libssh

Автор	SHA1	Сообщение	Дата
Andreas Schneider	c78c6c6542	messages: Do not leak memory if answered had been allocated previously BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-21 11:12:10 +02:00
Andreas Schneider	d5d8349224	misc: Validate integers converted from the SSH banner BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1181 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-21 11:02:29 +02:00
Andreas Schneider	67a2ba6f99	messages: Fix memory leaks in the ssh_packet_global_request callback BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1208 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-21 10:56:13 +02:00
Andreas Schneider	79437fa0c9	auth: Use calloc in ssh_userauth_agent_pubkey() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-21 10:50:37 +02:00
Peter Volpe	76ba2b0055	session: Free session->kbdint in ssh_free() Makes sure we free pending keyboard auth prompts so prompts that have not be replied to do not leak. Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-20 17:04:21 +02:00
Andreas Schneider	68b7ca6e92	buffer: Validate the length before before memory allocation Check if the size the other party sent is a valid size in the transmitted buffer. Thanks to Alex Gaynor for finding and reporting the issue. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-13 16:25:40 +02:00
Andreas Schneider	c165c396de	buffer: Create ssh_buffer_validate_length() This functions allows if a given length can be obtained from the buffer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-13 16:25:29 +02:00
Andreas Schneider	f21ddefedb	Revert "buffer: Create ssh_buffer_validate_length()" This reverts commit 34bdc1ca7871e8e9258077411edd516c8de55299.	2017-04-13 16:19:28 +02:00
Andreas Schneider	0cf1c85542	Revert "buffer: Validate the length before before memory allocation" This reverts commit 57550e6211c19c634a319bed59d39b28d020dcd1.	2017-04-13 16:19:23 +02:00
Andreas Schneider	57550e6211	buffer: Validate the length before before memory allocation Check if the size the other party sent is a valid size in the transmitted buffer. Thanks to Alex Gaynor for finding and reporting the issue. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-13 16:12:27 +02:00
Andreas Schneider	34bdc1ca78	buffer: Create ssh_buffer_validate_length() This functions allows if a given length can be obtained from the buffer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-13 16:12:27 +02:00
Alex Hermann	5f202d7ffa	config: Only use first occurence of each parameter ssh_config's manpage says: "For each parameter, the first obtained value will be used." Make libssh adhere to this rule. BUG: https://red.libssh.org/issues/256 Signed-off-by: Alex Hermann <alex@hexla.nl> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-13 16:08:20 +02:00
Alex Hermann	c3a8b5009f	config: Don't expand Host variable Tokens are not allowed (according to the manpage). Expansion was introduced by a wrong fix for #127. This commit reverts part of 6eea08a9ef Signed-off-by: Alex Hermann <alex@hexla.nl> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-13 15:58:52 +02:00
Alex Hermann	9ef7e90821	config: Support expansion in the HostName variable BUG: https://red.libssh.org/issues/127 The original "fix" for 127 was expanding the wrong variable: Host instead of HostName. Signed-off-by: Alex Hermann <alex@hexla.nl> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-13 15:55:12 +02:00
Yanis Kurganov	38cb19268a	session: Add SSH1 support in ssh_send_debug() Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com> Reviewed-by: Andreas Schneider <asn@samba.org>	2017-04-11 17:40:38 +02:00
Yanis Kurganov	72fdb4867e	session: Add SSH1 support in ssh_send_ignore() Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com> Reviewed-by: Andreas Schneider <asn@samba.org>	2017-04-11 17:40:30 +02:00
Alfredo Mazzinghi	9dc650b7fb	server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to server This sets the bind private key directly from an ssh_key struct instead of reading a file. Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-11 10:00:13 +02:00
Max Bachmann	3ec8babfaf	messages: Utilize the message queue for SSH_REQUEST_GLOBAL. Signed-off-by: Max Bachmann <mabahltm@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2017-04-11 09:55:22 +02:00
Andreas Schneider	73e8277072	libcrypto-compat: Check if EVP_CIPHER_CTX_new is needed Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-02-23 16:59:28 +01:00
Andreas Schneider	166b9f7709	buffer: Use calloc to allocate a zero'ed buffer Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-02-06 09:42:49 +01:00
Andreas Schneider	de369b46b1	pki: Use byte mode for fopen() BUG: https://red.libssh.org/issues/251 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2017-02-03 13:18:16 +01:00
Justus Winter	043560d7dd	pki_gcrypt: Fix freeing of ECDSA signatures. * src/pki.c (ssh_signature_free): Fix test for ECC using gcrypt. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-09 18:20:40 +01:00
Justus Winter	4b33c6bb97	pki_gcrypt: Fix memory leak. * src/pki_gcrypt.c (pki_key_ecdsa_to_nid): Release 'sexp'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-09 18:20:19 +01:00
Andreas Schneider	2f6a866373	cmake: Only build libcrypto and libcrypto-compat when needed This also fixes the gcrypt build. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-08 10:31:20 +01:00
Andreas Schneider	3daf1760a1	cmake: Use configure check for CRYPTO_ctr128_encrypt Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 11:46:47 +01:00
Andreas Schneider	2dff359a33	threads: Use new API call for OpenSSL CRYPTO THREADID BUG: https://red.libssh.org/issues/222 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 11:46:47 +01:00
