shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 12:50:30 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,484 Commits 12 Branches 62 Tags
382ff38caadb1d4b84c2f7326a023126bf34bc94
Commit Graph

2419 Commits

Author SHA1 Message Date
Jakub Jelen
382ff38caa pki: Factor out the backend-specifics from cleaning the key structure 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2022-08-25 14:43:31 +02:00
Jakub Jelen
aa1e136ea3 session: Avoid memory leak of agent_socket from configuration file 
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48268

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-08 10:11:16 +02:00
Jakub Jelen
0982715bb5 curve25519: Do not check for openssl functions when other crypto backend is used 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Jakub Jelen
ebeee7631d pki: Do not check for DSA headers when DSA is not built in 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Jakub Jelen
aca482a5a5 mbedcrypto: Refactor PEM parsing 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Jakub Jelen
355e29d881 session: Initialize pointers 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-08-03 10:41:49 +02:00
Anderson Toshiyuki Sasaki
163951d869 init: Free global init mutex in the destructor on Windows 
Fixes: #57 (T238)

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-08-02 15:43:35 +02:00
Jakub Jelen
c09b02c573 Move digest functions into separate file 
The external ed25519 requires also the sha512 functions to work.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-19 15:21:50 +02:00
Jakub Jelen
0da54f2908 Build external override library with all symbols 
The curve25519 depends on ssh_get_random, which is normally built into libssh.
For the external override tests to build, we need to have them in separate
source file that can be included for this test.

For some reason, this did not happen on CI builds, but it did happen in koji
during RPM builds.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-19 15:21:50 +02:00
Andreas Schneider
b42e9a19a3 packet: Check hmac return codes in ssh_packet_hmac_verify() 
CID #1490530

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-14 13:09:25 +02:00
Andreas Schneider
e27ee9d0a4 packet: Use consistent return codes in ssh_packet_hmac_verify() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-14 13:08:57 +02:00
Andreas Schneider
4a7791b784 packet: Reformat ssh_packet_hmac_verify() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-14 13:08:27 +02:00
Norbert Pocs
9a4c5203af Make it work with openssl3.0 
The KDF was changed in the new API, fetching the algorithm first
then creating the context using it.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-12 11:30:24 +02:00
Norbert Pocs
bb5f7e2707 options: Parse hostname by last '@' 
The login name can have '@' char in it

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-12 10:44:27 +02:00
Norbert Pocs
e53a2711d3 bind.c: Add missing size constant to err_msg 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-12 10:41:50 +02:00
Andreas Schneider
0128ed0d2c cmake: Build curve25519_ref.c if we build with libgcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-08 09:09:18 +02:00
Andreas Schneider
cc0939df73 src: Fix building curve25519 with libgcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-08 08:59:09 +02:00
Norbert Pocs
11a7c7b45b libgcrypt: Remove useless comparison 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
78d109596c pki_crypto: Fix segfault error when pkcs11 
EVP_PKEY_dup can't be used with ENGINE generated keys and
the key can't be freed because it is passing the main key
from the struct.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
20c13a2c76 Change const bignum to bignum 
Openssl3.0 API retrieves bignum variables from a key.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
a9dddd89aa Use EVP_PKEY as a key type in key structs 
Merge multiple key variables into one variable.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
7792d38157 Port functions to openssl3.0 
Remove usage of deprecated functions.
Exceptions are:
  - pkcs11 (no openssl provider support yet)
  - ec (no support for uncompressed EC keys
    https://github.com/openssl/openssl/pull/16624)

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
fdf518435c Define EC name constants for openssl3 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Norbert Pocs
debd0ea4d3 Update HMAC function parameter type 
New openssl API, libmbedtls, libgcrypt use size_t for
HMAC len pameter.

