aboutsummaryrefslogtreecommitdiff
path: root/src/packet.c
AgeCommit message (Collapse)AuthorFilesLines
2023-12-18CVE-2023-48795: client side mitigationAris Adamantiadis1-0/+58
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-09-08Revert the control flow callback in commitSahana Prasad1-0/+25
https://gitlab.com/libssh/libssh-mirror/-/commit/6f029598c78dd999b3773ce1bc54e390d5b7ec57 Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-05-04CVE-2023-1667:packet: Do not allow servers to initiate handshakeJakub Jelen1-0/+5
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-05-04packet: Reformat callback handling functionsJakub Jelen1-13/+24
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-05-04packet: Fix indentationJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-04-14Emit channel_write_wontblock when remote window becomes non-zero.Tom Deseyn1-25/+0
Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-03-09Reformat ssh_packet_socket_callbackJakub Jelen1-27/+35
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-12Fix various spelling issues reported by codespellJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-10-12remove the unnecessary cast of SSH_LOGXiang Xiao1-2/+2
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-10-12change the format specifier of uint32_t from PRId32 to PRIu32Xiang Xiao1-4/+4
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-10-12fix printf format warningXiang Xiao1-7/+7
uint32_t should be formated by PRI?32 Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I811cfd764010f9e8bb599b370155ac065ee1905c
2022-10-07packet: do not enqueue outgoing packets after sending SSH2_MSG_NEWKEYSCarlos Martín Nieto1-2/+4
When we decide we need to rekey, we enqueue any further packets until we've sent our SSH2_MSG_NEWKEYS message, after which we dequeue these packets and send them to the other side. This enqueueing is done based on ssh_packet_in_rekey checking the session flags and whether DH handshake state is marked as finished. However, the handshake state is not reset to DH_STATE_FINISHED until the other side has sent us their new keys. This leaves a gap between sending our new keys and receiving the other side's new keys where we would still decide to enqueue a packet. These enqueued packets will not be dequeued as we've already sent our new keys. Once we've received the other side's new keys, we'll go back to a finished handshake and we will send out our caller's new data, skipping however much data we've enqueued. Fix this by changing ssh_packet_in_rekey to return false once we've sent our new keys. Signed-off-by: Carlos Martín Nieto <carlosmn@github.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-10-07SSH_LOG_DEBUG: Recategorize loglevelsNorbert Pocs1-2/+2
Loglevel INFO is the default openssh configuration setting which does not print redundant information. On a system using openssh with loglevels set by the terms of openssh will cause unwanted log lines in the output. recategorized based on - SSH_LOG_DEBUG are informational debug logs (no error) Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-07SSH_LOG_TRACE: Recategorize loglevelsNorbert Pocs1-2/+2
Do not print out logs when no fatal error happens. This approach is similiar to openssh, when Error/Fatal does not print recoverable error logs. recategorized based on - SSH_LOG_TRACE are debug logs when error happens Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-22packet: Fix ssh_packet_socket_callback() return valueAndreas Schneider1-4/+4
According to the documentation the return value is the number of processed bytes, so the returned value is never negative. We should not use ssize_t in public headers as it isn't available on Windows! We only have it defined in priv.h! Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-15Fix type mismatch warningsNorbert Pocs1-7/+7
Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19trivial fix: Fixes some spelling errorsDhanuka Warusadura1-5/+5
Signed-off-by: Dhanuka Warusadura <csx@tuta.io> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-18CVE-2021-3634: Create a separate length for session_idJakub Jelen1-4/+5
Normally, the length of session_id and secret_hash is the same, but if we will get into rekeying with a peer that changes preference of key exchange algorithm, the new secret hash can be larger or smaller than the previous session_id causing invalid reads or writes. Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-11Always check return value of ssh_list_new()Dirkjan Bussink1-5/+7
Another item identified during code review was cases where the return value of ssh_list_new() was not properly checked and handled. This updates all cases that were missing this to handle failure to allocate a new list. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-11Ignore request success and failure message if they are not expectedDirkjan Bussink1-18/+16
