shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 20:30:38 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,094 Commits 12 Branches 62 Tags
8542f675f43f88c846398a7cb326a44cc1b6bb21
Commit Graph

2203 Commits

Author SHA1 Message Date
Andreas Schneider
8542f675f4 sftp: Replace PRIdS with ANSI C99 %zu 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:39:06 +01:00
Andreas Schneider
faedadf2eb packet: Replace PRIdS with ANSI C99 %zu 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:39:06 +01:00
Sahana Prasad
862b2341d7 src: updates documentation incorporate PKCS#11 URIs in import functions. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2020-02-11 14:25:18 +01:00
Sebastian Kinne
17b518a677 pki: add support for sk-ecdsa and sk-ed25519 
This adds server-side support for the newly introduced OpenSSH
keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com
(including their corresponding certificates), which are backed
by U2F/FIDO2 tokens.

Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc
Signed-off-by: Sebastian Kinne <skinne@google.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-11 10:08:26 +01:00
Jon Simons
3664ba2800 pki: fix pki_key_ecdsa_to_key_type thread-safety 
Resolves https://bugs.libssh.org/T214.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-11 10:08:26 +01:00
Andreas Schneider
022409e99c channels: Fix ssh_channel_poll_timeout() not returing available bytes 
Fixes T211

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2020-01-23 10:20:59 +01:00
Jakub Jelen
07f571f1c0 Implement chacha20-poly1305 in mbedTLS 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
60a987fd17 Implement ChaCha20-poly1305 cipher using native OpenSSL 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
94fe7634e1 Do not build in internal chacha implementation if gcrypt supports that 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
8670fb101b chacha: Create common file to avoid code duplication 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
e31e7b0406 packet_crypt: Check return values from AEAD deciphering 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
6644f8ca3b curve25519: Avoid memory leaks 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Andreas Schneider
06d25497ff pki: Avoid uneeded memory duplication 
CID #1412375

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:21:04 +01:00
Andreas Schneider
8215753402 misc: Make the src pointer const in ssh_strreplace() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:20:43 +01:00
Sahana Prasad
240bf3236a misc: Simplifies ssh_strreplace(). 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:19:07 +01:00
Andreas Schneider
72498bac5f pki_crypto: Fix possible memory leak on error 
CID #1409680

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:19:07 +01:00
Andreas Schneider
4b4f568a68 messages: Add missing NULL check 
CID #1409678

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:19:07 +01:00
Jakub Jelen
e5553a92d9 socket: Use the users shell for running proxy command 
Fixes T200 and tests on ubuntu, which is using dash

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
3a6751f3d2 socket: Fix the error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
dd64980662 socket: Kill the proxy command if it still runs on disconnect 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
24f450fed1 pki_gcrypt: Warn about unsupported PEM export in gcrypt 
Based on the following mail thread:

https://www.libssh.org/archive/libssh/2019-12/0000027.html

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
7e692ee1b6 libgcrypt: Do not leak memory with invalid key lengths 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
dd54ffb2f1 pki_gcrypt: Do not confuse static analyzers 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
3642224ee5 legacy,keys: Fix the macro conditions 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
9b858f57c5 mbedcrypto_missing: Always check return values 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
13c88a2e0a mbedcrypto_missing: Avoid potential memory leaks as reported by csbuild 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
059b6851dc pki_mbedtls: Avoid potential memory leaks 
reported by csbuild

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
71ba61cc5b pki_mbedtls: Do not warn about unused arguments 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
30cc1568f4 options: Avoid needless assignment as reported by csbuild 
The error was

 src/options.c:971:13: warning: Value stored to 'u' is never read
 #            u = 0;
 #            ^   ~
 src/options.c:971:13: note: Value stored to 'u' is never read
 #            u = 0;
 #            ^   ~
 #  969|           case SSH_OPTIONS_KBDINT_AUTH:
 #  970|           case SSH_OPTIONS_GSSAPI_AUTH:
 #  971|->             u = 0;
 #  972|               if (value == NULL) {
 #  973|                   ssh_set_error_invalid(session);

