shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 20:30:38 +09:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: shinys000114:f333d950137e0ca9b44fde0971d64139b1afdf4e
Branches Tags
shinys000114:master shinys000114:stable-0.11 shinys000114:stable-0.9 shinys000114:stable-0.10 shinys000114:stable-0.8 shinys000114:master-fix shinys000114:v0-7 shinys000114:v0-6 shinys000114:v0-5 shinys000114:v0-4 shinys000114:v0-3 shinys000114:v0-2
shinys000114:libssh-0.11.3 shinys000114:libssh-0.11.2 shinys000114:libssh-0.11.1 shinys000114:libssh-0.11.0 shinys000114:libssh-0.9.8 shinys000114:libssh-0.10.6 shinys000114:libssh-0.9.7 shinys000114:libssh-0.10.5 shinys000114:libssh-0.10.4 shinys000114:libssh-0.10.3 shinys000114:libssh-0.10.2 shinys000114:libssh-0.10.0 shinys000114:libssh-0.9.6 shinys000114:libssh-0.9.5 shinys000114:libssh-0.8.9 shinys000114:libssh-0.9.4 shinys000114:libssh-0.8.8 shinys000114:libssh-0.9.3 shinys000114:libssh-0.9.2 shinys000114:libssh-0.9.1 shinys000114:libssh-0.9.0 shinys000114:libssh-0.8.7 shinys000114:libssh-0.8.6 shinys000114:libssh-0.7.7 shinys000114:libssh-0.8.5 shinys000114:libssh-0.7.6 shinys000114:libssh-0.8.4 shinys000114:libssh-0.8.3 shinys000114:libssh-0.8.2 shinys000114:libssh-0.8.1 shinys000114:libssh-0.8.0 shinys000114:libssh-0.7.5 shinys000114:libssh-0.7.4 shinys000114:libssh-0.7.3 shinys000114:libssh-0.7.2 shinys000114:libssh-0.7.1 shinys000114:libssh-0.7.0 shinys000114:libssh-0.6.5 shinys000114:libssh-0.6.4 shinys000114:libssh-0.6.3 shinys000114:libssh-0.6.1 shinys000114:libssh-0.6.0 shinys000114:libssh-0.5.5 shinys000114:libssh-0.5.4 shinys000114:libssh-0.5.3 shinys000114:libssh-0.5.2 shinys000114:libssh-0.5.1 shinys000114:release-0-5-0 shinys000114:release-0-4-8 shinys000114:release-0-4-7 shinys000114:release-0-4-6 shinys000114:release-0-4-5 shinys000114:release-0-4-4 shinys000114:release-0-4-3 shinys000114:release-0-4-2 shinys000114:release-0-4-1 shinys000114:release-0-4-0 shinys000114:release-0-3-4 shinys000114:release-0-3-3 shinys000114:release-0-3-2 shinys000114:release-0-3-1 shinys000114:release-0-3-0
...
compare: shinys000114:libssh-0.10.4
Branches Tags
shinys000114:master shinys000114:stable-0.11 shinys000114:stable-0.9 shinys000114:stable-0.10 shinys000114:stable-0.8 shinys000114:master-fix shinys000114:v0-7 shinys000114:v0-6 shinys000114:v0-5 shinys000114:v0-4 shinys000114:v0-3 shinys000114:v0-2
shinys000114:libssh-0.11.3 shinys000114:libssh-0.11.2 shinys000114:libssh-0.11.1 shinys000114:libssh-0.11.0 shinys000114:libssh-0.9.8 shinys000114:libssh-0.10.6 shinys000114:libssh-0.9.7 shinys000114:libssh-0.10.5 shinys000114:libssh-0.10.4 shinys000114:libssh-0.10.3 shinys000114:libssh-0.10.2 shinys000114:libssh-0.10.0 shinys000114:libssh-0.9.6 shinys000114:libssh-0.9.5 shinys000114:libssh-0.8.9 shinys000114:libssh-0.9.4 shinys000114:libssh-0.8.8 shinys000114:libssh-0.9.3 shinys000114:libssh-0.9.2 shinys000114:libssh-0.9.1 shinys000114:libssh-0.9.0 shinys000114:libssh-0.8.7 shinys000114:libssh-0.8.6 shinys000114:libssh-0.7.7 shinys000114:libssh-0.8.5 shinys000114:libssh-0.7.6 shinys000114:libssh-0.8.4 shinys000114:libssh-0.8.3 shinys000114:libssh-0.8.2 shinys000114:libssh-0.8.1 shinys000114:libssh-0.8.0 shinys000114:libssh-0.7.5 shinys000114:libssh-0.7.4 shinys000114:libssh-0.7.3 shinys000114:libssh-0.7.2 shinys000114:libssh-0.7.1 shinys000114:libssh-0.7.0 shinys000114:libssh-0.6.5 shinys000114:libssh-0.6.4 shinys000114:libssh-0.6.3 shinys000114:libssh-0.6.1 shinys000114:libssh-0.6.0 shinys000114:libssh-0.5.5 shinys000114:libssh-0.5.4 shinys000114:libssh-0.5.3 shinys000114:libssh-0.5.2 shinys000114:libssh-0.5.1 shinys000114:release-0-5-0 shinys000114:release-0-4-8 shinys000114:release-0-4-7 shinys000114:release-0-4-6 shinys000114:release-0-4-5 shinys000114:release-0-4-4 shinys000114:release-0-4-3 shinys000114:release-0-4-2 shinys000114:release-0-4-1 shinys000114:release-0-4-0 shinys000114:release-0-3-4 shinys000114:release-0-3-3 shinys000114:release-0-3-2 shinys000114:release-0-3-1 shinys000114:release-0-3-0

66 Commits
f333d95013 ... libssh-0.1

Author SHA1 Message Date
Andreas Schneider
e8322817a9 Bump version to 0.10.4 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2022-09-07 15:30:40 +02:00
Andreas Schneider
e0c2f2809b kdf: Avoid endianess issues 
The key_type is only a letter, if we use and `int` and then cast it to
(const char *) we will end up with a 0 value on big endian.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2022-09-07 15:29:03 +02:00
Andreas Schneider
9bb91df20f tests: Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 for all tests 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2022-09-07 15:29:01 +02:00
Andreas Schneider
783f2b97a8 Bump version to 0.10.3 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2022-09-05 14:27:29 +02:00
Andreas Schneider
8d05810255 tests: Add test with dss known_hosts file 
We should not end up with an infinite loop here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit accbc91a86)
 2022-09-05 14:25:24 +02:00
Andreas Schneider
1d29d4b627 knownhosts: Fix and infinite loop when iterating known host entries 
Fixes #145

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 3e4c2205c5)
 2022-09-05 14:25:22 +02:00
Andreas Schneider
787711a271 knownhosts: Give better warnings about unsupported key types 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 2d79c7a9d5)
 2022-09-05 14:25:21 +02:00
Andreas Schneider
ddea657ba7 Bump version to 0.10.2 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2022-09-02 10:00:11 +02:00
Andreas Schneider
9ae46bc364 tests: Fix rekey test so it passes on build systems 
The test failed on Fedora Koji and openSUSE Build Service on i686 only. Probably
the rekey on the server needs longer here to collect enough entropy. So we need
to try harder before we stop :-)

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit b3b3fbfa1d)
 2022-09-02 09:56:54 +02:00
Jakub Jelen
fd1563575f config: Expand tilde when handling include directives 
Related: #93

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d69026d7a4)
 2022-09-02 09:56:52 +02:00
Andreas Schneider
1f973320a8 tests: Use weak attribute for torture_run_tests() if available 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 7787dad9bd)
 2022-09-02 09:56:50 +02:00
Andreas Schneider
4fc7ab4399 cmake: Check for weak attribute 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 23546e354c)
 2022-09-02 09:56:48 +02:00
Jakub Jelen
87bac425a0 ci: Add apline linux target 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e5af9524e3)
 2022-09-02 09:56:43 +02:00
Andreas Schneider
0e637e3327 src: Add ABI symbols for 4.9.1 2022-08-30 16:28:00 +02:00
Andreas Schneider
9b1f4e9bf6 Bump version to 0.10.1 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2022-08-30 15:46:13 +02:00
Jakub Jelen
630f335415 libcrypto: Avoid unused variable warning 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f86727e06a)
 2022-08-30 13:26:08 +02:00
Jakub Jelen
b7934ab370 socket: Remove needless typedef 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a69424d4c5)
 2022-08-30 13:26:06 +02:00
Jakub Jelen
0aaad9eb25 wrapper: Avoid size_t to uint8 cast 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8aade7ce6f)
 2022-08-30 13:26:05 +02:00
Jakub Jelen
8fe4cabb26 misc: Refactor ssh_strerror to check return values 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 41f2ee92c6)
 2022-08-30 13:26:04 +02:00
Jakub Jelen
1689b83d0f Do not force GNU_SOURCE during build to fix #141 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8cf9c8162f)
 2022-08-30 13:26:02 +02:00
Andreas Schneider
7c6105882b options: Use exec for the proxy command 
This wont create a new process but replace the shell.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit bd2db30174)
 2022-08-30 10:01:48 +02:00
Andreas Schneider
bb6d1b78dc socket: Add a comment about shells 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit d642b20d9c)
 2022-08-30 10:01:46 +02:00
Andreas Schneider
5a884b8c5a socket: Add error message if execv fails 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 2546b62242)
 2022-08-30 10:01:36 +02:00
Andreas Schneider
90128929e7 tests: Use ncat instead of nc 
The ncat tool from nmap is available on all unix platforms. The nc
binary might link to ncat or something else. Settle on one we know
also the options can be used if needed.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 6268417ac6)
 2022-08-30 10:01:30 +02:00
Andreas Schneider
a7d509ca50 tests: Add test for expanding port numbers 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 8c0be750db)
 2022-08-30 10:00:54 +02:00
Andreas Schneider
d26f7253a9 session: Initialize the port with the standard port (22) 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit f306aafdc6)
 2022-08-30 10:00:48 +02:00
Andreas Schneider
3ad2a21d13 misc: Fix expanding port numbers 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 648baf0f3c)
 2022-08-30 10:00:38 +02:00
Andreas Schneider
7f6b3fab4e misc: Fix format truncation in ssh_path_expand_escape() 
error: ‘%u’ directive output may be truncated writing between 1 and 10
bytes into a region of size 6.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 20406e51c9)
 2022-08-26 14:10:39 +02:00
Jakub Jelen
cd7ccf93f0 Update changelog 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2022-08-26 11:34:08 +02:00
Jakub Jelen
5944124428 examples: Fix dereference after NULL check (CID 1461477) 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8164e1ff9c)
 2022-08-25 17:45:43 +02:00
renmingshuai
8c40b2491d session->socket_callbacks.data will be set to ssh_packet_socket_callback 
in ssh_packet_register_socket_callback. Here is redundant.

Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 0799775185)
 2022-08-25 17:36:45 +02:00
Timo Rothenpieler
3331b794bc misc: rename gettimeofday symbol 
mingw does have this function, even though it appears to be deprecated.
So the symbol has to have a different name, or linking becomes
impossible.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 17aec429f5)
 2022-08-25 17:36:42 +02:00
Jakub Jelen
02f1873b9e CMake: Do not build PKCS#11 URI support with OpenSSL <1.1.1 
The old version is missing the EVP_PKEY_up_ref(), which is needed to keep track
of the EVP_PKEY references.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 6e2648af6b)
 2022-08-25 17:36:38 +02:00
Jakub Jelen
5da93db25a pki: Rework handling of EVP_PKEYs in OpenSSL backend 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit a81e78aff4)
 2022-08-25 17:36:36 +02:00
Jakub Jelen
b18495b56b Initialize pkcs11 engine only once 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 0800618f32)
 2022-08-25 17:36:30 +02:00
Jakub Jelen
a96763b195 libcrypto: Skip unneccessary call to ENGINE_cleanup in OSSL>1.1 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit f721ee847b)
 2022-08-25 17:36:26 +02:00
Jakub Jelen
540257b421 pki: Factor out the backend-specifics from cleaning the key structure 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 382ff38caa)
 2022-08-25 17:36:22 +02:00
Jakub Jelen
b657eeb65e tests: Prevent memory leaks from test 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit bc0c027ac0)
 2022-08-25 17:36:16 +02:00
renmingshuai
4a87515026 tests: Ensure the mode of the created file is ... 
what we set in open funtion by the argument mode. The mode of the created file
is (mode & ~umask), So we set umask to typical default value(octal 022).

Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1286a70e13)
 2022-08-08 10:17:05 +02:00
Jakub Jelen
886ed379d8 session: Avoid memory leak of agent_socket from configuration file 
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48268

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aa1e136ea3)
 2022-08-08 10:17:00 +02:00
Norbert Pocs
9b9197d86b gitlab-ci: Enable environment variable in centos9 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 4d96c667bc)
 2022-08-03 19:43:48 +02:00
Norbert Pocs
64e89affeb torture.c Add environment variable to server fork 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 2e8e666b1d)
 2022-08-03 19:43:48 +02:00
Jakub Jelen
2c1ad3262a tests: Refactor and provide plain PKCS8 PEM format 
This also allows testing mbedtls with the PKCS8 PEM files

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 66be590657)
 2022-08-03 10:49:24 +02:00
Jakub Jelen
14ff31490f examples: Update keygen2 example to show fingerprints 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f193e6840d)
 2022-08-03 10:49:22 +02:00
Jakub Jelen
3db3511467 curve25519: Do not check for openssl functions when other crypto backend is used 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0982715bb5)
 2022-08-03 10:49:18 +02:00
Jakub Jelen
4c5da86f91 pki: Do not check for DSA headers when DSA is not built in 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ebeee7631d)
 2022-08-03 10:49:17 +02:00
Jakub Jelen
2564246024 mbedcrypto: Refactor PEM parsing 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aca482a5a5)
 2022-08-03 10:49:15 +02:00
Jakub Jelen
146d1a620d session: Initialize pointers 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 355e29d881)
 2022-08-03 10:49:14 +02:00
Anderson Toshiyuki Sasaki
19c43ff6b7 init: Free global init mutex in the destructor on Windows 
Fixes: #57 (T238)

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 163951d869)
 2022-08-02 16:03:06 +02:00
Norbert Pocs
58a2943d42 .gitlab-ci: Add centos9 image 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 84df28ee31)
 2022-08-02 16:03:05 +02:00
Norbert Pocs
54c5472b53 .gitlab-ci: Remove remaining rawhide lines 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 224298a4d0)
 2022-08-02 16:03:03 +02:00
Jakub Jelen
17e9cd70a5 Move digest functions into separate file 
The external ed25519 requires also the sha512 functions to work.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c09b02c573)
 2022-08-02 16:01:42 +02:00
Jakub Jelen
cee5c9f404 Build external override library with all symbols 
The curve25519 depends on ssh_get_random, which is normally built into libssh.
For the external override tests to build, we need to have them in separate
source file that can be included for this test.

For some reason, this did not happen on CI builds, but it did happen in koji
during RPM builds.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0da54f2908)
 2022-08-02 16:01:35 +02:00
Andreas Schneider
43fb1d7c8d packet: Check hmac return codes in ssh_packet_hmac_verify() 
CID #1490530

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit b42e9a19a3)
 2022-07-14 15:03:58 +02:00
Andreas Schneider
5c629f22f6 packet: Use consistent return codes in ssh_packet_hmac_verify() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit e27ee9d0a4)
 2022-07-14 15:03:57 +02:00
Andreas Schneider
46e0703c6e packet: Reformat ssh_packet_hmac_verify() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 4a7791b784)
 2022-07-14 15:03:55 +02:00
Norbert Pocs
cffa103378 Make it work with openssl3.0 
The KDF was changed in the new API, fetching the algorithm first
then creating the context using it.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 9a4c5203af)
 2022-07-13 15:36:07 +02:00
Norbert Pocs
ea6558b3a6 Change cmake files for new openssl API 
The new API does not provide EVP_KDF_CTX_new_id function, insted
it works with EVP_KDF_CTX_new and fetching the algorithm.
Adding a check for both to make it work with the new API too.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 8343a43edc)
 2022-07-13 15:36:04 +02:00
Norbert Pocs
33e12317c3 torture_options: Add test for '@' in login name 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 964df4dc29)
 2022-07-12 10:45:35 +02:00
Norbert Pocs
d17c635617 options: Parse hostname by last '@' 
The login name can have '@' char in it

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bb5f7e2707)
 2022-07-12 10:45:34 +02:00
Norbert Pocs
dde5fd8d38 bind.c: Add missing size constant to err_msg 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e53a2711d3)
 2022-07-12 10:43:25 +02:00
Andreas Schneider
46e78aaa3a gitlab-ci: Drop the rawhide runner 
Fedora 36 is using OpenSSL 3.0 now.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit a0c0efaf2e)
 2022-07-11 11:02:20 +02:00
Andreas Schneider
3107133d10 tests: Setup Leak Sanitizer suppressions for OpenSSL 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 21ef488121)
 2022-07-11 11:02:18 +02:00
Andreas Schneider
b9ccaf6e23 cmake: Build curve25519_ref.c if we build with libgcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 0128ed0d2c)
 2022-07-11 11:02:17 +02:00
Andreas Schneider
38b17e6e6e pki: Fix building pki_ed25519.c with libgcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 6a25f07777)
 2022-07-11 11:02:16 +02:00
Andreas Schneider
db0a1d6811 src: Fix building curve25519 with libgcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit cc0939df73)
 2022-07-11 11:02:14 +02:00
63 changed files with 4501 additions and 1925 deletions
Expand all files Collapse all files

97
.gitlab-ci.yml
View File

@@ -2,12 +2,13 @@
variables:
BUILD_IMAGES_PROJECT: libssh/build-images
CENTOS7_BUILD: buildenv-centos7
CENTOS9_BUILD: buildenv-c9s
COVERITY_BUILD: buildenv-coverity
FEDORA_BUILD: buildenv-fedora
MINGW_BUILD: buildenv-mingw
TUMBLEWEED_BUILD: buildenv-tumbleweed
UBUNTU_BUILD: buildenv-ubuntu
RAWHIDE_BUILD: buildenv-rawhide
ALPINE_BUILD: buildenv-alpine
stages:
- build
@@ -61,14 +62,6 @@ stages:
variables:
CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON
.fedora_rawhide:
extends: .fedora
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$RAWHIDE_BUILD
before_script:
- *build
# Legacy cp is needed for SHA1 tests to pass
- update-crypto-policies --set LEGACY
.tumbleweed:
extends: .tests
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
@@ -86,6 +79,15 @@ centos7/openssl_1.0.x/x86_64:
make -j$(nproc) &&
ctest --output-on-failure
centos9s/openssl_3.0.x/x86_64:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
extends: .tests
script:
- export OPENSSL_ENABLE_SHA1_SIGNATURES=1
- cmake3 $CMAKE_OPTIONS .. &&
make -j$(nproc) &&
ctest --output-on-failure
###############################################################################
# Fedora builds #
@@ -106,10 +108,10 @@ fedora/ninja:
script:
- cmake -G Ninja $CMAKE_OPTIONS ../ && ninja && ninja test
fedora/openssl_1.1.x/x86_64:
fedora/openssl_3.0.x/x86_64:
extends: .fedora
fedora/openssl_1.1.x/x86_64/fips:
fedora/openssl_3.0.x/x86_64/fips:
extends: .fedora
before_script:
- echo "# userspace fips" > /etc/system-fips
@@ -134,7 +136,7 @@ fedora/openssl_1.1.x/x86_64/fips:
make -j$(nproc) &&
OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
fedora/openssl_1.1.x/x86_64/minimal:
fedora/openssl_3.0.x/x86_64/minimal:
extends: .fedora
variables:
script:
@@ -149,49 +151,6 @@ fedora/openssl_1.1.x/x86_64/minimal:
-DWITH_GEX=OFF .. &&
make -j$(nproc)
fedora/openssl_3.0/x86_64:
extends: .fedora_rawhide
fedora/openssl_3.0/x86_64/fips:
extends: .fedora_rawhide
before_script:
- echo "# userspace fips" > /etc/system-fips
# We do not need the kernel part, but in case we ever do:
# mkdir -p /var/tmp/userspace-fips
# echo 1 > /var/tmp/userspace-fips/fips_enabled
# mount --bind /var/tmp/userspace-fips/fips_enabled \
# /proc/sys/crypto/fips_enabled
- update-crypto-policies --show
- update-crypto-policies --set FIPS
- update-crypto-policies --show
- mkdir -p obj && cd obj && cmake
-DCMAKE_BUILD_TYPE=RelWithDebInfo
-DPICKY_DEVELOPER=ON
-DWITH_BLOWFISH_CIPHER=ON
-DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
-DWITH_DSA=ON
-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
script:
- cmake $CMAKE_OPTIONS .. &&
make -j$(nproc) &&
OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
fedora/openssl_3.0/x86_64/minimal:
extends: .fedora_rawhide
variables:
script:
- cmake $CMAKE_DEFAULT_OPTIONS
-DWITH_SFTP=OFF
-DWITH_SERVER=OFF
-DWITH_ZLIB=OFF
-DWITH_PCAP=OFF
-DWITH_DSA=OFF
-DUNIT_TESTING=ON
-DCLIENT_TESTING=ON
-DWITH_GEX=OFF .. &&
make -j$(nproc)
# Address sanitizer doesn't mix well with LD_PRELOAD used in the testsuite
# so, this is only enabled for unit tests right now.
# TODO: add -DCLIENT_TESTING=ON -DSERVER_TESTING=ON
@@ -316,19 +275,8 @@ fedora/mingw32:
paths:
- obj-csbuild/
fedora/csbuild/openssl_1.1.x:
extends: .csbuild
script:
- csbuild
--build-dir=obj-csbuild
--build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)"
--git-commit-range $CI_COMMIT_RANGE
--color
--print-current --print-fixed
fedora/csbuild/openssl_3.0.x:
extends: .csbuild
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$RAWHIDE_BUILD
script:
- csbuild
--build-dir=obj-csbuild
@@ -366,6 +314,23 @@ ubuntu/openssl_1.1.x/x86_64:
extends: .tests
###############################################################################
# Alpine builds #
###############################################################################
alpine/musl:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BUILD
extends: .tests
script:
- cmake $CMAKE_DEFAULT_OPTIONS
-DWITH_SFTP=ON
-DWITH_SERVER=ON
-DWITH_ZLIB=ON
-DWITH_PCAP=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) &&
ctest --output-on-failure
###############################################################################
# Tumbleweed builds #
###############################################################################

