Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Three months ago, a new libssh upstream bug fix release 0.8.7 was done, which fixes a dozen security issues, crashes, and other bugs: https://git.libssh.org/projects/libssh.git/log/?h=stable-0.8 (the bits between 0.8.6 and 0.8.7) (Our package already has the oldest three patches backported) At first I wanted to cherry-pick, but honestly I think we should have all these fixes in buster, including the "Remove SHA384 HMAC" before that hits stable. I haven't yet uploaded this new version, as I'd like to get your approval first. If you do approve, I'll upload it to unstable, otherwise to experimental and later through s-p-u. I attach the full debdiff between the current unstable/testing version and the one I'd like to upload. If you prefer looking at it on salsa: These are the upstream changes: https://salsa.debian.org/debian/libssh/commit/aab54d0cc04dd and the corresponding packaging changes for it (dropping patches): https://salsa.debian.org/debian/libssh/commit/34591503a1b4b I also added valgrinding to the autopkgtest, which exposes a bug: https://salsa.debian.org/debian/libssh/commit/59593bc7cf4 This bug also happens on 0.8.6 and earlier versions (not yet on 0.6.x), so this is unrelated to this particular upstream update, but I'd still like to land it to avoid regressions under valgrind. Thanks for considering! Martin Pitt
diff -Nru libssh-0.8.6/.gitlab-ci.yml libssh-0.8.7/.gitlab-ci.yml
--- libssh-0.8.6/.gitlab-ci.yml 2018-12-24 07:35:54.000000000 +0000
+++ libssh-0.8.7/.gitlab-ci.yml 2019-02-25 08:58:49.000000000 +0000
@@ -357,5 +357,5 @@
paths:
- obj/
-Debian.cross.mips-linux-gnu:
+.Debian.cross.mips-linux-gnu:
<<: *Debian_cross_template
diff -Nru libssh-0.8.6/CMakeLists.txt libssh-0.8.7/CMakeLists.txt
--- libssh-0.8.6/CMakeLists.txt 2018-12-24 07:36:06.000000000 +0000
+++ libssh-0.8.7/CMakeLists.txt 2019-02-25 08:58:49.000000000 +0000
@@ -10,7 +10,7 @@
include(DefineCMakeDefaults)
include(DefineCompilerFlags)
-project(libssh VERSION 0.8.6 LANGUAGES C)
+project(libssh VERSION 0.8.7 LANGUAGES C)
# global needed variable
set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +22,7 @@
# Increment AGE. Set REVISION to 0
# If the source code was changed, but there were no interface changes:
# Increment REVISION.
-set(LIBRARY_VERSION "4.7.3")
+set(LIBRARY_VERSION "4.7.4")
set(LIBRARY_SOVERSION "4")
# where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is
checked
diff -Nru libssh-0.8.6/ChangeLog libssh-0.8.7/ChangeLog
--- libssh-0.8.6/ChangeLog 2018-12-24 07:36:06.000000000 +0000
+++ libssh-0.8.7/ChangeLog 2019-02-25 08:59:53.000000000 +0000
@@ -1,6 +1,12 @@
ChangeLog
==========
+version 0.8.7 (released 2019-02-25)
+ * Fixed handling extension flags in the server implementation
+ * Fixed exporting ed25519 private keys
+ * Fixed corner cases for rsa-sha2 signatures
+ * Fixed some issues with connector
+
version 0.8.6 (released 2018-12-24)
* Fixed compilation issues with different OpenSSL versions
* Fixed StrictHostKeyChecking in new knownhosts API
diff -Nru libssh-0.8.6/debian/changelog libssh-0.8.7/debian/changelog
--- libssh-0.8.6/debian/changelog 2019-02-11 20:43:44.000000000 +0000
+++ libssh-0.8.7/debian/changelog 2019-05-22 15:48:31.000000000 +0000
@@ -1,3 +1,18 @@
+libssh (0.8.7-1) UNRELEASED; urgency=medium
+
+ * New upstream bug fix release 0.8.7.
+ This fixes various crashes, buffer overflows, and other bugs.
