aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-03-29misc: Avoid printing full path in debug messageAlberto Garcia Illera1-2/+2
Signed-off-by: Alberto Garcia Illera <agarciaillera@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-29channels: Added function to create channel to UNIX socketpmorris672-0/+84
[asn: Reformatting and added openssh version check] Signed-off-by: Philip Morris <philip.morris67@ntlworld.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-25config: Use size_t instead of u_intAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-25sftp_get_error returns int, not char *.Jan Pazdziora1-1/+1
Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-25Each ssh_channel_request_exec() needs to be run on fresh channel.Jan Pazdziora1-0/+3
Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-25The ssh_channel_callbacks_struct member name is channel_data_function.Jan Pazdziora1-1/+1
Addressing client.c: In function ‘show_remote_uptime’: client.c:107:6: error: ‘struct ssh_channel_callbacks_struct’ has no member named ‘channel_data’ .channel_data = my_channel_data_function, ^~~~~~~~~~~~ client.c:107:21: warning: initialization of ‘long unsigned int’ from ‘int (*)(struct ssh_session_struct *, struct ssh_channel_struct *, void *, uint32_t, int, void *)’ {aka ‘int (*)(struct ssh_session_struct *, struct ssh_channel_struct *, void *, unsigned int, int, void *)’} makes integer from pointer without a cast [-Wint-conversion] .channel_data = my_channel_data_function, ^~~~~~~~~~~~~~~~~~~~~~~~ client.c:107:21: note: (near initialization for ‘cb.size’) Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-25auth: Set buffer used to store password as secureAnderson Toshiyuki Sasaki1-0/+3
This will make such buffer to be explicity overwritten with zeroes when freed. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-13doc: Add a note about OpenSSL linkingAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-13libcrypto: Add missing includes for modes.hAndreas Schneider1-0/+5
This defines block128_f. Fixes T133. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-11The SSH_LOG_ENTRY is not defined all, match the descriptions to ↵Jan Pazdziora1-15/+10
SSH_BIND_OPTIONS_LOG_VERBOSITY*. The documentation amends change in 801bc29494f7b0da377334a9e48eff698d53376d. The SSH_LOG_ENTRY macro was removed during cleanup ab60d1d67847f2af20604f8890381a0cbbed0524. Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-11From the context it seems that the function being defined is authenticate_none.Jan Pazdziora1-1/+1
Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-11ssh_userauth_publickey_auto requires three arguments.Jan Pazdziora1-1/+1
Addressing client.c: In function ‘authenticate_pubkey’: client.c:70:8: error: too few arguments to function ‘ssh_userauth_publickey_auto’ rc = ssh_userauth_publickey_auto(session, NULL); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from client.c:1: /usr/include/libssh/libssh.h:745:16: note: declared here LIBSSH_API int ssh_userauth_publickey_auto(ssh_session session, ^~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07Use a common KDF functionSimo Sorce11-256/+299
Cleanup the KDF function to use only one function per crypto backend. Improve the KDF function to properly handle requested lenght and to avoid unnecessarily reallocating buffers. In OpenSSL use the new EVP_KDF API if available. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07Clean up code that generates session keysSimo Sorce1-147/+110
This patch simply reworks the code to make it more understandable and reduce if() branches. It also avoids reallocs, and instead uses a support buffer to hold intermediate results of the hmac function so that no buffer overrides happen when the requested size is not an exact mutiple of the digest_len. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07Add unit test for fn that generates session keysSimo Sorce2-0/+98
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07Fix crypto_free zeroing of encryption keysSimo Sorce1-5/+5
The zeroing MUST use the correct cipher length as keys can be both longer or shorter than the digest. In one case only some part of the key may end up being zeroed, in the other memory corruption may happen as we zero memory we do not own. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-27sftp: Document how to free memory retruned by sftp_canonicalize_path()Andreas Schneider1-1/+3
Fixes T129 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-27ssh_event_dopoll can also return SSH_AGAINTill Wimmer1-0/+1
Signed-off-by: Till Wimmer <g4-lisz@tonarchiv.ch> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-22Add tests and implementation for Encrypt-then-MAC modeDirkjan Bussink9-87/+465
This adds the OpenSSH HMACs that do encrypt then mac. This is a more secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and AES-GCM are already encrypt-then-mac, but this also adds it for older legacy clients that don't support those ciphers yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Add flag for tracking EtM HMACsDirkjan Bussink4-12/+23
This adds a flag to the type structures to track if we use a Encrypt-then-MAC cipher instead of Encrypt-and-MAC. EtM is a more secure hashing mechanism. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Refactor ssh_packet_hmac_verify to allow for direct bufferDirkjan Bussink3-10/+13
