aboutsummaryrefslogtreecommitdiff
path: root/src/dh.c
AgeCommit message (Collapse)AuthorFilesLines
2023-12-18CVE-2023-48795: client side mitigationAris Adamantiadis1-13/+4
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-05-04CVE-2023-1667:dh: Expose the callback cleanup functionsJakub Jelen1-1/+6
These will be helpful when we already sent the first key exchange packet, but we found out that our guess was wrong and we need to initiate different key exchange method with different callbacks. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-11-23dh: Add missing include for fprintf()Andreas Schneider1-0/+2
src/dh.c:824:5: warning: incompatible implicit declaration of built-in function 'fprintf' [enabled by default] fprintf(stderr, "%s\n", fingerprint); ^ Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-10-07SSH_LOG_DEBUG: Recategorize loglevelsNorbert Pocs1-1/+1
Loglevel INFO is the default openssh configuration setting which does not print redundant information. On a system using openssh with loglevels set by the terms of openssh will cause unwanted log lines in the output. recategorized based on - SSH_LOG_DEBUG are informational debug logs (no error) Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-07Change const bignum to bignumNorbert Pocs1-0/+20
Openssl3.0 API retrieves bignum variables from a key. Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-15Fix type mismatch warningsNorbert Pocs1-1/+1
Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-09Improve documentation by mentioning the free functionsJakub Jelen1-1/+2
Related: https://gitlab.com/libssh/libssh-mirror/-/issues/3 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-02Fix multiple spelling and grammar mistakesJunda Ai1-4/+4
Signed-off-by: Junda Ai <aijunda29@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-12Clean memory on failure pathsJakub Jelen1-0/+1
Thanks oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28490 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-06kex: Add support for diffie-hellman-group14-sha256Anderson Toshiyuki Sasaki1-0/+1
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09SSH-01-010: Improve documentation for fingerprinting functionsAndreas Schneider1-10/+13
Fixes T184 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09dh: Use SSH_STRING_FREE()Andreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-11-07server: Use really the negotiated signature typeJakub Jelen1-2/+3
Generally, when the extension negotiation is enabled and client supports SHA2 algorithms for RSA, they are supposed to be prioritized against the old SHA1. If it is not (ssh-rsa is listed in front of rsa-sha2-* hostkey algorithms during negotiation), the server wrongly tries to provide the new typo of signature, ignoring the negotiated algirithm This commit propagates the digest algorithm from negotiation to the actual signature functions, which were previously responsible for decision about the hash algorithm based just on the negotiated extensions. Fixes T191 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-08dh: Add ssh_dh_debug_crypto()Andreas Schneider1-0/+2
We should call it where we have access to the crypto structure. Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12dh: Avoid segmentation fault in GEX if fallback to known moduliAnderson Toshiyuki Sasaki1-4/+12
Make ssh_fallback_group() to duplicate the modulus and generator. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29dh-gex: Verify received primes in FIPS mode to match one of the known groupsJakub Jelen1-0/+27
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29dh-gex: Fall back to known primes when the moduli file is not readableJakub Jelen1-0/+27
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-04dh: Move DH key handling into a separate file.Simo Sorce1-364/+25
In preparation for adding crypto-libraries specific backends. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-04dh: Confine DH KEX keys handling into fewer functionsSimo Sorce1-105/+224
In preparation for deferring computation on DH secret material to crypto library specific backends Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-04dh: Rename variables for DH key exchangeSimo Sorce1-81/+128
Rename and refactor how some variables are held in ssh_crypto_struct. Refactor allocation of dh exchange public keys. This is in preparation for switching the code to use openssl native DH handling and allowed to better reason about the code and the overall API. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-04mbedcrypto: Make bignum_bin2bn behave like othersSimo Sorce1-16/+0
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07Allow building without Group Exchange supportJakub Jelen1-0/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07dh: Add function references to ssh_print_hash() docAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-30dh: harden error handling in 'ssh_dh_init_common'Jon Simons1-0/+3
Harden the error path in 'ssh_dh_init_common' such that all potential allocations are free'd upon exit. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-30dh: plug pubkey_blob leak in ssh_server_dh_process_initJon Simons1-1/+4
Ensure to `SSH_STRING_FREE` the pubkey_blob local in `ssh_server_dh_process_init`. The leak can be seen with valgrind and the pkd tests with: valgrind \ --leak-check=full \ --show-leak-kinds=definite \ ./pkd_hello -i1 -t torture_pkd_openssh_rsa_rsa_diffie_hellman_group14_sha1 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26dh: Reformat ssh_dh_debug, ssh_dh_build_k and unbreak build with DEBUG_CRYPTOJakub Jelen1-21/+29
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24dh-gex: Add server implementationAris Adamantiadis1-9/+38
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24wrapper: Move dh cleanup into dh.cAris Adamantiadis1-6/+4
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24dh: move state changes inside DH codeAris Adamantiadis1-0/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24dh: Do some basic refactoringAris Adamantiadis1-339/+209
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24bignum: harmonize gcrypt, libcrypto and libmcrypt bignumAris Adamantiadis1-131/+42
Ensure most of the abstraction around the 3 libs are consistent. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24dh: move unrelated functions out of dh.cAris Adamantiadis1-708/+0
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24kex: use runtime callbacks (server)Aris Adamantiadis1-0/+149
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24kex: use runtime callbacks (client)Aris Adamantiadis1-3/+29
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09dh: Make sure we do not access uninitialized memoryJakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-20dh: Use ssh_get_fingerprint_hash() in ssh_print_hash()Andreas Schneider1-23/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-20dh: Add ssh_get_fingerprint_hash()Andreas Schneider1-0/+73
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-20dh: Removed duplicated codeAnderson Toshiyuki Sasaki1-15/+5
The code for calculating SHA 512 in ssh_make_sessionid() had been duplicated; the cases were unified. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-09-20dh: Add diffie-hellman-group18-sha512 supportAnderson Toshiyuki Sasaki1-0/+125
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-09-19dh: Add diffie-hellman-group16-sha512 supportAnderson Toshiyuki Sasaki1-39/+156
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29dh: Add ssh_print_hash() function which can deal with sha256Jan-Niklas Burfeind1-0/+80
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29dh: Add SSH_PUBLICKEY_HASH_SHA256 to ssh_get_publickey_hash()Jan-Niklas Burfeind1-0/+23
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-01buffer: Add and use ssh_buffer_allocate_size()Pino Toscano1-0/+18
Add a small helper for ssh_buffer to ensure that the buffer has a certain amount of space already preallocated. This can be useful in case it is known how much data is going to be added to a buffer, to avoid multiple reallocations. Make use of it in few places in the library. Signed-off-by: Pino Toscano <ptoscano@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05bignum: Make bignum_free saferAris Adamantiadis1-21/+16
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05crypto: Split init and finalize functionsAris Adamantiadis1-56/+43
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05bignum: Harmonize ssh_get_random()Aris Adamantiadis1-43/+0
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29kex: add curve25519-sha256 as alias for curve25519-sha256@libssh.orgTilo Eckert1-1/+3
see: https://tools.ietf.org/id/draft-ietf-curdle-ssh-curves-07.html Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28libgcrypt: make it compatible with chacha20Aris Adamantiadis1-0/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28chacha: packet encryptionAris Adamantiadis1-0/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28Remove vim modelines from all filesAndreas Schneider1-2/+0
If you want modelines use my vim plugin: https://github.com/cryptomilk/git-modeline.vim git config --add vim.modeline "ts=4 sw=4 et" Signed-off-by: Andreas Schneider <asn@cryptomilk.org>