+ Drop our three backported patches, they are included in this release
+ now. For details, see
+ https://git.libssh.org/projects/libssh.git/log/?h=stable-0.8
+ * autopkgtest: Check ssh server under valgrind.
+ This exposes a long-standing libssh bug with the curve25519-sha256 key
+ exchange algorithm, causing an "incorrect signature" failure on 32 bit
+ machines under valgrind. Add a hack to switch to a different algorithm,
+ until this is properly investigated and reported.
+
+ -- Martin Pitt <mp...@debian.org> Wed, 22 May 2019 15:48:31 +0000
+
libssh (0.8.6-3) unstable; urgency=medium
[ Laurent Bigonville ]
diff -Nru libssh-0.8.6/debian/patches/0001-dh-uninitialized-memory.patch
libssh-0.8.7/debian/patches/0001-dh-uninitialized-memory.patch
--- libssh-0.8.6/debian/patches/0001-dh-uninitialized-memory.patch
2019-02-11 20:43:44.000000000 +0000
+++ libssh-0.8.7/debian/patches/0001-dh-uninitialized-memory.patch
1970-01-01 00:00:00.000000000 +0000
@@ -1,30 +0,0 @@
-From d028b2495d0bb2b7ae9b0af42b4377af4a964b00 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jje...@redhat.com>
-Date: Tue, 8 Jan 2019 11:32:10 +0100
-Subject: dh: Make sure we do not access uninitialized memory
-
-Signed-off-by: Jakub Jelen <jje...@redhat.com>
-Reviewed-by: Andreas Schneider <a...@cryptomilk.org>
-(cherry picked from commit ca62632170c311923026f978c57d2e0a0be3e0e1)
----
- src/dh.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/dh.c b/src/dh.c
-index 90c1813c..cc12fd46 100644
---- a/src/dh.c
-+++ b/src/dh.c
-@@ -1274,6 +1274,10 @@ int ssh_get_server_publickey(ssh_session session,
ssh_key *key)
-
- ssh_key ssh_dh_get_current_server_publickey(ssh_session session)
- {
-+ if (session->current_crypto == NULL) {
-+ return NULL;
-+ }
-+
- return session->current_crypto->server_pubkey;
- }
-
---
-cgit v1.2.1
-
diff -Nru libssh-0.8.6/debian/patches/0002-server-extensions.patch
libssh-0.8.7/debian/patches/0002-server-extensions.patch
--- libssh-0.8.6/debian/patches/0002-server-extensions.patch 2019-02-11
20:43:44.000000000 +0000
+++ libssh-0.8.7/debian/patches/0002-server-extensions.patch 1970-01-01
00:00:00.000000000 +0000
@@ -1,95 +0,0 @@
-From 0acfd81f85f8c41547ac700782fa96a000abdc79 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jje...@redhat.com>
-Date: Mon, 7 Jan 2019 18:49:58 +0100
-Subject: server: Correctly handle extensions
-
-If the server had an RSA host key, it provided unconditionally SHA2
-signatures without consulting the client proposed list of supported host
-keys.
-
-This commit implements more fine-grained detection of the extension
-to provide the client with valid signatures according to RFC 8332
-Section 3.1.