20
CHANGELOG
View File

@@ -1,7 +1,22 @@
CHANGELOG
=========
version 0.10.0 (released 2022-07-xx)
version 0.10.4 (released 2022-09-07)
* Fixed issues with KDF on big endian
version 0.10.3 (released 2022-09-05)
* Fixed possible infinite loop in known hosts checking
version 0.10.2 (released 2022-09-02)
* Fixed tilde expansion when handling include directives
* Fixed building the shared torture library
* Made rekey test more robust (fixes running on i586 build systems e.g koji)
version 0.10.1 (released 2022-08-30)
* Fixed proxycommand support
* Fixed musl libc support
version 0.10.0 (released 2022-08-26)
* Added support for OpenSSL 3.0
* Added support for mbedTLS 3
* Added support for Smart Cards (through openssl pkcs11 engine)
@@ -25,6 +40,9 @@ version 0.10.0 (released 2022-07-xx)
* Deprecated old pubkey, privatekey API
* Avoided some needless large stack buffers to minimize memory footprint
* Removed support for OpenSSL < 1.0.1
* Fixed parsing username@host in login name
* Free global init mutex in the destructor on Windows
* Fixed PEM parsing in mbedtls to support both legacy and new PKCS8 formats
version 0.9.6 (released 2021-08-26)
* CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with

4
CMakeLists.txt
View File

@@ -10,7 +10,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
include(DefineCMakeDefaults)
include(DefineCompilerFlags)
project(libssh VERSION 0.10.0 LANGUAGES C)
project(libssh VERSION 0.10.4 LANGUAGES C)
# global needed variable
set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +22,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
# Increment AGE. Set REVISION to 0
# If the source code was changed, but there were no interface changes:
# Increment REVISION.
set(LIBRARY_VERSION "4.9.0")
set(LIBRARY_VERSION "4.9.4")
set(LIBRARY_SOVERSION "4")
# where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked

30
ConfigureChecks.cmake
View File

@@ -104,6 +104,10 @@ if (OPENSSL_FOUND)
set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
check_function_exists(EVP_KDF_CTX_new_id HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
check_function_exists(EVP_KDF_CTX_new HAVE_OPENSSL_EVP_KDF_CTX_NEW)
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
check_function_exists(FIPS_mode HAVE_OPENSSL_FIPS_MODE)
@@ -159,6 +163,11 @@ if (NOT WITH_GCRYPT AND NOT WITH_MBEDTLS)
if (HAVE_OPENSSL_ECC)
set(HAVE_ECC 1)
endif (HAVE_OPENSSL_ECC)
if (HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID OR HAVE_OPENSSL_EVP_KDF_CTX_NEW)
set(HAVE_OPENSSL_EVP_KDF_CTX 1)
endif (HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID OR HAVE_OPENSSL_EVP_KDF_CTX_NEW)
endif ()
if (WITH_DSA)
@@ -366,6 +375,23 @@ int main(void) {
return 0;
}" HAVE_FALLTHROUGH_ATTRIBUTE)
check_c_source_compiles("
#define WEAK __attribute__((weak))
WEAK int sum(int a, int b)
{
return a + b;
}
int main(void)
{
int i = sum(2, 2);
(void)i;
return 0;
}" HAVE_WEAK_ATTRIBUTE)
if (NOT WIN32)
check_c_source_compiles("
#define __unused __attribute__((unused))
@@ -468,6 +494,10 @@ if (WITH_PKCS11_URI)
message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto")
set(WITH_PKCS11_URI 0)
endif()
if (HAVE_OPENSSL AND NOT OPENSSL_VERSION VERSION_GREATER_EQUAL "1.1.1")
message(FATAL_ERROR "PKCS #11 requires at least OpenSSL 1.1.1")
set(WITH_PKCS11_URI 0)
endif()
endif()
if (WITH_MBEDTLS)

5
config.h.cmake
View File

@@ -114,8 +114,8 @@
/* Define to 1 if you have the `EVP_chacha20' function. */
#cmakedefine HAVE_OPENSSL_EVP_CHACHA20 1
/* Define to 1 if you have the `EVP_KDF_CTX_new_id' function. */
#cmakedefine HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID 1
/* Define to 1 if you have the `EVP_KDF_CTX_new_id' or `EVP_KDF_CTX_new` function. */
#cmakedefine HAVE_OPENSSL_EVP_KDF_CTX 1
/* Define to 1 if you have the `FIPS_mode' function. */
#cmakedefine HAVE_OPENSSL_FIPS_MODE 1
@@ -225,6 +225,7 @@
#cmakedefine HAVE_FALLTHROUGH_ATTRIBUTE 1
#cmakedefine HAVE_UNUSED_ATTRIBUTE 1
#cmakedefine HAVE_WEAK_ATTRIBUTE 1
#cmakedefine HAVE_CONSTRUCTOR_ATTRIBUTE 1
#cmakedefine HAVE_DESTRUCTOR_ATTRIBUTE 1

220
examples/keygen2.c
View File

@@ -38,6 +38,7 @@ struct arguments_st {
unsigned long bits;
char *file;
char *passphrase;
int action_list;
};
static struct argp_option options[] = {
@@ -88,6 +89,14 @@ static struct argp_option options[] = {
"\"rsa\", \"ecdsa\", \"ed25519\", and \"dsa\".\n",
.group = 0
},
{
.name = "list",
.key = 'l',
.arg = NULL,
.flags = 0,
.doc = "List the Fingerprint of the given key\n",
.group = 0
},
{
/* End of the options */
0
@@ -160,6 +169,9 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
goto end;
}
break;
case 'l':
arguments->action_list = 1;
break;
case ARGP_KEY_ARG:
if (state->arg_num > 0) {
/* Too many arguments. */
@@ -185,98 +197,103 @@ static int validate_args(struct arguments_st *args)
return EINVAL;
}
switch(args->type) {
case SSH_KEYTYPE_RSA:
switch(args->bits) {
case 0:
/* If not provided, use default value */
args->bits = 3072;
break;
case 1024:
case 2048:
case 3072:
case 4096:
case 8192:
break;
default:
fprintf(stderr, "Error: Invalid bits parameter provided\n");
rc = EINVAL;
break;
}
if (args->file == NULL) {
args->file = strdup("id_rsa");
if (args->file == NULL) {
rc = ENOMEM;
break;
}
}
/* no other arguments needed for listing key fingerprints */
if (args->action_list) {
return 0;
}
switch (args->type) {
case SSH_KEYTYPE_RSA:
switch (args->bits) {
case 0:
/* If not provided, use default value */
args->bits = 3072;
break;
case SSH_KEYTYPE_ECDSA:
switch(args->bits) {
case 0:
/* If not provided, use default value */
args->bits = 256;
break;
case 256:
case 384:
case 521:
break;
default:
fprintf(stderr, "Error: Invalid bits parameter provided\n");
rc = EINVAL;
break;
}
if (args->file == NULL) {
args->file = strdup("id_ecdsa");
if (args->file == NULL) {
rc = ENOMEM;
break;
}
}
break;
case SSH_KEYTYPE_DSS:
switch(args->bits) {
case 0:
/* If not provided, use default value */
args->bits = 1024;
break;
case 1024:
case 2048:
break;
default:
fprintf(stderr, "Error: Invalid bits parameter provided\n");
rc = EINVAL;
break;
}
if (args->file == NULL) {
args->file = strdup("id_dsa");
if (args->file == NULL) {
rc = ENOMEM;
break;
}
}
break;
case SSH_KEYTYPE_ED25519:
/* Ignore value and overwrite with a zero */
args->bits = 0;
if (args->file == NULL) {
args->file = strdup("id_ed25519");
if (args->file == NULL) {
rc = ENOMEM;
break;
}
}
case 1024:
case 2048:
case 3072:
case 4096:
case 8192:
break;
default:
fprintf(stderr, "Error: unknown key type\n");
fprintf(stderr, "Error: Invalid bits parameter provided\n");
rc = EINVAL;
break;
}
if (args->file == NULL) {
args->file = strdup("id_rsa");
if (args->file == NULL) {
rc = ENOMEM;
break;
}
}
break;
case SSH_KEYTYPE_ECDSA:
switch (args->bits) {
case 0:
/* If not provided, use default value */
args->bits = 256;
break;
case 256:
case 384:
case 521:
break;
default:
fprintf(stderr, "Error: Invalid bits parameter provided\n");
rc = EINVAL;
break;
}
if (args->file == NULL) {
args->file = strdup("id_ecdsa");
if (args->file == NULL) {
rc = ENOMEM;
break;
}
}
break;
case SSH_KEYTYPE_DSS:
switch (args->bits) {
case 0:
/* If not provided, use default value */
args->bits = 1024;
break;
case 1024:
case 2048:
break;
default:
fprintf(stderr, "Error: Invalid bits parameter provided\n");
rc = EINVAL;
break;
}
if (args->file == NULL) {
args->file = strdup("id_dsa");
if (args->file == NULL) {
rc = ENOMEM;
break;
}
}
break;
case SSH_KEYTYPE_ED25519:
/* Ignore value and overwrite with a zero */
args->bits = 0;
if (args->file == NULL) {
args->file = strdup("id_ed25519");
if (args->file == NULL) {
rc = ENOMEM;
break;
}
}
break;
default:
fprintf(stderr, "Error: unknown key type\n");
rc = EINVAL;
break;
}
return rc;
@@ -289,6 +306,31 @@ static char doc[] = "Generate an SSH key pair. "
/* Our argp parser */
static struct argp argp = {options, parse_opt, NULL, doc, NULL, NULL, NULL};
static void
list_fingerprint(char *file)
{
ssh_key key = NULL;
unsigned char *hash = NULL;
size_t hlen = 0;
int rc;
rc = ssh_pki_import_privkey_file(file, NULL, NULL, NULL, &key);
if (rc != SSH_OK) {
fprintf(stderr, "Failed to import private key %s\n", file);
return;
}
rc = ssh_get_publickey_hash(key, SSH_PUBLICKEY_HASH_SHA256, &hash, &hlen);
if (rc != SSH_OK) {
fprintf(stderr, "Failed to get key fingerprint\n");
return;
}
ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
ssh_clean_pubkey_hash(&hash);
ssh_key_free(key);
}
int main(int argc, char *argv[])
{
ssh_key key = NULL;
@@ -302,6 +344,7 @@ int main(int argc, char *argv[])
.bits = 0,
.file = NULL,
.passphrase = NULL,
.action_list = 0,
};
if (argc < 2) {
@@ -319,6 +362,11 @@ int main(int argc, char *argv[])
goto end;
}
if (arguments.action_list && arguments.file) {
list_fingerprint(arguments.file);
goto end;
}
errno = 0;
rc = open(arguments.file, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
if (rc < 0) {

2
examples/sshd_direct-tcpip.c
View File

@@ -92,7 +92,7 @@ cleanup_push(struct cleanup_node_struct** head_ref,
// Allocate memory for node
struct cleanup_node_struct *new_node = malloc(sizeof *new_node);
if (head_ref != NULL) {
if (*head_ref != NULL) {
new_node->next = *head_ref;
} else {
new_node->next = NULL;

5
include/libssh/crypto.h
View File

@@ -219,9 +219,12 @@ struct ssh_cipher_struct {
const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len);
int secure_memcmp(const void *s1, const void *s2, size_t n);
#ifdef HAVE_LIBCRYPTO
ENGINE *pki_get_engine(void);
#endif /* HAVE_LIBCRYPTO */
#endif /* _CRYPTO_H_ */

10
include/libssh/pki.h
View File

@@ -33,7 +33,7 @@
#include <openssl/evp.h>
#endif
#include "libssh/crypto.h"
#ifdef HAVE_OPENSSL_ED25519
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
/* If using OpenSSL implementation, define the signature lenght which would be
* defined in libssh/ed25519.h otherwise */
#define ED25519_SIG_LEN 64
@@ -78,9 +78,11 @@ struct ssh_key_struct {
# else
void *ecdsa;
# endif /* HAVE_OPENSSL_EC_H */
EVP_PKEY *key; /* Saving the OpenSSL context here to save time while converting*/
/* This holds either ENGINE key for PKCS#11 support or just key in
* high-level format required by OpenSSL 3.0 */
EVP_PKEY *key;
#endif /* HAVE_LIBGCRYPT */
#ifdef HAVE_OPENSSL_ED25519
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
uint8_t *ed25519_pubkey;
uint8_t *ed25519_privkey;
#else
@@ -104,7 +106,7 @@ struct ssh_signature_struct {
ssh_string rsa_sig;
struct mbedtls_ecdsa_sig ecdsa_sig;
#endif /* HAVE_LIBGCRYPT */
#ifndef HAVE_OPENSSL_ED25519
#if !defined(HAVE_LIBCRYPTO) || !defined(HAVE_OPENSSL_ED25519)
ed25519_signature *ed25519_sig;
#endif
ssh_string raw_sig;

2
include/libssh/pki_priv.h
View File

@@ -49,6 +49,8 @@ enum ssh_key_e {
SSH_KEY_PRIVATE
};
void pki_key_clean(ssh_key key);
int pki_key_ecdsa_nid_from_name(const char *name);
const char *pki_key_ecdsa_nid_to_name(int nid);
const char *ssh_key_signature_to_char(enum ssh_keytypes_e type,

4
include/libssh/priv.h
View File

@@ -152,7 +152,9 @@ char *strndup(const char *s, size_t n);
# endif /* _MSC_VER */
struct timeval;
int gettimeofday(struct timeval *__p, void *__t);
int ssh_gettimeofday(struct timeval *__p, void *__t);
#define gettimeofday ssh_gettimeofday
#define _XCLOSESOCKET closesocket

2
include/libssh/session.h
View File

@@ -223,7 +223,7 @@ struct ssh_session_struct {
char *agent_socket;
unsigned long timeout; /* seconds */
unsigned long timeout_usec;
unsigned int port;
uint16_t port;
socket_t fd;
int StrictHostKeyChecking;
char compressionlevel;

2
include/libssh/wrapper.h
View File

@@ -103,7 +103,7 @@ size_t hmac_digest_len(enum ssh_hmac_e type);
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len);
int crypt_set_algorithms_client(ssh_session session);

2
src/ABI/current
View File

@@ -1 +1 @@
4.9.0
4.9.4

427
src/ABI/libssh-4.9.1.symbols Normal file
View File

@@ -0,0 +1,427 @@
_ssh_log
buffer_free
buffer_get
buffer_get_len
buffer_new
channel_accept_x11
channel_change_pty_size
channel_close
channel_forward_accept
channel_forward_cancel
channel_forward_listen
channel_free
channel_get_exit_status
channel_get_session
channel_is_closed
channel_is_eof
channel_is_open
channel_new
channel_open_forward
channel_open_session
channel_poll
channel_read
channel_read_buffer
channel_read_nonblocking
channel_request_env
channel_request_exec
channel_request_pty
channel_request_pty_size
channel_request_send_signal
channel_request_sftp
channel_request_shell
channel_request_subsystem
channel_request_x11
channel_select
channel_send_eof
channel_set_blocking
channel_write
channel_write_stderr
privatekey_free
privatekey_from_file
publickey_free
publickey_from_file
publickey_from_privatekey
publickey_to_string
sftp_async_read
sftp_async_read_begin
sftp_attributes_free
sftp_canonicalize_path
sftp_chmod
sftp_chown
sftp_client_message_free
sftp_client_message_get_data
sftp_client_message_get_filename
sftp_client_message_get_flags
sftp_client_message_get_submessage
sftp_client_message_get_type
sftp_client_message_set_filename
sftp_close
sftp_closedir
sftp_dir_eof
sftp_extension_supported
sftp_extensions_get_count
sftp_extensions_get_data
sftp_extensions_get_name
sftp_file_set_blocking
sftp_file_set_nonblocking
sftp_free
sftp_fstat
sftp_fstatvfs
sftp_fsync
sftp_get_client_message
sftp_get_error
sftp_handle
sftp_handle_alloc
sftp_handle_remove
sftp_init
sftp_lstat
sftp_mkdir
sftp_new
sftp_new_channel
sftp_open
sftp_opendir
sftp_read
sftp_readdir
sftp_readlink
sftp_rename
sftp_reply_attr
sftp_reply_data
sftp_reply_handle
sftp_reply_name
sftp_reply_names
sftp_reply_names_add
sftp_reply_status
sftp_rewind
sftp_rmdir
sftp_seek
sftp_seek64
sftp_send_client_message
sftp_server_free
sftp_server_init
sftp_server_new
sftp_server_version
sftp_setstat
sftp_stat
sftp_statvfs
sftp_statvfs_free
sftp_symlink
sftp_tell
sftp_tell64
sftp_unlink
sftp_utimes
sftp_write
ssh_accept
ssh_add_channel_callbacks
ssh_auth_list
ssh_basename
ssh_bind_accept
ssh_bind_accept_fd
ssh_bind_fd_toaccept
ssh_bind_free
ssh_bind_get_fd
ssh_bind_listen
ssh_bind_new
ssh_bind_options_parse_config
ssh_bind_options_set
ssh_bind_set_blocking
ssh_bind_set_callbacks
ssh_bind_set_fd
ssh_blocking_flush
ssh_buffer_add_data
ssh_buffer_free
ssh_buffer_get
ssh_buffer_get_data
ssh_buffer_get_len
ssh_buffer_new
ssh_buffer_reinit
ssh_channel_accept_forward
ssh_channel_accept_x11
ssh_channel_cancel_forward
ssh_channel_change_pty_size
ssh_channel_close
ssh_channel_free
ssh_channel_get_exit_status
ssh_channel_get_session
ssh_channel_is_closed
ssh_channel_is_eof
ssh_channel_is_open
ssh_channel_listen_forward
ssh_channel_new
ssh_channel_open_auth_agent
ssh_channel_open_forward
ssh_channel_open_forward_port
ssh_channel_open_forward_unix
ssh_channel_open_reverse_forward
ssh_channel_open_session
ssh_channel_open_x11
ssh_channel_poll
ssh_channel_poll_timeout
ssh_channel_read
ssh_channel_read_nonblocking
ssh_channel_read_timeout
ssh_channel_request_auth_agent
ssh_channel_request_env
ssh_channel_request_exec
ssh_channel_request_pty
ssh_channel_request_pty_size
ssh_channel_request_send_break
ssh_channel_request_send_exit_signal
ssh_channel_request_send_exit_status
ssh_channel_request_send_signal
ssh_channel_request_sftp
ssh_channel_request_shell
ssh_channel_request_subsystem
ssh_channel_request_x11
ssh_channel_select
ssh_channel_send_eof
ssh_channel_set_blocking
ssh_channel_set_counter
ssh_channel_window_size
ssh_channel_write
ssh_channel_write_stderr
ssh_clean_pubkey_hash
ssh_connect
ssh_connector_free
ssh_connector_new
ssh_connector_set_in_channel
ssh_connector_set_in_fd
ssh_connector_set_out_channel
ssh_connector_set_out_fd
ssh_copyright
ssh_dirname
ssh_disconnect
ssh_dump_knownhost
ssh_event_add_connector
ssh_event_add_fd
ssh_event_add_session
ssh_event_dopoll
ssh_event_free
ssh_event_new
ssh_event_remove_connector
ssh_event_remove_fd
ssh_event_remove_session
ssh_execute_message_callbacks
ssh_finalize
ssh_forward_accept
ssh_forward_cancel
ssh_forward_listen
ssh_free
ssh_get_cipher_in
ssh_get_cipher_out
ssh_get_clientbanner
ssh_get_disconnect_message
ssh_get_error
ssh_get_error_code
ssh_get_fd
ssh_get_fingerprint_hash
ssh_get_hexa
ssh_get_hmac_in
ssh_get_hmac_out
ssh_get_issue_banner
ssh_get_kex_algo
ssh_get_log_callback
ssh_get_log_level
ssh_get_log_userdata
ssh_get_openssh_version
ssh_get_poll_flags
ssh_get_pubkey
ssh_get_pubkey_hash
ssh_get_publickey
ssh_get_publickey_hash
ssh_get_random
ssh_get_server_publickey
ssh_get_serverbanner
ssh_get_status
ssh_get_version
ssh_getpass
ssh_gssapi_get_creds
ssh_gssapi_set_creds
ssh_handle_key_exchange
ssh_init
ssh_is_blocking
ssh_is_connected
ssh_is_server_known
ssh_key_cmp
ssh_key_dup
ssh_key_free
ssh_key_is_private
ssh_key_is_public
ssh_key_new
ssh_key_type
ssh_key_type_from_name
ssh_key_type_to_char
ssh_known_hosts_parse_line
ssh_knownhosts_entry_free
ssh_log
ssh_message_auth_interactive_request
ssh_message_auth_kbdint_is_response
ssh_message_auth_password
ssh_message_auth_pubkey
ssh_message_auth_publickey
ssh_message_auth_publickey_state
ssh_message_auth_reply_pk_ok
ssh_message_auth_reply_pk_ok_simple
ssh_message_auth_reply_success
ssh_message_auth_set_methods
ssh_message_auth_user
ssh_message_channel_request_channel
ssh_message_channel_request_command
ssh_message_channel_request_env_name
ssh_message_channel_request_env_value
ssh_message_channel_request_open_destination
ssh_message_channel_request_open_destination_port
ssh_message_channel_request_open_originator
ssh_message_channel_request_open_originator_port
ssh_message_channel_request_open_reply_accept
ssh_message_channel_request_open_reply_accept_channel
ssh_message_channel_request_pty_height
ssh_message_channel_request_pty_pxheight
ssh_message_channel_request_pty_pxwidth
ssh_message_channel_request_pty_term
ssh_message_channel_request_pty_width
ssh_message_channel_request_reply_success
ssh_message_channel_request_subsystem
ssh_message_channel_request_x11_auth_cookie
ssh_message_channel_request_x11_auth_protocol
ssh_message_channel_request_x11_screen_number
ssh_message_channel_request_x11_single_connection
ssh_message_free
ssh_message_get
ssh_message_global_request_address
ssh_message_global_request_port
ssh_message_global_request_reply_success
ssh_message_reply_default
ssh_message_retrieve
ssh_message_service_reply_success
ssh_message_service_service
ssh_message_subtype
ssh_message_type
ssh_mkdir
ssh_new
ssh_options_copy
ssh_options_get
ssh_options_get_port
ssh_options_getopt
ssh_options_parse_config
ssh_options_set
ssh_pcap_file_close
ssh_pcap_file_free
ssh_pcap_file_new
ssh_pcap_file_open
ssh_pki_copy_cert_to_privkey
ssh_pki_export_privkey_base64
ssh_pki_export_privkey_file
ssh_pki_export_privkey_to_pubkey
ssh_pki_export_pubkey_base64
ssh_pki_export_pubkey_file
ssh_pki_generate
ssh_pki_import_cert_base64
ssh_pki_import_cert_file
ssh_pki_import_privkey_base64
ssh_pki_import_privkey_file
ssh_pki_import_pubkey_base64
ssh_pki_import_pubkey_file
ssh_pki_key_ecdsa_name
ssh_print_hash
ssh_print_hexa
ssh_privatekey_type
ssh_publickey_to_file
ssh_remove_channel_callbacks
ssh_scp_accept_request
ssh_scp_close
ssh_scp_deny_request
ssh_scp_free
ssh_scp_init
ssh_scp_leave_directory
ssh_scp_new
ssh_scp_pull_request
ssh_scp_push_directory
ssh_scp_push_file
ssh_scp_push_file64
ssh_scp_read
ssh_scp_request_get_filename
ssh_scp_request_get_permissions
ssh_scp_request_get_size
ssh_scp_request_get_size64
ssh_scp_request_get_warning
ssh_scp_write
ssh_select
ssh_send_debug
ssh_send_ignore
ssh_send_issue_banner
ssh_send_keepalive
ssh_server_init_kex
ssh_service_request
ssh_session_export_known_hosts_entry
ssh_session_get_known_hosts_entry
ssh_session_has_known_hosts_entry
ssh_session_is_known_server
ssh_session_set_disconnect_message
ssh_session_update_known_hosts
ssh_set_agent_channel
ssh_set_agent_socket
ssh_set_auth_methods
ssh_set_blocking
ssh_set_callbacks
ssh_set_channel_callbacks
ssh_set_counters
ssh_set_fd_except
ssh_set_fd_toread
ssh_set_fd_towrite
ssh_set_log_callback
ssh_set_log_level
ssh_set_log_userdata
ssh_set_message_callback
ssh_set_pcap_file
ssh_set_server_callbacks
ssh_silent_disconnect
ssh_string_burn
ssh_string_copy
ssh_string_data
ssh_string_fill
ssh_string_free
ssh_string_free_char
ssh_string_from_char
ssh_string_get_char
ssh_string_len
ssh_string_new
ssh_string_to_char
ssh_threads_get_default
ssh_threads_get_noop
ssh_threads_get_pthread
ssh_threads_set_callbacks
ssh_try_publickey_from_file
ssh_userauth_agent
ssh_userauth_agent_pubkey
ssh_userauth_autopubkey
ssh_userauth_gssapi
ssh_userauth_kbdint
ssh_userauth_kbdint_getanswer
ssh_userauth_kbdint_getinstruction
ssh_userauth_kbdint_getname
ssh_userauth_kbdint_getnanswers
ssh_userauth_kbdint_getnprompts
ssh_userauth_kbdint_getprompt
ssh_userauth_kbdint_setanswer
ssh_userauth_list
ssh_userauth_none
ssh_userauth_offer_pubkey
ssh_userauth_password
ssh_userauth_privatekey_file
ssh_userauth_pubkey
ssh_userauth_publickey
ssh_userauth_publickey_auto
ssh_userauth_publickey_auto_get_current_identity
ssh_userauth_try_publickey
ssh_version
ssh_vlog
ssh_write_knownhost
string_burn
string_copy
string_data
string_fill
string_free
string_from_char
string_len
string_new
string_to_char

