libssh

mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 21:00:33 +09:00

Author	SHA1	Message	Date
Tilo Eckert	d13517e922	chacha: remove re-declared type re-declaring typedefs are not supported by some compilers Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>	2018-10-13 22:08:39 +02:00
Tilo Eckert	45058285fc	knownhosts: Fix invalid read of known_hosts token Fixes invalid read introduced by commit 21962d. Accessing tokens[4] for a known_hosts line of three tokens led to randomly rejected host keys. This commit completely removes the check because the optional comments field may contain whitespace. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>	2018-10-13 22:08:36 +02:00
Jakub Jelen	72bd2fe197	libmbedtls: Support OpenSSH-compatible AES-GCM ciphers using mbedTLS Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 13:05:38 +02:00
Jakub Jelen	a2120e168b	libmbedtls: Simplify the cipher setup Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 13:05:38 +02:00
Jakub Jelen	5790036a23	libgcrypt: Implement OpenSSH-compatible AES-GCM ciphers using libgcrypt Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 13:05:38 +02:00
Jakub Jelen	032f486f27	cmake: Link against gpg-error Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 13:05:38 +02:00
Jakub Jelen	46090facba	libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSL The commit also propares the internals throughout the code base for the inclusion of a new AEAD cipher, because previously, the source code counted only with chacha20-poly1305 cipher, which is very specific in many cases. The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name needed to be defined so we can match in the algorithms selection per OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]). If the provided OpenSSL does not provide EVP_aes_128_gcm() function, the AES-GCM ciphers will not be compiled in. [1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 12:05:40 +02:00
Jakub Jelen	777786d76c	libcrypto: Do not use magic numbers for AES block size Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 12:05:40 +02:00
Jakub Jelen	101df98e54	libcrypto: Avoid double free Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 12:05:40 +02:00
Andreas Schneider	f747e46f33	init: Only add DllMain if we create a shared library Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 11:40:31 +02:00
Andreas Schneider	275f73125d	packet: Use a stack buffer for the header This removes the allocation for the header buffer for each packet we send. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2018-10-08 09:27:12 +02:00
Andreas Schneider	422376efd4	packet: Reformat packet_send2() Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2018-10-08 09:27:09 +02:00
Andreas Schneider	3245b50795	sftp: Only prepend header data once This reduces memory moving. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2018-10-08 09:27:06 +02:00
Andreas Schneider	508dfc5251	sftp: Reformat sftp_packet_write() Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2018-10-08 09:26:59 +02:00
Andreas Schneider	43a40999da	agent: Use (PUSH\|PULL)_BE_U32 in agent_talk() Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2018-10-05 14:38:43 +02:00
Andreas Schneider	e701913fc8	agent: Just use uint32_t for the count Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2018-10-05 14:38:43 +02:00
Andreas Schneider	aec9fa4442	sftp: Use bytearray macros Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2018-10-05 14:38:43 +02:00
Anderson Toshiyuki Sasaki	cc513c4c9a	messages: Fixed possible memory leak in ssh_message_queue Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-27 15:21:30 +02:00
Alberto Aguirre	14f5624ff5	sftpserver: allocate packet on sftp_server_new Ensure sftp_server_new allocates the packet and payload as sftp_packet_read now expects the packet and payload to be pre-allocated. Similarly, ensure sftp_get_client_message does not free the packet. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 16:41:54 +02:00
David Wedderwille	9adc2d36eb	connector: Add checks if file descriptor is a socket Fixes T104 Signed-off-by: David Wedderwille <davidwe@posteo.de>	2018-09-25 14:37:25 +02:00
