aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
6 daysFix handshake bug with AEAD ciphers and no HMAC overlapHEADmasterDirkjan Bussink1-16/+41
There's currently a bug in libssh that a handshake doesn't complete if there is no overlap between HMAC methods, but when an AEAD cipher is used. In case of an AEAD cipher such as chacha20-poly1305 or aes256-gcm, the HMAC algorithm that is being picked is not relevant. But the problem here is that the HMAC still needs to have an overlap in the handshake, even if it is not used afterwards. This was found with a very strict server side configuration with libssh where only AEAD ciphers and EtM HMAC modes are accepted. The client tested against was dropbear. Dropbear does have support for chacha20-poly1305 and AES GCM modes, but no support for EtM HMAC modes. This meant that the libssh server in this case rejected the dropbear client, even though it is perfectly able to serve it since dropbear supports AEAD algorithms. The fix implemented here updates the HMAC phase of the handshake to handle this case. If it detects an AEAD cipher is used, it uses the HMAC abbreviations for the method instead. This is the same name that is used in other places as well. It matches the client to server and server to client values, but it does depend on the order of things in the ssh_kex_types_e enum, which I'm assuming here is ok since it's explicit. I've looked at how to add a test for this, but I couldn't really find a suitable place for it. I would love some tips if this is easily possible, or if it's easier for someone else to contribute, that's of course welcome too. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-10-02client: Reset pending_call_state on disconnectJakub Jelen1-0/+1
Fixes T251 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-10-02client: Reformat ssh_disconnect()Jakub Jelen1-69/+73
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-09-29pki_gcrypt.c: Fix typo + inconsistency in warningPaul Capron1-2/+3
In function pki_signature_from_blob(), the warning message in case of an oversized RSA key was missing an ‘o’ (reading “to” instead of “too”). While we are here, make this oversized message the same than the ones found in pki_crypto.c & pki_mbedcrypto.c: put the expected size in it. The message in case of an _under_sized key include the expected size, so that’s more consistent in that regard too (and more informative!) Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29src/kex.c: removes DES and SHA1 from mac and kex algorithms by default.Sahana Prasad1-9/+10
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-17misc: Do not call random()Anderson Toshiyuki Sasaki1-10/+13
Avoid calling random() and use ssh_get_random() instead. CID #1412376 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-03Fix another memory leak on invalid nid valueDirkjan Bussink1-0/+4
In 906cc7e7e95047981677a43743cb7c4aa2bb3aab a memory leak was fixed but a similar one is present here that needs a fix as well. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-08-12sftp: Fix more typosJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-07-16Disable *-cbc ciphers by defaultJakub Jelen1-10/+13
OpenSSH disabled them in 2014 and 2017 for servers and clients so its our turn to follow the suit. Fixes T236 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16pki: Avoid memory leak on invalid curve NIDJakub Jelen1-0/+2
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24166 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16packet: Fix unterminated brace and better context name in debug messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16misc: Do not confuse client/server in debug messagesJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-23channel: Do not return error if the server closed the channelAnderson Toshiyuki Sasaki1-3/+4
If the server properly closed the channel, the client should not return error if it finds the channel closed. Fixes T231 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03buffer: Add NULL check for 'buffer' argumentAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03buffer: Reformat ssh_buffer_add_data()Andreas Schneider1-17/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03sftpserver: Add missing return check for ssh_buffer_add_data()Andreas Schneider1-3/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03sftpserver: Add missing NULL check for ssh_buffer_new()Andreas Schneider1-0/+6
Thanks to Ramin Farajpour Cami for spotting this. Fixes T232 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-21options: Do not reference non-existing functionJakub Jelen1-2/+2
Fixes T227 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-20src/pki_crypto.c pki_publickey_to_blob() should not be used to export public ↵Sahana Prasad1-0/+8
key from private keys for ecdsa keys. ssh_userauth_publickey() calls ssh_pki_export_pubkey_blob() and tries to export the the public key from private key if public keys are not already imported into pkcs #11 tokens. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-15cmake: add _POSIX_SOURCEDavid Wedderwille1-0/+1
