ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
5 307 коммитов 3 Ветки 1 Тег
Граф коммитов

2314 Коммитов

Автор SHA1 Сообщение Дата
Andreas Schneider
b36272eac1 CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR key 
Fixes T213

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2020-04-09 09:28:03 +02:00
Sahana Prasad
cd15043656 src/pki_crypto.c corrects the incorrect usage of enum 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-04-06 09:27:55 +02:00
Anderson Toshiyuki Sasaki
9eb1ce88ae kex: Add support for diffie-hellman-group14-sha256 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-04-06 09:27:26 +02:00
Andreas Schneider
d2f0d3270a dh-gex: Check return value of ssh_get_random() 
CID #1422162

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-04-02 07:25:53 +02:00
Andreas Schneider
a9a7c2dc29 cmake: Fix building with threading support on MinGW 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2020-04-01 14:35:17 +02:00
Anderson Toshiyuki Sasaki
6bd2b93f43 auth: Fix memory leak in ssh_userauth_publickey_auto() 
When a key is rejected, free the allocated memory before returning.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-03-29 09:58:19 +02:00
Andreas Schneider
a9e39a41ff pki: Small code cleanup in ssh_pki_signature_verify() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:46:14 +01:00
Andreas Schneider
0ece6e52aa pki: Use SSH_BUFFER_FREE() in ssh_pki_signature_verify() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:44:58 +01:00
Andreas Schneider
f208e4b332 pki: Add missing return check for ssh_buffer_pack() 
CID #1419376

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:44:17 +01:00
Andreas Schneider
9fcb559301 pki: Fix memory leak of blob on error 
CID #1419377

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:41:11 +01:00
Andreas Schneider
702e7e4c85 channels: Replace PRIdS with ANSI C99 %zu 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:39:06 +01:00
Andreas Schneider
8542f675f4 sftp: Replace PRIdS with ANSI C99 %zu 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:39:06 +01:00
Andreas Schneider
faedadf2eb packet: Replace PRIdS with ANSI C99 %zu 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-12 09:39:06 +01:00
Sahana Prasad
862b2341d7 src: updates documentation incorporate PKCS#11 URIs in import functions. 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2020-02-11 14:25:18 +01:00
Sebastian Kinne
17b518a677 pki: add support for sk-ecdsa and sk-ed25519 
This adds server-side support for the newly introduced OpenSSH
keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com
(including their corresponding certificates), which are backed
by U2F/FIDO2 tokens.

Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc
Signed-off-by: Sebastian Kinne <skinne@google.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-11 10:08:26 +01:00
Jon Simons
3664ba2800 pki: fix pki_key_ecdsa_to_key_type thread-safety 
Resolves https://bugs.libssh.org/T214.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-02-11 10:08:26 +01:00
Andreas Schneider
022409e99c channels: Fix ssh_channel_poll_timeout() not returing available bytes 
Fixes T211

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2020-01-23 10:20:59 +01:00
Jakub Jelen
07f571f1c0 Implement chacha20-poly1305 in mbedTLS 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
60a987fd17 Implement ChaCha20-poly1305 cipher using native OpenSSL 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
94fe7634e1 Do not build in internal chacha implementation if gcrypt supports that 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
8670fb101b chacha: Create common file to avoid code duplication 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
e31e7b0406 packet_crypt: Check return values from AEAD deciphering 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Jakub Jelen
6644f8ca3b curve25519: Avoid memory leaks 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-01-23 09:48:11 +01:00
Andreas Schneider
06d25497ff pki: Avoid uneeded memory duplication 
CID #1412375

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:21:04 +01:00
Andreas Schneider
8215753402 misc: Make the src pointer const in ssh_strreplace() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:20:43 +01:00
Sahana Prasad
240bf3236a misc: Simplifies ssh_strreplace(). 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:19:07 +01:00
Andreas Schneider
72498bac5f pki_crypto: Fix possible memory leak on error 
CID #1409680

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:19:07 +01:00
Andreas Schneider
4b4f568a68 messages: Add missing NULL check 
CID #1409678

