aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2021-08-19Relase 0.9.6libssh-0.9.6Jakub Jelen4-3/+440
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-18ChangeLog: Fix release date of 0.9.5Jakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-18tests: Simple reproducer for rekeying with different kexJakub Jelen1-3/+155
We do not use SHA1 as it is disabled in many systems Verifies CVE-2021-3634 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-18CVE-2021-3634: Create a separate length for session_idJakub Jelen10-18/+23
Normally, the length of session_id and secret_hash is the same, but if we will get into rekeying with a peer that changes preference of key exchange algorithm, the new secret hash can be larger or smaller than the previous session_id causing invalid reads or writes. Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-17.gitlab-ci: Allow failure of windows runners as they are brokenJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 6daa95f9c196547b61ceffa9256e6bce45926399)
2021-08-17Enable freebsd runner also for jjelenJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 592d256a0bbfead2dc7eac1494406b9d923a8f23)
2021-08-17gitlab-ci: Enable new freebsd runnerAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit ae44d846b86d495e4e8d68a33bcc2532365e6ac5)
2021-08-17gitlab-ci: Use shared Windows runners from gitlabAndreas Schneider1-31/+35
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit 7657994aed5e18c208c83635befa8597aa5317e2)
2021-08-17Fix some compiler warningsNorbert Pocs3-4/+22
Covscan analyzer was used Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 63f97a3d0301005568cf235eccb54610704666f6)
2021-08-17packet: Change the last argument of ssh_packet_encrypt to uint32_tXiang Xiao1-1/+1
to match the implemntation in packet_crypt.c Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Ib76c3585f67dae22ed0f1dfc10dadcd03c762032 (cherry picked from commit ef02e524dfc5110cb3aecfe018df9e5d465de77c)
2021-08-17mbedtls: Change the last argument of cipher_[de|en]crypt_cbc to size_tXiang Xiao1-2/+2
to avoid their prototype different from ssh_cipher_struct Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I6cba2d4fea131f13d028226023da692494caa87d (cherry picked from commit 50934a542db751474ec2db6f007a8aa70e6fbdf8)
2021-08-17Fix error: dereferencing pointer to incomplete type ‘struct timeval’Xiang Xiao3-0/+9
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I99d2016595966d805c9e27b5c2f2a0a5b4ad8611 (cherry picked from commit 07245c1cdd18df90be85a1f163972ec18956a7cd)
2021-08-17tests: Fix running timeout tests on gitlab windows runnersAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit d2a41e606bbd6074b88be46f7b0fd3cd3f7d5536)
2021-08-17ed25519: Harmonize arguments to make new gcc happyJakub Jelen1-4/+4
This started failing CI on Fedora with new GCC /builds/jjelen/libssh-mirror/src/external/ed25519.c:80:48: error: argument 1 of type 'unsigned char *' declared as a pointer [-Werror=array-parameter=] 80 | int crypto_sign_ed25519_keypair(unsigned char *pk, | ~~~~~~~~~~~~~~~^~ In file included from /builds/jjelen/libssh-mirror/src/external/ed25519.c:15: /builds/jjelen/libssh-mirror/include/libssh/ed25519.h:46:48: note: previously declared as an array 'uint8_t[32]' {aka 'unsigned char[32]'} 46 | int crypto_sign_ed25519_keypair(ed25519_pubkey pk, ed25519_privkey sk); | ~~~~~~~~~~~~~~~^~ /builds/jjelen/libssh-mirror/src/external/ed25519.c:81:48: error: argument 2 of type 'unsigned char *' declared as a pointer [-Werror=array-parameter=] 81 | unsigned char *sk) | ~~~~~~~~~~~~~~~^~ In file included from /builds/jjelen/libssh-mirror/src/external/ed25519.c:15: /builds/jjelen/libssh-mirror/include/libssh/ed25519.h:46:68: note: previously declared as an array 'uint8_t[64]' {aka 'unsigned char[64]'} 46 | int crypto_sign_ed25519_keypair(ed25519_pubkey pk, ed25519_privkey sk); | ~~~~~~~~~~~~~~~~^~ /builds/jjelen/libssh-mirror/src/external/ed25519.c:117:46: error: argument 5 of type 'const unsigned char *' declared as a pointer [-Werror=array-parameter=] 117 | const unsigned char *sk) | ~~~~~~~~~~~~~~~~~~~~~^~ In file included from /builds/jjelen/libssh-mirror/src/external/ed25519.c:15: /builds/jjelen/libssh-mirror/include/libssh/ed25519.h:61:27: note: previously declared as an array 'const uint8_t[64]' {aka 'const unsigned char[64]'} 61 | const ed25519_privkey sk); | ~~~~~~~~~~~~~~~~~~~~~~^~ /builds/jjelen/libssh-mirror/src/external/ed25519.c:180:51: error: argument 5 of type 'const unsigned char *' declared as a pointer [-Werror=array-parameter=] 180 | const unsigned char *pk) | ~~~~~~~~~~~~~~~~~~~~~^~ In file included from /builds/jjelen/libssh-mirror/src/external/ed25519.c:15: /builds/jjelen/libssh-mirror/include/libssh/ed25519.h:76:26: note: previously declared as an array 'const uint8_t[32]' {aka 'const unsigned char[32]'} 76 | const ed25519_pubkey pk); | ~~~~~~~~~~~~~~~~~~~~~^~ Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> (cherry picked from commit 9e0d76fb67baa3811808ae54bc9bc4ee58a8ed31)
2021-08-17cmake: Fix Ninja multiple rules errorDDoSolitary1-3/+3
Currently "cmake -G Ninja" complains about "multiple rules generate src/libssh_dev.map", because the target has the same name as the output of the custom command. Signed-off-by: DDoSolitary <DDoSolitary@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> (cherry picked from commit 1a24b424ef4a6ecd881434a32394ca3b41990f21)
2021-08-17tests: Cover sftp_new_channel functionJakub Jelen4-4/+135
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> (cherry picked from commit 25f9ca83a4fcfe305c557cc05d10c7b03e77b4e8)
2021-08-17fix sftp_new_channel constructs an invalid objectPablo Yaggi1-2/+26
Fixes T273 Signed-off-by: Pablo Yaggi <pyaggi@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> (cherry picked from commit 51b7a2421a93d55ca891d38c6a4f1350fb8fffcf)
2021-08-17Reformat sftp_new_channelJakub Jelen1-21/+21
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> (cherry picked from commit 78036e98ecf8b45c4889be7f7b035e673d7cca02)
2021-08-17[winlocks] Include stdlib.h to avoid crash in WindowsChris Townsend1-0/+1
Due to the missing include, the compiler makes assumptions and leads to a crash in ssh_mutex_lock() during runtime. Signed-off-by: Chris Townsend <christopher.townsend@canonical.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit a5bb333422c0ded2d0bab8367901946cab305245)
2021-08-17cmake: Support build directories with special charactersDDoSolitary2-9/+15
Signed-off-by: DDoSolitary <DDoSolitary@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit c8b2e68fb85283856dc8ab6bed7f8730a38e93f6)
2021-08-17cmake: Avoid setting compiler flags directlyDDoSolitary1-13/+6
Calling set_target_properties directly overrides previously set flags, so replace them with target_compile_definitions and target_link_options. Signed-off-by: DDoSolitary <DDoSolitary@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit 06799453835d2c6608c074823ccfc399ccc0c525)
2021-08-17pki: Fix memory leak on error pathJakub Jelen1-0/+1
Thanks coverity CID 1445481 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit b90cc79cbe40309d0a54d0b53a93778fa5b06f31)
2021-08-17config: Support more identity files in configurationJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit a9061ab434c5789c7e369b8819625ae38ed62005)
2021-08-17dh-gex: Avoid memory leaksJakub Jelen1-0/+3
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29611 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit ae809b3cbbfde6010cb6cb5e84660af128a8b16a)
2021-08-17Clean memory on failure pathsJakub Jelen2-3/+7
Thanks oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28490 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 95a4651d86c5a937d0fa17030a0db0308dc4a690)
2021-08-17include: Introduce secure SSH_SIGNATURE_FREE()Jakub Jelen1-0/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 832abe7f4ab6f905b15926393952ef8134c18c81)
2021-08-17Happy new year 2021!Andreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 6f934cc488b9fb2162ea701e6e829e5d5a8d5fb1)
2021-08-17Fix CMake warning about mismatched if/endif arguments during OpenSSL detectionKevin Kane1-1/+1
Signed-off-by: Kevin Kane <kkane@microsoft.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 919387ae644b607b021c110dbe3b5bee9df08d91)
2021-08-17Always check return value of ssh_list_new()Dirkjan Bussink5-21/+42
