shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 04:40:31 +09:00
Code Issues Packages Projects Releases Wiki Activity
6,289 Commits 12 Branches 62 Tags
f2b64abcbdf5e64a1dbe9f34f6c5fd6ef718436c
Commit Graph

2862 Commits

Author SHA1 Message Date
Jakub Jelen
f2b64abcbd buffer: Use sizeof instead of magic number 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-06-03 10:23:17 +02:00
Praneeth Sarode
dcb65fe584 refactor(curve25519): split the single file curve25519.c into multiple files for better readability 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-05-06 22:03:18 +02:00
Lucas Mulling
d758990d39 misc: Fix OpenSSH banner parsing 
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-28 14:56:27 -03:00
Jakub Jelen
0bcd7d12d8 dh-gex: Avoid reading the EOF stream 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-16 17:41:22 +02:00
Jakub Jelen
69c169e4cb sftpserver: Free memory on error condition 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-16 17:41:22 +02:00
Jakub Jelen
d00f7b1bf9 Make sure we pass right parameters to buffer_pack 
Fixes: #299

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-15 16:15:52 +02:00
Jakub Jelen
5e47b1c1c2 kex: Add more noisy errors to simplify debugging ssh_make_sessionid 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-04-15 16:15:52 +02:00
RaviRaaja
04a58919f8 Fix: NULL pointer check in ssh_channel_is_closed 
The ssh_channel_is_closed function would crash when
accessing channel->session->alive if session is NULL.
This patch adds a null check before accessing the session
pointer.

- build succeeded
- unit test passed
- no new unit test added

https://gitlab.com/libssh/libssh-mirror/-/issues/239

Signed-off-by: Raviraaja Lakshmanan <mailstoraviraaja@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-14 22:20:35 +02:00
Praneeth Sarode
f3b389d112 tests: add unit test for direct-tcpip channel open request 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-07 14:02:41 +02:00
Praneeth Sarode
18e7423e70 Add direct-tcpip channel open request callback support 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-07 14:02:21 +02:00
Praneeth Sarode
0d0ed4b1f8 curve25519: add support for gcrypt's Curve25519 implementation 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-04-03 11:28:44 +02:00
Jakub Jelen
d3706d5940 Add missing symbol to the map 
This was omitted from the 84d02e74 and caused issues to build when abimap is
not present.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-04-02 10:59:53 +02:00
Jakub Jelen
1434f24911 auth: Avoid forward-null pointer dereference 
This could happen only if the function would really be called with the NULL
session, but this was never the case as the session is dereferenced already on
all code paths toward this place.

This is just to make the scanner happy that the session can not really be NULL
here.

Thanks coverity!

CID 1593926

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
 2025-03-31 11:05:37 +02:00
Aditya Sinha
95150b1137 Adding the missing Algorithms to ssh_get_kex_algo() function 
Signed-off-by: Aditya Sinha <aditya072006@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:10:52 +02:00
Aditya Sinha
65b2591b91 Reformatting the ssh_get_kex_aglo() function 
Signed-off-by: Aditya Sinha <aditya072006@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:10:51 +02:00
Praneeth Sarode
a5e9529ca7 curve25519: refactor mbedTLS code to remove code duplication 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:04:48 +02:00
Praneeth Sarode
49a355c272 curve25519: Use mbedTLS curve25519 for ECDH, if available 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:04:47 +02:00
David Wedderwille
84d02e7440 kex: Make existing convenience features available 
Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 12:17:42 +02:00
David Wedderwille
0b91ba779c kex: Improved naming of variables. 
Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 12:17:41 +02:00
Eshan Kelkar
a59d587060 sftpserver.c: Add support for O_TRUNC while opening files 
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 18:13:52 +01:00
Abdallah Alhadad
aa681c268e extensions: Host-bound public key authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 17:34:04 +02:00
Abdallah Alhadad
fe381d6aa4 refactor: Extract build_pubkey_auth_request function for public key authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 17:33:57 +02:00
Abdallah Alhadad
1f76cc0c6a reformat: functions related to pubkey authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-15 22:16:46 +00:00
Jakub Jelen
f7bdd779d6 config: Be less strict when parsing unknown Match keywords 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
8ef249a4a4 config: Fix copy&paste error in error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 14:09:08 +01:00
Jakub Jelen
dd6a711354 Use windows-compatible access() function to unbreak windows build 
Fixes up 3372c2ad78 which did not properly check
the included header file.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-27 13:31:35 +01:00
Jakub Jelen
b2b56151c0 pki: Fail more gracefully when parsing Ed25519 keys in FIPS mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
de7903a633 Do not import Ed25519 keys in FIPS Mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
a089513e40 pki_crypto: OpenSSL 1.1.1 compatible Ed25519 key duplication 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
ec9d7d13fd Use Ed25519 in OpenSSL through the EVP_PKEY API 
... instead of keeping around public and private key blobs.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
e36ca61e36 pki: Fix error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
02c092d3d9 pki: Avoid needless assignment 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
520f758902 pki_crypto: Reformat pki_key_compare 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
12b8eed093 pki_crypto: Reformat pki_private_key_to_pem 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Lucas Mulling
3372c2ad78 cmake: Add option WITH_HERMETIC_USR 
Add a cmake option to enable hermetic-usr, i.e., use of config files in /usr/.
If turned on, GLOBAL_*_CONFIG is prepended with /usr/ and defined as
USR_GLOBAL_*_CONFIG. Config lookup follows this path GLOBAL_*_CONFIG ->
USR_GLOBAL_*_CONFIG.