427
src/ABI/libssh-4.9.2.symbols Normal file
View File

@@ -0,0 +1,427 @@
_ssh_log
buffer_free
buffer_get
buffer_get_len
buffer_new
channel_accept_x11
channel_change_pty_size
channel_close
channel_forward_accept
channel_forward_cancel
channel_forward_listen
channel_free
channel_get_exit_status
channel_get_session
channel_is_closed
channel_is_eof
channel_is_open
channel_new
channel_open_forward
channel_open_session
channel_poll
channel_read
channel_read_buffer
channel_read_nonblocking
channel_request_env
channel_request_exec
channel_request_pty
channel_request_pty_size
channel_request_send_signal
channel_request_sftp
channel_request_shell
channel_request_subsystem
channel_request_x11
channel_select
channel_send_eof
channel_set_blocking
channel_write
channel_write_stderr
privatekey_free
privatekey_from_file
publickey_free
publickey_from_file
publickey_from_privatekey
publickey_to_string
sftp_async_read
sftp_async_read_begin
sftp_attributes_free
sftp_canonicalize_path
sftp_chmod
sftp_chown
sftp_client_message_free
sftp_client_message_get_data
sftp_client_message_get_filename
sftp_client_message_get_flags
sftp_client_message_get_submessage
sftp_client_message_get_type
sftp_client_message_set_filename
sftp_close
sftp_closedir
sftp_dir_eof
sftp_extension_supported
sftp_extensions_get_count
sftp_extensions_get_data
sftp_extensions_get_name
sftp_file_set_blocking
sftp_file_set_nonblocking
sftp_free
sftp_fstat
sftp_fstatvfs
sftp_fsync
sftp_get_client_message
sftp_get_error
sftp_handle
sftp_handle_alloc
sftp_handle_remove
sftp_init
sftp_lstat
sftp_mkdir
sftp_new
sftp_new_channel
sftp_open
sftp_opendir
sftp_read
sftp_readdir
sftp_readlink
sftp_rename
sftp_reply_attr
sftp_reply_data
sftp_reply_handle
sftp_reply_name
sftp_reply_names
sftp_reply_names_add
sftp_reply_status
sftp_rewind
sftp_rmdir
sftp_seek
sftp_seek64
sftp_send_client_message
sftp_server_free
sftp_server_init
sftp_server_new
sftp_server_version
sftp_setstat
sftp_stat
sftp_statvfs
sftp_statvfs_free
sftp_symlink
sftp_tell
sftp_tell64
sftp_unlink
sftp_utimes
sftp_write
ssh_accept
ssh_add_channel_callbacks
ssh_auth_list
ssh_basename
ssh_bind_accept
ssh_bind_accept_fd
ssh_bind_fd_toaccept
ssh_bind_free
ssh_bind_get_fd
ssh_bind_listen
ssh_bind_new
ssh_bind_options_parse_config
ssh_bind_options_set
ssh_bind_set_blocking
ssh_bind_set_callbacks
ssh_bind_set_fd
ssh_blocking_flush
ssh_buffer_add_data
ssh_buffer_free
ssh_buffer_get
ssh_buffer_get_data
ssh_buffer_get_len
ssh_buffer_new
ssh_buffer_reinit
ssh_channel_accept_forward
ssh_channel_accept_x11
ssh_channel_cancel_forward
ssh_channel_change_pty_size
ssh_channel_close
ssh_channel_free
ssh_channel_get_exit_status
ssh_channel_get_session
ssh_channel_is_closed
ssh_channel_is_eof
ssh_channel_is_open
ssh_channel_listen_forward
ssh_channel_new
ssh_channel_open_auth_agent
ssh_channel_open_forward
ssh_channel_open_forward_port
ssh_channel_open_forward_unix
ssh_channel_open_reverse_forward
ssh_channel_open_session
ssh_channel_open_x11
ssh_channel_poll
ssh_channel_poll_timeout
ssh_channel_read
ssh_channel_read_nonblocking
ssh_channel_read_timeout
ssh_channel_request_auth_agent
ssh_channel_request_env
ssh_channel_request_exec
ssh_channel_request_pty
ssh_channel_request_pty_size
ssh_channel_request_send_break
ssh_channel_request_send_exit_signal
ssh_channel_request_send_exit_status
ssh_channel_request_send_signal
ssh_channel_request_sftp
ssh_channel_request_shell
ssh_channel_request_subsystem
ssh_channel_request_x11
ssh_channel_select
ssh_channel_send_eof
ssh_channel_set_blocking
ssh_channel_set_counter
ssh_channel_window_size
ssh_channel_write
ssh_channel_write_stderr
ssh_clean_pubkey_hash
ssh_connect
ssh_connector_free
ssh_connector_new
ssh_connector_set_in_channel
ssh_connector_set_in_fd
ssh_connector_set_out_channel
ssh_connector_set_out_fd
ssh_copyright
ssh_dirname
ssh_disconnect
ssh_dump_knownhost
ssh_event_add_connector
ssh_event_add_fd
ssh_event_add_session
ssh_event_dopoll
ssh_event_free
ssh_event_new
ssh_event_remove_connector
ssh_event_remove_fd
ssh_event_remove_session
ssh_execute_message_callbacks
ssh_finalize
ssh_forward_accept
ssh_forward_cancel
ssh_forward_listen
ssh_free
ssh_get_cipher_in
ssh_get_cipher_out
ssh_get_clientbanner
ssh_get_disconnect_message
ssh_get_error
ssh_get_error_code
ssh_get_fd
ssh_get_fingerprint_hash
ssh_get_hexa
ssh_get_hmac_in
ssh_get_hmac_out
ssh_get_issue_banner
ssh_get_kex_algo
ssh_get_log_callback
ssh_get_log_level
ssh_get_log_userdata
ssh_get_openssh_version
ssh_get_poll_flags
ssh_get_pubkey
ssh_get_pubkey_hash
ssh_get_publickey
ssh_get_publickey_hash
ssh_get_random
ssh_get_server_publickey
ssh_get_serverbanner
ssh_get_status
ssh_get_version
ssh_getpass
ssh_gssapi_get_creds
ssh_gssapi_set_creds
ssh_handle_key_exchange
ssh_init
ssh_is_blocking
ssh_is_connected
ssh_is_server_known
ssh_key_cmp
ssh_key_dup
ssh_key_free
ssh_key_is_private
ssh_key_is_public
ssh_key_new
ssh_key_type
ssh_key_type_from_name
ssh_key_type_to_char
ssh_known_hosts_parse_line
ssh_knownhosts_entry_free
ssh_log
ssh_message_auth_interactive_request
ssh_message_auth_kbdint_is_response
ssh_message_auth_password
ssh_message_auth_pubkey
ssh_message_auth_publickey
ssh_message_auth_publickey_state
ssh_message_auth_reply_pk_ok
ssh_message_auth_reply_pk_ok_simple
ssh_message_auth_reply_success
ssh_message_auth_set_methods
ssh_message_auth_user
ssh_message_channel_request_channel
ssh_message_channel_request_command
ssh_message_channel_request_env_name
ssh_message_channel_request_env_value
ssh_message_channel_request_open_destination
ssh_message_channel_request_open_destination_port
ssh_message_channel_request_open_originator
ssh_message_channel_request_open_originator_port
ssh_message_channel_request_open_reply_accept
ssh_message_channel_request_open_reply_accept_channel
ssh_message_channel_request_pty_height
ssh_message_channel_request_pty_pxheight
ssh_message_channel_request_pty_pxwidth
ssh_message_channel_request_pty_term
ssh_message_channel_request_pty_width
ssh_message_channel_request_reply_success
ssh_message_channel_request_subsystem
ssh_message_channel_request_x11_auth_cookie
ssh_message_channel_request_x11_auth_protocol
ssh_message_channel_request_x11_screen_number
ssh_message_channel_request_x11_single_connection
ssh_message_free
ssh_message_get
ssh_message_global_request_address
ssh_message_global_request_port
ssh_message_global_request_reply_success
ssh_message_reply_default
ssh_message_retrieve
ssh_message_service_reply_success
ssh_message_service_service
ssh_message_subtype
ssh_message_type
ssh_mkdir
ssh_new
ssh_options_copy
ssh_options_get
ssh_options_get_port
ssh_options_getopt
ssh_options_parse_config
ssh_options_set
ssh_pcap_file_close
ssh_pcap_file_free
ssh_pcap_file_new
ssh_pcap_file_open
ssh_pki_copy_cert_to_privkey
ssh_pki_export_privkey_base64
ssh_pki_export_privkey_file
ssh_pki_export_privkey_to_pubkey
ssh_pki_export_pubkey_base64
ssh_pki_export_pubkey_file
ssh_pki_generate
ssh_pki_import_cert_base64
ssh_pki_import_cert_file
ssh_pki_import_privkey_base64
ssh_pki_import_privkey_file
ssh_pki_import_pubkey_base64
ssh_pki_import_pubkey_file
ssh_pki_key_ecdsa_name
ssh_print_hash
ssh_print_hexa
ssh_privatekey_type
ssh_publickey_to_file
ssh_remove_channel_callbacks
ssh_scp_accept_request
ssh_scp_close
ssh_scp_deny_request
ssh_scp_free
ssh_scp_init
ssh_scp_leave_directory
ssh_scp_new
ssh_scp_pull_request
ssh_scp_push_directory
ssh_scp_push_file
ssh_scp_push_file64
ssh_scp_read
ssh_scp_request_get_filename
ssh_scp_request_get_permissions
ssh_scp_request_get_size
ssh_scp_request_get_size64
ssh_scp_request_get_warning
ssh_scp_write
ssh_select
ssh_send_debug
ssh_send_ignore
ssh_send_issue_banner
ssh_send_keepalive
ssh_server_init_kex
ssh_service_request
ssh_session_export_known_hosts_entry
ssh_session_get_known_hosts_entry
ssh_session_has_known_hosts_entry
ssh_session_is_known_server
ssh_session_set_disconnect_message
ssh_session_update_known_hosts
ssh_set_agent_channel
ssh_set_agent_socket
ssh_set_auth_methods
ssh_set_blocking
ssh_set_callbacks
ssh_set_channel_callbacks
ssh_set_counters
ssh_set_fd_except
ssh_set_fd_toread
ssh_set_fd_towrite
ssh_set_log_callback
ssh_set_log_level
ssh_set_log_userdata
ssh_set_message_callback
ssh_set_pcap_file
ssh_set_server_callbacks
ssh_silent_disconnect
ssh_string_burn
ssh_string_copy
ssh_string_data
ssh_string_fill
ssh_string_free
ssh_string_free_char
ssh_string_from_char
ssh_string_get_char
ssh_string_len
ssh_string_new
ssh_string_to_char
ssh_threads_get_default
ssh_threads_get_noop
ssh_threads_get_pthread
ssh_threads_set_callbacks
ssh_try_publickey_from_file
ssh_userauth_agent
ssh_userauth_agent_pubkey
ssh_userauth_autopubkey
ssh_userauth_gssapi
ssh_userauth_kbdint
ssh_userauth_kbdint_getanswer
ssh_userauth_kbdint_getinstruction
ssh_userauth_kbdint_getname
ssh_userauth_kbdint_getnanswers
ssh_userauth_kbdint_getnprompts
ssh_userauth_kbdint_getprompt
ssh_userauth_kbdint_setanswer
ssh_userauth_list
ssh_userauth_none
ssh_userauth_offer_pubkey
ssh_userauth_password
ssh_userauth_privatekey_file
ssh_userauth_pubkey
ssh_userauth_publickey
ssh_userauth_publickey_auto
ssh_userauth_publickey_auto_get_current_identity
ssh_userauth_try_publickey
ssh_version
ssh_vlog
ssh_write_knownhost
string_burn
string_copy
string_data
string_fill
string_free
string_from_char
string_len
string_new
string_to_char