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
e2841908fb kex: Avoid always-false comparisons as reported by csbuild 
/builds/jjelen/libssh-mirror/src/kex.c:360:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] <--[cc]
  360 |         if (len < 0) {
      |                 ^
/builds/jjelen/libssh-mirror/src/kex.c:372:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] <--[cc]
  372 |         if (len < 0) {
      |                 ^

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Sahana Prasad
4ea09256f6 src: Implements PKCS11 URI support 
Imports private and public keys from the engine via PKCS11 URIs. Uses
the imported keys to authenticate to the ssh server.

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:17:33 +01:00
Sahana Prasad
6bf4ada240 src: Helper funtions to detect PKCS #11 URIs 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:41:02 +01:00
Sahana Prasad
86a0dfa65b src: Adds the Engine header file and invokes cleanup of the engine 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:40:51 +01:00
Andreas Schneider
35216e7254 misc: Add ssh_strreplace() 
Pair-Programmed-With: Sahana Prasad <sahana@redhat.com>
Signed-Off-by: Sahana Prasad <sahana@redhat.com>
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-20 14:35:18 +01:00
Andreas Schneider
5317ebf0fc misc: Add ssh_tmpname() 
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-20 14:35:04 +01:00
Jussi Kivilinna
08f4469e21 libgcrypt: fix cipher handle leaks on setkey error paths 
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:45:45 +02:00
Jussi Kivilinna
de4b8f88a2 libgcrypt: Implement chacha20-poly1305@openssh.com cipher using libgcrypt 
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and
provides fast assembler implementations.

v3:
 - initialize pointers to NULL
 - use 'bool' for chacha20_poly1305_keysched.initialized
 - pass error codes from libgcrypt calls to variable
 - add SSH_LOG on error paths
v2:
 - use braces for one-line blocks
 - use UNUSED_PARAM/UNUSED_VAR instead of cast to void
 - use calloc instead of malloc+memset

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:31:54 +02:00
Jon Simons
b94ecf18bd curve25519: fix uninitialized arg to EVP_PKEY_derive 
Ensure that the `keylen` argument as provided to `EVP_PKEY_derive`
is initialized, otherwise depending on stack contents, the function
call may fail.

Fixes T205.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-13 20:00:37 -05:00
Jakub Jelen
b03818aaed init: Fix documentation about return values of void functions 
Fixes T203

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-10 21:13:07 +01:00
Jakub Jelen
574690ae2e config: Ignore empty lines to avoid OOB array access 
Fixes T187

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Jakub Jelen
31f9c39479 match: Limit possible recursion when parsing wildcards to a sensible number 
Fixes T186

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Jakub Jelen
cf0beff987 match: Avoid recursion with many asterisks in pattern 
Partially fixes T186

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
178b53f924 pki: Fix possible information leak via uninitialized stack buffer 
Fixes T190

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
e065d2bb3f pki_container_openssh: Initialize pointers to NULL 
Fixes T190

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
9d67ca251c SSH-01-012: Fix information leak via uninitialized stack buffer 
Fixes T190

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
cb0ccf372e SSH-01-010: Improve documentation for fingerprinting functions 
Fixes T184

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Anderson Toshiyuki Sasaki
bab7ba0146 scp: Do not allow newlines in pushed files names 
When pushing files or directories, encode the newlines contained in the
names as the string "\\n".  This way the user cannot inject protocol
messages through the file name.

Fixes T189

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Anderson Toshiyuki Sasaki
c9ce8fa40b misc: Add a function to encode newlines 
Given a string, the added function encodes existing newline characters
('\n') as the string "\\n" and puts into a given output buffer.

The output buffer must have at least 2 times the length of the input
string plus 1 for the terminating '\0'. In the worst case, each
character can be replaced by 2 characters.

Fixes T189

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
6c79ed9801 gzip: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
7ae47df16a knownhosts: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00