Introduce a ssh_config_parse primitive. This avoids convoluted checks for file
presence (without modifing the behaviour of ssh_config_parse_file) and allows
marking whether the config is global at the call site.

Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-02-27 10:24:42 +01:00
Jakub Jelen
d1ce336ae3 config: Allow escaping quotes inside of quoted tokens 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-11 12:17:34 +01:00
Praneeth Sarode
9a9cafeed5 sftp: add users-groups-by-id@openssh.com extension for client 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
 2025-02-05 17:01:20 +05:30
Eshan Kelkar
1a64c577f6 sftp.c: Validate that the SSH session is in nonblocking mode 
The sftp API functions cannot interoperate properly with a
nonblocking ssh session.

Therefore code has been added in sftp_new() due to which the
function will return failure if the caller passes a non
blocking session without even trying to connect.

Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-01-29 13:52:51 +01:00
Jakub Jelen
0cda1c0e83 bignum: Make sure the padding is large enough for the number 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Jakub Jelen
39fcaac3ca Use gcrypt implementation of ntruprime 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Jakub Jelen
dab51d8e20 buffer: Calculate correctly the bignum size in buffer 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Simon Josefsson
4becc8eb82 kex: Add sntrup761x25519-sha512@openssh.com. 
All of the initial work was done by Simon. Jakub cleaned up the
formatting issues, resolved the padding of bignum to match specs
and be interoperable with OpenSSH (and few more minor details).

Closes: #194.

Signed-off-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Simon Josefsson
4bd8d8d362 curve25519: Add ssh_curve25519_create_k to allow code re-use. 
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Simon Josefsson
083a4781d8 curve25519: Drop static from ssh_curve25519_init to allow code re-use. 
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Simon Josefsson
fbf02d5936 buffer.c: Support 'F' for padded bignums 
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Jakub Jelen
799557384d bignum: Add ssh_make_unpadded_bignum_string. 
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Jakub Jelen
af90168624 bignum: Reformat 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Jakub Jelen
9dbd1ec80b client: Reformat dh_handshake 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Jakub Jelen
0cd749a533 zlib: Move conditional compilation inside of the gzip.c 
This implements stub for the compression functions and includes the
gzip.c in the compilation target uncoditionally, keeping the WITH_ZLIB
conditional compilation only in the gzip.c

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-01-14 14:47:44 +01:00
Jakub Jelen
d887e1320a sftp: Avoid dead code and possible overruns 
Coverity did not like the DEADCODE on 64b architecture.

After better look, the SFTP packet have read/write lengths in uint32 so
we really can not use the limits up to the uint64. Therefore we cap the
limits to uint32 while parsing and ignore any large value.

We then cap our reads/writes to this value, which is safe to cast to uint32
for wire format.

Thanks Coverity CID 1589435, CID 1589434, CID 1589432, CID 1589431

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-01-13 15:47:43 +01:00