ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
3 452 коммитов 3 Ветки 1 Тег
Граф коммитов

1235 Коммитов

Автор SHA1 Сообщение Дата
Aris Adamantiadis
d46fe6a51c SSH1: fix duplicate identifier 2015-09-25 08:52:38 +02:00
Aris Adamantiadis
e83b4e8129 libcrypto: clean up EVP functions 2015-09-25 00:05:10 +02:00
Aris Adamantiadis
392e09e3de moved libcrypto structs to c99 notation 2015-09-24 21:57:44 +02:00
Aris Adamantiadis
06b9901e64 crypto: move key setup in newkeys handler 2015-09-24 16:46:12 +02:00
Aris Adamantiadis
3c333aa9b4 libcrypto: refactor EVP_(de|en)crypt 2015-09-23 15:09:23 +02:00
Aris Adamantiadis
73d8c919b7 crypto: fix potential memory leak in ECDH 2015-09-21 15:01:37 +02:00
Andreas Schneider
747e7d05db kex: Fix zlib compression 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-16 08:34:28 +02:00
Andreas Schneider
b0f22fde62 kex: Prefer sha2 over sha1 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-15 15:09:03 +02:00
Andreas Schneider
11f43df873 pki: Fix a memory leak on error in ssh_pki_copy_cert_to_privkey() 
CID 1323516

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-09 09:34:22 +02:00
Andreas Schneider
1254ed1833 pki: Fix a memory leak in pki_import_cert_buffer() 
CID #1323517
 2015-09-09 09:32:40 +02:00
Axel Eppe
bdfe6870f6 pki: Add certificate loading functions 
- ssh_pki_import_cert_base64()
- ssh_pki_import_cert_file()
- ssh_pki_import_cert_blob()
Those functions are currently simple wrappers around their pubkey counterpart.

- ssh_pki_copy_cert_to_privkey()
This function copies the cert-specific data to a private key.

Signed-off-by: Axel Eppe <aeppe@google.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-07 13:30:14 +02:00
Axel Eppe
9775f78ab2 pki: Add Add new pki_import_cert_buffer function 
Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-07 13:29:52 +02:00
Axel Eppe
6da4e21065 pki: Add rsa, dss certificate key type definitions 
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types.
- Add a cert_type member in the ssh_key struct.

Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-07 13:29:23 +02:00
Andreas Schneider
3b0b1c3ee3 pki: Use the standard logging function 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-07 10:57:34 +02:00
Andreas Schneider
5b586fdfec cmake: Handle libssh threas library correctly 
This should fix the build on Windows and would not install pkg files.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-07 07:46:11 +02:00
Michael Wilder
2f193b5cbb bignum: Fix OpenSSL crash in SAFE_FREE 
Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2015-09-07 07:45:02 +02:00
Michael Wilder
e6f93c887b crypto: Add OpenSSL EVP functions for FIPS compatibility 
Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
 2015-09-07 07:45:01 +02:00
Andreas Schneider
36d9b62f1f server: Fix return code check of ssh_buffer_pack() 
Thanks to Andreas Gutschick <andreas.gutschick@mitel.com>

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-08-18 09:09:31 +02:00
Andreas Schneider
e1081796af pki: Fix return values of ssh_key_is_(public|private) 
Thanks to Kevin Haake <khaake@red-cocoa.com>

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-08-10 13:57:28 +02:00
Tilo Eckert
672c3be9ed sftp: Fix incorrect handling of received length fields 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
 2015-08-01 10:52:57 +03:00
Peter Volpe
dc9c4d22ab auth: Fix return status for ssh_userauth_agent() 
BUG: https://red.libssh.org/issues/201

Return SSH_AUTH_DENIED instead of SSH_AUTH_ERROR when the provided agent
offers no public keys.

Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-07-30 10:51:42 +02:00
Tilo Eckert
71d86be42e define our own platform-independent S_IF macros 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-07-30 10:47:34 +02:00
Tilo Eckert
267fe02088 fix file mode checks in sftp_open() 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-07-30 10:46:34 +02:00
Aris Adamantiadis
52b5258ed4 fix permissions 2015-07-08 16:33:34 +02:00
Fabiano Fidêncio
2bf6e66ffe client: handle agent forward open requests with callbacks 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Aris Adamantiadis <aris@badcode.be>
 2015-07-07 13:24:55 +02:00
Andreas Schneider
728c2fbd01 cmake: Fix zlib include directory 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-07-03 12:36:26 +02:00
Tilo Eckert
0423057424 SSH_AUTH_PARTIAL is now correctly passed to the caller of ssh_userauth_publickey_auto(). 
Implicitly fixed unsafe return code handling that could result in use-after-free.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-29 11:10:45 +02:00
Tilo Eckert
cc25d747d4 available auth_methods must be reset on partial authentication 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-29 11:06:20 +02:00
Peter Volpe
7637351065 channels: Fix exit-signal data unpacking 
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-29 09:50:09 +02:00
Peter Volpe
7aeba71a92 agent: Add ssh_set_agent_socket 
Allow callers to specify their own socket
for an ssh agent.

Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-29 09:47:02 +02:00
Seb Boving
e020dd8d59 Don't allocate a new identity list in the new session's options. 
The previous list is not freed. Since the new session just got
created, an identity list is already allocated and empty.

Signed-off-by: Sebastien Boving <seb@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-24 18:28:36 +02:00
Douglas Heriot
a65af1b3b8 cmake: Do not use CMAKE_(SOURCE|BINARY)_DIR 2015-06-24 18:17:05 +02:00
Tiamo Laitakari
5478de1a64 pki: Fix allocation of ed25519 public keys 
Signed-off-by: Tiamo Laitakari <tiamo.laitakari@cs.helsinki.fi>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-24 17:53:22 +02:00
Andreas Schneider
ef751a26d0 misc: Correctly guard the sys/time.h include 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-24 17:13:19 +02:00
Andreas Schneider
1d69e073af kex: Add comments to #if clauses 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-24 16:23:13 +02:00
Aris Adamantiadis
c480a29052 channels: fix exit-status not correctly set 2015-06-03 16:41:05 +02:00
Mike DePaulo
4aef82237d Comment that ssh_forward_cancel() is deprecated. 
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
 2015-05-29 11:29:49 +02:00
Mike DePaulo
8a4a22d7b7 Reintroduce ssh_forward_listen() (Fixes: #194) 
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
 2015-05-29 11:23:31 +02:00
Jon Simons
ee460dc04b kex: also compare host keys for 'first_kex_packet_follows' 
Also consider the host key type at hand when computing whether a
'first_kex_packet_follows' packet matches the current server settings.
Without this change libssh may incorrectly believe that guessed
settings which match by kex algorithm alone fully match: the host
key types must also match.  Observed when testing with dropbear
clients.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 22:03:47 +02:00
Jon Simons
f134cb3d57 server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT case 
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be
ignored.  That is, for the case that the initial 'first_kex_packet_follows'
guess is incorrect.  Before this change sessions served with libssh can be
observed to error out unexpectedly early when testing with dropbear clients
that send an incompatible guess.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 22:03:32 +02:00
Andreas Schneider
e8720a30e2 cmake: Add --enable-stdcall-fixup for MinGW builds 
This fixes warnings for getaddrinfo() and freeaddrinfo().

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 18:59:30 +02:00
Andreas Schneider
ca501df8c8 sftp: Fix size check 
CID: #1296588

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 11:26:40 +02:00
Andreas Schneider
a4cecf59d5 external: Fix resetting the state 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 18:10:30 +02:00
Andreas Schneider
244881b87d external: Make sure we burn buffers in bcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
cf05e653de external: Fix a possible buffer overrun in bcrypt_pbkdf 
CID: #1250106

This fixes a 1 byte output overflow for large key length (not reachable
in libssh). Pulled from OpenBSD BCrypt PBKDF implementation.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
4b9916136d sftp: Add bound check for size 
CID: #1238630

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
33ecff11dd buffer: Cleanup vaargs in ssh_buffer_unpack_va() 
CID: #1267977

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
83d3ee7fdb string: Improve ssh_string_len() to avoid tainted variables 
CID: #1278978

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
b1a3f4ee33 pki_container: Fix a memory leak 
CID: #1267980

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
05498e0e33 pki_container: Add check for return value 
CID: #1267982

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00