Jakub Jelen	3341f49a49	pki_crypto: Use getters and setters for opaque keys and signatures This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 11:46:47 +01:00
Jakub Jelen	5d2e9ee66e	libcrypto: Use a pointer for EVP_CIPHER_CTX This has been made opaque and it needs to be a pointer. This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 11:46:47 +01:00
Jakub Jelen	607c671f67	libcrypto: Use a pointer for EVP_MD_CTX This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 11:46:41 +01:00
Jakub Jelen	cf1e808e2f	libcrypto: Use newer API for HMAC This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 11:45:07 +01:00
Jakub Jelen	b6cfde8987	libcrypto: Introduce a libcrypto compat file This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 11:42:06 +01:00
Jakub Jelen	d73f665edd	libcrypto: Remove AES_ctr128_encrypt() This is for OpenSSL 1.1.0. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 11:42:06 +01:00
Andreas Schneider	52efbc3a23	misc: Use simpler macros for htonll and ntohll Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-07 09:39:19 +01:00
Andreas Schneider	cff7882391	log: Add missing config.h include Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-06 12:39:45 +01:00
Andreas Schneider	5d1a8cd88b	cmake: Check for io.h on Windows Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-06 11:57:52 +01:00
Andreas Schneider	528b9c5323	cmake: Correctly check for sys/[u]time.h Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-06 11:52:12 +01:00
Andreas Schneider	293ab4bd40	doc: Improve documentation for ssh_set_auth_methods() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-06 11:29:02 +01:00
Andreas Schneider	a45db022e9	bcrypt: Fix type of shalen Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-06 11:18:55 +01:00
Andreas Schneider	02be4802d5	pki_ed25519: Do paranoia checks before we allocate memory Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-06 11:15:23 +01:00
Andreas Schneider	5437deed1b	callbacks: Add support for MSVC __typeof__ is GCC specific Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-05 20:00:02 +01:00
Andreas Schneider	422271bd40	connector: Fix build with Visual Studio Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-05 18:03:34 +01:00
Andreas Schneider	801bc29494	options: Fix log level documentation BUG: https://red.libssh.org/issues/210 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-05 17:15:31 +01:00
Stef Walter	857ce2376e	known_hosts: Add ssh_dump_knownhost() function This works similarly to ssh_write_knownhost(), but allows the caller to get a line with the known_hosts line. BUG: https://red.libssh.org/issues/207 Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-05 17:12:07 +01:00
Andreas Schneider	2af88a679d	bignum: Use const in ssh_print_bignum() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-03 15:22:47 +01:00
Justus Winter	e3a866b8c1	ecdh: Implement ECDH using libgcrypt * include/libssh/crypto.h (struct ssh_crypto_struct): Provide a suitable 'ecdh_privkey'. * include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using libgcrypt. (ecdh_build_k): New prototype. * src/CMakeLists.txt (libssh_SRCS): Add backend-specific files. * src/ecdh.c: Move backend-specific parts to... * src/ecdh_crypto.c: ... this file. * src/ecdh_gcrypt.c: New file. * src/wrapper.c (crypto_free): Free 'ecdh_privkey'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-03 15:20:36 +01:00
Justus Winter	f62cded9f0	pki_gcrypt: Handle ECDSA keys and signatures * ConfigureChecks.cmake: Set 'HAVE_ECC' and 'HAVE_GCRYPT_ECC' if applicable. * include/libssh/pki.h (struct ssh_key_struct): Fix type of field 'ecdsa'. (struct ssh_signature_struct): Likewise for 'ecdsa_sig'. * src/pki.c (ssh_pki_key_ecdsa_name): Relax guard now that the used function is also provided by the gcrypt backend. (ssh_signature_free): Free ecdsa signature. * src/pki_gcrypt.c (ECDSA_HEADER_{BEGIN,END}): New macros. (privatekey_string_to_buffer): Handle ECDSA keys. (pki_key_ecdsa_to_nid): New function. (pki_key_ecdsa_nid_to_gcrypt_name): Likewise. (pki_key_ecdsa_nid_to_name): Likewise. (pki_key_ecdsa_nid_to_char): Likewise. (pki_key_ecdsa_nid_from_name): Implement. (asn1_oi_to_nid): New function. (b64decode_ecdsa_privatekey): Likewise. (pki_private_key_from_base64): Handle ECDSA keys. (pki_pubkey_build_ecdsa): Implement. (pki_key_dup): Handle ECDSA keys. (pki_key_generate): Likewise. (pki_key_generate_ecdsa): Implement. (pki_key_compare): Handle ECDSA keys. (pki_publickey_to_blob): Likewise. (pki_signature_from_blob): Likewise. (pki_signature_verify): Likewise. (pki_do_sign): Likewise. (pki_do_sign_sessionid): Likewise. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-03 15:20:30 +01:00
Justus Winter	7e315629b9	libgcrypt: Implement the 'evp' interface * include/libssh/libgcrypt.h (EVPCTX): Fix type. (NID_gcrypt_nistp{256,384,521}): New constants. * src/libgcrypt.c (nid_to_md_algo): New function mapping curves to digest algorithms. (evp{,_init,_update,_final}): New functions. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-03 15:20:26 +01:00
Justus Winter	3c2ea78a09	pki_gcrypt: Add a little more ASN1 infrastructure * src/pki_gcrypt.c (ASN1_OCTET_STRING): New macro. (ASN1_OBJECT_IDENTIFIER): Likewise. (asn1_check_tag): New function. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-03 15:19:34 +01:00
Justus Winter	85bcfab719	curve25519: Small libgcrypt bignum fix * src/curve25519.c (ssh_client_curve25519_init): Make use of the gcrypt-variant of 'bignum_bin2bn'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-11-02 18:53:59 +01:00
Pino Toscano	67ffe26dea	Remove extra newlines from log/error messages Signed-off-by: Pino Toscano <ptoscano@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2016-10-22 16:05:32 +02:00

... 2 3 4 5 6 ...

1418 Коммитов