In https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145#note_463232084 behavior in libssh was identified where it diverges from how for example OpenSSH behaves. In OpenSSH if a request success of failure message is received, apart from it being treated as a keepalive message, it is ignored otherwise. Libssh does handle the unexpected message and triggers an error condition internally. This means that with the Dropbear behavior where it replies to a hostkeys-00@openssh.com message even with a want_reply = 0 (arguably a bug), libssh enters an error state. This change makes the libssh behavior match OpenSSH to ignore these messages. The spec is a bit unclear on whether Dropbear is buggy here or not, but let's be liberal with the input accepted here in libssh. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16packet: Fix unterminated brace and better context name in debug messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Skip HMAC handling if none is selectedJakub Jelen1-2/+5
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Check if set_*_key functions exists before calling itJakub Jelen1-15/+19
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Use temporary variables to avoid long linesJakub Jelen1-14/+12
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-02-12packet: Replace PRIdS with ANSI C99 %zuAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09packet: Use SSH_BUFFER_FREE()Andreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09packet: Fix size types in ssh_packet_need_rekey()Andreas Schneider1-3/+3
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-11-18packet: Do not deref a NULL pointer in ssh_packet_set_newkeys()Andreas Schneider1-0/+9
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-11-18SSH-01-003: Add cipher NULL checks to ssh_packet_get_current_crypto()Andreas Schneider1-4/+24
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-10-25packet: On failure, do not use uninitialized cryptoJakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-27packet: Check return value when sending unimplementedAnderson Toshiyuki Sasaki1-1/+5
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-27packet: Reformat ssh_packet_process()Anderson Toshiyuki Sasaki1-31/+44
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29packet: log when data-based rekeying neededJon Simons1-4/+13
Log an SSH_LOG_PACKET debug message when rekeying is necessary due to the cipher max_blocks configuration. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-22Add tests and implementation for Encrypt-then-MAC modeDirkjan Bussink1-31/+72
This adds the OpenSSH HMACs that do encrypt then mac. This is a more secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and AES-GCM are already encrypt-then-mac, but this also adds it for older legacy clients that don't support those ciphers yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Refactor ssh_packet_hmac_verify to allow for direct bufferDirkjan Bussink1-1/+2
This will make it easier to do Encrypt-then-MAC checks as those will be on the direct encrypted data received before decrypting which means they are not allocated in an ssh buffer at that point yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-01-26packet: Add missing error check in packet_send2()Andreas Schneider1-0/+3
Found by csbuild. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24dh-gex: Add client implementationAris Adamantiadis1-1/+7
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24kex: use runtime callbacks (client)Aris Adamantiadis1-1/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Dump also the packet typeJakub Jelen1-2/+7
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Implement rekeying based on the recommendation from RFC'sJakub Jelen1-2/+173
The default rekeying recommendations are specified in RFC4344 Section 3 (First and Second Rekeying Recommendations). Additionally, the rekeying can be specified in configuration file/options allowing us to turn the rekeying off, base it on time or make it more strict. The code is highly inspired by the OpenSSH rekeying code. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Provide a function to switch crypto in separate directionsJakub Jelen1-1/+167
This also fixes the test using the crypto directly Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Introduce a new function to access cryptoJakub Jelen1-27/+44
And remove most of the direct access to the structure throughout the code Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Adjust the packet filter to allow client-initialized rekeyJakub Jelen1-0/+2
If the rekey is initialized by client, it sends the first KEXINIT message, changes to the INIT_SENT state and waits for the KEXINIT message from the server. This was not covered in the current filter. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Prepare counters to handle rekeying limitsJakub Jelen1-1/+14
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Write also incoming packets to .pcap filesJakub Jelen1-0/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10packet: Allow SSH2_MSG_EXT_INFO when authenticatedAnderson Toshiyuki Sasaki1-1/+5
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO. This message was being filtered out by the packet filtering. This includes a test to enforce the filtering rules for this packet type. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-23kex,packet,packet_cb: ReformatJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-21packets: allow removal of callbacksAris Adamantiadis1-0/+11
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24packet: Do not segfault if we don't have packet_second_blockAndreas Schneider1-22/+32
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24packet: Add missing null pointer check in ssh_packet_socket_callback()Andreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>