New helper functions were added in libcrypto.c to avoid
code duplication. (the header pki.h is needed for this
reason)

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:39:39 +02:00
Jakub Jelen
51c940adc9 misc: FreeBSD compatible strerror_r usage 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-07 08:38:09 +02:00
Norbert Pocs
d30cf11cb6 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
e5bc5ffd04 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
4b92d48085 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
a2a037a821 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
4719c09e6a Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
4f09bb3660 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
594608f21b Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
c437ba5c28 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
3efe7c3cfb Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
b44b749f28 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
9837471c2e Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
d92e389a80 Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
0dce42c8fd Rewrite strerror to ssh_strerror 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Norbert Pocs
738cedb8be Add ssh_strerror function 
- strerror_r for linux
- strerror_s for windows

Keep in mind that strerror_r has two versions:
- XSI
- GNU
see manpage for more information

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-04 11:55:40 +02:00
Juraj Vijtiuk
0c08159f53 Fix mbedTLS issues caused by v3 API changes 
Signed-off-by: Juraj Vijtiuk <vijtiuk.juraj@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-04 08:52:18 +02:00
Andreas Schneider
9caedca2c6 API: Bump SO version to 4.9.0 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-07-02 07:04:48 +02:00
omsheladia
e0985fc0b4 client: Add ssh_session_set_disconnect_message() 
Fix #98 by adding 'ssh_session_set_disconnect_message' Whenever the ssh
session disconnects a "Bye Bye" message was set and displayed. Now the
peer has a choice to set a customised message to be sent after the
session is disconnected. The default "Bye Bye" will be set if this
function is not called or not called correctly. The testcases in
tests/server/torture_server can also demonstrate how this function
works.

Signed-off-by: Om Sheladia <omsheladia10@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-02 07:04:48 +02:00
Seung Min Park
4978f30320 Add ssh_send_issue_banner() API 
Signed-off-by: Seung Min Park <smpark@pnpsecure.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-07-02 07:04:48 +02:00
tatataeki
332f1c2e09 sftp: fix the length calculation of packet in sftp_write 
Signed-off-by: tatataeki <shengzeyu19_98@163.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-06-29 18:29:26 +02:00
Andreas Schneider
63e09908f1 poll: Document errno will be set for ssh_event_dopoll() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-06-23 12:35:39 +02:00
Andreas Schneider
f6ad8057a7 auth: Fix error returned in ssh_userauth_try_publickey() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-06-23 12:22:41 +02:00
Wez Furlong
51a53cc6d4 add support for identityagent ssh_config option 
This commit adds an `agent_socket` field to the session options
and connects the config parser to that option.

`SSH_OPTIONS_IDENTITY_AGENT` is added to allow applications to
set this option for themselves.

agent.c is updated to take the `agent_socket` value in preference
to the `SSH_AUTH_SOCK` environment variable.

Signed-off-by: Wez Furlong <wez@fb.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-06-22 13:56:14 +02:00
Wez Furlong
899ec9e519 Enable ssh agent authentication on Windows 
Windows has supported unix domain sockets for a couple of years
now; see this article for more information about that:
<https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/>

This commit allows libssh to consider using agent authentication
on Windows systems.

It is mostly removing `#ifndef _WIN32` that prevented the unix
domain socket code from being compiled in, and adjusting the use
of `read(2)` and `write(2)` to `recv(2)` and `send(2)`, as the former
functions are not compatible with sockets on Windows systems.

For mingw systems, afunix.h isn't available so we use the
technique as was used to resolve building with mingw as used
by the curl project in: https://github.com/curl/curl/pull/5170

Signed-off-by: Wez Furlong <wez@fb.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2022-06-22 13:56:14 +02:00
Andreas Schneider
7bcc2d83a4 packet: Fix ssh_packet_socket_callback() return value 
According to the documentation the return value is the number of
processed bytes, so the returned value is never negative. We should not
use ssize_t in public headers as it isn't available on Windows! We only
have it defined in priv.h!

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-06-22 12:28:30 +02:00
Andreas Schneider
65256ad5f6 crypto: Use stdint types and make code more readable of secure_memcmp() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-06-20 09:18:59 +02:00