427
src/ABI/libssh-4.9.3.symbols Normal file
View File

@@ -0,0 +1,427 @@
_ssh_log
buffer_free
buffer_get
buffer_get_len
buffer_new
channel_accept_x11
channel_change_pty_size
channel_close
channel_forward_accept
channel_forward_cancel
channel_forward_listen
channel_free
channel_get_exit_status
channel_get_session
channel_is_closed
channel_is_eof
channel_is_open
channel_new
channel_open_forward
channel_open_session
channel_poll
channel_read
channel_read_buffer
channel_read_nonblocking
channel_request_env
channel_request_exec
channel_request_pty
channel_request_pty_size
channel_request_send_signal
channel_request_sftp
channel_request_shell
channel_request_subsystem
channel_request_x11
channel_select
channel_send_eof
channel_set_blocking
channel_write
channel_write_stderr
privatekey_free
privatekey_from_file
publickey_free
publickey_from_file
publickey_from_privatekey
publickey_to_string
sftp_async_read
sftp_async_read_begin
sftp_attributes_free
sftp_canonicalize_path
sftp_chmod
sftp_chown
sftp_client_message_free
sftp_client_message_get_data
sftp_client_message_get_filename
sftp_client_message_get_flags
sftp_client_message_get_submessage
sftp_client_message_get_type
sftp_client_message_set_filename
sftp_close
sftp_closedir
sftp_dir_eof
sftp_extension_supported
sftp_extensions_get_count
sftp_extensions_get_data
sftp_extensions_get_name
sftp_file_set_blocking
sftp_file_set_nonblocking
sftp_free
sftp_fstat
sftp_fstatvfs
sftp_fsync
sftp_get_client_message
sftp_get_error
sftp_handle
sftp_handle_alloc
sftp_handle_remove
sftp_init
sftp_lstat
sftp_mkdir
sftp_new
sftp_new_channel
sftp_open
sftp_opendir
sftp_read
sftp_readdir
sftp_readlink
sftp_rename
sftp_reply_attr
sftp_reply_data
sftp_reply_handle
sftp_reply_name
sftp_reply_names
sftp_reply_names_add
sftp_reply_status
sftp_rewind
sftp_rmdir
sftp_seek
sftp_seek64
sftp_send_client_message
sftp_server_free
sftp_server_init
sftp_server_new
sftp_server_version
sftp_setstat
sftp_stat
sftp_statvfs
sftp_statvfs_free
sftp_symlink
sftp_tell
sftp_tell64
sftp_unlink
sftp_utimes
sftp_write
ssh_accept
ssh_add_channel_callbacks
ssh_auth_list
ssh_basename
ssh_bind_accept
ssh_bind_accept_fd
ssh_bind_fd_toaccept
ssh_bind_free
ssh_bind_get_fd
ssh_bind_listen
ssh_bind_new
ssh_bind_options_parse_config
ssh_bind_options_set
ssh_bind_set_blocking
ssh_bind_set_callbacks
ssh_bind_set_fd
ssh_blocking_flush
ssh_buffer_add_data
ssh_buffer_free
ssh_buffer_get
ssh_buffer_get_data
ssh_buffer_get_len
ssh_buffer_new
ssh_buffer_reinit
ssh_channel_accept_forward
ssh_channel_accept_x11
ssh_channel_cancel_forward
ssh_channel_change_pty_size
ssh_channel_close
ssh_channel_free
ssh_channel_get_exit_status
ssh_channel_get_session
ssh_channel_is_closed
ssh_channel_is_eof
ssh_channel_is_open
ssh_channel_listen_forward
ssh_channel_new
ssh_channel_open_auth_agent
ssh_channel_open_forward
ssh_channel_open_forward_port
ssh_channel_open_forward_unix
ssh_channel_open_reverse_forward
ssh_channel_open_session
ssh_channel_open_x11
ssh_channel_poll
ssh_channel_poll_timeout
ssh_channel_read
ssh_channel_read_nonblocking
ssh_channel_read_timeout
ssh_channel_request_auth_agent
ssh_channel_request_env
ssh_channel_request_exec
ssh_channel_request_pty
ssh_channel_request_pty_size
ssh_channel_request_send_break
ssh_channel_request_send_exit_signal
ssh_channel_request_send_exit_status
ssh_channel_request_send_signal
ssh_channel_request_sftp
ssh_channel_request_shell
ssh_channel_request_subsystem
ssh_channel_request_x11
ssh_channel_select
ssh_channel_send_eof
ssh_channel_set_blocking
ssh_channel_set_counter
ssh_channel_window_size
ssh_channel_write
ssh_channel_write_stderr
ssh_clean_pubkey_hash
ssh_connect
ssh_connector_free
ssh_connector_new
ssh_connector_set_in_channel
ssh_connector_set_in_fd
ssh_connector_set_out_channel
ssh_connector_set_out_fd
ssh_copyright
ssh_dirname
ssh_disconnect
ssh_dump_knownhost
ssh_event_add_connector
ssh_event_add_fd
ssh_event_add_session
ssh_event_dopoll
ssh_event_free
ssh_event_new
ssh_event_remove_connector
ssh_event_remove_fd
ssh_event_remove_session
ssh_execute_message_callbacks
ssh_finalize
ssh_forward_accept
ssh_forward_cancel
ssh_forward_listen
ssh_free
ssh_get_cipher_in
ssh_get_cipher_out
ssh_get_clientbanner
ssh_get_disconnect_message
ssh_get_error
ssh_get_error_code
ssh_get_fd
ssh_get_fingerprint_hash
ssh_get_hexa
ssh_get_hmac_in
ssh_get_hmac_out
ssh_get_issue_banner
ssh_get_kex_algo
ssh_get_log_callback
ssh_get_log_level
ssh_get_log_userdata
ssh_get_openssh_version
ssh_get_poll_flags
ssh_get_pubkey
ssh_get_pubkey_hash
ssh_get_publickey
ssh_get_publickey_hash
ssh_get_random
ssh_get_server_publickey
ssh_get_serverbanner
ssh_get_status
ssh_get_version
ssh_getpass
ssh_gssapi_get_creds
ssh_gssapi_set_creds
ssh_handle_key_exchange
ssh_init
ssh_is_blocking
ssh_is_connected
ssh_is_server_known
ssh_key_cmp
ssh_key_dup
ssh_key_free
ssh_key_is_private
ssh_key_is_public
ssh_key_new
ssh_key_type
ssh_key_type_from_name
ssh_key_type_to_char
ssh_known_hosts_parse_line
ssh_knownhosts_entry_free
ssh_log
ssh_message_auth_interactive_request
ssh_message_auth_kbdint_is_response
ssh_message_auth_password
ssh_message_auth_pubkey
ssh_message_auth_publickey
ssh_message_auth_publickey_state
ssh_message_auth_reply_pk_ok
ssh_message_auth_reply_pk_ok_simple
ssh_message_auth_reply_success
ssh_message_auth_set_methods
ssh_message_auth_user
ssh_message_channel_request_channel
ssh_message_channel_request_command
ssh_message_channel_request_env_name
ssh_message_channel_request_env_value
ssh_message_channel_request_open_destination
ssh_message_channel_request_open_destination_port
ssh_message_channel_request_open_originator
ssh_message_channel_request_open_originator_port
ssh_message_channel_request_open_reply_accept
ssh_message_channel_request_open_reply_accept_channel
ssh_message_channel_request_pty_height
ssh_message_channel_request_pty_pxheight
ssh_message_channel_request_pty_pxwidth
ssh_message_channel_request_pty_term
ssh_message_channel_request_pty_width
ssh_message_channel_request_reply_success
ssh_message_channel_request_subsystem
ssh_message_channel_request_x11_auth_cookie
ssh_message_channel_request_x11_auth_protocol
ssh_message_channel_request_x11_screen_number
ssh_message_channel_request_x11_single_connection
ssh_message_free
ssh_message_get
ssh_message_global_request_address
ssh_message_global_request_port
ssh_message_global_request_reply_success
ssh_message_reply_default
ssh_message_retrieve
ssh_message_service_reply_success
ssh_message_service_service
ssh_message_subtype
ssh_message_type
ssh_mkdir
ssh_new
ssh_options_copy
ssh_options_get
ssh_options_get_port
ssh_options_getopt
ssh_options_parse_config
ssh_options_set
ssh_pcap_file_close
ssh_pcap_file_free
ssh_pcap_file_new
ssh_pcap_file_open
ssh_pki_copy_cert_to_privkey
ssh_pki_export_privkey_base64
ssh_pki_export_privkey_file
ssh_pki_export_privkey_to_pubkey
ssh_pki_export_pubkey_base64
ssh_pki_export_pubkey_file
ssh_pki_generate
ssh_pki_import_cert_base64
ssh_pki_import_cert_file
ssh_pki_import_privkey_base64
ssh_pki_import_privkey_file
ssh_pki_import_pubkey_base64
ssh_pki_import_pubkey_file
ssh_pki_key_ecdsa_name
ssh_print_hash
ssh_print_hexa
ssh_privatekey_type
ssh_publickey_to_file
ssh_remove_channel_callbacks
ssh_scp_accept_request
ssh_scp_close
ssh_scp_deny_request
ssh_scp_free
ssh_scp_init
ssh_scp_leave_directory
ssh_scp_new
ssh_scp_pull_request
ssh_scp_push_directory
ssh_scp_push_file
ssh_scp_push_file64
ssh_scp_read
ssh_scp_request_get_filename
ssh_scp_request_get_permissions
ssh_scp_request_get_size
ssh_scp_request_get_size64
ssh_scp_request_get_warning
ssh_scp_write
ssh_select
ssh_send_debug
ssh_send_ignore
ssh_send_issue_banner
ssh_send_keepalive
ssh_server_init_kex
ssh_service_request
ssh_session_export_known_hosts_entry
ssh_session_get_known_hosts_entry
ssh_session_has_known_hosts_entry
ssh_session_is_known_server
ssh_session_set_disconnect_message
ssh_session_update_known_hosts
ssh_set_agent_channel
ssh_set_agent_socket
ssh_set_auth_methods
ssh_set_blocking
ssh_set_callbacks
ssh_set_channel_callbacks
ssh_set_counters
ssh_set_fd_except
ssh_set_fd_toread
ssh_set_fd_towrite
ssh_set_log_callback
ssh_set_log_level
ssh_set_log_userdata
ssh_set_message_callback
ssh_set_pcap_file
ssh_set_server_callbacks
ssh_silent_disconnect
ssh_string_burn
ssh_string_copy
ssh_string_data
ssh_string_fill
ssh_string_free
ssh_string_free_char
ssh_string_from_char
ssh_string_get_char
ssh_string_len
ssh_string_new
ssh_string_to_char
ssh_threads_get_default
ssh_threads_get_noop
ssh_threads_get_pthread
ssh_threads_set_callbacks
ssh_try_publickey_from_file
ssh_userauth_agent
ssh_userauth_agent_pubkey
ssh_userauth_autopubkey
ssh_userauth_gssapi
ssh_userauth_kbdint
ssh_userauth_kbdint_getanswer
ssh_userauth_kbdint_getinstruction
ssh_userauth_kbdint_getname
ssh_userauth_kbdint_getnanswers
ssh_userauth_kbdint_getnprompts
ssh_userauth_kbdint_getprompt
ssh_userauth_kbdint_setanswer
ssh_userauth_list
ssh_userauth_none
ssh_userauth_offer_pubkey
ssh_userauth_password
ssh_userauth_privatekey_file
ssh_userauth_pubkey
ssh_userauth_publickey
ssh_userauth_publickey_auto
ssh_userauth_publickey_auto_get_current_identity
ssh_userauth_try_publickey
ssh_version
ssh_vlog
ssh_write_knownhost
string_burn
string_copy
string_data
string_fill
string_free
string_from_char
string_len
string_new
string_to_char

427
src/ABI/libssh-4.9.4.symbols Normal file
View File

@@ -0,0 +1,427 @@
_ssh_log
buffer_free
buffer_get
buffer_get_len
buffer_new
channel_accept_x11
channel_change_pty_size
channel_close
channel_forward_accept
channel_forward_cancel
channel_forward_listen
channel_free
channel_get_exit_status
channel_get_session
channel_is_closed
channel_is_eof
channel_is_open
channel_new
channel_open_forward
channel_open_session
channel_poll
channel_read
channel_read_buffer
channel_read_nonblocking
channel_request_env
channel_request_exec
channel_request_pty
channel_request_pty_size
channel_request_send_signal
channel_request_sftp
channel_request_shell
channel_request_subsystem
channel_request_x11
channel_select
channel_send_eof
channel_set_blocking
channel_write
channel_write_stderr
privatekey_free
privatekey_from_file
publickey_free
publickey_from_file
publickey_from_privatekey
publickey_to_string
sftp_async_read
sftp_async_read_begin
sftp_attributes_free
sftp_canonicalize_path
sftp_chmod
sftp_chown
sftp_client_message_free
sftp_client_message_get_data
sftp_client_message_get_filename
sftp_client_message_get_flags
sftp_client_message_get_submessage
sftp_client_message_get_type
sftp_client_message_set_filename
sftp_close
sftp_closedir
sftp_dir_eof
sftp_extension_supported
sftp_extensions_get_count
sftp_extensions_get_data
sftp_extensions_get_name
sftp_file_set_blocking
sftp_file_set_nonblocking
sftp_free
sftp_fstat
sftp_fstatvfs
sftp_fsync
sftp_get_client_message
sftp_get_error
sftp_handle
sftp_handle_alloc
sftp_handle_remove
sftp_init
sftp_lstat
sftp_mkdir
sftp_new
sftp_new_channel
sftp_open
sftp_opendir
sftp_read
sftp_readdir
sftp_readlink
sftp_rename
sftp_reply_attr
sftp_reply_data
sftp_reply_handle
sftp_reply_name
sftp_reply_names
sftp_reply_names_add
sftp_reply_status
sftp_rewind
sftp_rmdir
sftp_seek
sftp_seek64
sftp_send_client_message
sftp_server_free
sftp_server_init
sftp_server_new
sftp_server_version
sftp_setstat
sftp_stat
sftp_statvfs
sftp_statvfs_free
sftp_symlink
sftp_tell
sftp_tell64
sftp_unlink
sftp_utimes
sftp_write
ssh_accept
ssh_add_channel_callbacks
ssh_auth_list
ssh_basename
ssh_bind_accept
ssh_bind_accept_fd
ssh_bind_fd_toaccept
ssh_bind_free
ssh_bind_get_fd
ssh_bind_listen
ssh_bind_new
ssh_bind_options_parse_config
ssh_bind_options_set
ssh_bind_set_blocking
ssh_bind_set_callbacks
ssh_bind_set_fd
ssh_blocking_flush
ssh_buffer_add_data
ssh_buffer_free
ssh_buffer_get
ssh_buffer_get_data
ssh_buffer_get_len
ssh_buffer_new
ssh_buffer_reinit
ssh_channel_accept_forward
ssh_channel_accept_x11
ssh_channel_cancel_forward
ssh_channel_change_pty_size
ssh_channel_close
ssh_channel_free
ssh_channel_get_exit_status
ssh_channel_get_session
ssh_channel_is_closed
ssh_channel_is_eof
ssh_channel_is_open
ssh_channel_listen_forward
ssh_channel_new
ssh_channel_open_auth_agent
ssh_channel_open_forward
ssh_channel_open_forward_port
ssh_channel_open_forward_unix
ssh_channel_open_reverse_forward
ssh_channel_open_session
ssh_channel_open_x11
ssh_channel_poll
ssh_channel_poll_timeout
ssh_channel_read
ssh_channel_read_nonblocking
ssh_channel_read_timeout
ssh_channel_request_auth_agent
ssh_channel_request_env
ssh_channel_request_exec
ssh_channel_request_pty
ssh_channel_request_pty_size
ssh_channel_request_send_break
ssh_channel_request_send_exit_signal
ssh_channel_request_send_exit_status
ssh_channel_request_send_signal
ssh_channel_request_sftp
ssh_channel_request_shell
ssh_channel_request_subsystem
ssh_channel_request_x11
ssh_channel_select
ssh_channel_send_eof
ssh_channel_set_blocking
ssh_channel_set_counter
ssh_channel_window_size
ssh_channel_write
ssh_channel_write_stderr
ssh_clean_pubkey_hash
ssh_connect
ssh_connector_free
ssh_connector_new
ssh_connector_set_in_channel
ssh_connector_set_in_fd
ssh_connector_set_out_channel
ssh_connector_set_out_fd
ssh_copyright
ssh_dirname
ssh_disconnect
ssh_dump_knownhost
ssh_event_add_connector
ssh_event_add_fd
ssh_event_add_session
ssh_event_dopoll
ssh_event_free
ssh_event_new
ssh_event_remove_connector
ssh_event_remove_fd
ssh_event_remove_session
ssh_execute_message_callbacks
ssh_finalize
ssh_forward_accept
ssh_forward_cancel
ssh_forward_listen
ssh_free
ssh_get_cipher_in
ssh_get_cipher_out
ssh_get_clientbanner
ssh_get_disconnect_message
ssh_get_error
ssh_get_error_code
ssh_get_fd
ssh_get_fingerprint_hash
ssh_get_hexa
ssh_get_hmac_in
ssh_get_hmac_out
ssh_get_issue_banner
ssh_get_kex_algo
ssh_get_log_callback
ssh_get_log_level
ssh_get_log_userdata
ssh_get_openssh_version
ssh_get_poll_flags
ssh_get_pubkey
ssh_get_pubkey_hash
ssh_get_publickey
ssh_get_publickey_hash
ssh_get_random
ssh_get_server_publickey
ssh_get_serverbanner
ssh_get_status
ssh_get_version
ssh_getpass
ssh_gssapi_get_creds
ssh_gssapi_set_creds
ssh_handle_key_exchange
ssh_init
ssh_is_blocking
ssh_is_connected
ssh_is_server_known
ssh_key_cmp
ssh_key_dup
ssh_key_free
ssh_key_is_private
ssh_key_is_public
ssh_key_new
ssh_key_type
ssh_key_type_from_name
ssh_key_type_to_char
ssh_known_hosts_parse_line
ssh_knownhosts_entry_free
ssh_log
ssh_message_auth_interactive_request
ssh_message_auth_kbdint_is_response
ssh_message_auth_password
ssh_message_auth_pubkey
ssh_message_auth_publickey
ssh_message_auth_publickey_state
ssh_message_auth_reply_pk_ok
ssh_message_auth_reply_pk_ok_simple
ssh_message_auth_reply_success
ssh_message_auth_set_methods
ssh_message_auth_user
ssh_message_channel_request_channel
ssh_message_channel_request_command
ssh_message_channel_request_env_name
ssh_message_channel_request_env_value
ssh_message_channel_request_open_destination
ssh_message_channel_request_open_destination_port
ssh_message_channel_request_open_originator
ssh_message_channel_request_open_originator_port
ssh_message_channel_request_open_reply_accept
ssh_message_channel_request_open_reply_accept_channel
ssh_message_channel_request_pty_height
ssh_message_channel_request_pty_pxheight
ssh_message_channel_request_pty_pxwidth
ssh_message_channel_request_pty_term
ssh_message_channel_request_pty_width
ssh_message_channel_request_reply_success
ssh_message_channel_request_subsystem
ssh_message_channel_request_x11_auth_cookie
ssh_message_channel_request_x11_auth_protocol
ssh_message_channel_request_x11_screen_number
ssh_message_channel_request_x11_single_connection
ssh_message_free
ssh_message_get
ssh_message_global_request_address
ssh_message_global_request_port
ssh_message_global_request_reply_success
ssh_message_reply_default
ssh_message_retrieve
ssh_message_service_reply_success
ssh_message_service_service
ssh_message_subtype
ssh_message_type
ssh_mkdir
ssh_new
ssh_options_copy
ssh_options_get
ssh_options_get_port
ssh_options_getopt
ssh_options_parse_config
ssh_options_set
ssh_pcap_file_close
ssh_pcap_file_free
ssh_pcap_file_new
ssh_pcap_file_open
ssh_pki_copy_cert_to_privkey
ssh_pki_export_privkey_base64
ssh_pki_export_privkey_file
ssh_pki_export_privkey_to_pubkey
ssh_pki_export_pubkey_base64
ssh_pki_export_pubkey_file
ssh_pki_generate
ssh_pki_import_cert_base64
ssh_pki_import_cert_file
ssh_pki_import_privkey_base64
ssh_pki_import_privkey_file
ssh_pki_import_pubkey_base64
ssh_pki_import_pubkey_file
ssh_pki_key_ecdsa_name
ssh_print_hash
ssh_print_hexa
ssh_privatekey_type
ssh_publickey_to_file
ssh_remove_channel_callbacks
ssh_scp_accept_request
ssh_scp_close
ssh_scp_deny_request
ssh_scp_free
ssh_scp_init
ssh_scp_leave_directory
ssh_scp_new
ssh_scp_pull_request
ssh_scp_push_directory
ssh_scp_push_file
ssh_scp_push_file64
ssh_scp_read
ssh_scp_request_get_filename
ssh_scp_request_get_permissions
ssh_scp_request_get_size
ssh_scp_request_get_size64
ssh_scp_request_get_warning
ssh_scp_write
ssh_select
ssh_send_debug
ssh_send_ignore
ssh_send_issue_banner
ssh_send_keepalive
ssh_server_init_kex
ssh_service_request
ssh_session_export_known_hosts_entry
ssh_session_get_known_hosts_entry
ssh_session_has_known_hosts_entry
ssh_session_is_known_server
ssh_session_set_disconnect_message
ssh_session_update_known_hosts
ssh_set_agent_channel
ssh_set_agent_socket
ssh_set_auth_methods
ssh_set_blocking
ssh_set_callbacks
ssh_set_channel_callbacks
ssh_set_counters
ssh_set_fd_except
ssh_set_fd_toread
ssh_set_fd_towrite
ssh_set_log_callback
ssh_set_log_level
ssh_set_log_userdata
ssh_set_message_callback
ssh_set_pcap_file
ssh_set_server_callbacks
ssh_silent_disconnect
ssh_string_burn
ssh_string_copy
ssh_string_data
ssh_string_fill
ssh_string_free
ssh_string_free_char
ssh_string_from_char
ssh_string_get_char
ssh_string_len
ssh_string_new
ssh_string_to_char
ssh_threads_get_default
ssh_threads_get_noop
ssh_threads_get_pthread
ssh_threads_set_callbacks
ssh_try_publickey_from_file
ssh_userauth_agent
ssh_userauth_agent_pubkey
ssh_userauth_autopubkey
ssh_userauth_gssapi
ssh_userauth_kbdint
ssh_userauth_kbdint_getanswer
ssh_userauth_kbdint_getinstruction
ssh_userauth_kbdint_getname
ssh_userauth_kbdint_getnanswers
ssh_userauth_kbdint_getnprompts
ssh_userauth_kbdint_getprompt
ssh_userauth_kbdint_setanswer
ssh_userauth_list
ssh_userauth_none
ssh_userauth_offer_pubkey
ssh_userauth_password
ssh_userauth_privatekey_file
ssh_userauth_pubkey
ssh_userauth_publickey
ssh_userauth_publickey_auto
ssh_userauth_publickey_auto_get_current_identity
ssh_userauth_try_publickey
ssh_version
ssh_vlog
ssh_write_knownhost
string_burn
string_copy
string_data
string_fill
string_free
string_from_char
string_len
string_new
string_to_char

18
src/CMakeLists.txt
View File

@@ -184,6 +184,8 @@ if (WITH_GCRYPT)
gcrypt_missing.c
pki_gcrypt.c
ecdh_gcrypt.c
getrandom_gcrypt.c
md_gcrypt.c
dh_key.c
pki_ed25519.c
external/ed25519.c
@@ -207,6 +209,8 @@ elseif (WITH_MBEDTLS)
mbedcrypto_missing.c
pki_mbedcrypto.c
ecdh_mbedcrypto.c
getrandom_mbedcrypto.c
md_mbedcrypto.c
dh_key.c
pki_ed25519.c
external/ed25519.c
@@ -229,6 +233,8 @@ else (WITH_GCRYPT)
threads/libcrypto.c
pki_crypto.c
ecdh_crypto.c
getrandom_crypto.c
md_crypto.c
libcrypto.c
dh_crypto.c
)
@@ -300,12 +306,12 @@ if (WITH_GSSAPI AND GSSAPI_FOUND)
endif (WITH_GSSAPI AND GSSAPI_FOUND)
if (NOT WITH_NACL)
if (NOT HAVE_OPENSSL_ED25519)
if (NOT HAVE_LIBCRYPTO OR NOT HAVE_OPENSSL_ED25519)
set(libssh_SRCS
${libssh_SRCS}
external/curve25519_ref.c
)
endif (NOT HAVE_OPENSSL_ED25519)
endif()
endif (NOT WITH_NACL)
# Set the path to the default map file
@@ -342,10 +348,6 @@ endif (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT AND ABIMAP_FOUND)
# This gets built as a static library, if -DBUILD_SHARED_LIBS=OFF is passed to
# cmake.
add_library(ssh ${libssh_SRCS})
target_compile_options(ssh
PRIVATE
${DEFAULT_C_COMPILE_FLAGS}
-D_GNU_SOURCE)
target_include_directories(ssh
PUBLIC
$<BUILD_INTERFACE:${libssh_SOURCE_DIR}/include>
@@ -402,10 +404,6 @@ install(EXPORT libssh-config
if (BUILD_STATIC_LIB)
add_library(ssh-static STATIC ${libssh_SRCS})
target_compile_options(ssh-static
PRIVATE
${DEFAULT_C_COMPILE_FLAGS}
-D_GNU_SOURCE)
target_include_directories(ssh-static
PUBLIC

