Age | Commit message (Collapse) | Author | Files | Lines |
|
Add a missing NULL check for the pointer returned by ssh_buffer_new() in
sftpserver.c.
Thanks to Ramin Farajpour Cami for spotting this.
Fixes T232
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Fixes T213
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit b36272eac1b36982598c10de7af0a501582de07a)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit ecc78ec154763b96b06fc6c00eb039d0c6c96a3d)
|
|
Single quote file paths to be used on commands to be executed on remote
shell.
Fixes T181
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 3830c7ae6eec751b7618d3fc159cb5bb3c8806a6)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 0b5ee397260b6e08dffa2c1ce515a153aaeda765)
|
|
The added function quote file names strings to be used in a shell.
Special cases are treated for the charactes '\'' and '!'.
Fixes T181
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c4ad1aba9860e02fe03ef3f58a047964e9e765fc)
|
|
Fixes T181
Previously, warnings received from the server were ignored. With this
change the warning message sent by the server will be logged.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c75d417d06867fd792b788e6281334621c2cd335)
|
|
Fixes T181
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 42c727d0c186a1e2fa84a31ab40e16e58b404ab3)
|
|
Debian removed the cross compiling toolchain. So lets drop it.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit d02c06268eae9c9c5253bd88410863a2e8c66587)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 144e5516149aa2dabfbe17e892eb7048388beca6)
|
|
This defines block128_f.
Fixes T133.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 65bc24d8a4207e3bcb81278174a360efc7d93ad5)
|
|
Fixes T129
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7c444c09d7bdba1f0409ea8f874ccd283f2daa52)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a1559505a5616a399053fb9afe1ba0b876ac79bd)
|
|
This is not supported by OpenSSH and not recommended to be implemented
either.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 369051a5b4fbe9a5ace7930509cbe57b3478190d)
|
|
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 46d15b316103587e5c185d2af69e906477c35a8b)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8a73e481845cda7c29e350e92300dcec0e314f69)
|
|
src/pki_gcrypt.c:485:10: error: assuming signed overflow does not occur
when simplifying conditional to constant [-Werror=strict-overflow]
Fixes T132
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7a8ed6d02b48ca8de19a25906abc5a6c11f23297)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 58113d489eecfeb266b82de7bb25d4a0526b9606)
|
|
Fixes T124
Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b73ffb3f91ea26412482d145512e4261df903df7)
|
|
Signed-off-by: Till Wimmer <g4-lisz@tonarchiv.ch>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 16a52a836238b4fd82a194ae7a275a39ecc79564)
|
|
Signed-off-by: Till Wimmer <g4-lisz@tonarchiv.ch>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d27b817acc45e07cf89adfacfbfa274b49371485)
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1af10fcdb300e86de8a9930e1f9fd68443a94a52)
|
|
Add four passes to the pkd tests to exercise codepaths where an
OpenSSH client requests these HostKeyAlgorithms combinations:
* rsa-sha2-256
* rsa-sha2-512
* rsa-sha2-256,rsa-sha2-512
* rsa-sha2-512,rsa-sha2-256
The tests demonstrate that the third combination currently fails:
libssh ends up choosing `rsa-sha2-512` instead of `rsa-sha2-256`,
and the initial exchange fails on the client side citing a signature
failure.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c2077ab7752c9d1fa149d7b5337d9e4aaeb96188)
|
|
Ensure to honor the client preference ordering when enabling one of
the RFC8332 RSA signature extensions (`rsa-sha2-{256,512}`).
Before this change, libssh unconditionally selects the `rsa-sha2-512`
algorithm for clients which may have offered "rsa-sha2-256,rsa-sha2-512".
The change can be observed before-and-after with the pkd tests:
./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256_512
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5d279a7ad7fc69c339ca89caf334b479ba787f70)
|
|
In 3341f49a49a07cbce003e487ef24a2042e800f01, some direct assignments
to OpenSSL structures was replaced with usage of getter and setter
macros. Ensure to `bignum_safe_free` a couple of intermediate values
in error paths for `pki_signature_from_blob` DSS and ECDSA cases.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c0102e6a5953789ccda93e8dea956e8cc8a046e9)
|
|
Check for a potential NULL result from `pki_signature_from_rsa_blob`
in `pki_signature_from_blob`. Otherwise the following `sig->type_c`
will result in a segfault.
Introduced in 7f83a1efae6a7da19e18268d6298fc11b4e68c57.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ccd73db90c9ff1c9e945939e78d735f97e525dae)
|
|
OpenSSH has a block size of 8 so we need to always add padding.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 128015bb1795898ef83460f0387eacc9b10ed798)
|
|
This runner always times out.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fae1ed7ded3aafe6babf8f1670f377a9f21564da)
|
|
By default, the list of already stored known host types is preferred,
but this selection so far ignored the SHA2 extension and excluded these
keys in the KEXINIT list leading to not using this extension if not
explicitly enabled from configuration.
This commit extends the default list with the SHA2 signatures algoritms
and compares only base types so they can be listed in the KEXINIT list.
This adjust the tests to expect the full list of algorithms to pass.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 531b80a60bcb89c0ea09e85e36e240755407febf)
|
|
If the server had an RSA host key, it provided unconditionally SHA2
signatures without consulting the client proposed list of supported host
keys.
This commit implements more fine-grained detection of the extension
to provide the client with valid signatures according to RFC 8332
Section 3.1.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 27fe60954c29e548c30af239d92ab4faaf8cf788)
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ca62632170c311923026f978c57d2e0a0be3e0e1)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6cd8d4a24aa067d16611eb64bf306b7853748f34)
|
|
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO. This
message was being filtered out by the packet filtering. This includes a
test to enforce the filtering rules for this packet type.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fe309ba43fb904da4385fc40a338ecc7482f8388)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c3067f8e73244ae1268ee45b373dee7183216b67)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1d5b222cc4f1ab03c14932f9e637e957fa8fc21d)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 13b9d268d42b7c34aa5e3e468b53d9735f3d10fb)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0ba10870d149ba18c8bb5cf98a776c2c038474bd)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 3784226fd85bc1256ef927640f4d400348da038f)
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c413834764707df1316790d4182aea4135589108)
|
|
This fixes an access violation when ssh_init() was called after
ssh_finalize() in Windows when using OpenSSL 1.0.2 and libssh statically
linked.
Fixes T120
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 41b0d263d6e57276cc3e2a2457d8ae48e1f56301)
|
|
non-matching key
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 130256c3487d03f5bf07f86c1b809ab67588e121)
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b72c9eead6c40c8710af2913faedde3c5eb4384e)
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c7628fbfea9ba889cfb1c7fdcc66e233b8c1d673)
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 783e5fd206df968123a541a98c11b93f1d9da291)
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c79c33e22431065e2ec2f8e5dfcbada9d849cfe8)
|