mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00

Go to file

Dirkjan Bussink 42741b1883 Fix handshake bug with AEAD ciphers and no HMAC overlap

There's currently a bug in libssh that a handshake doesn't complete if
there is no overlap between HMAC methods, but when an AEAD cipher is
used.

In case of an AEAD cipher such as chacha20-poly1305 or aes256-gcm, the
HMAC algorithm that is being picked is not relevant. But the problem
here is that the HMAC still needs to have an overlap in the handshake,
even if it is not used afterwards.

This was found with a very strict server side configuration with libssh
where only AEAD ciphers and EtM HMAC modes are accepted. The client
tested against was dropbear.

Dropbear does have support for chacha20-poly1305 and AES GCM modes, but
no support for EtM HMAC modes. This meant that the libssh server in this
case rejected the dropbear client, even though it is perfectly able to
serve it since dropbear supports AEAD algorithms.

The fix implemented here updates the HMAC phase of the handshake to
handle this case. If it detects an AEAD cipher is used, it uses the HMAC
abbreviations for the method instead. This is the same name that is used
in other places as well. It matches the client to server and server to
client values, but it does depend on the order of things in the
ssh_kex_types_e enum, which I'm assuming here is ok since it's explicit.

I've looked at how to add a test for this, but I couldn't really find a
suitable place for it. I would love some tips if this is easily
possible, or if it's easier for someone else to contribute, that's of
course welcome too.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

2020-10-14 11:07:40 +02:00

cmake

cmake: Update compile flags for UndefinedSanitizer

2020-03-30 09:46:18 +02:00

doc

Drop none cipher and MAC as they are not implemented

2020-05-05 14:23:06 +02:00

examples

examples: Tolerate incomplete writes in exec example

2020-06-22 13:58:52 +02:00

include

priv.h: Fix typo in comment; “cound” → “count”

2020-09-29 13:05:34 +02:00

src

Fix handshake bug with AEAD ciphers and no HMAC overlap

2020-10-14 11:07:40 +02:00

tests

Add initial server algorithm test for no HMAC overlap

2020-10-14 11:07:22 +02:00

.arcconfig

arcconfig: Add missing comma

2017-08-21 09:12:36 +02:00

.gitignore

cmake: Link compile database to source dir for clangd

2019-10-25 17:29:10 +02:00

.gitlab-ci.yml

ConfigureChecks.cmake: Disable HAVE_DSA by default (when mbedTLS is not enabled)

2020-09-02 14:35:43 +02:00

AUTHORS

src: Update my mail address.

2014-01-07 16:08:23 +01:00

BSD

added a file from openssh needed for known host parsing

2008-11-02 23:46:55 +00:00

ChangeLog

ChangeLog: Fix typo; “wierdness” → “weirdness”

2020-09-29 13:05:34 +02:00

CMakeLists.txt

ConfigureChecks.cmake: Disable HAVE_DSA by default (when mbedTLS is not enabled)

2020-09-02 14:35:43 +02:00

CompilerChecks.cmake

cmake: Add -Wsign-compare to CFLAGS

2019-12-09 16:08:03 +01:00

config.h.cmake

Add basic support for none cipher and MACs

2020-05-05 14:23:06 +02:00

ConfigureChecks.cmake

ConfigureChecks.cmake: Disable HAVE_DSA by default (when mbedTLS is not enabled)

2020-09-02 14:35:43 +02:00

CONTRIBUTING.md

Merge SubmittingPatches and README.CodingStyle to CONTRIBUTING.md

2020-06-19 16:48:14 +02:00

COPYING

COPYING: Reformat the last paragraph

2018-11-17 20:11:51 +01:00

CPackConfig.cmake

cpack: Ignore patch files

2019-12-09 19:25:38 +01:00

CTestConfig.cmake

cmake: Drop reports via https only.

2015-02-20 15:47:22 +01:00

DefineOptions.cmake

ConfigureChecks.cmake: Disable HAVE_DSA by default (when mbedTLS is not enabled)

2020-09-02 14:35:43 +02:00

INSTALL

doc: Use https where possible

2019-12-09 16:08:03 +01:00

libssh.pc.cmake

cmake: Use GNUInstallDirs for installation

2019-07-04 16:08:34 +02:00

README

README: Mention CONTRIBUTING not SubmittingPatches

2020-09-29 13:05:34 +02:00

README.mbedtls

pki: Add mbedTLS ECDSA key comparison support

2018-03-07 15:44:05 +01:00

README.md

README: Mention CONTRIBUTING not SubmittingPatches

2020-09-29 13:05:34 +02:00

README.md

  _   _   _                          _
 (_) (_) (_)                        (_)
 (_)  _  (_) _         _  _   _  _  (_) _
 (_) (_) (_)(_) _     (_)(_) (_)(_) (_)(_) _
 (_) (_) (_)   (_)  _ (_)  _ (_)    (_)   (_)
 (_) (_) (_)(_)(_) (_)(_) (_)(_)    (_)   (_).org

 The SSH library

Why?

Why not ? :) I've began to work on my own implementation of the ssh protocol because i didn't like the currently public ones. Not any allowed you to import and use the functions as a powerful library, and so i worked on a library-based SSH implementation which was non-existing in the free and open source software world.

How/Who?

If you downloaded this file, you must know what it is : a library for accessing ssh client services through C libraries calls in a simple manner. Everybody can use this software under the terms of the LGPL - see the COPYING file

If you ask yourself how to compile libssh, please read INSTALL before anything.

Where ?

https://www.libssh.org

Contributing

Please read the file 'CONTRIBUTING.md' next to this README file. It explains our copyright policy and how you should send patches for upstream inclusion.

Have fun and happy libssh hacking!

The libssh Team