2
src/bind.c
View File

@@ -282,7 +282,7 @@ int ssh_bind_listen(ssh_bind sshbind) {
}
if (listen(fd, 10) < 0) {
char err_msg[] = {0};
char err_msg[SSH_ERRNO_MSG_MAX] = {0};
ssh_set_error(sshbind, SSH_FATAL,
"Listening to socket %d: %s",
fd, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));

5
src/config.c
View File

@@ -548,6 +548,11 @@ ssh_config_make_absolute(ssh_session session,
return out;
}
/* paths starting with tilde are already absolute */
if (path[0] == '~') {
return ssh_path_expand_tilde(path);
}
/* Parsing user config relative to home directory (generally ~/.ssh) */
if (session->opts.sshdir == NULL) {
ssh_set_error_invalid(session);

10
src/curve25519.c
View File

@@ -39,7 +39,7 @@
#include "libssh/pki.h"
#include "libssh/bignum.h"
#ifdef HAVE_OPENSSL_X25519
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
#include <openssl/err.h>
#endif
@@ -59,7 +59,7 @@ static struct ssh_packet_callbacks_struct ssh_curve25519_client_callbacks = {
static int ssh_curve25519_init(ssh_session session)
{
int rc;
#ifdef HAVE_OPENSSL_X25519
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
size_t pubkey_len = CURVE25519_PUBKEY_SIZE;
@@ -136,7 +136,7 @@ static int ssh_curve25519_init(ssh_session session)
crypto_scalarmult_base(session->next_crypto->curve25519_client_pubkey,
session->next_crypto->curve25519_privkey);
}
#endif /* HAVE_OPENSSL_X25519 */
#endif /* defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519) */
return SSH_OK;
}
@@ -176,7 +176,7 @@ static int ssh_curve25519_build_k(ssh_session session)
{
ssh_curve25519_pubkey k;
#ifdef HAVE_OPENSSL_X25519
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL, *pubkey = NULL;
size_t shared_key_len = sizeof(k);
@@ -255,7 +255,7 @@ out:
crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
session->next_crypto->curve25519_server_pubkey);
}
#endif /* HAVE_OPENSSL_X25519 */
#endif /* defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519) */
bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, &session->next_crypto->shared_secret);
if (session->next_crypto->shared_secret == NULL) {

54
src/getrandom_crypto.c Normal file
View File

@@ -0,0 +1,54 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2009 by Aris Adamantiadis
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libssh/crypto.h"
#include <openssl/rand.h>
/**
* @brief Get random bytes
*
* Make sure to always check the return code of this function!
*
* @param[in] where The buffer to fill with random bytes
*
* @param[in] len The size of the buffer to fill.
*
* @param[in] strong Use a strong or private RNG source.
*
* @return 1 on success, 0 on error.
*/
int
ssh_get_random(void *where, int len, int strong)
{
#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
if (strong) {
/* Returns -1 when not supported, 0 on error, 1 on success */
return !!RAND_priv_bytes(where, len);
}
#else
(void)strong;
#endif /* HAVE_RAND_PRIV_BYTES */
/* Returns -1 when not supported, 0 on error, 1 on success */
return !!RAND_bytes(where, len);
}

38
src/getrandom_gcrypt.c Normal file
View File

@@ -0,0 +1,38 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2009 by Aris Adamantiadis
* Copyright (C) 2016 g10 Code GmbH
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libssh/crypto.h"
#include <gcrypt.h>
int
ssh_get_random(void *where, int len, int strong)
{
/* variable not used in gcrypt */
(void)strong;
/* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
gcry_randomize(where, len, GCRY_STRONG_RANDOM);
return 1;
}

52
src/getrandom_mbedcrypto.c Normal file
View File

@@ -0,0 +1,52 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2017 Sartura d.o.o.
*
* Author: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libssh/crypto.h"
#include "mbedcrypto-compat.h"
mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
int
ssh_mbedtls_random(void *where, int len, int strong)
{
int rc = 0;
if (strong) {
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_ON);
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_OFF);
} else {
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
}
return !rc;
}
int
ssh_get_random(void *where, int len, int strong)
{
return ssh_mbedtls_random(where, len, strong);
}

15
src/init.c
View File

@@ -161,12 +161,14 @@ static int _ssh_finalize(unsigned destructor) {
if (_ssh_initialized > 1) {
_ssh_initialized--;
goto _ret;
ssh_mutex_unlock(&ssh_init_mutex);
return 0;
}
if (_ssh_initialized == 1) {
if (_ssh_init_ret < 0) {
goto _ret;
ssh_mutex_unlock(&ssh_init_mutex);
return 0;
}
}
}
@@ -181,10 +183,17 @@ static int _ssh_finalize(unsigned destructor) {
_ssh_initialized = 0;
_ret:
if (!destructor) {
ssh_mutex_unlock(&ssh_init_mutex);
}
#if (defined(_WIN32) && !defined(HAVE_PTHREAD))
if (ssh_init_mutex != NULL) {
DeleteCriticalSection(ssh_init_mutex);
SAFE_FREE(ssh_init_mutex);
}
#endif
return 0;
}

5
src/kdf.c
View File

@@ -116,14 +116,13 @@ static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
/* Can't use VLAs with Visual Studio, so allocate the biggest
* digest buffer we can possibly need */
unsigned char digest[DIGEST_MAX_LEN];
size_t output_len = crypto->digest_len;
char letter = key_type;
ssh_mac_ctx ctx;
if (DIGEST_MAX_LEN < crypto->digest_len) {
@@ -137,7 +136,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
ssh_mac_update(ctx, key, key_len);
ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
ssh_mac_update(ctx, &letter, 1);
ssh_mac_update(ctx, &key_type, 1);
ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
ssh_mac_final(digest, ctx);

20
src/knownhosts.c
View File

@@ -483,6 +483,9 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
#ifdef HAVE_DSA
case SSH_KEYTYPE_DSS:
return "ssh-dss";
#else
SSH_LOG(SSH_LOG_WARN, "DSS keys are not supported by this build");
break;
#endif
#ifdef HAVE_ECDH
case SSH_KEYTYPE_ECDSA_P256:
@@ -491,13 +494,22 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
return "ecdsa-sha2-nistp384";
case SSH_KEYTYPE_ECDSA_P521:
return "ecdsa-sha2-nistp521";
#else
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
SSH_LOG(SSH_LOG_WARN, "ECDSA keys are not supported by this build");
break;
#endif
case SSH_KEYTYPE_UNKNOWN:
default:
SSH_LOG(SSH_LOG_WARN, "The given type %d is not a base private key type "
"or is unsupported", type);
return NULL;
SSH_LOG(SSH_LOG_WARN,
"The given type %d is not a base private key type "
"or is unsupported",
type);
}
return NULL;
}
/**
@@ -579,6 +591,8 @@ char *ssh_known_hosts_get_algorithms_names(ssh_session session)
entry = ssh_iterator_value(struct ssh_knownhosts_entry *, it);
algo = ssh_known_host_sigs_from_hostkey_type(entry->publickey->type);
if (algo == NULL) {
ssh_knownhosts_entry_free(entry);
ssh_list_remove(entry_list, it);
continue;
}

350
src/libcrypto.c
View File

@@ -73,14 +73,20 @@
#include "libssh/crypto.h"
#ifdef HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID
#ifdef HAVE_OPENSSL_EVP_KDF_CTX
#include <openssl/kdf.h>
#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/param_build.h>
#include <openssl/core_names.h>
#endif /* OPENSSL_VERSION_NUMBER */
#endif /* HAVE_OPENSSL_EVP_KDF_CTX */
#include "libssh/crypto.h"
static int libcrypto_initialized = 0;
static ENGINE *engine = NULL;
void ssh_reseed(void){
#ifndef _WIN32
struct timeval tv;
@@ -89,69 +95,34 @@ void ssh_reseed(void){
#endif
}
/**
* @brief Get random bytes
*
* Make sure to always check the return code of this function!
*
* @param[in] where The buffer to fill with random bytes
*
* @param[in] len The size of the buffer to fill.
*
* @param[in] strong Use a strong or private RNG source.
*
* @return 1 on success, 0 on error.
*/
int ssh_get_random(void *where, int len, int strong)
ENGINE *pki_get_engine(void)
{
#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
if (strong) {
/* Returns -1 when not supported, 0 on error, 1 on success */
return !!RAND_priv_bytes(where, len);
}
#else
(void)strong;
#endif /* HAVE_RAND_PRIV_BYTES */
/* Returns -1 when not supported, 0 on error, 1 on success */
return !!RAND_bytes(where, len);
}
SHACTX sha1_init(void)
{
int rc;
SHACTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_sha1(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void sha1_update(SHACTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void sha1_final(unsigned char *md, SHACTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
void sha1(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHACTX c = sha1_init();
if (c != NULL) {
sha1_update(c, digest, len);
sha1_final(hash, c);
int ok;
if (engine == NULL) {
ENGINE_load_builtin_engines();
engine = ENGINE_by_id("pkcs11");
if (engine == NULL) {
SSH_LOG(SSH_LOG_WARN,
"Could not load the engine: %s",
ERR_error_string(ERR_get_error(), NULL));
return NULL;
}
SSH_LOG(SSH_LOG_INFO, "Engine loaded successfully");
ok = ENGINE_init(engine);
if (!ok) {
SSH_LOG(SSH_LOG_WARN,
"Could not initialize the engine: %s",
ERR_error_string(ERR_get_error(), NULL));
ENGINE_free(engine);
return NULL;
}
SSH_LOG(SSH_LOG_INFO, "Engine init success");
}
return engine;
}
#ifdef HAVE_OPENSSL_ECC
@@ -208,146 +179,8 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
}
#endif /* HAVE_OPENSSL_ECC */
SHA256CTX sha256_init(void)
{
int rc;
SHA256CTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_sha256(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void sha256_update(SHA256CTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void sha256_final(unsigned char *md, SHA256CTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
void sha256(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA256CTX c = sha256_init();
if (c != NULL) {
sha256_update(c, digest, len);
sha256_final(hash, c);
}
}
SHA384CTX sha384_init(void)
{
int rc;
SHA384CTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_sha384(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void sha384_update(SHA384CTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void sha384_final(unsigned char *md, SHA384CTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
void sha384(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA384CTX c = sha384_init();
if (c != NULL) {
sha384_update(c, digest, len);
sha384_final(hash, c);
}
}
SHA512CTX sha512_init(void)
{
int rc = 0;
SHA512CTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_sha512(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void sha512_update(SHA512CTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void sha512_final(unsigned char *md, SHA512CTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
void sha512(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA512CTX c = sha512_init();
if (c != NULL) {
sha512_update(c, digest, len);
sha512_final(hash, c);
}
}
MD5CTX md5_init(void)
{
int rc;
MD5CTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_md5(), NULL);
if(rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void md5_update(MD5CTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void md5_final(unsigned char *md, MD5CTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
#ifdef HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID
#ifdef HAVE_OPENSSL_EVP_KDF_CTX
#if OPENSSL_VERSION_NUMBER < 0x30000000L
static const EVP_MD *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
{
switch (digest_type) {
@@ -362,19 +195,50 @@ static const EVP_MD *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
}
return NULL;
}
#else
static const char *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
{
switch (digest_type) {
case SSH_KDF_SHA1:
return SN_sha1;
case SSH_KDF_SHA256:
return SN_sha256;
case SSH_KDF_SHA384:
return SN_sha384;
case SSH_KDF_SHA512:
return SN_sha512;
}
return NULL;
}
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
int rc = -1;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
int rc;
#else
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new(kdf);
OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
OSSL_PARAM *params = NULL;
const char *md = sshkdf_digest_to_md(crypto->digest_type);
if (ctx == NULL) {
EVP_KDF_free(kdf);
if (param_bld == NULL) {
EVP_KDF_CTX_free(ctx);
return -1;
}
#endif /* OPENSSL_VERSION_NUMBER */
if (ctx == NULL) {
goto out;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD,
sshkdf_digest_to_md(crypto->digest_type));
if (rc != 1) {
@@ -402,8 +266,60 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
if (rc != 1) {
goto out;
}
#else
rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
md, strlen(md));
if (rc != 1) {
rc = -1;
goto out;
}
rc = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
key, key_len);
if (rc != 1) {
rc = -1;
goto out;
}
rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_XCGHASH,
crypto->secret_hash,
crypto->digest_len);
if (rc != 1) {
rc = -1;
goto out;
}
rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
crypto->session_id,
crypto->session_id_len);
if (rc != 1) {
rc = -1;
goto out;
}
rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
(const char*)&key_type, 1);
if (rc != 1) {
rc = -1;
goto out;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
rc = -1;
goto out;
}
rc = EVP_KDF_derive(ctx, output, requested_len, params);
if (rc != 1) {
rc = -1;
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
out:
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PARAM_BLD_free(param_bld);
OSSL_PARAM_free(params);
#endif
EVP_KDF_CTX_free(ctx);
if (rc < 0) {
return rc;
@@ -414,13 +330,14 @@ out:
#else
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,
key_type, output, requested_len);
}
#endif /* HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID */
#endif /* HAVE_OPENSSL_EVP_KDF_CTX */
HMACCTX hmac_init(const void *key, size_t len, enum ssh_hmac_e type)
{
HMACCTX ctx = NULL;
@@ -1452,7 +1369,9 @@ struct ssh_cipher_struct *ssh_get_ciphertab(void)
*/
int ssh_crypto_init(void)
{
UNUSED_VAR(size_t i);
#if !defined(HAVE_OPENSSL_EVP_CHACHA20) || !defined(HAVE_OPENSSL_EVP_POLY1305)
size_t i;
#endif
if (libcrypto_initialized) {
return SSH_OK;
@@ -1508,8 +1427,19 @@ void ssh_crypto_finalize(void)
return;
}
ENGINE_cleanup();
/* TODO this should finalize engine if it was started, but during atexit calls,
* we are crashing. AFAIK this is related to the dlopened pkcs11 modules calling
* the crypto cleanups earlier. */
#if 0
if (engine != NULL) {
ENGINE_finish(engine);
ENGINE_free(engine);
engine = NULL;
}
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ENGINE_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */

114
src/libgcrypt.c
View File

@@ -69,38 +69,6 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
void ssh_reseed(void){
}
int ssh_get_random(void *where, int len, int strong)
{
/* variable not used in gcrypt */
(void) strong;
/* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
gcry_randomize(where,len,GCRY_STRONG_RANDOM);
return 1;
}
SHACTX sha1_init(void) {
SHACTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
return ctx;
}
void sha1_update(SHACTX c, const void *data, size_t len) {
gcry_md_write(c, data, len);
}
void sha1_final(unsigned char *md, SHACTX c) {
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA_DIGEST_LEN);
gcry_md_close(c);
}
void sha1(const unsigned char *digest, size_t len, unsigned char *hash) {
gcry_md_hash_buffer(GCRY_MD_SHA1, hash, digest, len);
}
#ifdef HAVE_GCRYPT_ECC
static int nid_to_md_algo(int nid)
{
@@ -154,89 +122,9 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
}
#endif
SHA256CTX sha256_init(void) {
SHA256CTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA256, 0);
return ctx;
}
void sha256_update(SHACTX c, const void *data, size_t len) {
gcry_md_write(c, data, len);
}
void sha256_final(unsigned char *md, SHACTX c) {
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA256_DIGEST_LEN);
gcry_md_close(c);
}
void sha256(const unsigned char *digest, size_t len, unsigned char *hash){
gcry_md_hash_buffer(GCRY_MD_SHA256, hash, digest, len);
}
SHA384CTX sha384_init(void) {
SHA384CTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA384, 0);
return ctx;
}
void sha384_update(SHACTX c, const void *data, size_t len) {
gcry_md_write(c, data, len);
}
void sha384_final(unsigned char *md, SHACTX c) {
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA384_DIGEST_LEN);
gcry_md_close(c);
}
void sha384(const unsigned char *digest, size_t len, unsigned char *hash) {
gcry_md_hash_buffer(GCRY_MD_SHA384, hash, digest, len);
}
SHA512CTX sha512_init(void) {
SHA512CTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA512, 0);
return ctx;
}
void sha512_update(SHACTX c, const void *data, size_t len) {
gcry_md_write(c, data, len);
}
void sha512_final(unsigned char *md, SHACTX c) {
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA512_DIGEST_LEN);
gcry_md_close(c);
}
void sha512(const unsigned char *digest, size_t len, unsigned char *hash) {
gcry_md_hash_buffer(GCRY_MD_SHA512, hash, digest, len);
}
MD5CTX md5_init(void) {
MD5CTX c = NULL;
gcry_md_open(&c, GCRY_MD_MD5, 0);
return c;
}
void md5_update(MD5CTX c, const void *data, size_t len) {
gcry_md_write(c,data,len);
}
void md5_final(unsigned char *md, MD5CTX c) {
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), MD5_DIGEST_LEN);
gcry_md_close(c);
}
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,

284
src/libmbedcrypto.c
View File

@@ -42,7 +42,7 @@
#endif /* MBEDTLS_GCM_C */
static mbedtls_entropy_context ssh_mbedtls_entropy;
static mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
extern mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
static int libmbedcrypto_initialized = 0;
@@ -51,65 +51,6 @@ void ssh_reseed(void)
mbedtls_ctr_drbg_reseed(&ssh_mbedtls_ctr_drbg, NULL, 0);
}
int ssh_get_random(void *where, int len, int strong)
{
return ssh_mbedtls_random(where, len, strong);
}
SHACTX sha1_init(void)
{
SHACTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void sha1_update(SHACTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void sha1_final(unsigned char *md, SHACTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void sha1(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
static mbedtls_md_type_t nid_to_md_algo(int nid)
{
switch (nid) {
@@ -184,214 +125,9 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
SAFE_FREE(ctx);
}
SHA256CTX sha256_init(void)
{
SHA256CTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if(ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void sha256_update(SHA256CTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void sha256_final(unsigned char *md, SHA256CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void sha256(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
SHA384CTX sha384_init(void)
{
SHA384CTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void sha384_update(SHA384CTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void sha384_final(unsigned char *md, SHA384CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void sha384(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
SHA512CTX sha512_init(void)
{
SHA512CTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void sha512_update(SHA512CTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void sha512_final(unsigned char *md, SHA512CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void sha512(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
MD5CTX md5_init(void)
{
MD5CTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void md5_update(MD5CTX c, const void *data, size_t len) {
mbedtls_md_update(c, data, len);
}
void md5_final(unsigned char *md, MD5CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,
@@ -1438,22 +1174,6 @@ int ssh_crypto_init(void)
return SSH_OK;
}
int ssh_mbedtls_random(void *where, int len, int strong)
{
int rc = 0;
if (strong) {
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_ON);
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_OFF);
} else {
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
}
return !rc;
}
mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void)
{
return &ssh_mbedtls_ctr_drbg;

225
src/md_crypto.c Normal file
View File

@@ -0,0 +1,225 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2009 by Aris Adamantiadis
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libcrypto-compat.h"
#include "libssh/crypto.h"
#include "libssh/wrapper.h"
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
SHACTX
sha1_init(void)
{
int rc;
SHACTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_sha1(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void
sha1_update(SHACTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void
sha1_final(unsigned char *md, SHACTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
void
sha1(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHACTX c = sha1_init();
if (c != NULL) {
sha1_update(c, digest, len);
sha1_final(hash, c);
}
}
SHA256CTX
sha256_init(void)
{
int rc;
SHA256CTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_sha256(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void
sha256_update(SHA256CTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void
sha256_final(unsigned char *md, SHA256CTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
void
sha256(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA256CTX c = sha256_init();
if (c != NULL) {
sha256_update(c, digest, len);
sha256_final(hash, c);
}
}
SHA384CTX
sha384_init(void)
{
int rc;
SHA384CTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_sha384(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void
sha384_update(SHA384CTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void
sha384_final(unsigned char *md, SHA384CTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
void
sha384(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA384CTX c = sha384_init();
if (c != NULL) {
sha384_update(c, digest, len);
sha384_final(hash, c);
}
}
SHA512CTX
sha512_init(void)
{
int rc = 0;
SHA512CTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_sha512(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void
sha512_update(SHA512CTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void
sha512_final(unsigned char *md, SHA512CTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
void
sha512(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA512CTX c = sha512_init();
if (c != NULL) {
sha512_update(c, digest, len);
sha512_final(hash, c);
}
}
MD5CTX
md5_init(void)
{
int rc;
MD5CTX c = EVP_MD_CTX_new();
if (c == NULL) {
return NULL;
}
rc = EVP_DigestInit_ex(c, EVP_md5(), NULL);
if (rc == 0) {
EVP_MD_CTX_free(c);
c = NULL;
}
return c;
}
void
md5_update(MD5CTX c, const void *data, size_t len)
{
EVP_DigestUpdate(c, data, len);
}
void
md5_final(unsigned char *md, MD5CTX c)
{
unsigned int mdlen = 0;
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}