-
-Signed-off-by: Jakub Jelen <jje...@redhat.com>
-Reviewed-by: Andreas Schneider <a...@cryptomilk.org>
-(cherry picked from commit 27fe60954c29e548c30af239d92ab4faaf8cf788)
----
- include/libssh/session.h | 7 ++++---
- src/kex.c | 24 ++++++++++++++++++++----
- src/server.c | 2 +-
- 3 files changed, 25 insertions(+), 8 deletions(-)
-
-diff --git a/include/libssh/session.h b/include/libssh/session.h
-index 8b963066..23633cc2 100644
---- a/include/libssh/session.h
-+++ b/include/libssh/session.h
-@@ -87,10 +87,11 @@ enum ssh_pending_call_e {
- #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
-
- /* extensions flags */
-+/* negotiation enabled */
-+#define SSH_EXT_NEGOTIATION 0x01
- /* server-sig-algs extension */
--#define SSH_EXT_SIG_RSA_SHA256 0x01
--#define SSH_EXT_SIG_RSA_SHA512 0x02
--#define SSH_EXT_ALL SSH_EXT_SIG_RSA_SHA256 |
SSH_EXT_SIG_RSA_SHA512
-+#define SSH_EXT_SIG_RSA_SHA256 0x02
-+#define SSH_EXT_SIG_RSA_SHA512 0x04
-
- /* members that are common to ssh_session and ssh_bind */
- struct ssh_common_struct {
-diff --git a/src/kex.c b/src/kex.c
-index 35a5a602..d9d0c7e5 100644
---- a/src/kex.c
-+++ b/src/kex.c
-@@ -526,13 +526,29 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
- ok =
ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX],
- KEX_EXTENSION_CLIENT);
- if (ok) {
-+ const char *hostkeys = NULL;
-+
-+ /* The client supports extension negotiation */
-+ session->extensions |= SSH_EXT_NEGOTIATION;
- /*
-- * Enable all the supported extensions and when the time comes
-- * (after NEWKEYS) send them to the client.
-+ * RFC 8332 Section 3.1: Use for Server Authentication
-+ * Check what algorithms were provided in the SSH_HOSTKEYS list
-+ * by the client and enable the respective extensions to provide
-+ * correct signature in the next packet if RSA is negotiated
- */
-+ hostkeys = session->next_crypto->client_kex.methods[SSH_HOSTKEYS];
-+ ok = ssh_match_group(hostkeys, "rsa-sha2-512");
-+ if (ok) {
-+ session->extensions |= SSH_EXT_SIG_RSA_SHA512;
-+ }
-+ ok = ssh_match_group(hostkeys, "rsa-sha2-256");
-+ if (ok) {
-+ session->extensions |= SSH_EXT_SIG_RSA_SHA256;
-+ }
- SSH_LOG(SSH_LOG_DEBUG, "The client supports extension "
-- "negotiation: enabling all extensions");
-- session->extensions = SSH_EXT_ALL;
-+ "negotiation. Enabled signature algorithms: %s%s",
-+ session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" :
"",
-+ session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512"
: "");
- }
-
- /*
-diff --git a/src/server.c b/src/server.c
-index 8197fd86..02471e91 100644
---- a/src/server.c
-+++ b/src/server.c
-@@ -523,7 +523,7 @@ static void ssh_server_connection_callback(ssh_session
session){
- * our supported extensions now. This is the first message
after
- * sending NEWKEYS message and after turning on crypto.
- */
-- if (session->extensions &&
-+ if (session->extensions & SSH_EXT_NEGOTIATION &&
- session->session_state !=
SSH_SESSION_STATE_AUTHENTICATED) {
- ssh_server_send_extensions(session);
- }
---
-cgit v1.2.1
-
diff -Nru
libssh-0.8.6/debian/patches/0003-pki_signature_from_rsa_blob-NULL-check.patch
libssh-0.8.7/debian/patches/0003-pki_signature_from_rsa_blob-NULL-check.patch
---
libssh-0.8.6/debian/patches/0003-pki_signature_from_rsa_blob-NULL-check.patch
2019-02-11 20:43:44.000000000 +0000
+++
libssh-0.8.7/debian/patches/0003-pki_signature_from_rsa_blob-NULL-check.patch
1970-01-01 00:00:00.000000000 +0000
@@ -1,50 +0,0 @@
-From b6d275537e99219efff44cb544854687c7e4e2e8 Mon Sep 17 00:00:00 2001
-From: Jon Simons <j...@jonsimons.org>
-Date: Tue, 29 Jan 2019 16:16:29 -0500
-Subject: pki: NULL check pki_signature_from_rsa_blob result
-
-Check for a potential NULL result from `pki_signature_from_rsa_blob`
-in `pki_signature_from_blob`. Otherwise the following `sig->type_c`
-will result in a segfault.
-
-Introduced in 7f83a1efae6a7da19e18268d6298fc11b4e68c57.