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2020-01-23 09:19:07 +01:00
Jakub Jelen
e5553a92d9 socket: Use the users shell for running proxy command 
Fixes T200 and tests on ubuntu, which is using dash

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
3a6751f3d2 socket: Fix the error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
dd64980662 socket: Kill the proxy command if it still runs on disconnect 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
24f450fed1 pki_gcrypt: Warn about unsupported PEM export in gcrypt 
Based on the following mail thread:

https://www.libssh.org/archive/libssh/2019-12/0000027.html

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
7e692ee1b6 libgcrypt: Do not leak memory with invalid key lengths 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
dd54ffb2f1 pki_gcrypt: Do not confuse static analyzers 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
3642224ee5 legacy,keys: Fix the macro conditions 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:45:24 +01:00
Jakub Jelen
9b858f57c5 mbedcrypto_missing: Always check return values 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
13c88a2e0a mbedcrypto_missing: Avoid potential memory leaks as reported by csbuild 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
059b6851dc pki_mbedtls: Avoid potential memory leaks 
reported by csbuild

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
71ba61cc5b pki_mbedtls: Do not warn about unused arguments 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
30cc1568f4 options: Avoid needless assignment as reported by csbuild 
The error was

 src/options.c:971:13: warning: Value stored to 'u' is never read
 #            u = 0;
 #            ^   ~
 src/options.c:971:13: note: Value stored to 'u' is never read
 #            u = 0;
 #            ^   ~
 #  969|           case SSH_OPTIONS_KBDINT_AUTH:
 #  970|           case SSH_OPTIONS_GSSAPI_AUTH:
 #  971|->             u = 0;
 #  972|               if (value == NULL) {
 #  973|                   ssh_set_error_invalid(session);

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Jakub Jelen
e2841908fb kex: Avoid always-false comparisons as reported by csbuild 
/builds/jjelen/libssh-mirror/src/kex.c:360:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] <--[cc]
  360 |         if (len < 0) {
      |                 ^
/builds/jjelen/libssh-mirror/src/kex.c:372:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] <--[cc]
  372 |         if (len < 0) {
      |                 ^

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Sahana Prasad
4ea09256f6 src: Implements PKCS11 URI support 
Imports private and public keys from the engine via PKCS11 URIs. Uses
the imported keys to authenticate to the ssh server.

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 16:17:33 +01:00
Sahana Prasad
6bf4ada240 src: Helper funtions to detect PKCS #11 URIs 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:41:02 +01:00
Sahana Prasad
86a0dfa65b src: Adds the Engine header file and invokes cleanup of the engine 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-20 14:40:51 +01:00
Andreas Schneider
35216e7254 misc: Add ssh_strreplace() 
Pair-Programmed-With: Sahana Prasad <sahana@redhat.com>
Signed-Off-by: Sahana Prasad <sahana@redhat.com>
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-20 14:35:18 +01:00
Andreas Schneider
5317ebf0fc misc: Add ssh_tmpname() 
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-20 14:35:04 +01:00
Jussi Kivilinna
08f4469e21 libgcrypt: fix cipher handle leaks on setkey error paths 
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:45:45 +02:00
Jussi Kivilinna
de4b8f88a2 libgcrypt: Implement chacha20-poly1305@openssh.com cipher using libgcrypt 
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and
provides fast assembler implementations.

v3:
 - initialize pointers to NULL
 - use 'bool' for chacha20_poly1305_keysched.initialized
 - pass error codes from libgcrypt calls to variable
 - add SSH_LOG on error paths
v2:
 - use braces for one-line blocks
 - use UNUSED_PARAM/UNUSED_VAR instead of cast to void
 - use calloc instead of malloc+memset

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-16 22:31:54 +02:00
Jon Simons
b94ecf18bd curve25519: fix uninitialized arg to EVP_PKEY_derive 
Ensure that the `keylen` argument as provided to `EVP_PKEY_derive`
is initialized, otherwise depending on stack contents, the function
call may fail.

Fixes T205.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-13 20:00:37 -05:00
Jakub Jelen
b03818aaed init: Fix documentation about return values of void functions 
Fixes T203

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-10 21:13:07 +01:00