This will make it easier to do Encrypt-then-MAC checks as those will be on the direct encrypted data received before decrypting which means they are not allocated in an ssh buffer at that point yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Select ciphers for MAC tests that need a MACDirkjan Bussink1-1/+1
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Remove SHA384 HMACDirkjan Bussink6-14/+1
This is not supported by OpenSSH and not recommended to be implemented either. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Use constant time comparison function for HMAC comparisonDirkjan Bussink1-1/+12
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22config: Avoid buffer overflowJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-22pki_gcrypt: Include missing stdbool.hAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-21pki: Fix size type for len in privatekey_string_to_buffer()Andreas Schneider1-7/+21
src/pki_gcrypt.c:485:10: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow] Fixes T132 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-21connector: Fallback on the socket output callbackDavid Wedderwille1-0/+1
Fixes T124 Signed-off-by: David Wedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-21client: Add missing break, remove useless returnTilo Eckert1-4/+1
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-21socket: Use more portable PF_UNIX instead of PF_LOCALTilo Eckert1-1/+1
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-21crypto: Use uint8_t instead of non-standard u_charTilo Eckert2-6/+6
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-21buffer: Fix regression introduced by 6c7eaa and c306a6Tilo Eckert5-25/+3
Buffer (un)packing was broken on compilers that are not gcc-compatible since the checks for an argument count of -1 have been removed from ssh_buffer_(un)pack(). This fix no longer uses GCC extensions for the __VA_NARG__ macro, but only plain C99. Note: The macro can no longer count empty argument lists (results in compile error) which was not needed anyway. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-21examples: Fix unused parameter warnings in sshd_direct-tcpipAndreas Schneider1-3/+14
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-20examples: Add direct-tcpip server sampleTill Wimmer2-0/+645
Signed-off-by: Till Wimmer <g4-lisz@tonarchiv.ch> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07cmake: fix build problem on ubuntu 18.04Aris Adamantiadis1-2/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
2019-02-07cmake: Bump API version to 4.7.4Andreas Schneider3-2/+417
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07kex: honor client preference for rsa-sha2-{256,512} host key algorithmsJon Simons1-0/+24
Ensure to honor the client preference ordering when enabling one of the RFC8332 RSA signature extensions (`rsa-sha2-{256,512}`). Before this change, libssh unconditionally selects the `rsa-sha2-512` algorithm for clients which may have offered "rsa-sha2-256,rsa-sha2-512". The change can be observed before-and-after with the pkd tests: ./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256_512 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07tests/pkd: repro rsa-sha2-{256,512} negotiation bugJon Simons2-6/+17
Add four passes to the pkd tests to exercise codepaths where an OpenSSH client requests these HostKeyAlgorithms combinations: * rsa-sha2-256 * rsa-sha2-512 * rsa-sha2-256,rsa-sha2-512 * rsa-sha2-512,rsa-sha2-256 The tests demonstrate that the third combination currently fails: libssh ends up choosing `rsa-sha2-512` instead of `rsa-sha2-256`, and the initial exchange fails on the client side citing a signature failure. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07pki_container_openssh: Add padding to be compatible with OpenSSHJakub Jelen1-10/+14
OpenSSH has a block size of 8 so we need to always add padding. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07examples: Add simple way to generate key files from libsshJakub Jelen2-0/+45
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07Allow building without Group Exchange supportJakub Jelen13-63/+95
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07kex: Disable diffie-hellman-group-exchange-sha1 by defaultJakub Jelen3-27/+59
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07options: Allow to configure cryptographic algorithms for serverJakub Jelen2-2/+103
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07docs: Missing documentation for SSH_OPTIONS_HMAC_*Jakub Jelen1-0/+8
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07tests: Fix error messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07buffer: Fix typo in a commentJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07tests: Don't talk to ssh-agent in server authentication testsJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07Update INSTALL fileAndreas Schneider1-2/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07dh: Add function references to ssh_print_hash() docAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07include: Mark ssh_print_hexa as deprecatedAndreas Schneider2-8/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>