167
src/md_gcrypt.c Normal file
View File

@@ -0,0 +1,167 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2009 by Aris Adamantiadis
* Copyright (C) 2016 g10 Code GmbH
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libssh/crypto.h"
#include "libssh/wrapper.h"
#include <gcrypt.h>
SHACTX
sha1_init(void)
{
SHACTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
return ctx;
}
void
sha1_update(SHACTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
}
void
sha1_final(unsigned char *md, SHACTX c)
{
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA_DIGEST_LEN);
gcry_md_close(c);
}
void
sha1(const unsigned char *digest, size_t len, unsigned char *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA1, hash, digest, len);
}
SHA256CTX
sha256_init(void)
{
SHA256CTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA256, 0);
return ctx;
}
void
sha256_update(SHACTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
}
void
sha256_final(unsigned char *md, SHACTX c)
{
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA256_DIGEST_LEN);
gcry_md_close(c);
}
void
sha256(const unsigned char *digest, size_t len, unsigned char *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA256, hash, digest, len);
}
SHA384CTX
sha384_init(void)
{
SHA384CTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA384, 0);
return ctx;
}
void
sha384_update(SHACTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
}
void
sha384_final(unsigned char *md, SHACTX c)
{
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA384_DIGEST_LEN);
gcry_md_close(c);
}
void
sha384(const unsigned char *digest, size_t len, unsigned char *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA384, hash, digest, len);
}
SHA512CTX
sha512_init(void)
{
SHA512CTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA512, 0);
return ctx;
}
void
sha512_update(SHACTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
}
void
sha512_final(unsigned char *md, SHACTX c)
{
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA512_DIGEST_LEN);
gcry_md_close(c);
}
void
sha512(const unsigned char *digest, size_t len, unsigned char *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA512, hash, digest, len);
}
MD5CTX
md5_init(void)
{
MD5CTX c = NULL;
gcry_md_open(&c, GCRY_MD_MD5, 0);
return c;
}
void
md5_update(MD5CTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
}
void
md5_final(unsigned char *md, MD5CTX c)
{
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), MD5_DIGEST_LEN);
gcry_md_close(c);
}

308
src/md_mbedcrypto.c Normal file
View File

@@ -0,0 +1,308 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2017 Sartura d.o.o.
*
* Author: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libssh/crypto.h"
#include "libssh/wrapper.h"
#include "mbedcrypto-compat.h"
#include <mbedtls/md.h>
SHACTX
sha1_init(void)
{
SHACTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void
sha1_update(SHACTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void
sha1_final(unsigned char *md, SHACTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void
sha1(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
SHA256CTX
sha256_init(void)
{
SHA256CTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void
sha256_update(SHA256CTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void
sha256_final(unsigned char *md, SHA256CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void
sha256(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
SHA384CTX
sha384_init(void)
{
SHA384CTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void
sha384_update(SHA384CTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void
sha384_final(unsigned char *md, SHA384CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void
sha384(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
SHA512CTX
sha512_init(void)
{
SHA512CTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void
sha512_update(SHA512CTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void
sha512_final(unsigned char *md, SHA512CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void
sha512(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
MD5CTX
md5_init(void)
{
MD5CTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
void
md5_update(MD5CTX c, const void *data, size_t len)
{
mbedtls_md_update(c, data, len);
}
void
md5_final(unsigned char *md, MD5CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}

37
src/misc.c
View File

@@ -160,7 +160,7 @@ int ssh_dir_writeable(const char *path)
#define SSH_USEC_IN_SEC 1000000LL
#define SSH_SECONDS_SINCE_1601 11644473600LL
int gettimeofday(struct timeval *__p, void *__t)
int ssh_gettimeofday(struct timeval *__p, void *__t)
{
union {
unsigned long long ns100; /* time since 1 Jan 1601 in 100ns units */
@@ -1237,14 +1237,13 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
}
break;
case 'p':
if (session->opts.port < 65536) {
char tmp[6];
{
char tmp[6];
snprintf(tmp,
sizeof(tmp),
"%u",
session->opts.port > 0 ? session->opts.port : 22);
x = strdup(tmp);
snprintf(tmp, sizeof(tmp), "%hu",
(uint16_t)(session->opts.port > 0 ? session->opts.port
: 22));
x = strdup(tmp);
}
break;
default:
@@ -1954,17 +1953,25 @@ char *ssh_strreplace(const char *src, const char *pattern, const char *replace)
*/
char *ssh_strerror(int err_num, char *buf, size_t buflen)
{
#if defined(_WIN32)
strerror_s(buf, buflen, err_num);
return buf;
#elif defined(__linux__) && defined(_GNU_SOURCE)
#if defined(__linux__) && defined(__GLIBC__) && defined(_GNU_SOURCE)
/* GNU extension on Linux */
return strerror_r(err_num, buf, buflen);
#else
/* POSIX version available for example on FreeBSD */
strerror_r(err_num, buf, buflen);
return buf;
int rv;
#if defined(_WIN32)
rv = strerror_s(buf, buflen, err_num);
#else
/* POSIX version available for example on FreeBSD or in musl libc */
rv = strerror_r(err_num, buf, buflen);
#endif /* _WIN32 */
/* make sure the buffer is initialized and terminated with NULL */
if (-rv == ERANGE) {
buf[0] = '\0';
}
return buf;
#endif /* defined(__linux__) && defined(__GLIBC__) && defined(_GNU_SOURCE) */
}
/** @} */

20
src/options.c
View File

@@ -513,7 +513,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_oom(session);
return -1;
}
p = strchr(q, '@');
p = strrchr(q, '@');
SAFE_FREE(session->opts.host);
@@ -1518,7 +1518,23 @@ int ssh_options_apply(ssh_session session)
session->opts.global_knownhosts = tmp;
if (session->opts.ProxyCommand != NULL) {
tmp = ssh_path_expand_escape(session, session->opts.ProxyCommand);
char *p = NULL;
size_t plen = strlen(session->opts.ProxyCommand) +
5 /* strlen("exec ") */;
p = malloc(plen + 1 /* \0 */);
if (p == NULL) {
return -1;
}
rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand);
if ((size_t)rc != plen) {
free(p);
return -1;
}
tmp = ssh_path_expand_escape(session, p);
free(p);
if (tmp == NULL) {
return -1;
}

87
src/packet_crypt.c
View File

@@ -260,42 +260,71 @@ int ssh_packet_hmac_verify(ssh_session session,
uint8_t *mac,
enum ssh_hmac_e type)
{
struct ssh_crypto_struct *crypto = NULL;
unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
HMACCTX ctx;
size_t hmaclen = DIGEST_MAX_LEN;
uint32_t seq;
struct ssh_crypto_struct *crypto = NULL;
unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
HMACCTX ctx;
size_t hmaclen = DIGEST_MAX_LEN;
uint32_t seq;
int cmp;
int rc;
/* AEAD types have no mac checking */
if (type == SSH_HMAC_AEAD_POLY1305 ||
type == SSH_HMAC_AEAD_GCM) {
return SSH_OK;
}
/* AEAD types have no mac checking */
if (type == SSH_HMAC_AEAD_POLY1305 ||
type == SSH_HMAC_AEAD_GCM) {
return SSH_OK;
}
crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
if (crypto == NULL) {
return SSH_ERROR;
}
crypto = ssh_packet_get_current_crypto(session,
SSH_DIRECTION_IN);
if (crypto == NULL) {
return SSH_ERROR;
}
ctx = hmac_init(crypto->decryptMAC, hmac_digest_len(type), type);
if (ctx == NULL) {
return -1;
}
ctx = hmac_init(crypto->decryptMAC,
hmac_digest_len(type),
type);
if (ctx == NULL) {
return SSH_ERROR;
}
seq = htonl(session->recv_seq);
seq = htonl(session->recv_seq);
hmac_update(ctx, (unsigned char *) &seq, sizeof(uint32_t));
hmac_update(ctx, data, len);
hmac_final(ctx, hmacbuf, &hmaclen);
rc = hmac_update(ctx,
(unsigned char *) &seq,
sizeof(uint32_t));
if (rc != 1) {
return SSH_ERROR;
}
rc = hmac_update(ctx,
data,
len);
if (rc != 1) {
return SSH_ERROR;
}
rc = hmac_final(ctx,
hmacbuf,
&hmaclen);
if (rc != 1) {
return SSH_ERROR;
}
#ifdef DEBUG_CRYPTO
ssh_log_hexdump("received mac",mac,hmaclen);
ssh_log_hexdump("Computed mac",hmacbuf,hmaclen);
ssh_log_hexdump("seq",(unsigned char *)&seq,sizeof(uint32_t));
ssh_log_hexdump("received mac",
mac,
hmaclen);
ssh_log_hexdump("Computed mac",
hmacbuf,
hmaclen);
ssh_log_hexdump("seq",
(unsigned char *)&seq,
sizeof(uint32_t));
#endif
if (secure_memcmp(mac, hmacbuf, hmaclen) == 0) {
return 0;
}
cmp = secure_memcmp(mac,
hmacbuf,
hmaclen);
if (cmp == 0) {
return SSH_OK;
}
return -1;
return SSH_ERROR;
}

58
src/pki.c
View File

@@ -77,10 +77,12 @@ enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey)
{
char *start = NULL;
#ifdef HAVE_DSA
start = strstr(privkey, DSA_HEADER_BEGIN);
if (start != NULL) {
return SSH_KEYTYPE_DSS;
}
#endif /* HAVE_DSA */
start = strstr(privkey, RSA_HEADER_BEGIN);
if (start != NULL) {
@@ -152,37 +154,9 @@ void ssh_key_clean (ssh_key key)
{
if (key == NULL)
return;
#ifdef HAVE_LIBGCRYPT
if(key->dsa) gcry_sexp_release(key->dsa);
if(key->rsa) gcry_sexp_release(key->rsa);
if(key->ecdsa) gcry_sexp_release(key->ecdsa);
#elif defined HAVE_LIBCRYPTO
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if(key->dsa) DSA_free(key->dsa);
if(key->rsa) RSA_free(key->rsa);
#else
if(key->key) EVP_PKEY_free(key->key);
#endif /* OPENSSL_VERSION_NUMBER */
#ifdef HAVE_OPENSSL_ECC
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* Move whole HAVE_OPENSSL_EC into #if < 0x3 above
*/
#if 1
if(key->ecdsa) EC_KEY_free(key->ecdsa);
#endif
#endif /* HAVE_OPENSSL_ECC */
#elif defined HAVE_LIBMBEDCRYPTO
if (key->rsa != NULL) {
mbedtls_pk_free(key->rsa);
SAFE_FREE(key->rsa);
}
if (key->ecdsa != NULL) {
mbedtls_ecdsa_free(key->ecdsa);
SAFE_FREE(key->ecdsa);
}
#endif
pki_key_clean(key);
if (key->ed25519_privkey != NULL){
#ifdef HAVE_OPENSSL_ED25519
/* In OpenSSL implementation the private key is only the private
@@ -206,21 +180,10 @@ void ssh_key_clean (ssh_key key)
ssh_string_free(key->sk_application);
}
key->cert_type = SSH_KEYTYPE_UNKNOWN;
key->flags=SSH_KEY_FLAG_EMPTY;
key->type=SSH_KEYTYPE_UNKNOWN;
key->flags = SSH_KEY_FLAG_EMPTY;
key->type = SSH_KEYTYPE_UNKNOWN;
key->ecdsa_nid = 0;
key->type_c=NULL;
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
key->dsa = NULL;
key->rsa = NULL;
#else
key->key = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* Move into #if OPENSSL_VERSION_NUMBER < 0x3 above
*/
key->ecdsa = NULL;
key->type_c = NULL;
}
/**
@@ -1124,7 +1087,7 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
ssh_public_key pub;
ssh_key tmp;
if(key == NULL) {
if (key == NULL) {
return NULL;
}
@@ -1133,12 +1096,11 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
return NULL;
}
pub = malloc(sizeof(struct ssh_public_key_struct));
pub = calloc(1, sizeof(struct ssh_public_key_struct));
if (pub == NULL) {
ssh_key_free(tmp);
return NULL;
}
ZERO_STRUCTP(pub);
pub->type = tmp->type;
pub->type_c = tmp->type_c;
@@ -1162,7 +1124,7 @@ ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key)
{
ssh_private_key privkey;
privkey = malloc(sizeof(struct ssh_private_key_struct));
privkey = calloc(1, sizeof(struct ssh_private_key_struct));
if (privkey == NULL) {
ssh_key_free(key);
return NULL;

176
src/pki_crypto.c
View File

@@ -87,6 +87,30 @@ static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {
return 0;
}
void pki_key_clean(ssh_key key)
{
if (key == NULL)
return;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
DSA_free(key->dsa);
key->dsa = NULL;
RSA_free(key->rsa);
key->rsa = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
#ifdef HAVE_OPENSSL_ECC
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* Move whole HAVE_OPENSSL_ECC into #if < 0x3 above
*/
#if 1
EC_KEY_free(key->ecdsa);
key->ecdsa = NULL;
#endif
#endif /* HAVE_OPENSSL_ECC */
EVP_PKEY_free(key->key);
key->key = NULL;
}
#ifdef HAVE_OPENSSL_ECC
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
@@ -426,7 +450,7 @@ err:
ssh_key pki_key_dup(const ssh_key key, int demote)
{
ssh_key new;
ssh_key new = NULL;
int rc;
new = ssh_key_new();
@@ -434,12 +458,6 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
return NULL;
}
#ifdef WITH_PKCS11_URI
#if OPENSSL_VERSION_NUMBER < 0x30000000L
new->key = key->key;
#endif /* OPENSSL_VERSION_NUMBER */
#endif /* WITH_PKCS11_URI */
new->type = key->type;
new->type_c = key->type_c;
if (demote) {
@@ -523,6 +541,19 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM *n = NULL, *e = NULL, *d = NULL;
BIGNUM *nn, *ne, *nd;
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
#ifdef WITH_PKCS11_URI
/* Take the PKCS#11 keys as they are */
if (key->flags & SSH_KEY_FLAG_PKCS11_URI && !demote) {
rc = EVP_PKEY_up_ref(key->key);
if (rc != 1) {
goto fail;
}
new->key = key->key;
return new;
}
#endif /* WITH_PKCS11_URI */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
new->rsa = RSA_new();
if (new->rsa == NULL) {
goto fail;
@@ -607,7 +638,7 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
/* Memory management of ndmp1, ndmq1 and niqmp is transferred
* to RSA object */
rc = RSA_set0_crt_params(new->rsa, ndmp1, ndmq1, niqmp);
rc = RSA_set0_crt_params(new->rsa, ndmp1, ndmq1, niqmp);
if (rc == 0) {
BN_free(ndmp1);
BN_free(ndmq1);
@@ -629,6 +660,22 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
new->ecdsa_nid = key->ecdsa_nid;
#ifdef WITH_PKCS11_URI
/* Take the PKCS#11 keys as they are */
if (key->flags & SSH_KEY_FLAG_PKCS11_URI && !demote) {
rc = EVP_PKEY_up_ref(key->key);
if (rc != 1) {
goto fail;
}
new->key = key->key;
rc = EC_KEY_up_ref(key->ecdsa);
if (rc != 1) {
goto fail;
}
new->ecdsa = key->ecdsa;
return new;
}
#endif /* WITH_PKCS11_URI */
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
@@ -654,7 +701,11 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
goto fail;
}
} else {
new->ecdsa = EC_KEY_dup(key->ecdsa);
rc = EC_KEY_up_ref(key->ecdsa);
if (rc != 1) {
goto fail;
}
new->ecdsa = key->ecdsa;
}
#else
rc = evp_dup_ecdsa_pkey(key, new, demote);
@@ -1092,10 +1143,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
* Delete this part, because it is done below HAVE_ECC
*/
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
pkey = key->key;
if (pkey == NULL) {
rc = EVP_PKEY_up_ref(key->key);
if (rc != 1) {
goto err;
}
pkey = key->key;
/* Mark the operation as successful as for the other key types */
rc = 1;
@@ -1125,10 +1177,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
* #if OPENSSL_VERSION_NUMBER >= 0x30000000L
*/
#if 0
pkey = key->key;
if (pkey == NULL) {
rc = EVP_PKEY_up_ref(key->key);
if (rc != 1) {
goto err;
}
pkey = key->key;
/* Mark the operation as successful as for the other key types */
rc = 1;
@@ -1192,9 +1245,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
NULL, /* auth_fn */
(void*) passphrase);
}
if (pkey != key->key) {
EVP_PKEY_free(pkey);
}
EVP_PKEY_free(pkey);
pkey = NULL;
if (rc != 1) {
@@ -1332,10 +1383,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
* https://github.com/openssl/openssl/pull/16624
* Remove these three lines
*/
/* the EVP_PKEY is not saved to the ssh_key struct */
EVP_PKEY_free(pkey);
pkey = NULL;
break;
#endif /* HAVE_OPENSSL_ECC */
#ifdef HAVE_OPENSSL_ED25519
@@ -1373,11 +1420,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
}
type = SSH_KEYTYPE_ED25519;
/* the EVP_PKEY is not saved to the ssh_key struct */
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_PKEY_free(pkey);
pkey = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
}
break;
#endif /* HAVE_OPENSSL_ED25519 */
@@ -1387,10 +1429,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
EVP_PKEY_free(pkey);
return NULL;
}
/* at later version the pkey is saved to ssh_key struct */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
EVP_PKEY_free(pkey);
#endif /* OPENSSL_VERSION_NUMBER */
key = ssh_key_new();
if (key == NULL) {
@@ -1403,9 +1441,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
#if OPENSSL_VERSION_NUMBER < 0x30000000L
key->dsa = dsa;
key->rsa = rsa;
#else
key->key = pkey;
#endif /* OPENSSL_VERSION_NUMBER */
key->key = pkey;
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* Move key->ecdsa line into the #if above this
@@ -2805,15 +2842,11 @@ static const EVP_MD *pki_digest_to_md(enum ssh_digest_e hash_type)
static EVP_PKEY *pki_key_to_pkey(ssh_key key)
{
EVP_PKEY *pkey = NULL;
#ifdef WITH_PKCS11_URI
if (key->flags & SSH_KEY_FLAG_PKCS11_URI) {
pkey = key->key;
return pkey;
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
int rc = 0;
#endif
switch(key->type) {
switch (key->type) {
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_DSS_CERT01:
#if OPENSSL_VERSION_NUMBER < 0x30000000L
@@ -2855,11 +2888,12 @@ static EVP_PKEY *pki_key_to_pkey(ssh_key key)
SSH_LOG(SSH_LOG_TRACE, "NULL key->key");
goto error;
}
pkey = EVP_PKEY_dup(key->key);
if (pkey == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Out of memory");
rc = EVP_PKEY_up_ref(key->key);
if (rc != 1) {
SSH_LOG(SSH_LOG_TRACE, "Failed to reference EVP_PKEY");
return NULL;
}
pkey = key->key;
break;
#endif /* OPENSSL_VERSION_NUMBER */
case SSH_KEYTYPE_ECDSA_P256:
@@ -2899,11 +2933,12 @@ static EVP_PKEY *pki_key_to_pkey(ssh_key key)
SSH_LOG(SSH_LOG_TRACE, "NULL key->key");
goto error;
}
pkey = EVP_PKEY_dup(key->key);
if (pkey == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Out of memory");
rc = EVP_PKEY_uo_ref(key->key);
if (rc != 1) {
SSH_LOG(SSH_LOG_TRACE, "Failed to reference EVP_PKEY");
return NULL;
}
pkey = key->key;
break;
#endif /* OPENSSL_VERSION_NUMBER */
case SSH_KEYTYPE_ED25519:
@@ -3102,9 +3137,7 @@ out:
explicit_bzero(raw_sig_data, raw_sig_len);
}
SAFE_FREE(raw_sig_data);
if (pkey != NULL && !(privkey->flags & SSH_KEY_FLAG_PKCS11_URI)) {
EVP_PKEY_free(pkey);
}
EVP_PKEY_free(pkey);
return sig;
}
@@ -3230,16 +3263,14 @@ out:
if (ctx != NULL) {
EVP_MD_CTX_free(ctx);
}
if (pkey != NULL && !(pubkey->flags & SSH_KEY_FLAG_PKCS11_URI)) {
EVP_PKEY_free(pkey);
}
EVP_PKEY_free(pkey);
return rc;
}
int ssh_key_size(ssh_key key)
{
int bits = 0;
EVP_PKEY *pkey;
EVP_PKEY *pkey = NULL;
switch (key->type) {
case SSH_KEYTYPE_DSS:
@@ -3260,17 +3291,7 @@ int ssh_key_size(ssh_key key)
return SSH_ERROR;
}
bits = EVP_PKEY_bits(pkey);
#if OPENSSL_VERSION_NUMBER < 0x30000000L
EVP_PKEY_free(pkey);
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* no need of this free
*/
#else
if (is_ecdsa_key_type(key->type)) {
EVP_PKEY_free(pkey);
}
#endif /* OPENSSL_VERSION_NUMBER */
return bits;
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_ED25519_CERT01:
@@ -3437,29 +3458,13 @@ int pki_uri_import(const char *uri_name,
#endif
ssh_key key = NULL;
enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
int ok;
ENGINE_load_builtin_engines();
engine = ENGINE_by_id("pkcs11");
/* Do the init only once */
engine = pki_get_engine();
if (engine == NULL) {
SSH_LOG(SSH_LOG_WARN,
"Could not load the engine: %s",
ERR_error_string(ERR_get_error(),NULL));
return SSH_ERROR;
SSH_LOG(SSH_LOG_WARN, "Failed to initialize engine");
goto fail;
}
SSH_LOG(SSH_LOG_INFO, "Engine loaded successfully");
ok = ENGINE_init(engine);
if (!ok) {
SSH_LOG(SSH_LOG_WARN,
"Could not initialize the engine: %s",
ERR_error_string(ERR_get_error(),NULL));
ENGINE_free(engine);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_INFO, "Engine init success");
switch (key_type) {
case SSH_KEY_PRIVATE:
@@ -3541,10 +3546,9 @@ int pki_uri_import(const char *uri_name,
key->key = pkey;
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->flags = SSH_KEY_FLAG_PUBLIC | SSH_KEY_FLAG_PKCS11_URI;
if (key_type == SSH_KEY_PRIVATE) {
key->flags = SSH_KEY_FLAG_PUBLIC | SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PKCS11_URI;
} else {
key->flags = SSH_KEY_FLAG_PUBLIC | SSH_KEY_FLAG_PKCS11_URI;
key->flags |= SSH_KEY_FLAG_PRIVATE;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
key->rsa = rsa;
@@ -3569,14 +3573,10 @@ int pki_uri_import(const char *uri_name,
#endif
*nkey = key;
ENGINE_finish(engine);
ENGINE_free(engine);
return SSH_OK;
fail:
ENGINE_finish(engine);
ENGINE_free(engine);
EVP_PKEY_free(pkey);
ssh_key_free(key);
#if OPENSSL_VERSION_NUMBER < 0x30000000L

