shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-07 10:40:28 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,067 Commits 12 Branches 62 Tags
a7c0ccd35e83797351459b4abdfd45f57f7fa337
Commit Graph

2211 Commits

Author SHA1 Message Date
Andreas Schneider
d011b780c3 sftp: Set error if invalid session pointer is passed to sftp_new() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-04 13:31:34 +01:00
Andreas Schneider
c6460cc955 Bump SO version to 4.7.3 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-24 07:58:20 +01:00
Andreas Schneider
dea6fe3d89 crypto: Disable blowfish support by default 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2018-12-19 14:57:29 +01:00
Andreas Schneider
6cd8d4a24a channels: Don't call ssh_channel_close() twice 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-12 18:31:31 +01:00
Jakub Jelen
990794c580 config: Parse ProxyJump configuration option and implement it using ProxyCommand with OpenSSH 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:56:05 +01:00
Jakub Jelen
9128ecf397 options: Copy also the new options 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00
Jakub Jelen
48aede2a31 options: Check for null 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 17:52:56 +01:00
Anderson Toshiyuki Sasaki
fe309ba43f packet: Allow SSH2_MSG_EXT_INFO when authenticated 
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO.  This
message was being filtered out by the packet filtering.  This includes a
test to enforce the filtering rules for this packet type.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 16:42:26 +01:00
Andreas Schneider
c3067f8e73 channels: Send close if we received a remote close 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 16:42:22 +01:00
Andreas Schneider
1d5b222cc4 channels: Reformat ssh_channel_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 14:59:21 +01:00
Andreas Schneider
13b9d268d4 channel: Add SSH_CHANNEL_FLAG_CLOSED_LOCAL 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 14:59:21 +01:00
Andreas Schneider
0ba10870d1 channel: Reformat ssh_channel_close() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-10 14:57:50 +01:00
Andreas Schneider
e4e51ccc13 session: Check the session timeout and use it if set 
This checks if a timeout has been set using ssh_options_set(). If it has
been set it will use that parametr by default for blocking sessions.

This is at least what users are expecting.

Fixes T33

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 17:49:19 +01:00
Andreas Schneider
8ece2abfab session: Use long for the timeout 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 17:49:17 +01:00
Anderson Toshiyuki Sasaki
f05717d23e sftp: Add NULL check in sftp_fstat() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-12-07 17:47:22 +01:00
Anderson Toshiyuki Sasaki
eaa97d2062 sftp: Add NULL check in sftp_xstat() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 17:47:18 +01:00
Anderson Toshiyuki Sasaki
bda2cc69af sftp: Add NULL check in sftp_opendir() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 17:47:11 +01:00
Anderson Toshiyuki Sasaki
83d827d7dd sftp: Set sftp error when received unexpected message 
Set sftp error to SSH_FX_BAD_MESSAGE if an unexpected message is
received.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 17:47:00 +01:00
Anderson Toshiyuki Sasaki
0f95295966 sftp: Set sftp error code when fail occurs 
When an operation fails in sftp subsystem, set the sftp error, so that
it can be obtained by sftp_get_error().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 17:44:52 +01:00
Anderson Toshiyuki Sasaki
8e69d435ef channels: Set error state when closed channel is read 
When an attempt to read a closed channel happens, set the session error
state properly.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 17:44:46 +01:00
Anderson Toshiyuki Sasaki
d78a29eb79 sftp: Set error when EOF is received in sftp_packet_read() 
When reading a sftp packet and an EOF is received before all requested
bytes are read, set the session and sftp error codes.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 17:43:08 +01:00
Andreas Schneider
58113d489e connect: Fix size type for i an j in ssh_select() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 14:08:31 +01:00
Andreas Schneider
c306a693f3 buffer: Use size_t for argc argument in ssh_buffer_(un)pack() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 14:08:31 +01:00
Jakub Jelen
21e2522360 config: Get rid of the dynamic seen array 
* This makes the array constant in the session structure, avoiding
   allocations and frees while parsing the file
 * It also drops passing the seen array to all the functions,
   because it is already part of the passed session
 * The test cases are adjusted to match these changes