-
-Signed-off-by: Jon Simons <j...@jonsimons.org>
-Reviewed-by: Andreas Schneider <a...@cryptomilk.org>
-(cherry picked from commit ccd73db90c9ff1c9e945939e78d735f97e525dae)
----
- src/pki_crypto.c | 3 +++
- src/pki_mbedcrypto.c | 3 +++
- 2 files changed, 6 insertions(+)
-
-diff --git a/src/pki_crypto.c b/src/pki_crypto.c
-index e79d97b4..bae51b71 100644
---- a/src/pki_crypto.c
-+++ b/src/pki_crypto.c
-@@ -1681,6 +1681,9 @@ ssh_signature pki_signature_from_blob(const ssh_key
pubkey,
- case SSH_KEYTYPE_RSA:
- case SSH_KEYTYPE_RSA1:
- sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
-+ if (sig == NULL) {
-+ return NULL;
-+ }
- sig->type_c = ssh_key_signature_to_char(type, hash_type);
- break;
- case SSH_KEYTYPE_ECDSA:
-diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
-index ccce014c..57a4ffae 100644
---- a/src/pki_mbedcrypto.c
-+++ b/src/pki_mbedcrypto.c
-@@ -917,6 +917,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
- switch(type) {
- case SSH_KEYTYPE_RSA:
- sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
-+ if (sig == NULL) {
-+ return NULL;
-+ }
- sig->type_c = ssh_key_signature_to_char(type, hash_type);
- break;
- case SSH_KEYTYPE_ECDSA: {
---
-cgit v1.2.1
-
diff -Nru libssh-0.8.6/debian/patches/series libssh-0.8.7/debian/patches/series
--- libssh-0.8.6/debian/patches/series 2019-02-11 20:43:44.000000000 +0000
+++ libssh-0.8.7/debian/patches/series 2019-05-22 15:48:31.000000000 +0000
@@ -1,5 +1,2 @@
-0001-dh-uninitialized-memory.patch
-0002-server-extensions.patch
-0003-pki_signature_from_rsa_blob-NULL-check.patch
1003-custom-lib-names.patch
2003-disable-expand_tilde_unix-test.patch
diff -Nru libssh-0.8.6/debian/tests/control libssh-0.8.7/debian/tests/control
--- libssh-0.8.6/debian/tests/control 2019-02-11 20:43:44.000000000 +0000
+++ libssh-0.8.7/debian/tests/control 2019-05-22 15:48:31.000000000 +0000
@@ -3,4 +3,5 @@
libglib2.0-dev,
build-essential,
openssh-client,
+ valgrind,
Restrictions: allow-stderr
diff -Nru libssh-0.8.6/debian/tests/libssh-server
libssh-0.8.7/debian/tests/libssh-server
--- libssh-0.8.6/debian/tests/libssh-server 2019-02-11 20:43:44.000000000
+0000
+++ libssh-0.8.7/debian/tests/libssh-server 2019-05-22 15:48:31.000000000
+0000
@@ -45,3 +45,18 @@
waitpid $SERVER_PID
check_out
+echo "====== password authentication with valgrind ======"
+
+# run server
+SERVER_PID=$(valgrind $SSHD --user=joe --password=$(./mock-ssh-askpass) --port
$PORT -v)
+
+# HACK: default curve25519-sha256 algorithm fails under valgrind and 32 bit
OSes
+EXTRA_OPTS=""
+if [ "$(getconf LONG_BIT)" = 32 ]; then
+ EXTRA_OPTS="$EXTRA_OPTS -o KexAlgorithms=ecdh-sha2-nistp256"
+fi
+
+OUT=$(DISPLAY= SSH_ASKPASS=`pwd`/mock-ssh-askpass setsid ssh -o
UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $EXTRA_OPTS -p $PORT
joe@localhost cat /etc/os-release)
+
+waitpid $SERVER_PID
+check_out
diff -Nru libssh-0.8.6/doc/mainpage.dox libssh-0.8.7/doc/mainpage.dox
--- libssh-0.8.6/doc/mainpage.dox 2018-12-07 13:33:25.000000000 +0000
+++ libssh-0.8.7/doc/mainpage.dox 2019-02-22 17:21:25.000000000 +0000
@@ -23,7 +23,7 @@