17
src/pki_gcrypt.c
View File

@@ -283,6 +283,23 @@ static int passphrase_to_key(char *data, unsigned int datalen,
return 0;
}
void pki_key_clean(ssh_key key)
{
if (key == NULL)
return;
if (key->dsa)
gcry_sexp_release(key->dsa);
if (key->rsa)
gcry_sexp_release(key->rsa);
if (key->ecdsa)
gcry_sexp_release(key->ecdsa);
key->dsa = NULL;
key->rsa = NULL;
key->ecdsa = NULL;
}
static int privatekey_decrypt(int algo, int mode, unsigned int key_len,
unsigned char *iv, unsigned int iv_len,
ssh_buffer data, ssh_auth_callback cb,

265
src/pki_mbedcrypto.c
View File

@@ -38,6 +38,22 @@
#define MAX_PASSPHRASE_SIZE 1024
#define MAX_KEY_SIZE 32
void pki_key_clean(ssh_key key)
{
if (key == NULL)
return;
if (key->rsa != NULL) {
mbedtls_pk_free(key->rsa);
SAFE_FREE(key->rsa);
}
if (key->ecdsa != NULL) {
mbedtls_ecdsa_free(key->ecdsa);
SAFE_FREE(key->ecdsa);
}
}
ssh_string pki_private_key_to_pem(const ssh_key key, const char *passphrase,
ssh_auth_callback auth_fn, void *auth_data)
{
@@ -85,10 +101,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
ssh_auth_callback auth_fn, void *auth_data)
{
ssh_key key = NULL;
mbedtls_pk_context *rsa = NULL;
mbedtls_pk_context *ecdsa = NULL;
ed25519_privkey *ed25519 = NULL;
enum ssh_keytypes_e type;
mbedtls_pk_context *pk = NULL;
mbedtls_pk_type_t mbed_type;
int valid;
/* mbedtls pk_parse_key expects strlen to count the 0 byte */
size_t b64len = strlen(b64_key) + 1;
@@ -97,159 +111,100 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
mbedtls_ctr_drbg_context *ctr_drbg = ssh_get_mbedtls_ctr_drbg_context();
#endif
type = pki_privatekey_type_from_string(b64_key);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key.");
return NULL;
pk = malloc(sizeof(mbedtls_pk_context));
if (pk == NULL) {
goto fail;
}
mbedtls_pk_init(pk);
switch (type) {
case SSH_KEYTYPE_RSA:
rsa = malloc(sizeof(mbedtls_pk_context));
if (rsa == NULL) {
return NULL;
}
mbedtls_pk_init(rsa);
if (passphrase == NULL) {
if (auth_fn) {
valid = auth_fn("Passphrase for private key:", (char *) tmp,
MAX_PASSPHRASE_SIZE, 0, 0, auth_data);
if (valid < 0) {
goto fail;
}
/* TODO fix signedness and strlen */
#if MBEDTLS_VERSION_MAJOR > 2
valid = mbedtls_pk_parse_key(rsa,
(const unsigned char *) b64_key,
b64len, tmp,
strnlen((const char *) tmp, MAX_PASSPHRASE_SIZE),
mbedtls_ctr_drbg_random, ctr_drbg);
#else
valid = mbedtls_pk_parse_key(rsa,
(const unsigned char *) b64_key,
b64len, tmp,
strnlen((const char *) tmp, MAX_PASSPHRASE_SIZE));
#endif
} else {
#if MBEDTLS_VERSION_MAJOR > 2
valid = mbedtls_pk_parse_key(rsa,
(const unsigned char *) b64_key,
b64len, NULL,
0, mbedtls_ctr_drbg_random, ctr_drbg);
#else
valid = mbedtls_pk_parse_key(rsa,
(const unsigned char *) b64_key,
b64len, NULL,
0);
#endif
}
} else {
#if MBEDTLS_VERSION_MAJOR > 2
valid = mbedtls_pk_parse_key(rsa,
(const unsigned char *) b64_key, b64len,
(const unsigned char *) passphrase,
strnlen(passphrase, MAX_PASSPHRASE_SIZE),
mbedtls_ctr_drbg_random, ctr_drbg);
#else
valid = mbedtls_pk_parse_key(rsa,
(const unsigned char *) b64_key, b64len,
(const unsigned char *) passphrase,
strnlen(passphrase, MAX_PASSPHRASE_SIZE));
#endif
}
if (valid != 0) {
char error_buf[100];
mbedtls_strerror(valid, error_buf, 100);
SSH_LOG(SSH_LOG_WARN,"Parsing private key %s", error_buf);
if (passphrase == NULL) {
if (auth_fn) {
valid = auth_fn("Passphrase for private key:",
(char *)tmp,
MAX_PASSPHRASE_SIZE,
0,
0,
auth_data);
if (valid < 0) {
goto fail;
}
break;
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#if MBEDTLS_VERSION_MAJOR > 2
ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
valid = mbedtls_pk_parse_key(
pk,
(const unsigned char *)b64_key,
b64len,
tmp,
strnlen((const char *)tmp, MAX_PASSPHRASE_SIZE),
mbedtls_ctr_drbg_random,
ctr_drbg);
#else
ecdsa = malloc(sizeof(mbedtls_pk_context));
valid = mbedtls_pk_parse_key(
pk,
(const unsigned char *)b64_key,
b64len,
tmp,
strnlen((const char *)tmp, MAX_PASSPHRASE_SIZE));
#endif
if (ecdsa == NULL) {
return NULL;
}
mbedtls_pk_init(ecdsa);
if (passphrase == NULL) {
if (auth_fn) {
valid = auth_fn("Passphrase for private key:", (char *) tmp,
MAX_PASSPHRASE_SIZE, 0, 0, auth_data);
if (valid < 0) {
goto fail;
}
} else {
#if MBEDTLS_VERSION_MAJOR > 2
valid = mbedtls_pk_parse_key(ecdsa,
(const unsigned char *) b64_key,
b64len, tmp,
strnlen((const char *) tmp, MAX_PASSPHRASE_SIZE),
mbedtls_ctr_drbg_random, ctr_drbg);
valid = mbedtls_pk_parse_key(pk,
(const unsigned char *)b64_key,
b64len,
NULL,
0,
mbedtls_ctr_drbg_random,
ctr_drbg);
#else
valid = mbedtls_pk_parse_key(ecdsa,
(const unsigned char *) b64_key,
b64len, tmp,
strnlen((const char *) tmp, MAX_PASSPHRASE_SIZE));
valid = mbedtls_pk_parse_key(pk,
(const unsigned char *)b64_key,
b64len,
NULL,
0);
#endif
} else {
}
} else {
#if MBEDTLS_VERSION_MAJOR > 2
valid = mbedtls_pk_parse_key(ecdsa,
(const unsigned char *) b64_key,
b64len, NULL,
0, mbedtls_ctr_drbg_random, ctr_drbg);
valid = mbedtls_pk_parse_key(pk,
(const unsigned char *)b64_key,
b64len,
(const unsigned char *)passphrase,
strnlen(passphrase, MAX_PASSPHRASE_SIZE),
mbedtls_ctr_drbg_random,
ctr_drbg);
#else
valid = mbedtls_pk_parse_key(ecdsa,
(const unsigned char *) b64_key,
b64len, NULL,
0);
valid = mbedtls_pk_parse_key(pk,
(const unsigned char *)b64_key,
b64len,
(const unsigned char *)passphrase,
strnlen(passphrase, MAX_PASSPHRASE_SIZE));
#endif
}
} else {
#if MBEDTLS_VERSION_MAJOR > 2
valid = mbedtls_pk_parse_key(ecdsa,
(const unsigned char *) b64_key, b64len,
(const unsigned char *) passphrase,
strnlen(passphrase, MAX_PASSPHRASE_SIZE),
mbedtls_ctr_drbg_random, ctr_drbg);
#else
valid = mbedtls_pk_parse_key(ecdsa,
(const unsigned char *) b64_key, b64len,
(const unsigned char *) passphrase,
strnlen(passphrase, MAX_PASSPHRASE_SIZE));
#endif
}
if (valid != 0) {
char error_buf[100];
mbedtls_strerror(valid, error_buf, 100);
SSH_LOG(SSH_LOG_WARN,"Parsing private key %s", error_buf);
goto fail;
}
break;
case SSH_KEYTYPE_ED25519:
/* Cannot open ed25519 keys with libmbedcrypto */
default:
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d",
type);
return NULL;
}
if (valid != 0) {
char error_buf[100];
mbedtls_strerror(valid, error_buf, 100);
SSH_LOG(SSH_LOG_WARN, "Parsing private key %s", error_buf);
goto fail;
}
mbed_type = mbedtls_pk_get_type(pk);
key = ssh_key_new();
if (key == NULL) {
goto fail;
}
if (ecdsa != NULL) {
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*ecdsa);
switch (mbed_type) {
case MBEDTLS_PK_RSA:
case MBEDTLS_PK_RSA_ALT:
key->rsa = pk;
pk = NULL;
key->type = SSH_KEYTYPE_RSA;
break;
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECDSA: {
/* type will be set later */
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*pk);
pk = NULL;
key->ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
if (key->ecdsa == NULL) {
@@ -258,40 +213,36 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
mbedtls_ecdsa_init(key->ecdsa);
mbedtls_ecdsa_from_keypair(key->ecdsa, keypair);
mbedtls_pk_free(ecdsa);
SAFE_FREE(ecdsa);
mbedtls_pk_free(pk);
SAFE_FREE(pk);
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(key->ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
* keys, so we need to figure out the correct type here */
key->type = pki_key_ecdsa_to_key_type(key->ecdsa);
if (key->type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
} else {
key->ecdsa = NULL;
break;
}
default:
SSH_LOG(SSH_LOG_WARN,
"Unknown or invalid private key type %d",
mbed_type);
return NULL;
}
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->type_c = ssh_key_type_to_char(key->type);
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->rsa = rsa;
key->ed25519_privkey = ed25519;
rsa = NULL;
ecdsa = NULL;
return key;
fail:
ssh_key_free(key);
if (rsa != NULL) {
mbedtls_pk_free(rsa);
SAFE_FREE(rsa);
}
if (ecdsa != NULL) {
mbedtls_pk_free(ecdsa);
SAFE_FREE(ecdsa);
if (pk != NULL) {
mbedtls_pk_free(pk);
SAFE_FREE(pk);
}
return NULL;
}

1
src/server.c
View File

@@ -361,7 +361,6 @@ static void ssh_server_connection_callback(ssh_session session){
}
/* from now, the packet layer is handling incoming packets */
session->socket_callbacks.data=ssh_packet_socket_callback;
ssh_packet_register_socket_callback(session, session->socket);
ssh_packet_set_default_callbacks(session);

5
src/session.c
View File

@@ -104,7 +104,7 @@ ssh_session ssh_new(void)
/* OPTIONS */
session->opts.StrictHostKeyChecking = 1;
session->opts.port = 0;
session->opts.port = 22;
session->opts.fd = -1;
session->opts.compressionlevel = 7;
session->opts.nodelay = 0;
@@ -301,6 +301,7 @@ void ssh_free(ssh_session session)
SAFE_FREE(session->banner);
SAFE_FREE(session->disconnect_message);
SAFE_FREE(session->opts.agent_socket);
SAFE_FREE(session->opts.bindaddr);
SAFE_FREE(session->opts.custombanner);
SAFE_FREE(session->opts.moduli_file);
@@ -1126,7 +1127,7 @@ int ssh_get_publickey_hash(const ssh_key key,
size_t *hlen)
{
ssh_string blob;
unsigned char *h;
unsigned char *h = NULL;
int rc;
rc = ssh_pki_export_pubkey_blob(key, &blob);

16
src/socket.c
View File

@@ -32,7 +32,7 @@
/* Inlining the key portions of afunix.h in Windows 10 SDK;
* that header isn't available in the mingw environment. */
#define UNIX_PATH_MAX 108
typedef struct sockaddr_un {
struct sockaddr_un {
ADDRESS_FAMILY sun_family;
char sun_path[UNIX_PATH_MAX];
};
@@ -891,6 +891,7 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
const char *shell = NULL;
const char *args[] = {NULL/*shell*/, "-c", command, NULL};
int devnull;
int rc;
/* Prepare /dev/null socket for the stderr redirection */
devnull = open("/dev/null", O_WRONLY);
@@ -899,7 +900,10 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
exit(1);
}
/* By default, use the current users shell */
/*
* By default, use the current users shell. This could fail with some
* shells like zsh or dash ...
*/
shell = getenv("SHELL");
if (shell == NULL || shell[0] == '\0') {
/* Fall back to bash. There are issues with dash or
@@ -915,7 +919,13 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
dup2(devnull, STDERR_FILENO);
close(in);
close(out);
execv(args[0], (char * const *)args);
rc = execv(args[0], (char * const *)args);
if (rc < 0) {
char err_msg[SSH_ERRNO_MSG_MAX] = {0};
SSH_LOG(SSH_LOG_WARN, "Failed to execute command %s: %s",
command, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
}
exit(1);
}

2
src/wrapper.c
View File

@@ -396,7 +396,7 @@ int crypt_set_algorithms_client(ssh_session session)
#ifdef WITH_SERVER
int crypt_set_algorithms_server(ssh_session session){
const char *method = NULL;
size_t i = 0;
uint8_t i = 0;
struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab();
struct ssh_hmac_struct *ssh_hmactab=ssh_get_hmactab();
int cmp;

12
tests/CMakeLists.txt
View File

@@ -39,10 +39,6 @@ if (CLIENT_TESTING)
# create shared test library
set(TORTURE_SHARED_LIBRARY torture_shared)
if (MINGW)
set(USE_ATTRIBUTE_WEAK "-DUSE_ATTRIBUTE_WEAK")
endif ()
# Create a list of symbols that should be wrapped for override test
set(WRAP_SYMBOLS "")
list(APPEND WRAP_SYMBOLS
@@ -73,7 +69,7 @@ if (CLIENT_TESTING)
)
target_compile_options(${TORTURE_SHARED_LIBRARY} PRIVATE
-DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
${USE_ATTRIBUTE_WEAK}
-DTORTURE_SHARED
)
endif ()
@@ -173,9 +169,9 @@ if (CLIENT_TESTING OR SERVER_TESTING)
if (NOT SSHD_EXECUTABLE)
message(SEND_ERROR "Could not find sshd which is required for client testing")
endif()
find_program(NC_EXECUTABLE
find_program(NCAT_EXECUTABLE
NAME
nc
ncat
PATHS
/bin
/usr/bin
@@ -249,6 +245,8 @@ if (CLIENT_TESTING OR SERVER_TESTING)
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_SHADOW=${CMAKE_CURRENT_BINARY_DIR}/etc/shadow)
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_GROUP=${CMAKE_CURRENT_BINARY_DIR}/etc/group)
list(APPEND TORTURE_ENVIRONMENT PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d)
list(APPEND TORTURE_ENVIRONMENT LSAN_OPTIONS=suppressions=${CMAKE_CURRENT_SOURCE_DIR}/suppressions/lsan.supp)
list(APPEND TORTURE_ENVIRONMENT OPENSSL_ENABLE_SHA1_SIGNATURES=1)
# Give bob some keys
file(COPY keys/id_rsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)

17
tests/client/torture_proxycommand.c
View File

@@ -59,7 +59,7 @@ static int session_teardown(void **state)
return 0;
}
#ifdef NC_EXECUTABLE
#ifdef NCAT_EXECUTABLE
static void torture_options_set_proxycommand(void **state)
{
struct torture_state *s = *state;
@@ -71,13 +71,18 @@ static void torture_options_set_proxycommand(void **state)
int rc;
socket_t fd;
rc = stat(NC_EXECUTABLE, &sb);
rc = stat(NCAT_EXECUTABLE, &sb);
if (rc != 0 || (sb.st_mode & S_IXOTH) == 0) {
SSH_LOG(SSH_LOG_WARNING, "Could not find " NC_EXECUTABLE ": Skipping the test");
SSH_LOG(SSH_LOG_WARNING,
"Could not find " NCAT_EXECUTABLE ": Skipping the test");
skip();
}
rc = snprintf(command, sizeof(command), NC_EXECUTABLE " %s %d", address, port);
rc = snprintf(command,
sizeof(command),
NCAT_EXECUTABLE " %s %d",
address,
port);
assert_true((size_t)rc < sizeof(command));
rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);
@@ -90,7 +95,7 @@ static void torture_options_set_proxycommand(void **state)
assert_int_equal(rc & O_RDWR, O_RDWR);
}
#else /* NC_EXECUTABLE */
#else /* NCAT_EXECUTABLE */
static void torture_options_set_proxycommand(void **state)
{
@@ -98,7 +103,7 @@ static void torture_options_set_proxycommand(void **state)
skip();
}
#endif /* NC_EXECUTABLE */
#endif /* NCAT_EXECUTABLE */
static void torture_options_set_proxycommand_notexist(void **state) {
struct torture_state *s = *state;

22
tests/client/torture_rekey.c
View File

@@ -38,6 +38,8 @@
#include <fcntl.h>
#include <pwd.h>
#define KEX_RETRY 32
static uint64_t bytes = 2048; /* 2KB (more than the authentication phase) */
static int sshd_setup(void **state)
@@ -499,9 +501,15 @@ static void torture_rekey_different_kex(void **state)
* to make sure the rekey it completes with all different ciphers (paddings */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
for (i = 0; i < 20; i++) {
for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
ssh_handle_packets(s->ssh.session, 50);
ssh_handle_packets(s->ssh.session, 100);
c = s->ssh.session->current_crypto;
/* SHA256 len */
if (c->digest_len != 32) {
break;
}
}
/* The rekey limit was restored in the new crypto to the same value */
@@ -571,9 +579,15 @@ static void torture_rekey_server_different_kex(void **state)
* to make sure the rekey it completes with all different ciphers (paddings */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
for (i = 0; i < 25; i++) {
for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
ssh_handle_packets(s->ssh.session, 50);
ssh_handle_packets(s->ssh.session, 100);
c = s->ssh.session->current_crypto;
/* SHA256 len */
if (c->digest_len != 32) {
break;
}
}
/* Check that the secret hash is different than initially */

9
tests/client/torture_scp.c
View File

@@ -39,6 +39,9 @@
#define TEMPLATE BINARYDIR "/tests/home/alice/temp_dir_XXXXXX"
#define ALICE_HOME BINARYDIR "/tests/home/alice"
/* store the original umask */
mode_t old;
struct scp_st {
struct torture_state *s;
char *tmp_dir;
@@ -99,6 +102,9 @@ static int session_setup(void **state)
s = ts->s;
/* store the original umask and set a new one */
old = umask(0022);
/* Create temporary directory for alice */
tmp_dir = torture_make_temp_dir(TEMPLATE);
assert_non_null(tmp_dir);
@@ -135,6 +141,9 @@ static int session_teardown(void **state)
assert_non_null(ts->s);
s = ts->s;
/* restore the umask */
umask(old);
ssh_disconnect(s->ssh.session);
ssh_free(s->ssh.session);

58
tests/external_override/CMakeLists.txt
View File

@@ -22,26 +22,58 @@ add_library(poly1305_override SHARED
set(POLY1305_OVERRIDE_LIBRARY
${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}poly1305_override${CMAKE_SHARED_LIBRARY_SUFFIX})
if (WITH_GCRYPT)
set (override_src
${libssh_SOURCE_DIR}/src/getrandom_gcrypt.c
${libssh_SOURCE_DIR}/src/md_gcrypt.c
)
set(override_libs
${GCRYPT_LIBRARIES}
)
elseif (WITH_MBEDTLS)
set (override_src
${libssh_SOURCE_DIR}/src/getrandom_mbedcrypto.c
${libssh_SOURCE_DIR}/src/md_mbedcrypto.c
)
set(override_libs
${MBEDTLS_CRYPTO_LIBRARY}
)
else ()
set (override_src
${libssh_SOURCE_DIR}/src/getrandom_crypto.c
${libssh_SOURCE_DIR}/src/md_crypto.c
)
set(override_libs
${OPENSSL_CRYPTO_LIBRARIES}
)
endif (WITH_GCRYPT)
# ed25519_override
add_library(ed25519_override SHARED
ed25519_override.c
${libssh_SOURCE_DIR}/src/external/fe25519.c
${libssh_SOURCE_DIR}/src/external/ge25519.c
${libssh_SOURCE_DIR}/src/external/sc25519.c
${libssh_SOURCE_DIR}/src/external/ed25519.c
)
ed25519_override.c
${libssh_SOURCE_DIR}/src/external/fe25519.c
${libssh_SOURCE_DIR}/src/external/ge25519.c
${libssh_SOURCE_DIR}/src/external/sc25519.c
${libssh_SOURCE_DIR}/src/external/ed25519.c
${override_src}
)
target_link_libraries(ed25519_override
PRIVATE ${override_libs})
set(ED25519_OVERRIDE_LIBRARY
${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}ed25519_override${CMAKE_SHARED_LIBRARY_SUFFIX})
# curve25519_override
add_library(curve25519_override SHARED
curve25519_override.c
${libssh_SOURCE_DIR}/src/external/curve25519_ref.c
${libssh_SOURCE_DIR}/src/external/fe25519.c
${libssh_SOURCE_DIR}/src/external/ge25519.c
${libssh_SOURCE_DIR}/src/external/sc25519.c
${libssh_SOURCE_DIR}/src/external/ed25519.c
)
curve25519_override.c
${libssh_SOURCE_DIR}/src/external/curve25519_ref.c
${libssh_SOURCE_DIR}/src/external/fe25519.c
${libssh_SOURCE_DIR}/src/external/ge25519.c
${libssh_SOURCE_DIR}/src/external/sc25519.c
${libssh_SOURCE_DIR}/src/external/ed25519.c
${override_src}
)
target_link_libraries(curve25519_override
PRIVATE ${override_libs})
set(CURVE25519_OVERRIDE_LIBRARY
${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}curve25519_override${CMAKE_SHARED_LIBRARY_SUFFIX})

