aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2020-09-29src/kex.c: removes DES and SHA1 from mac and kex algorithms by default.Sahana Prasad1-9/+10
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-17misc: Do not call random()Anderson Toshiyuki Sasaki1-10/+13
Avoid calling random() and use ssh_get_random() instead. CID #1412376 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-03Fix another memory leak on invalid nid valueDirkjan Bussink1-0/+4
In 906cc7e7e95047981677a43743cb7c4aa2bb3aab a memory leak was fixed but a similar one is present here that needs a fix as well. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-08-12sftp: Fix more typosJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-07-16Disable *-cbc ciphers by defaultJakub Jelen1-10/+13
OpenSSH disabled them in 2014 and 2017 for servers and clients so its our turn to follow the suit. Fixes T236 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16pki: Avoid memory leak on invalid curve NIDJakub Jelen1-0/+2
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24166 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16packet: Fix unterminated brace and better context name in debug messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16misc: Do not confuse client/server in debug messagesJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-23channel: Do not return error if the server closed the channelAnderson Toshiyuki Sasaki1-3/+4
If the server properly closed the channel, the client should not return error if it finds the channel closed. Fixes T231 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03buffer: Add NULL check for 'buffer' argumentAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03buffer: Reformat ssh_buffer_add_data()Andreas Schneider1-17/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03sftpserver: Add missing return check for ssh_buffer_add_data()Andreas Schneider1-3/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03sftpserver: Add missing NULL check for ssh_buffer_new()Andreas Schneider1-0/+6
Thanks to Ramin Farajpour Cami for spotting this. Fixes T232 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-21options: Do not reference non-existing functionJakub Jelen1-2/+2
Fixes T227 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-20src/pki_crypto.c pki_publickey_to_blob() should not be used to export public ↵Sahana Prasad1-0/+8
key from private keys for ecdsa keys. ssh_userauth_publickey() calls ssh_pki_export_pubkey_blob() and tries to export the the public key from private key if public keys are not already imported into pkcs #11 tokens. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-15cmake: add _POSIX_SOURCEDavid Wedderwille1-0/+1
Fixes T228 Signed-off-by: David Wedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-05-06cmake: Add autogenerated libssh_version.hHeiko Thiery1-0/+1
Set the cmake project verision to the autogenerated file to have a single point to set the version. This will be included in the libssh.h file. Pair-Programmed-With: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05options: Avoid memory leaks during modification of argvJakub Jelen1-8/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05options: Properly handle unknown options with argumentsJakub Jelen1-2/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Skip HMAC handling if none is selectedJakub Jelen2-23/+30
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Check if set_*_key functions exists before calling itJakub Jelen1-15/+19
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Use temporary variables to avoid long linesJakub Jelen1-14/+12
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Add basic support for none cipher and MACsJakub Jelen5-4/+73
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05pki: Mark explicit fall throughJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05external: Do not confuse new gccJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05client: Properly indicate fall throughJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-24session: add missing return value documentationHeiko Thiery1-1/+2
Add SSH_AGAIN as return value to ssh_handle_packets documentation. Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-20config: Check null derefJakub Jelen1-0/+3
As reported by LGTM Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20channels: Avoid returning SSH_AGAIN from ssh_channel_poll_timeout()Jakub Jelen1-0/+6
This addresses a regression introduced in 3bad0607, partially fixed in 022409e9, but the function was still able to return SSH_AGAIN, which was not expected by callers. Based on discussion in [1] and [2] [1] https://gitlab.com/libssh/libssh-mirror/-/merge_requests/101 [2] https://www.libssh.org/archive/libssh/2020-03/0000029.html Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20channels: reformatJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20config_parser: Allow equal sign as a separator and eat up trailing whitespaceJakub Jelen1-10/+23
Probably fixes T210 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20Disable RSA and DSA keys with sha1 by defaultJakub Jelen1-11/+21
Fixes: T218 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15Reformat ssh_bind_accept()Jakub Jelen1-25/+28
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto-compat: Fix indentation and return valueJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto: remove deprecated API usageRosen Penev1-5/+4
EVP_CIPHER_CTX_init was replaced with _reset. Removed EVP_CIPHER_CTX_cleanup. The successive _free call handles that. Removed old SSLeay function usage. Signed-off-by: Rosen Penev <rosenp@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto-compat: add extra functionsRosen Penev2-0/+20
Added extra functions. The next commit will switch to them. Signed-off-by: Rosen Penev <rosenp@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15Correctly parse v4 subsecond timestampsStefanBruens1-15/+15
All subsecond timestamps are only in the packets if both the SUBSECOND_TIMES flag and the timestamp flag, e.g. ATTR_ACCESSTIME are set. SUBSECOND_TIMES are not very common across server implementations (e.g. openssh does not include it, nor does libssh's sftpserver implementation), but this interpretation of the SFTP protocol draft is used by WinSCP and lftp. Fixes T219. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-09client: Check if the library is initialized in ssh_connect()Anderson Toshiyuki Sasaki1-0/+7
If the library is not initialized, SSH_ERROR is returned and the error message is set properly. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09client: Reformat ssh_connect()Anderson Toshiyuki Sasaki1-99/+111
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09init: Introduce internal is_ssh_initialized()Anderson Toshiyuki Sasaki1-0/+19
The introduced function returns whether the library is initialized or not. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09init: Clarify the need to call ssh_{init, finalize}()Anderson Toshiyuki Sasaki1-7/+18
When libssh is statically linked, it is necessary to explicitly call ssh_init() before calling any other provided API. It is also necessary to call ssh_finalize() before exiting to free allocated resources. Fixes T222 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR keyAndreas Schneider1-2/+6
Fixes T213 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-06src/pki_crypto.c corrects the incorrect usage of enumSahana Prasad1-2/+2
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-06kex: Add support for diffie-hellman-group14-sha256Anderson Toshiyuki Sasaki7-0/+13
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-02dh-gex: Check return value of ssh_get_random()Andreas Schneider1-2/+7
CID #1422162 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-01cmake: Fix building with threading support on MinGWAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-03-29auth: Fix memory leak in ssh_userauth_publickey_auto()Anderson Toshiyuki Sasaki1-0/+5
When a key is rejected, free the allocated memory before returning. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-02-12pki: Small code cleanup in ssh_pki_signature_verify()Andreas Schneider1-2/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12pki: Use SSH_BUFFER_FREE() in ssh_pki_signature_verify()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12pki: Add missing return check for ssh_buffer_pack()Andreas Schneider1-4/+10
CID #1419376 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>