks to Игорь Коваленко <igor.a.kovalenko@gmail.com >
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 47d21b6420
2016-11-07 19:56:10 +01:00
Andreas Schneider
410f722ae5
misc: Use simpler macros for htonll and ntohll
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 52efbc3a23
2016-11-07 09:43:09 +01:00
Andreas Schneider
6836ffa103
options: Fix log level documentation
...
BUG: https://red.libssh.org/issues/210
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 801bc29494
2016-11-05 17:16:14 +01:00
Andreas Schneider
849f5db5d1
config: Fix build warning
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2016-11-05 16:33:29 +01:00
Pino Toscano
a6493efcae
sftp: Fix memory leak in sftp_fstat
...
When parsing the result of a successful fstat call, make sure to free
the resulting reply message.
Signed-off-by: Pino Toscano <ptoscano@redhat.com >
Reviewed-by: Andreas Schneider <asn@samba.org >
(cherry picked from commit bc78383fac
2016-10-22 16:04:00 +02:00
Andreas Schneider
1b0bf852be
sftp: Correctly check for EOF else keep spinning if there is no data
...
This fixes an issue introduced with
dbf72ffba2asn@cryptomilk.org >
(cherry picked from commit f561e6bcb3
2016-10-07 13:37:48 +02:00
Andreas Schneider
2b3185ec29
gssapi: Use correct return code in ssh_gssapi_auth_mic()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 83421c0e8c
2016-10-06 19:39:06 +02:00
Andreas Schneider
d63547b18a
gssapi: Print minor stat in error logging function
...
This also releases the memory allocated for the messages.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 095733ed9c
2016-10-06 19:39:01 +02:00
Jeremy Cross
6697f85b50
sftp: ensure sftp_packet_read recognizes channel EOF to avoid infinite loop
...
Signed-off-by: Jeremy Cross <jcross@bomgar.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit dbf72ffba2
2016-09-09 11:40:07 +02:00
Travers Carter
67fe6f56ea
Make "Host" pattern list handling consistent with OpenSSH
...
https://red.libssh.org/issues/187
Signed-off-by: Travers Carter <tcarter@noggin.com.au >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit bc2db86d1c
2016-05-03 17:57:45 +02:00
Andreas Schneider
a3688ada1a
client: If SSHv1 is disabled send the banner immediately
...
This saves a round-trip with SSHv2 connecting to the server. See RFC
4253 section 5.2 (New Client, Old Server).
Thanks to Yang Yubo <yang@yangyubo.com > for the suggestion.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 1da5c94b44
2016-05-03 10:58:36 +02:00
Andreas Schneider
219d0bba42
client: Fix ssh_send_banner() to confirm with RFC 4253
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 3d1edffe77
2016-05-03 10:58:27 +02:00
Andreas Schneider
bf3d8f3ad4
client: Fix maximum banner length
...
According to RFC 4253 the max banner length is 255.
Thanks to Saju Panikulam <spanikulam@ipswitch.com > for the report.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit cb52ed7b12
2016-05-03 10:58:18 +02:00
Andreas Schneider
04a5d5bd74
client: Reformat callback_receive_banner()
...
The function is hard to read as the indentation is not correctly
applied.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 22799b107d
2016-05-03 10:58:06 +02:00
Ken Reister
2957aaf9f0
client: Receive the banner correctly
...
Comply with RFC 4253 compliance section 4.2.
Allow data other than "SSH-" to be sent across prior to the actual
version striong.
Signed-off-by: Ken Reister <reister.kenneth@CIMCOR.COM >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c3ce3d5cc3
2016-05-03 10:57:50 +02:00
Kohei Suzuki
8360139506
Add id_ed25519 to the default identity list
...
Signed-off-by: Kohei Suzuki <eagletmt@gmail.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c092101e01
2016-05-02 15:34:32 +02:00
