aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
14 daysFix handshake bug with AEAD ciphers and no HMAC overlapHEADmasterDirkjan Bussink1-16/+41
There's currently a bug in libssh that a handshake doesn't complete if there is no overlap between HMAC methods, but when an AEAD cipher is used. In case of an AEAD cipher such as chacha20-poly1305 or aes256-gcm, the HMAC algorithm that is being picked is not relevant. But the problem here is that the HMAC still needs to have an overlap in the handshake, even if it is not used afterwards. This was found with a very strict server side configuration with libssh where only AEAD ciphers and EtM HMAC modes are accepted. The client tested against was dropbear. Dropbear does have support for chacha20-poly1305 and AES GCM modes, but no support for EtM HMAC modes. This meant that the libssh server in this case rejected the dropbear client, even though it is perfectly able to serve it since dropbear supports AEAD algorithms. The fix implemented here updates the HMAC phase of the handshake to handle this case. If it detects an AEAD cipher is used, it uses the HMAC abbreviations for the method instead. This is the same name that is used in other places as well. It matches the client to server and server to client values, but it does depend on the order of things in the ssh_kex_types_e enum, which I'm assuming here is ok since it's explicit. I've looked at how to add a test for this, but I couldn't really find a suitable place for it. I would love some tips if this is easily possible, or if it's easier for someone else to contribute, that's of course welcome too. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
14 daysAdd initial server algorithm test for no HMAC overlapDirkjan Bussink2-0/+365
This adds an initial test with all AEAD modes to verify that they work if there is no overlap in HMAC ciphers. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
14 daystests: Test MAC algorithm mismatch when AEAD cipher is selectedJakub Jelen1-0/+57
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
14 daystorture: Place additional configuration options before defaults so they can ↵Jakub Jelen1-10/+10
override them Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-10-02client: Reset pending_call_state on disconnectJakub Jelen1-0/+1
Fixes T251 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-10-02client: Reformat ssh_disconnect()Jakub Jelen1-69/+73
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-09-29README: Mention CONTRIBUTING not SubmittingPatchesPaul Capron2-2/+2
The “SubmittingPatches” file is no more since commit a76badf77af9ff92164fd97327d63cc731d753ef, but the READMEs were still referencing it. They now correctly point to “CONTRIBUTING.md”. Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29ChangeLog: Fix typo; “wierdness” → “weirdness”Paul Capron1-1/+1
“Wierdness” is… a weird word ^o^ Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29ChangeLog: Remove duplicate “version 0.3.1” entryPaul Capron1-8/+0
There were two identical entries for v0.3.1, next to each other. Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29pki_gcrypt.c: Fix typo + inconsistency in warningPaul Capron1-2/+3
In function pki_signature_from_blob(), the warning message in case of an oversized RSA key was missing an ‘o’ (reading “to” instead of “too”). While we are here, make this oversized message the same than the ones found in pki_crypto.c & pki_mbedcrypto.c: put the expected size in it. The message in case of an _under_sized key include the expected size, so that’s more consistent in that regard too (and more informative!) Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29priv.h: Fix typo in comment; “cound” → “count”Paul Capron1-1/+1
Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29priv.h: Fix “MAX_PACKAT_LEN” typo in #ifndef guardPaul Capron1-1/+1
The preprocessor guard was previously effectively inoperative; it used to read “MAX_PACKAT_LEN” (note the ‘A’!), now is ‘E’. Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29src/kex.c: removes DES and SHA1 from mac and kex algorithms by default.Sahana Prasad2-22/+30
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-17misc: Do not call random()Anderson Toshiyuki Sasaki1-10/+13
Avoid calling random() and use ssh_get_random() instead. CID #1412376 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-03Fix another memory leak on invalid nid valueDirkjan Bussink1-0/+4
In 906cc7e7e95047981677a43743cb7c4aa2bb3aab a memory leak was fixed but a similar one is present here that needs a fix as well. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-02ConfigureChecks.cmake: Disable HAVE_DSA by default (when mbedTLS is not enabled)Sahana Prasad4-10/+23
Ensure that it is not possible to enable it back with mbedTLS Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-09-02Add a new location of sftp-server on TumbleweedJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-08-13README.md: Add OSS-Fuzz badgeAnderson Toshiyuki Sasaki1-0/+1
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-08-12sftp: Fix more typosJakub Jelen2-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-08-12sftp: fix documentation typosHarald Sitter1-8/+8
Signed-off-by: Harald Sitter <sitter@kde.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-07-16tests: Add test case for T191Anderson Toshiyuki Sasaki1-0/+99
Add a test case to verify that the server returns the correct signature when it negotiated an RSA signature algorithm for the host key different from the one it prefers (e.g. when the client prefers ssh-rsa over rsa-sha2-256 and rsa-sha2-512). Fixes T240 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16tests: Add a test case for T75Anderson Toshiyuki Sasaki1-0/+56