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 14:08:27 +01:00
Jakub Jelen
8f887e82c7 config: Reformat local_parse_file 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 14:07:31 +01:00
Jakub Jelen
993e24a361 config: Reformat ssh_config_parse_file 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-12-07 14:07:31 +01:00
Andreas Schneider
3784226fd8 sftp: Do not overwrite errors set by channel functions 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 18:52:40 +01:00
Andreas Schneider
cf24048f02 libcrypto: Fix integer comparison in evp_cipher_aead_encrypt() 
src/libcrypto.c:773:27: warning: comparison of integer expressions of
different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’}
[-Wsign-compare] <--[cc]
     if (rc != 1 || outlen != len - aadlen) {
                           ^~
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 18:47:25 +01:00
Anderson Toshiyuki Sasaki
41b0d263d6 libcrypto: Fix access violation in ssh_init() 
This fixes an access violation when ssh_init() was called after
ssh_finalize() in Windows when using OpenSSL 1.0.2 and libssh statically
linked.

Fixes T120

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 18:26:55 +01:00
Andreas Schneider
c0ae59e102 bignum: Use UNUSED macros 2018-11-30 18:25:12 +01:00
Andreas Schneider
109a203453 include: Add macro for unused arguments and variables 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 18:25:12 +01:00
Andreas Schneider
ac8b954019 bignum: Use size_t in ssh_make_string_bn* 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 18:25:12 +01:00
Andreas Schneider
c6ca62d7e1 crypto: Use size_t for len argument in encrypt and decrpyt fn 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 18:25:12 +01:00
Tilo Eckert
95f83c2391 src: Fix multiple typos 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:29:17 +01:00
Jakub Jelen
b72c9eead6 pki: Sanitize input to verification 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:26:07 +01:00
Jakub Jelen
c7628fbfea pki: Return default RSA key type for DIGEST_AUTO 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:24:21 +01:00
Jakub Jelen
783e5fd206 pki: Verify the provided public key has expected type 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:24:14 +01:00
Jakub Jelen
c79c33e224 pki: Sanity-check signature matches base key type 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:22:51 +01:00
Jakub Jelen
bc91fa98ea packet_cb: Properly verify the signature type 
Issue reported by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:21:52 +01:00
Jakub Jelen
d2434c69c0 pki: Separate signature extraction and verification 
Initial solution proposed by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:21:18 +01:00
Jakub Jelen
7f83a1efae pki: Set correct type for imported signatures 
Issue reported by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:20:19 +01:00
Jakub Jelen
7b725e6bc7 pki: Use self-explanatory variable names 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:20:10 +01:00
Jakub Jelen
46d8840f7e The largest ECDSA key has 521 bits 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:20:04 +01:00
Jakub Jelen
c1fdb56d23 pki_gcrypt: Do not abort on bad signature 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:19:59 +01:00
Jakub Jelen
57bdc9cb20 Whitespace cleanup 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-29 14:22:08 +01:00
Jakub Jelen
e639c9d0d8 kex,packet,packet_cb: Reformat 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:30:16 +01:00
Jakub Jelen
bf2c7128ab server: Do not send SSH_MSG_EXT_INFO after rekey 
This should not be a problem for well-behaving clients that do not
append the ext-info-c to the rekey, but if they do, we should not
send it either.

Resolves: T121

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:30:16 +01:00
Jakub Jelen
83f2ac4abb kex: Do not negotiate extensions during rekey 
The RFC 8308 clearly says, that the additional  ext-info-c  should
be added only to the first SSH_MSG_KEXINIT.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:30:16 +01:00
Jakub Jelen
0b4c2a8e62 session: Reformat ssh_{set,is}_blocking 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:30:16 +01:00
Jakub Jelen
5bdb7a5079 crypto: Avoid unused parameter warnings 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:30:16 +01:00