Fixes T228 Signed-off-by: David Wedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-05-06cmake: Add autogenerated libssh_version.hHeiko Thiery1-0/+1
Set the cmake project verision to the autogenerated file to have a single point to set the version. This will be included in the libssh.h file. Pair-Programmed-With: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05options: Avoid memory leaks during modification of argvJakub Jelen1-8/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05options: Properly handle unknown options with argumentsJakub Jelen1-2/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Skip HMAC handling if none is selectedJakub Jelen2-23/+30
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Check if set_*_key functions exists before calling itJakub Jelen1-15/+19
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Use temporary variables to avoid long linesJakub Jelen1-14/+12
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Add basic support for none cipher and MACsJakub Jelen5-4/+73
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05pki: Mark explicit fall throughJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05external: Do not confuse new gccJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05client: Properly indicate fall throughJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-24session: add missing return value documentationHeiko Thiery1-1/+2
Add SSH_AGAIN as return value to ssh_handle_packets documentation. Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-20config: Check null derefJakub Jelen1-0/+3
As reported by LGTM Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20channels: Avoid returning SSH_AGAIN from ssh_channel_poll_timeout()Jakub Jelen1-0/+6
This addresses a regression introduced in 3bad0607, partially fixed in 022409e9, but the function was still able to return SSH_AGAIN, which was not expected by callers. Based on discussion in [1] and [2] [1] https://gitlab.com/libssh/libssh-mirror/-/merge_requests/101 [2] https://www.libssh.org/archive/libssh/2020-03/0000029.html Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20channels: reformatJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20config_parser: Allow equal sign as a separator and eat up trailing whitespaceJakub Jelen1-10/+23
Probably fixes T210 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20Disable RSA and DSA keys with sha1 by defaultJakub Jelen1-11/+21
Fixes: T218 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15Reformat ssh_bind_accept()Jakub Jelen1-25/+28
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto-compat: Fix indentation and return valueJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto: remove deprecated API usageRosen Penev1-5/+4
EVP_CIPHER_CTX_init was replaced with _reset. Removed EVP_CIPHER_CTX_cleanup. The successive _free call handles that. Removed old SSLeay function usage. Signed-off-by: Rosen Penev <rosenp@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15libcrypto-compat: add extra functionsRosen Penev2-0/+20
Added extra functions. The next commit will switch to them. Signed-off-by: Rosen Penev <rosenp@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15Correctly parse v4 subsecond timestampsStefanBruens1-15/+15
All subsecond timestamps are only in the packets if both the SUBSECOND_TIMES flag and the timestamp flag, e.g. ATTR_ACCESSTIME are set. SUBSECOND_TIMES are not very common across server implementations (e.g. openssh does not include it, nor does libssh's sftpserver implementation), but this interpretation of the SFTP protocol draft is used by WinSCP and lftp. Fixes T219. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-09client: Check if the library is initialized in ssh_connect()Anderson Toshiyuki Sasaki1-0/+7
If the library is not initialized, SSH_ERROR is returned and the error message is set properly. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09client: Reformat ssh_connect()Anderson Toshiyuki Sasaki1-99/+111
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09init: Introduce internal is_ssh_initialized()Anderson Toshiyuki Sasaki1-0/+19
The introduced function returns whether the library is initialized or not. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09init: Clarify the need to call ssh_{init, finalize}()Anderson Toshiyuki Sasaki1-7/+18
When libssh is statically linked, it is necessary to explicitly call ssh_init() before calling any other provided API. It is also necessary to call ssh_finalize() before exiting to free allocated resources. Fixes T222 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR keyAndreas Schneider1-2/+6
Fixes T213 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-06src/pki_crypto.c corrects the incorrect usage of enumSahana Prasad1-2/+2
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-06kex: Add support for diffie-hellman-group14-sha256Anderson Toshiyuki Sasaki7-0/+13
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-02dh-gex: Check return value of ssh_get_random()Andreas Schneider1-2/+7
CID #1422162 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-01cmake: Fix building with threading support on MinGWAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>