The test checks if the client can handle the error returned by the server when the maximum number of channel sessions is exceeded. Fixes T239 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16Disable *-cbc ciphers by defaultJakub Jelen1-10/+13
OpenSSH disabled them in 2014 and 2017 for servers and clients so its our turn to follow the suit. Fixes T236 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16pki: Avoid memory leak on invalid curve NIDJakub Jelen1-0/+2
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24166 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16packet: Fix unterminated brace and better context name in debug messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16misc: Do not confuse client/server in debug messagesJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-24tests: Do not parse configuration file in torture_knownhostsAnderson Toshiyuki Sasaki1-0/+8
The test might fail if there is a local configuration file that changes the location of the known_hosts file. The test should not be affected by configuration files present in the testing environment. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-23channel: Do not return error if the server closed the channelAnderson Toshiyuki Sasaki1-3/+4
If the server properly closed the channel, the client should not return error if it finds the channel closed. Fixes T231 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-22examples: Tolerate incomplete writes in exec exampleAnderson Toshiyuki Sasaki1-7/+22
Previously, the exec example would fail if it could not write the whole read buffer to stdout. With this changes, the exec example will be able to write parts of the buffer until the whole buffer is written. This makes the exec example to run when the stdout buffer is small. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-22tests: Add test for CVE-2019-14889Anderson Toshiyuki Sasaki1-0/+84
The test checks if a command appended to the file path is not executed. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-19Merge SubmittingPatches and README.CodingStyle to CONTRIBUTING.mdAndreas Schneider2-161/+152
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-06-03buffer: Add NULL check for 'buffer' argumentAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03buffer: Reformat ssh_buffer_add_data()Andreas Schneider1-17/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03sftpserver: Add missing return check for ssh_buffer_add_data()Andreas Schneider1-3/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03sftpserver: Add missing NULL check for ssh_buffer_new()Andreas Schneider1-0/+6
Thanks to Ramin Farajpour Cami for spotting this. Fixes T232 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-21Removed old, 10 years unused test filesJakub Jelen8-622/+0
They do not build anymore and I believe most of their functionality is already covered by new testst. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-21options: Do not reference non-existing functionJakub Jelen1-2/+2
Fixes T227 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-20unittests: updates torture_pki_ecdsa_uri test by adding negative test cases ↵Sahana Prasad1-1/+58
to ensure there is no crash when ssh_pki_export_pubkey_blob() is incorrectly used to export ecdsa pubkeys from privkeys when pubkeys are not imported into pkcs #11 tokens. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-20tests/torture.c: update the definition of torture_setup_tokens() to take ↵Sahana Prasad5-11/+16
load_public as an option that determines if public keys must be loaded in pkcs #11 tokens or not. tests: Adds the load_public parameter in all files where torture_setup_tokens() was used. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-20tests/pkcs11/setup-softhsm-tokens.sh: updates the script to handle ↵Sahana Prasad1-9/+13
LOADPUBLIC parameter. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-20src/pki_crypto.c pki_publickey_to_blob() should not be used to export public ↵Sahana Prasad1-0/+8
key from private keys for ecdsa keys. ssh_userauth_publickey() calls ssh_pki_export_pubkey_blob() and tries to export the the public key from private key if public keys are not already imported into pkcs #11 tokens. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-15cmake: add _POSIX_SOURCEDavid Wedderwille1-0/+1
Fixes T228 Signed-off-by: David Wedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-05-06cmake: Add autogenerated libssh_version.hHeiko Thiery9-18/+55
Set the cmake project verision to the autogenerated file to have a single point to set the version. This will be included in the libssh.h file. Pair-Programmed-With: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05fuzz: Avoid warnings from csbuild in fuzzersJakub Jelen2-3/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Add instructions for corpus creation and first corpus filesJakub Jelen3-0/+69
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Allow to increase log level from server fuzzerJakub Jelen1-0/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Do not parse configuration filesJakub Jelen2-0/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Use none cipher and MACJakub Jelen2-1/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Allow example client and server to process different configuration filesJakub Jelen2-5/+27
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Cover ssh_options_getopt with unit testsJakub Jelen1-0/+148
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>