Another item identified during code review was cases where the return value of ssh_list_new() was not properly checked and handled. This updates all cases that were missing this to handle failure to allocate a new list. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 0987e6065c86f2f52b3c8835a0ad73d7ad082121)
2021-08-17Add safety checks for all ssh_string_fill callsDirkjan Bussink8-30/+97
These calls can fail and the return code should always be checked. These issues were identified when code review called it out on new code. The updates here are to existing code with no behavior changes to make review simpler. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit daeee74edd8ac25c1d246d40333e78518574eded)
2021-08-17Ignore request success and failure message if they are not expectedDirkjan Bussink2-18/+112
In https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145#note_463232084 behavior in libssh was identified where it diverges from how for example OpenSSH behaves. In OpenSSH if a request success of failure message is received, apart from it being treated as a keepalive message, it is ignored otherwise. Libssh does handle the unexpected message and triggers an error condition internally. This means that with the Dropbear behavior where it replies to a hostkeys-00@openssh.com message even with a want_reply = 0 (arguably a bug), libssh enters an error state. This change makes the libssh behavior match OpenSSH to ignore these messages. The spec is a bit unclear on whether Dropbear is buggy here or not, but let's be liberal with the input accepted here in libssh. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit f6a2f6190c2aa047d901547720ae6d1729e1e2c0)
2021-08-17Provide OPENSSL_CRYPTO_LIBRARIES synonym for OPENSSL_CRYPTO_LIBRARYKevin Kane1-1/+7
FindOpenSSL.cmake usually defines this synonym, but it doesn't on CMake < 3.16 when building on Windows outside of Cygwin. Signed-off-by: Kevin Kane <kkane@microsoft.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 3c33c3945523a9d07c541c77017ac2639305e13a)
2021-08-17cmake: Use OPENSSL_CRYPTO_LIBRARIES CMake variable when linking against OpenSSLKevin Kane2-16/+16
The build currently breaks when attempting to link libssh.so using a statically-linked OpenSSL. -ldl and -lpthread are required when linking a binary with the static libcrypto.a. The OPENSSL_CRYPTO_LIBRARY does not include these dependencies when linking against static OpenSSL. OPENSSL_CRYPTO_LIBRARIES contains the correct dependencies in both static and shared configurations; -ldl and -lpthread are not required when linking against shared libcrypto.so. This change changes all uses of OPENSSL_CRYPTO_LIBRARY to OPENSSL_CRYPTO_LIBRARIES to let the FindOpenSSL CMake module always provide the correct libraries at link time. Signed-off-by: Kevin Kane <kkane@microsoft.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 026879e9f0d766ebe651e6d3fd9809e243928391)
2021-08-17wrapper: Avoid memory leak on errors during key exchangeJakub Jelen1-0/+1
As reported by oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28075 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 9c6404aa4976a6259509df37fda1e0399e0e1212)
2021-08-17tests: Disable *cbc ciphers in Dropbear testsJakub Jelen1-23/+42
These are disabled in latest since Dropbear 2020.79, while older do not support anything better than aes-ctr ciphers. We should implement some dynamic algorithm detection for dropbear too to increase test coverage. https://bugs.libssh.org/T252 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 635edc8adbbd5441cf070ae92ac448ae2c58293b)
2021-08-17Fix handshake bug with AEAD ciphers and no HMAC overlapDirkjan Bussink1-16/+41
