error: ‘%u’ directive output may be truncated writing between 1 and 10
bytes into a region of size 6.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 20406e51c9)
mingw does have this function, even though it appears to be deprecated.
So the symbol has to have a different name, or linking becomes
impossible.
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 17aec429f5)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit a81e78aff4)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 0800618f32)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 382ff38caa)
Openssl3.0 API retrieves bignum variables from a key.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Merge multiple key variables into one variable.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
New openssl API, libmbedtls, libgcrypt use size_t for
HMAC len pameter.
New helper functions were added in libcrypto.c to avoid
code duplication. (the header pki.h is needed for this
reason)
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
- strerror_r for linux
- strerror_s for windows
Keep in mind that strerror_r has two versions:
- XSI
- GNU
see manpage for more information
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Fix#98 by adding 'ssh_session_set_disconnect_message' Whenever the ssh
session disconnects a "Bye Bye" message was set and displayed. Now the
peer has a choice to set a customised message to be sent after the
session is disconnected. The default "Bye Bye" will be set if this
function is not called or not called correctly. The testcases in
tests/server/torture_server can also demonstrate how this function
works.
Signed-off-by: Om Sheladia <omsheladia10@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit adds an `agent_socket` field to the session options
and connects the config parser to that option.
`SSH_OPTIONS_IDENTITY_AGENT` is added to allow applications to
set this option for themselves.
agent.c is updated to take the `agent_socket` value in preference
to the `SSH_AUTH_SOCK` environment variable.
Signed-off-by: Wez Furlong <wez@fb.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Windows has supported unix domain sockets for a couple of years
now; see this article for more information about that:
<https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/>
This commit allows libssh to consider using agent authentication
on Windows systems.
It is mostly removing `#ifndef _WIN32` that prevented the unix
domain socket code from being compiled in, and adjusting the use
of `read(2)` and `write(2)` to `recv(2)` and `send(2)`, as the former
functions are not compatible with sockets on Windows systems.
For mingw systems, afunix.h isn't available so we use the
technique as was used to resolve building with mingw as used
by the curl project in: https://github.com/curl/curl/pull/5170
Signed-off-by: Wez Furlong <wez@fb.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
According to the documentation the return value is the number of
processed bytes, so the returned value is never negative. We should not
use ssize_t in public headers as it isn't available on Windows! We only
have it defined in priv.h!
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Added API function ssh_channel_open_forward_port that is the same as
ssh_channel_accept_forward with the addition to determine the
originator address and port
Signed-off-by: Tomas Holmqvist <tomhol@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Thanks to Harry Sintonen from WithSecure for pointing this out.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Thanks to Harry Sintonen from WithSecure for pointing this out.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Thanks to Harry Sintonen from WithSecure for pointing this out.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Remove config options: protocol, mac, cipher, compressionlevel,
gssapikeyexchange,
gssapirenewalforcesrekey,
gssapitrustdns,
rhostsrsaauthentication,
rsaauthentication,
useprivilegedport,
pubkeyacceptedtypes
since they are not supported by OpenSSH
Rename some config options:
hostbasedkeytypes, challengeresponseauthentication and pubkeyacceptedkeytypes
to hosbasedacceptedalgorithms, kdbinteractiveauthentication and pubkeyacceptedalgorithms
to be consistent with the OpenSSH manual https://man.openbsd.org/sshd_config.
Keep pubkeyacceptedkeytypes for backward compatibility.
Rename SOC_PUBKEYACCEPTEDTYPES to SOC_PUBKEYACCEPTEDKEYTYPES in config.h
Update unittests/torture_config.c and unittests/torture_options.c
Signed-off-by: Anh Minh Tran <anhminh@seznam.cz>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
FIPS_mode function is no longer supported in openssl version 3
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
RFC 4252 §7 states that the public key algorithm in a
SSH_MSG_USERAUTH_PK_OK response is the public key algorithm name from
the request. When using RSA with SHA-2, this will be either
"rsa-sha2-256" or "rsa-sha2-512" as specified by RFC 8332 §3.2.
However, currently libssh emits the public key type instead, which is
"ssh-rsa". This is not in conformance with the RFCs, so let's fix this
by storing the signature type and emitting it in our response instead of
the public key when sending SSH_MSG_USERAUTH_PK_OK in the server.
Signed-off-by: brian m. carlson <bk2204@github.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Similarly as we already have for the client configuraiton file
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Normally, the length of session_id and secret_hash is the same,
but if we will get into rekeying with a peer that changes preference
of key exchange algorithm, the new secret hash can be larger or
smaller than the previous session_id causing invalid reads or writes.
Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
and add LOG_SIZE macro to control the buffer size
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I3eaeea001fc531fdb55074fc3a9d140b27847c1f
to match the implemntation in packet_crypt.c
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Ib76c3585f67dae22ed0f1dfc10dadcd03c762032
because of inconsistent author and sign-off
This reverts commit 053ed5bd91.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
to match the implemntation in packet_crypt.c
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Change-Id: Ib76c3585f67dae22ed0f1dfc10dadcd03c762032
Move the secure_memcmp() function to a shared source to make it
available internally for other crypto implementations.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Now that the minimum OpenSSL version is 1.0.1, we know that the EVP HMAC
API is always available. This switches to this API. The existing API is
deprecated for OpenSSL 3.0.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
OpenSSL 0.9.7 is already not supported, so clean up the old legacy bits
for that as well.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fixes T248
Signed-off-by: Stanislav Zidek <szidek@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