23
tests/pkd/CMakeLists.txt
View File

@@ -35,22 +35,21 @@ target_link_libraries(pkd_hello ${pkd_libs})
# are not 100% reproducible.
#
add_test(pkd_hello_i1 ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -e -o -i1 -w /tmp/pkd_socket_wrapper_XXXXXX)
#
# Configure environment for cwrap socket wrapper.
#
if (OSX)
set(PKD_ENVIRONMENT "DYLD_FORCE_FLAT_NAMESPACE=1;DYLD_INSERT_LIBRARIES=${SOCKET_WRAPPER_LIBRARY}")
else ()
set(PKD_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY};OPENSSL_ENABLE_SHA1_SIGNATURES=1")
endif ()
message(STATUS "PKD_ENVIRONMENT=${PKD_ENVIRONMENT}")
set_property(TEST pkd_hello_i1 PROPERTY ENVIRONMENT ${PKD_ENVIRONMENT})
#
# pkd_hello_rekey is used to test server-side implementation of rekeying.
#
add_test(pkd_hello_rekey ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v -w /tmp/pkd_socket_wrapper_XXXXXX)
#
# Configure environment for cwrap socket wrapper.
#
find_package(socket_wrapper 1.1.5 REQUIRED)
if (OSX)
set(PKD_ENVIRONMENT "DYLD_FORCE_FLAT_NAMESPACE=1;DYLD_INSERT_LIBRARIES=${SOCKET_WRAPPER_LIBRARY}")
else ()
set(PKD_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}")
endif ()
message(STATUS "PKD_ENVIRONMENT=${PKD_ENVIRONMENT}")
set_property(TEST pkd_hello_i1 PROPERTY ENVIRONMENT ${PKD_ENVIRONMENT})
set_property(TEST pkd_hello_rekey PROPERTY ENVIRONMENT OPENSSL_ENABLE_SHA1_SIGNATURES=1)
endif (WITH_SERVER AND UNIX AND NOT WIN32)

1
tests/suppressions/lsan.supp Normal file
View File

@@ -0,0 +1 @@
leak:libcrypto.so

2
tests/tests_config.h.cmake
View File

@@ -64,7 +64,7 @@
/* Available programs */
#cmakedefine NC_EXECUTABLE "${NC_EXECUTABLE}"
#cmakedefine NCAT_EXECUTABLE "${NCAT_EXECUTABLE}"
#cmakedefine SSHD_EXECUTABLE "${SSHD_EXECUTABLE}"
#cmakedefine SSH_EXECUTABLE "${SSH_EXECUTABLE}"
#cmakedefine WITH_TIMEOUT ${WITH_TIMEOUT}

12
tests/torture.c
View File

@@ -1033,11 +1033,13 @@ void torture_setup_libssh_server(void **state, const char *server_path)
}
/* Write the environment setting */
/* OPENSSL variable is needed to enable SHA1 */
printed = snprintf(env, sizeof(env),
"SOCKET_WRAPPER_DIR=%s "
"SOCKET_WRAPPER_DEFAULT_IFACE=10 "
"LD_PRELOAD=%s "
"%s",
"%s "
"OPENSSL_ENABLE_SHA1_SIGNATURES=1",
s->socket_dir, ld_preload, force_fips);
if (printed < 0) {
fail_msg("Failed to print env!");
@@ -1627,12 +1629,14 @@ void torture_reset_config(ssh_session session)
memset(session->opts.options_seen, 0, sizeof(session->opts.options_seen));
}
#if ((defined _WIN32) || (defined _WIN64)) && (defined USE_ATTRIBUTE_WEAK)
#if defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED)
__attribute__((weak)) int torture_run_tests(void)
{
fail();
fail_msg("torture_run_tests from shared library called");
return -1;
}
#endif
#endif /* defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED) */
int main(int argc, char **argv) {
struct argument_s arguments;

10
tests/torture.h
View File

@@ -24,10 +24,6 @@
#ifndef _TORTURE_H
#define _TORTURE_H
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
@@ -145,12 +141,12 @@ void torture_setup_create_libssh_config(void **state);
void torture_setup_libssh_server(void **state, const char *server_path);
#if defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED)
__attribute__((weak)) int torture_run_tests(void);
#else
/*
* This function must be defined in every unit test file.
*/
#if ((defined _WIN32) || (defined _WIN64)) && (defined USE_ATTRIBUTE_WEAK)
__attribute__((weak)) int torture_run_tests(void);
#else
int torture_run_tests(void);
#endif

1574
tests/torture_key.c
View File

File diff suppressed because it is too large Load Diff

10
tests/unittests/CMakeLists.txt
View File

@@ -101,6 +101,11 @@ foreach(_UNIT_TEST ${LIBSSH_UNIT_TESTS})
COMPILE_OPTIONS ${DEFAULT_C_COMPILE_FLAGS}
LINK_LIBRARIES ${TEST_TARGET_LIBRARIES}
)
set_property(TEST ${_UNIT_TEST}
PROPERTY
ENVIRONMENT
LSAN_OPTIONS=suppressions=${libssh-tests_SOURCE_DIR}/suppressions/lsan.supp;OPENSSL_ENABLE_SHA1_SIGNATURES=1)
endforeach()
if (CMAKE_USE_PTHREADS_INIT)
@@ -110,6 +115,11 @@ if (CMAKE_USE_PTHREADS_INIT)
COMPILE_OPTIONS ${DEFAULT_C_COMPILE_FLAGS}
LINK_LIBRARIES ${TEST_TARGET_LIBRARIES} Threads::Threads
)
set_property(TEST ${_UNIT_TEST}
PROPERTY
ENVIRONMENT
LSAN_OPTIONS=suppressions=${libssh-tests_SOURCE_DIR}/suppressions/lsan.supp;OPENSSL_ENABLE_SHA1_SIGNATURES=1)
endforeach()
endif ()

50
tests/unittests/torture_config.c
View File

@@ -2,6 +2,11 @@
#define LIBSSH_STATIC
#ifndef _WIN32
#define _POSIX_PTHREAD_SEMANTICS
#include <pwd.h>
#endif
#include "torture.h"
#include "libssh/options.h"
#include "libssh/session.h"
@@ -1710,6 +1715,27 @@ static void torture_config_make_absolute_int(void **state, bool no_sshdir_fails)
{
ssh_session session = *state;
char *result = NULL;
#ifndef _WIN32
char h[256];
char *user;
char *home;
user = getenv("USER");
if (user == NULL) {
user = getenv("LOGNAME");
}
/* in certain CIs there no such variables */
if (!user) {
struct passwd *pw = getpwuid(getuid());
if (pw){
user = pw->pw_name;
}
}
home = getenv("HOME");
assert_non_null(home);
#endif
/* Absolute path already -- should not change in any case */
result = ssh_config_make_absolute(session, "/etc/ssh/ssh_config.d/*.conf", 1);
@@ -1742,6 +1768,30 @@ static void torture_config_make_absolute_int(void **state, bool no_sshdir_fails)
result = ssh_config_make_absolute(session, "my_config", 0);
assert_string_equal(result, "/tmp/ssh/my_config");
free(result);
#ifndef _WIN32
/* Tilde expansion works only in user config */
result = ssh_config_make_absolute(session, "~/.ssh/config.d/*.conf", 0);
snprintf(h, 256 - 1, "%s/.ssh/config.d/*.conf", home);
assert_string_equal(result, h);
free(result);
snprintf(h, 256 - 1, "~%s/.ssh/config.d/*.conf", user);
result = ssh_config_make_absolute(session, h, 0);
snprintf(h, 256 - 1, "%s/.ssh/config.d/*.conf", home);
assert_string_equal(result, h);
free(result);
/* in global config its just prefixed without expansion */
result = ssh_config_make_absolute(session, "~/.ssh/config.d/*.conf", 1);
assert_string_equal(result, "/etc/ssh/~/.ssh/config.d/*.conf");
free(result);
snprintf(h, 256 - 1, "~%s/.ssh/config.d/*.conf", user);
result = ssh_config_make_absolute(session, h, 1);
snprintf(h, 256 - 1, "/etc/ssh/~%s/.ssh/config.d/*.conf", user);
assert_string_equal(result, h);
free(result);
#endif
}
static void torture_config_make_absolute(void **state)

63
tests/unittests/torture_knownhosts_parsing.c
View File

@@ -17,6 +17,7 @@
#endif
#endif
#define LOCALHOST_DSS_LINE "localhost,127.0.0.1 ssh-dss AAAAB3NzaC1kc3MAAACBAIK3RTEWBw+rAPcYUM2Qq4kEw59gXpUQ/WvkdeY7QDO64MHaaorySj8xsraNudmQFh4xb/i5Q1EMnNchOFxtilfU5bUJgdTvetyZEWFL+2HxqBs8GaWRyB1vtSFAw3GO8VUEnjF844N3dNyLoc0NX8IvzwNIaQho6KTsueQlG1X9AAAAFQCXUl4a5UvElL4thi/8QlxR5PtEewAAAIBqNpl5MTBxKQu5jT0+WASa7pAqwT53ofv7ZTDIEokYRb57/nwzDgkcs1fsBRrI6eczJ/VlXWwKbsgkx2Nh3ZiWYwC+HY5uqRpDaj3HERC6LMn4dzdcl29fYeziEibCbRjJX5lZF2vIaA1Ewv8yT0UlunyHZRiyw4WlEglkf/NITAAAAIBxLsdBBXn+8qEYwWK9KT+arRqNXC/lrl0Fp5YyxGNGCv82JcnuOShGGTzhYf8AtTCY1u5oixiW9kea6KXGAKgTjfJShr7n47SZVfOPOrBT3VLhRdGGO3GblDUppzfL8wsEdoqXjzrJuxSdrGnkFu8S9QjkPn9dCtScvWEcluHqMw=="
#define LOCALHOST_RSA_LINE "localhost,127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD7g+vV5cvxxGN0Ldmda4WZCPgRaxV1tV+1KRZoGUNUI61h0X4bmmGaAPRQBCz4G1d9bawqDqEqnpFWazrxBU5cQtISSjzuDJKovLGliky/ShTszee1Thszg3qVNk9gGOWj7jn/HDaOxRlp003Bp47MOdnMnK/oftllFDfY2fF5IRpE6sSIGtg2ZDtF95TV5/9W2oMOIAy8u/83tuibYlNPa1X/von5LgdaPLn6Bk16bQKIhAhlMtFZH8MBYEWe4ZtOGaSWKOsK9MM/RTMlwPi6PkfoHNl4MCMupjx+CdLXwbQEt9Ww+bBIaCui2VWBEiruVbIgJh0W2Tal0e2BzYZ What a Wurst!"
#define LOCALHOST_ECDSA_SHA1_NISTP256_LINE "localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFWmI0n0Tn5+zR7pPGcKYszRbJ/T0T3QfzRBSMMiyebGKRY8tjkU5h2l/UMugzOrOyWqMGQDgQn+a0aMunhKMg0="
#define LOCALHOST_DEFAULT_ED25519 "localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7M22fXD7OiS7kGMXP+OoIjCa+J+5sq8SgAZfIOmDgM"
@@ -144,6 +145,38 @@ close_fp:
return rc;
}
#ifndef HAVE_DSA
static int setup_knownhosts_file_unsupported_type(void **state)
{
char *tmp_file = NULL;
size_t nwritten;
FILE *fp = NULL;
int rc = 0;
tmp_file = torture_create_temp_file(TMP_FILE_NAME);
assert_non_null(tmp_file);
*state = tmp_file;
fp = fopen(tmp_file, "w");
assert_non_null(fp);
nwritten = fwrite(LOCALHOST_DSS_LINE,
sizeof(char),
strlen(LOCALHOST_DSS_LINE),
fp);
if (nwritten != strlen(LOCALHOST_DSS_LINE)) {
rc = -1;
goto close_fp;
}
close_fp:
fclose(fp);
return rc;
}
#endif
static int teardown_knownhosts_file(void **state)
{
char *tmp_file = *state;
@@ -396,6 +429,31 @@ static void torture_knownhosts_get_algorithms_names(void **state)
ssh_free(session);
}
#ifndef HAVE_DSA
/* Do not remove this test if we completly remove DSA support! */
static void torture_knownhosts_get_algorithms_names_unsupported(void **state)
{
const char *knownhosts_file = *state;
ssh_session session;
char *names = NULL;
bool process_config = false;
session = ssh_new();
assert_non_null(session);
/* This makes sure the global configuration file is not processed */
ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");
ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, knownhosts_file);
names = ssh_known_hosts_get_algorithms_names(session);
assert_null(names);
ssh_free(session);
}
#endif
static void torture_knownhosts_algorithms_wanted(void **state)
{
const char *knownhosts_file = *state;
@@ -660,6 +718,11 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_knownhosts_get_algorithms_names,
setup_knownhosts_file,
teardown_knownhosts_file),
#ifndef HAVE_DSA
cmocka_unit_test_setup_teardown(torture_knownhosts_get_algorithms_names_unsupported,
setup_knownhosts_file_unsupported_type,
teardown_knownhosts_file),
#endif
cmocka_unit_test_setup_teardown(torture_knownhosts_algorithms_wanted,
setup_knownhosts_file,
teardown_knownhosts_file),

45
tests/unittests/torture_misc.c
View File

@@ -4,8 +4,8 @@
#include <unistd.h>
#endif
#include <sys/types.h>
#ifndef _WIN32
#ifndef _WIN32
#define _POSIX_PTHREAD_SEMANTICS
#include <pwd.h>
#endif
@@ -168,17 +168,25 @@ static void torture_path_expand_tilde_unix(void **state) {
static void torture_path_expand_escape(void **state) {
ssh_session session = *state;
const char *s = "%d/%h/by/%r";
const char *s = "%d/%h/%p/by/%r";
char *e;
session->opts.sshdir = strdup("guru");
session->opts.host = strdup("meditation");
session->opts.port = 0;
session->opts.username = strdup("root");
e = ssh_path_expand_escape(session, s);
assert_non_null(e);
assert_string_equal(e, "guru/meditation/by/root");
free(e);
assert_string_equal(e, "guru/meditation/22/by/root");
ssh_string_free_char(e);
session->opts.port = 222;
e = ssh_path_expand_escape(session, s);
assert_non_null(e);
assert_string_equal(e, "guru/meditation/222/by/root");
ssh_string_free_char(e);
}
static void torture_path_expand_known_hosts(void **state) {
@@ -724,6 +732,34 @@ static void torture_ssh_strreplace(void **state)
assert_null(replaced_string);
}
static void torture_ssh_strerror(void **state)
{
char buf[1024];
size_t bufflen = sizeof(buf);
char *out = NULL;
(void) state;
out = ssh_strerror(ENOENT, buf, 1); /* too short */
assert_string_equal(out, "\0");
out = ssh_strerror(256, buf, bufflen); /* unknown error code */
/* This error is always different:
* Freebd: "Unknown error: 256"
* MinGW/Win: "Unknown error"
* Linux/glibc: "Unknown error 256"
* Alpine/musl: "No error information"
*/
assert_non_null(out);
out = ssh_strerror(ENOMEM, buf, bufflen);
/* This actually differs too for glibc/musl:
* musl: "Out of memory"
* everything else: "Cannot allocate memory"
*/
assert_non_null(out);
}
int torture_run_tests(void) {
int rc;
struct CMUnitTest tests[] = {
@@ -747,6 +783,7 @@ int torture_run_tests(void) {
cmocka_unit_test(torture_ssh_mkdirs),
cmocka_unit_test(torture_ssh_quote_file_name),
cmocka_unit_test(torture_ssh_strreplace),
cmocka_unit_test(torture_ssh_strerror),
};
ssh_init();

7
tests/unittests/torture_options.c
View File

@@ -66,6 +66,13 @@ static void torture_options_set_host(void **state) {
assert_string_equal(session->opts.host, "meditation");
assert_non_null(session->opts.username);
assert_string_equal(session->opts.username, "guru");
rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname");
assert_true(rc == 0);
assert_non_null(session->opts.host);
assert_string_equal(session->opts.host, "hostname");
assert_non_null(session->opts.username);
assert_string_equal(session->opts.username, "at@login");
}
static void torture_options_set_ciphers(void **state) {

41
tests/unittests/torture_pki_ecdsa_uri.c
View File

@@ -93,6 +93,7 @@ static int setup_directory_structure(void **state)
rc = torture_change_dir(temp_dir);
assert_int_equal(rc, 0);
SAFE_FREE(temp_dir);
test_state->temp_dir = torture_get_current_working_dir();
assert_non_null(test_state->temp_dir);
@@ -188,6 +189,7 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const
assert_return_code(rc, errno);
assert_true(rc == SSH_OK);
assert_non_null(pblob);
ssh_string_free(pblob);
rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
assert_return_code(rc, errno);
@@ -227,6 +229,21 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const
SSH_KEY_FREE(pubkey);
}
static void torture_pki_ecdsa_publickey_from_privatekey_uri_256(void **state)
{
torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_256, "ecdsa256");
}
static void torture_pki_ecdsa_publickey_from_privatekey_uri_384(void **state)
{
torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_384, "ecdsa384");
}
static void torture_pki_ecdsa_publickey_from_privatekey_uri_521(void **state)
{
torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_521, "ecdsa521");
}
static void import_pubkey_without_loading_public_uri(void **state, const char *uri, const char *type)
{
int rc;
@@ -246,6 +263,7 @@ static void import_pubkey_without_loading_public_uri(void **state, const char *u
rc = ssh_pki_export_pubkey_blob(privkey, &pblob);
assert_int_not_equal(rc, 0);
assert_null(pblob);
ssh_string_free(pblob);
rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
assert_int_not_equal(rc, 0);
@@ -255,21 +273,6 @@ static void import_pubkey_without_loading_public_uri(void **state, const char *u
SSH_KEY_FREE(pubkey);
}
static void torture_pki_ecdsa_publickey_from_privatekey_uri_256(void **state)
{
torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_256, "ecdsa256");
}
static void torture_pki_ecdsa_publickey_from_privatekey_uri_384(void **state)
{
torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_384, "ecdsa384");
}
static void torture_pki_ecdsa_publickey_from_privatekey_uri_521(void **state)
{
torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_521, "ecdsa521");
}
static void torture_pki_ecdsa_import_pubkey_without_loading_public_uri_256(void **state)
{
import_pubkey_without_loading_public_uri(state, PRIV_URI_FMT_256_NO_PUB, "ecdsa256_no_pub_uri");
@@ -320,7 +323,7 @@ static void torture_ecdsa_sign_verify_uri(void **state, const char *uri, enum ss
type_char = ssh_key_type_to_char(type);
etype_char = ssh_pki_key_ecdsa_name(privkey);
switch(dig_type) {
switch (dig_type) {
case SSH_DIGEST_SHA256:
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
assert_string_equal(type_char, "ecdsa-sha2-nistp256");
@@ -340,6 +343,7 @@ static void torture_ecdsa_sign_verify_uri(void **state, const char *uri, enum ss
printf("Invalid hash type: %d\n", dig_type);
}
ssh_free(session);
ssh_signature_free(sign);
SSH_KEY_FREE(privkey);
SSH_KEY_FREE(pubkey);
@@ -540,15 +544,16 @@ int torture_run_tests(void) {
cmocka_unit_test(torture_pki_ecdsa_import_pubkey_without_loading_public_uri_384),
cmocka_unit_test(torture_pki_ecdsa_import_pubkey_without_loading_public_uri_521),
};
ssh_session session = ssh_new();
int verbosity = SSH_LOG_FUNCTIONS;
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_init();
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
torture_filter_tests(tests);
rc = cmocka_run_group_tests(tests, setup_directory_structure, teardown_directory_structure);
ssh_free(session);
ssh_finalize();
return rc;

6
tests/unittests/torture_pki_rsa.c
View File

@@ -541,9 +541,13 @@ static void torture_pki_rsa_generate_key(void **state)
int rc;
ssh_key key = NULL, pubkey = NULL;
ssh_signature sign = NULL;
ssh_session session=ssh_new();
ssh_session session = ssh_new();
int verbosity = torture_libssh_verbosity();
(void) state;
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
if (!ssh_fips_mode()) {
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
assert_true(rc == SSH_OK);