aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2020-04-01cmake: Fix building with threading support on MinGWAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-03-29auth: Fix memory leak in ssh_userauth_publickey_auto()Anderson Toshiyuki Sasaki1-0/+5
When a key is rejected, free the allocated memory before returning. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-02-12pki: Small code cleanup in ssh_pki_signature_verify()Andreas Schneider1-2/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12pki: Use SSH_BUFFER_FREE() in ssh_pki_signature_verify()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12pki: Add missing return check for ssh_buffer_pack()Andreas Schneider1-4/+10
CID #1419376 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12pki: Fix memory leak of blob on errorAndreas Schneider1-0/+1
CID #1419377 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12channels: Replace PRIdS with ANSI C99 %zuAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12sftp: Replace PRIdS with ANSI C99 %zuAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12packet: Replace PRIdS with ANSI C99 %zuAndreas Schneider2-3/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-11src: updates documentation incorporate PKCS#11 URIs in import functions.Sahana Prasad1-4/+6
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-02-11pki: add support for sk-ecdsa and sk-ed25519Sebastian Kinne4-13/+231
This adds server-side support for the newly introduced OpenSSH keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com (including their corresponding certificates), which are backed by U2F/FIDO2 tokens. Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc Signed-off-by: Sebastian Kinne <skinne@google.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-11pki: fix `pki_key_ecdsa_to_key_type` thread-safetyJon Simons3-3/+3
Resolves https://bugs.libssh.org/T214. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-01-23channels: Fix ssh_channel_poll_timeout() not returing available bytesAndreas Schneider1-0/+5
Fixes T211 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-01-23Implement chacha20-poly1305 in mbedTLSJakub Jelen1-1/+345
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23Implement ChaCha20-poly1305 cipher using native OpenSSLJakub Jelen2-4/+411
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23Do not build in internal chacha implementation if gcrypt supports thatJakub Jelen1-3/+14
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23chacha: Create common file to avoid code duplicationJakub Jelen2-22/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23packet_crypt: Check return values from AEAD decipheringJakub Jelen1-4/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23curve25519: Avoid memory leaksJakub Jelen1-17/+14
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23pki: Avoid uneeded memory duplicationAndreas Schneider1-2/+2
CID #1412375 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-01-23misc: Make the src pointer const in ssh_strreplace()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-01-23misc: Simplifies ssh_strreplace().Sahana Prasad1-13/+14
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-01-23pki_crypto: Fix possible memory leak on errorAndreas Schneider1-3/+4
CID #1409680 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-01-23messages: Add missing NULL checkAndreas Schneider1-0/+3
CID #1409678 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-23socket: Use the users shell for running proxy commandJakub Jelen1-2/+14
Fixes T200 and tests on ubuntu, which is using dash Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23socket: Fix the error messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23socket: Kill the proxy command if it still runs on disconnectJakub Jelen1-1/+33
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23pki_gcrypt: Warn about unsupported PEM export in gcryptJakub Jelen1-0/+2
Based on the following mail thread: https://www.libssh.org/archive/libssh/2019-12/0000027.html Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23libgcrypt: Do not leak memory with invalid key lengthsJakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23pki_gcrypt: Do not confuse static analyzersJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23legacy,keys: Fix the macro conditionsJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23mbedcrypto_missing: Always check return valuesJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23mbedcrypto_missing: Avoid potential memory leaks as reported by csbuildJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23pki_mbedtls: Avoid potential memory leaksJakub Jelen1-2/+2
reported by csbuild Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23pki_mbedtls: Do not warn about unused argumentsJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23options: Avoid needless assignment as reported by csbuildJakub Jelen1-1/+0
The error was src/options.c:971:13: warning: Value stored to 'u' is never read # u = 0; # ^ ~ src/options.c:971:13: note: Value stored to 'u' is never read # u = 0; # ^ ~ # 969| case SSH_OPTIONS_KBDINT_AUTH: # 970| case SSH_OPTIONS_GSSAPI_AUTH: # 971|-> u = 0; # 972| if (value == NULL) { # 973| ssh_set_error_invalid(session); Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23kex: Avoid always-false comparisons as reported by csbuildJakub Jelen1-4/+4
/builds/jjelen/libssh-mirror/src/kex.c:360:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] <--[cc] 360 | if (len < 0) { | ^ /builds/jjelen/libssh-mirror/src/kex.c:372:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] <--[cc] 372 | if (len < 0) { | ^ Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20src: Implements PKCS11 URI supportSahana Prasad5-1/+218
Imports private and public keys from the engine via PKCS11 URIs. Uses the imported keys to authenticate to the ssh server. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20src: Helper funtions to detect PKCS #11 URIsSahana Prasad1-0/+43
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20src: Adds the Engine header file and invokes cleanup of the engineSahana Prasad1-0/+2
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20misc: Add ssh_strreplace()Andreas Schneider1-0/+50
Pair-Programmed-With: Sahana Prasad <sahana@redhat.com> Signed-Off-by: Sahana Prasad <sahana@redhat.com> Signed-Off-By: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-20misc: Add ssh_tmpname()Andreas Schneider1-0/+51
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-16libgcrypt: fix cipher handle leaks on setkey error pathsJussi Kivilinna1-1/+7
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-16libgcrypt: Implement chacha20-poly1305@openssh.com cipher using libgcryptJussi Kivilinna1-1/+342
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and provides fast assembler implementations. v3: - initialize pointers to NULL - use 'bool' for chacha20_poly1305_keysched.initialized - pass error codes from libgcrypt calls to variable - add SSH_LOG on error paths v2: - use braces for one-line blocks - use UNUSED_PARAM/UNUSED_VAR instead of cast to void - use calloc instead of malloc+memset Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-13curve25519: fix uninitialized arg to EVP_PKEY_deriveJon Simons1-4/+2
Ensure that the `keylen` argument as provided to `EVP_PKEY_derive` is initialized, otherwise depending on stack contents, the function call may fail. Fixes T205. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-10init: Fix documentation about return values of void functionsJakub Jelen1-3/+0
Fixes T203 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09config: Ignore empty lines to avoid OOB array accessJakub Jelen1-0/+5
Fixes T187 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09match: Limit possible recursion when parsing wildcards to a sensible numberJakub Jelen1-5/+7
Fixes T186 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09match: Avoid recursion with many asterisks in patternJakub Jelen1-3/+9
Partially fixes T186 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09pki: Fix possible information leak via uninitialized stack bufferAndreas Schneider1-2/+2
Fixes T190 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>