- <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512,
rsa-sha2-256,ssh-dss
- <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>,
aes256-cbc (rijndael-...@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc,
blowfish-cbc, none
- <strong>Compression Schemes</strong>: zlib, <i>z...@openssh.com</i>, none
- - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-384,
hmac-sha2-512, hmac-md5, none
+ - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-512,
hmac-md5, none
- <strong>Authentication</strong>: none, password, public-key,
keyboard-interactive, <i>gssapi-with-mic</i>
- <strong>Channels</strong>: shell, exec (incl. SCP wrapper), direct-tcpip,
subsystem, <i>auth-agent-...@openssh.com</i>
- <strong>Global Requests</strong>: tcpip-forward, forwarded-tcpip
diff -Nru libssh-0.8.6/include/libssh/libssh.h
libssh-0.8.7/include/libssh/libssh.h
--- libssh-0.8.6/include/libssh/libssh.h 2018-12-24 07:36:06.000000000
+0000
+++ libssh-0.8.7/include/libssh/libssh.h 2019-02-25 08:58:49.000000000
+0000
@@ -79,7 +79,7 @@
/* libssh version */
#define LIBSSH_VERSION_MAJOR 0
#define LIBSSH_VERSION_MINOR 8
-#define LIBSSH_VERSION_MICRO 6
+#define LIBSSH_VERSION_MICRO 7
#define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
LIBSSH_VERSION_MINOR, \
diff -Nru libssh-0.8.6/include/libssh/session.h
libssh-0.8.7/include/libssh/session.h
--- libssh-0.8.6/include/libssh/session.h 2018-12-24 07:35:54.000000000
+0000
+++ libssh-0.8.7/include/libssh/session.h 2019-02-25 08:58:49.000000000
+0000
@@ -87,10 +87,11 @@
#define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
/* extensions flags */
+/* negotiation enabled */
+#define SSH_EXT_NEGOTIATION 0x01
/* server-sig-algs extension */
-#define SSH_EXT_SIG_RSA_SHA256 0x01
-#define SSH_EXT_SIG_RSA_SHA512 0x02
-#define SSH_EXT_ALL SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512
+#define SSH_EXT_SIG_RSA_SHA256 0x02
+#define SSH_EXT_SIG_RSA_SHA512 0x04
/* members that are common to ssh_session and ssh_bind */
struct ssh_common_struct {
diff -Nru libssh-0.8.6/include/libssh/wrapper.h
libssh-0.8.7/include/libssh/wrapper.h
--- libssh-0.8.6/include/libssh/wrapper.h 2018-12-24 07:35:54.000000000
+0000
+++ libssh-0.8.7/include/libssh/wrapper.h 2019-02-25 08:58:49.000000000
+0000
@@ -44,7 +44,6 @@
enum ssh_hmac_e {
SSH_HMAC_SHA1 = 1,
SSH_HMAC_SHA256,
- SSH_HMAC_SHA384,
SSH_HMAC_SHA512,
SSH_HMAC_MD5,
SSH_HMAC_AEAD_POLY1305
diff -Nru libssh-0.8.6/src/ABI/current libssh-0.8.7/src/ABI/current
--- libssh-0.8.6/src/ABI/current 2018-12-24 07:36:06.000000000 +0000
+++ libssh-0.8.7/src/ABI/current 2019-02-22 17:21:25.000000000 +0000
@@ -1 +1 @@
-4.7.3
\ No newline at end of file
+4.7.4
\ No newline at end of file
diff -Nru libssh-0.8.6/src/ABI/libssh-4.7.4.symbols
libssh-0.8.7/src/ABI/libssh-4.7.4.symbols
--- libssh-0.8.6/src/ABI/libssh-4.7.4.symbols 1970-01-01 00:00:00.000000000
+0000
+++ libssh-0.8.7/src/ABI/libssh-4.7.4.symbols 2019-02-22 17:21:25.000000000
+0000
@@ -0,0 +1,415 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_try_publickey
+ssh_version
