aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2015-02-08buffer: buffer_pack & unpack on non-gnu compilersfreebsdAris Adamantiadis1-6/+14
2015-02-03buffer: fix use-before-nullcheck (coverity #1267979)Aris Adamantiadis1-2/+0
Additionally, the function call was already existing after the NULL check
2015-02-03Revert "pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519"Aris Adamantiadis1-9/+0
This reverts commit 10f71c67690cf3c0e1b6a733c3641407df2224e2. Commit was redundant with ed25519 branch
2015-02-02base64: Use secure buffersAris Adamantiadis1-0/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02buffer: Abort if the canary is not intact in ssh_buffer_unpack()Andreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-02-02buffer: buffer: Improve argument checking of in ssh_buffer_pack()Andreas Schneider1-5/+28
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-02-02buffer: Abort if the canary is not intact in ssh_buffer_unpack()Andreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-02-02buffer: Improve argument checking in ssh_buffer_pack()Andreas Schneider1-5/+26
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-02-02Move all 3rd-party C files to src/external/Aris Adamantiadis7-97/+96
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: Add support for OpenSSH encrypted container exportAris Adamantiadis1-6/+153
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: ADd OpenSSH encrypted container importAris Adamantiadis2-8/+168
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02external: Add OpenSSH bcrypt and blowfish implementationAris Adamantiadis3-0/+868
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02server: Add support for ed25519 keys in the server.Aris Adamantiadis4-2/+29
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02kex: Add support for ed25519 on client connections.Aris Adamantiadis1-4/+12
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: Add support to export OpenSSH container keysAris Adamantiadis2-10/+173
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02libgcrypt: Make the PEM parser ed25519 awareAris Adamantiadis1-0/+54
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02libcrypto: Make the PEM parser ed25519 awareAris Adamantiadis1-0/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: Add support o import OpenSSH container keysAris Adamantiadis3-10/+278
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-26kex: disable des-cbc-ssh1 by defaultAris Adamantiadis1-4/+6
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-21packet_cb: Add misssing include for ntohl().Andreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-20pki: Make sure sig is not used unintialized.Andreas Schneider1-1/+1
BUG: https://red.libssh.org/issues/167 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-20threads: Fix building with POSIX threads in MinGW.Andreas Schneider1-1/+1
BUG: https://red.libssh.org/issues/181 Originally written by Patrick von Reth <vonreth () kde ! org>. This patch is part of the larger patch: https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/changes/portage/win32libs/libssh/0002-add-a-way-to-test-ssh-connections-on-windows.patch MinGW (in particular, the MinGW-w64 fork) can use either posix threads or win32 threads. This patch fixes the MinGW build when using posix threads. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-20channels1: Fix pty request stateYanis Kurganov1-1/+2
Signed-off-by: Yanis Kurganov <YKurganov@ptsecurity.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-14connect: Fix a memory leak.Andreas Schneider1-0/+1
CID: #1238618 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-01-14sftp: Fix a possible integer overflow.Andreas Schneider1-2/+6
CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-01-14sftp: Use a declared variable for data len.Andreas Schneider1-6/+7
CID: #1238632 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-01-14sftp: Fix memory leak on realloc failureTobias Klauser1-6/+9
If realloc of sftp->ext->name or sftp->ext->data fails, the memory previously allocated for the respective member is leaked. Fix this by storing the return value of realloc() in a temporary variable which only gets assigned to the respective sftp->ext member on success. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-06connect: Fix mingw build.Andreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-25connect: Check that errno is 0 to fix Windows build.Andreas Schneider1-1/+2
Thanks to Viktor Butskih. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-25options: Fix setting the port.Andreas Schneider5-9/+12
Make sure we correctly read the port from the config file. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-17CVE-2014-8132: Fixup error path in ssh_packet_kexinit()Jon Simons1-1/+6
Before this change, dangling pointers can be unintentionally left in the respective next_crypto kex methods slots. Ensure to set all slots to NULL in the error-out path. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-17libcrypto: Fix Windows build with ssh_reseed().Andreas Schneider1-0/+5
gettimeofday() is not available on Windows and we need it only in case of forking. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-17config: Also tokenize on equal sign.William Orr1-1/+1
The ssh config specifies it as a valid separator. BUG: https://red.libssh.org/issues/166 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-09pki_gcrypt: fix DSA signature extractionJon Simons1-3/+29
Fix DSA signature extraction for the LIBGCRYPT build. Here, the same fix that was applied to the LIBCRYPTO build for https://red.libssh.org/issues/144 is now adapted for pki_gcrypt. Additionally, ensure to set the resulting output sig_blob buffer before returning. Before this fix, one can observe the failure with the pkd test on a LIBGCRYPT build as so: # ./pkd_hello -i 1 -t torture_pkd_openssh_dsa_dsa_default After, runs of 10000 back-to-back iterations of the same test are passing. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-09pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519Jon Simons1-0/+9
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-09bignum: no-op make_string_bn_inplace for LIBGCRYPTJon Simons1-1/+3
Disable the 'make_string_bn_inplace' helper function for the LIBGCRYPT build, rather than using '#error' to fail the build completely. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05Set the correct error in ssh_options_set().Hani Benhabiles1-2/+2
Signed-off-by: Hani Benhabiles <hani@linux.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05session: add getter for kexalgoJon Simons1-0/+29
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaksJon Simons2-2/+11
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-15connect: Do not fail if the connect is in progress.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-12gssapi: ssh_gssapi_set_creds() is a client side functionStef Walter1-2/+4
It should not be guarded by the WITH_SERVER #ifdef Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-12Check return code of connect(2).William Orr1-1/+9
Signed-off-by: William Orr <will@worrbase.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-02pki_gcrypt: Initialize 'type_c' in 'pki_do_sign_sessionid'Artyom V. Poptsov1-0/+1
Add missing initialization of 'type_c' field of a SSH signature in 'pki_do_sign_sessionid' procedure. If libssh is compiled with GCrypt, 'dh_handshake_server' fails with "Could not sign the session id" error. The change fixes that. Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-02server: fix auth_interactive_request replyJon Simons1-1/+1
Fix a missing 'buffer_pack' formatter in 'ssh_message_auth_interactive_request'. With this fix the 'examples/samplesshd-kbdint' program is working again for me. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-02ed25519: fix leak in pki_ed25519_signJon Simons1-2/+2
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-02pki: check ssh_buffer_pack return in ssh_pki_do_signJon Simons1-5/+10
Check the 'ssh_buffer_pack' return in ssh_pki_do_sign for the ED25519 case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-02pki: fail when pubkey buffer length is not ED25519_PK_LENJon Simons1-1/+5
Fail fast in 'pki_import_pubkey_buffer' for the ED25519 case if a buffer sized ED25519_PK_LEN can not be retrieved. Before, the 'memcpy' could have read beyond the bounds of 'ssh_string_data(pubkey)'. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-02crypto: check malloc return in ssh_mac_ctx_initJon Simons2-2/+10
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-02wrapper: fix z_stream leakJon Simons1-0/+3
Ensure to free the z_stream structures as allocated from the gzip.c initcompress, initdecompress functions. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-09-15string: Correctly burn the string buffer.Andreas Schneider1-4/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 01:11:10 +0000