There's currently a bug in libssh that a handshake doesn't complete if there is no overlap between HMAC methods, but when an AEAD cipher is used. In case of an AEAD cipher such as chacha20-poly1305 or aes256-gcm, the HMAC algorithm that is being picked is not relevant. But the problem here is that the HMAC still needs to have an overlap in the handshake, even if it is not used afterwards. This was found with a very strict server side configuration with libssh where only AEAD ciphers and EtM HMAC modes are accepted. The client tested against was dropbear. Dropbear does have support for chacha20-poly1305 and AES GCM modes, but no support for EtM HMAC modes. This meant that the libssh server in this case rejected the dropbear client, even though it is perfectly able to serve it since dropbear supports AEAD algorithms. The fix implemented here updates the HMAC phase of the handshake to handle this case. If it detects an AEAD cipher is used, it uses the HMAC abbreviations for the method instead. This is the same name that is used in other places as well. It matches the client to server and server to client values, but it does depend on the order of things in the ssh_kex_types_e enum, which I'm assuming here is ok since it's explicit. I've looked at how to add a test for this, but I couldn't really find a suitable place for it. I would love some tips if this is easily possible, or if it's easier for someone else to contribute, that's of course welcome too. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit 42741b18832aa8acab51c53505efa263e8193537)
2021-08-17tests: Test MAC algorithm mismatch when AEAD cipher is selectedJakub Jelen1-0/+57
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> (cherry picked from commit 22f89e043ba3fec51974dcfaaf0fcd469d2ab6a9)
2021-08-17torture: Place additional configuration options before defaults so they can ↵Jakub Jelen1-10/+10
override them Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> (cherry picked from commit f9bd1db8c3a936edd11fcfa97999d19fc1020600)
2021-08-17client: Reset pending_call_state on disconnectJakub Jelen1-0/+1
Fixes T251 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> (cherry picked from commit 5348267fa85b49355885b716faf85a7f3cb44e1b)
2021-08-17Fix another memory leak on invalid nid valueDirkjan Bussink1-0/+4
In 906cc7e7e95047981677a43743cb7c4aa2bb3aab a memory leak was fixed but a similar one is present here that needs a fix as well. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit e4c5f6d3d9bff233a39abe7810ba76019572fd2f)
2020-09-10Bump version to 0.9.5libssh-0.9.5Jakub Jelen4-3/+435
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-09-02Add a new location of sftp-server on TumbleweedJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> (cherry picked from commit ff599a9c53c908d7abfc6ea0f4b94d707fbb34fa)
2020-08-13tests: Enable all CASignatureAlgorithms as SHA1 certificates are now ↵Jakub Jelen1-0/+3
disabled in OpenSSH 8.2p1 This option is unknown to older OpenSSH versions (for example CentOS 7 with OpenSSH 7.4) so we can not add it everywhere. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 44de453b227115c0d60926302901ae0869ef5d1e)
2020-08-13tests: Enable RSA SHA1 certs for testing against older OpenSSHJakub Jelen1-0/+6
The OpenSSH 7.4 or 7.6 in Ubuntu and CentOS 7 does not support SHA2 RSA certificates and libssh automatically falls back to SHA1, which is not allowed by default. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> (cherry picked from commit db948bdac87ec9ad190cadbd9444902e5fbe691a)
2020-08-13CMakeLists: Shorten the keys lists passed to the ssh commandJakub Jelen1-0/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit c106cd1f8365c871c798ffac8a384bfcbd48c6df)
2020-08-13tests: Use the path to SSH executable consistentlyJakub Jelen2-3/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 2892b49a37e742cc6089c87cab6a89340a2e33a4)
2020-08-13pkd client run user executableAris Adamantiadis2-2/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 9e7de14d5936d4e983b6945a4553c2dc0773e7d6)
2020-08-13pkd: fix snprintf compiler warningAris Adamantiadis1-1/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit bba5fa18ed81fdac8f69e1d2389f8084d56b076b)
2020-08-13tests: use detected sshd pathAris Adamantiadis3-9/+10
The static sshd directory wasn't matching the detected sshd and prevented the testcases to be run against local OpenSSH builts Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 1089948346640061e3a723737cfdd8515d4986d5)
2020-08-13tests: use OpenSSH-provided ciphersAris Adamantiadis2-52/+25
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 7ec67011c5bb9cf700a76084550b095640605c85)