shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 12:50:30 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,191 Commits 12 Branches 62 Tags
5dc10ff63ca2e8db91abfdccf1d095f5b4261b8e
Commit Graph

32 Commits

Author SHA1 Message Date
Jakub Jelen
a45a3c940d CVE-2023-6918: Systematically check return values when calculating digests 
with all crypto backends

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-12-18 17:57:27 +01:00
Jakub Jelen
882d9cb5c8 CVE-2023-6918: Remove unused evp functions and types 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-12-18 17:57:27 +01:00
Jakub Jelen
ee7ee2404a libgcrypt: Do not leak memory with invalid key lengths 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7e692ee1b6)
 2020-01-23 09:49:35 +01:00
Andreas Schneider
ce045cf5ed libcrypto: Use SSH_STRING_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 09dfda8489)
 2019-12-09 16:38:36 +01:00
Anderson Toshiyuki Sasaki
5f7a3c5c66 wrapper: Make sha{1, 256, 384, 512}() input const 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-05-13 16:37:51 +02:00
Simo Sorce
104c9dca3f Use a common KDF function 
Cleanup the KDF function to use only one function per crypto backend.
Improve the KDF function to properly handle requested lenght and to
avoid unnecessarily reallocating buffers.

In OpenSSL use the new EVP_KDF API if available.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-03-07 12:03:32 +01:00
Dirkjan Bussink
369051a5b4 Remove SHA384 HMAC 
This is not supported by OpenSSH and not recommended to be implemented
either.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-02-22 15:30:52 +01:00
Andreas Schneider
dea6fe3d89 crypto: Disable blowfish support by default 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2018-12-19 14:57:29 +01:00
Andreas Schneider
c6ca62d7e1 crypto: Use size_t for len argument in encrypt and decrpyt fn 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 18:25:12 +01:00
Jakub Jelen
5bdb7a5079 crypto: Avoid unused parameter warnings 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:30:16 +01:00
Jakub Jelen
72bd2fe197 libmbedtls: Support OpenSSH-compatible AES-GCM ciphers using mbedTLS 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-09 13:05:38 +02:00
Jakub Jelen
5790036a23 libgcrypt: Implement OpenSSH-compatible AES-GCM ciphers using libgcrypt 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-09 13:05:38 +02:00
Anderson Toshiyuki Sasaki
708f127788 tests: Add test for RSA PKI running on threads 
Run the tests from torture_pki_rsa.c on threads.  Tests requiring files
to be removed are not tested, since they would require the access to
the files to be synchronized.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-03 16:43:03 +02:00
Aris Adamantiadis
2b40ad29c0 crypto: Split init and finalize functions 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-07-05 12:55:23 +02:00
Aris Adamantiadis
36a727e656 bignum: Harmonize ssh_get_random() 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-07-05 12:09:52 +02:00
Andreas Schneider
6dd9303729 chachapoly: Use a function instead of an extern variable 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-30 14:37:04 +02:00
Andreas Schneider
206f3ff895 Rest in Peace SSHv1 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2018-06-29 14:41:14 +02:00
Aris Adamantiadis
238202d380 libgcrypt: make it compatible with chacha20 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Andreas Schneider
e19163eabb libgcrypt: Add missing config.h include 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-01-10 22:24:11 +01:00
Justus Winter
7e315629b9 libgcrypt: Implement the 'evp' interface 
* include/libssh/libgcrypt.h (EVPCTX): Fix type.
(NID_gcrypt_nistp{256,384,521}): New constants.
* src/libgcrypt.c (nid_to_md_algo): New function mapping curves to
digest algorithms.
(evp{,_init,_update,_final}): New functions.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-03 15:20:26 +01:00
Justus Winter
735e34f932 libgcrypt: Add helper to extract MPIs into ssh_strings 
* include/libssh/libgcrypt.h (ssh_sexp_extract_mpi): New prototype.
* src/libgcrypt.c (ssh_sexp_extract_mpi): New function.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-02 11:55:38 +02:00
Fabiano Fidêncio
0d7da3207f Fix a bunch of -Wmaybe-uninitialized 
Reviewed-By: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-12-17 15:01:05 +01:00
Jon Simons
af25c5e668 crypto: check malloc return in ssh_mac_ctx_init 
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-10-02 08:25:53 +02:00
Andreas Schneider
64f6abead7 libgcrypt: Fix initializer name. 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2014-08-15 12:29:07 +02:00
Dirkjan Bussink
4a08902664 Add SHA2 algorithms for HMAC 
BUG: https://red.libssh.org/issues/91

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-04-22 10:55:59 +02:00
Aris Adamantiadis
e99246246b security: fix for vulnerability CVE-2014-0017 
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
 2014-03-04 09:55:28 +01:00
Dmitriy Kuznetsov
1e836a03d2 gcrypt: Fix simple DES support. 2012-10-05 11:22:15 +02:00
Dmitriy Kuznetsov
320951f42f kex: Add simple DES support for SSHv1. 2012-09-07 12:19:43 +02:00
Aris Adamantiadis
af09313eac crypto: rename crypto_struct -> ssh_cipher_struct 2011-09-18 20:34:16 +02:00
Andreas Schneider
544747d02c crypt: Fix function definition. 2011-09-15 11:04:00 +02:00
Aris Adamantiadis
c5a998f47a [crypto] initial support for ecdh-sha2-nistp256 
Works with openssl
Still requires work for libgcrypt and other modes
 2011-06-13 13:46:34 +02:00
Andreas Schneider
f7842e3a4b misc: Rename libssh/ to src/ 2010-09-06 14:28:38 +02:00