Andreas Schneider	1e5e09563a	socket: Pass MSG_NOSIGNAL to send() This avoid that we get a SIGPIPE. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	35bf5334b8	socket: Return ssize_t for ssh_socket_unbuffered_write() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	a7604c7d6e	socket: Reformat ssh_socket_write() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	c5cadaa982	socket: Reformat ssh_socket_unbuffered_write() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	caf50270c6	socket: Return ssize_t for ssh_socket_unbuffered_read() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	b7a29c7ffd	socket: Reformat ssh_socket_pollcallback() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	491a42d046	socket: Reformat ssh_socket_unbuffered_read() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	642a1b1aa4	connect: Fix build warning on Windows Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	f709c3ac58	config: Fix building without globbing support Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-25 14:37:25 +02:00
Andreas Schneider	9c37c8c5a5	cmake: Bump library version	2018-09-20 16:35:13 +02:00
Chris Townsend	6c56c1e0d7	sftpserver: Support some openssh extensions Add support for "hardlink@openssh.com" and "posix-rename@openssh.com" extensions. Signed-off-by: Chris Townsend <christopher.townsend@canonical.com> Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-20 16:35:13 +02:00
Andreas Schneider	e4711c469f	pki: Use strndup in ssh_pki_export_privkey_base64() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-20 16:35:13 +02:00
DavidWed	d0ce2d1ecd	pki: Add ssh_pki_export_privkey_base64() Fixes T53 Signed-off-by: DavidWedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@samba.org>	2018-09-20 16:35:13 +02:00
Andreas Schneider	92aa2cf496	dh: Use ssh_get_fingerprint_hash() in ssh_print_hash() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-20 16:35:13 +02:00
Andreas Schneider	bbed139eca	dh: Add ssh_get_fingerprint_hash() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-20 16:35:13 +02:00
Anderson Toshiyuki Sasaki	0eab270754	dh: Removed duplicated code The code for calculating SHA 512 in ssh_make_sessionid() had been duplicated; the cases were unified. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2018-09-20 15:37:23 +02:00
Anderson Toshiyuki Sasaki	71594f9d6c	dh: Add diffie-hellman-group18-sha512 support Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2018-09-20 15:37:23 +02:00
Andreas Schneider	2ae2baf9ca	buffer: Don't call va_end() twice This is handled in the cleanup. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-20 15:37:23 +02:00
Andreas Schneider	a30d542207	sftp: Include stdint.h Thanks to Apex Liu Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-19 12:25:03 +02:00
Anderson Toshiyuki Sasaki	d9d3b65df2	dh: Add diffie-hellman-group16-sha512 support Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-19 12:17:02 +02:00
Harald Sitter	97cb302c0e	sftp: fix buffer_unpack argument to be char** rather than char* Summary: buffer variable 's' gets unpacked as char*, the previous code was passing a char causing segfaults on all readlink calls inside the unpacking code Test Plan: - without patchy examples/samplesftp segfaults in readlink - with patchy it doesn't Reviewers: asn Differential Revision: https://bugs.libssh.org/D14 Signed-off-by: Harald Sitter <sitter@kde.org>	2018-09-19 11:18:12 +02:00
Andreas Schneider	90373d8394	buffer: Do cleanup if ssh_buffer_unpack() fails in the first loop Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-19 11:18:12 +02:00
Andreas Schneider	07f7fa7806	buffer: Fix invalid memory access in ssh_buffer_unpack() Found by oss-fuzz. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-19 11:18:02 +02:00
Andreas Schneider	cc83b463ce	sftp: Fix a possible null pointer dereference CID 1395721 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-18 10:19:59 +02:00
Jakub Jelen	1226de875b	pki: Implement reading public key from OpenSSH private key container Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-18 09:53:49 +02:00
Jakub Jelen	39102224b2	pki: Allow reading keys in new OpenSSH format This implements reading the OpenSSH key format accross the cryptographic backends. Most of the code is shared and moved to pki.c, just the building of the keys is implemented in pki_privkey_build_*() functions. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-18 09:53:49 +02:00
Jakub Jelen	d23bda8181	pki: Use unpack to simplify public key reading Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-18 09:53:49 +02:00
Jakub Jelen	86d521cbe7	buffer: Make sure unpack of secure buffers securely cleans up Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-18 09:53:49 +02:00
Andreas Schneider	856dc698a9	libmbedcrypto: Fix creating evp hash Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-18 09:51:41 +02:00
Jakub Jelen	4d09c6dc31	buffer: Reformat ssh_buffer_get_ssh_string Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-17 16:39:38 +02:00

1 2 3 4 5 ...

1638 Commits