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
\ No newline at end of file
diff -Nru libssh-0.8.6/src/config.c libssh-0.8.7/src/config.c
--- libssh-0.8.6/src/config.c 2018-12-24 07:35:54.000000000 +0000
+++ libssh-0.8.7/src/config.c 2019-02-25 08:58:49.000000000 +0000
@@ -210,6 +210,7 @@
{ "originalhost", MATCH_ORIGINALHOST },
{ "user", MATCH_USER },
{ "localuser", MATCH_LOCALUSER },
+ { NULL, MATCH_UNKNOWN },
};
static int ssh_config_parse_line(ssh_session session, const char *line,
diff -Nru libssh-0.8.6/src/connect.c libssh-0.8.7/src/connect.c
--- libssh-0.8.6/src/connect.c 2018-12-24 07:35:54.000000000 +0000
+++ libssh-0.8.7/src/connect.c 2019-02-25 08:58:49.000000000 +0000
@@ -476,7 +476,7 @@
fd_set *readfds, struct timeval *timeout) {
fd_set origfds;
socket_t fd;
- int i,j;
+ size_t i, j;
int rc;
int base_tm, tm;
struct ssh_timestamp ts;
diff -Nru libssh-0.8.6/src/connector.c libssh-0.8.7/src/connector.c
--- libssh-0.8.6/src/connector.c 2018-12-07 13:33:25.000000000 +0000
+++ libssh-0.8.7/src/connector.c 2019-02-22 10:42:26.000000000 +0000
@@ -641,14 +641,12 @@
session = ssh_channel_get_session(connector->in_channel);
ssh_event_remove_session(connector->event, session);
- connector->in_channel = NULL;
}
if (connector->out_channel != NULL) {
session = ssh_channel_get_session(connector->out_channel);
ssh_event_remove_session(connector->event, session);
- connector->out_channel = NULL;
}
connector->event = NULL;
diff -Nru libssh-0.8.6/src/dh.c libssh-0.8.7/src/dh.c
--- libssh-0.8.6/src/dh.c 2018-12-07 13:33:25.000000000 +0000
+++ libssh-0.8.7/src/dh.c 2019-02-25 08:58:49.000000000 +0000
@@ -1274,6 +1274,10 @@
ssh_key ssh_dh_get_current_server_publickey(ssh_session session)
{
+ if (session->current_crypto == NULL) {
+ return NULL;
+ }
+
return session->current_crypto->server_pubkey;
}
diff -Nru libssh-0.8.6/src/kex.c libssh-0.8.7/src/kex.c
--- libssh-0.8.6/src/kex.c 2018-12-24 07:35:54.000000000 +0000
+++ libssh-0.8.7/src/kex.c 2019-02-25 08:58:49.000000000 +0000
@@ -38,6 +38,7 @@
#include "libssh/curve25519.h"
#include "libssh/knownhosts.h"
#include "libssh/misc.h"
+#include "libssh/pki.h"
#ifdef HAVE_LIBGCRYPT
# define BLOWFISH "blowfish-cbc,"
@@ -420,6 +421,7 @@
int server_kex=session->server;
ssh_string str = NULL;
char *strings[KEX_METHODS_SIZE] = {0};
+ char *rsa_sig_ext = NULL;
int rc = SSH_ERROR;
uint8_t first_kex_packet_follows = 0;
@@ -526,13 +528,52 @@
ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX],
KEX_EXTENSION_CLIENT);
if (ok) {
+ const char *hostkeys = NULL;
+
+ /* The client supports extension negotiation */
+ session->extensions |= SSH_EXT_NEGOTIATION;
+ /*
+ * RFC 8332 Section 3.1: Use for Server Authentication
+ * Check what algorithms were provided in the SSH_HOSTKEYS list
+ * by the client and enable the respective extensions to provide
+ * correct signature in the next packet if RSA is negotiated
+ */
+ hostkeys = session->next_crypto->client_kex.methods[SSH_HOSTKEYS];
+ ok = ssh_match_group(hostkeys, "rsa-sha2-512");
+ if (ok) {
+ session->extensions |= SSH_EXT_SIG_RSA_SHA512;
+ }
+ ok = ssh_match_group(hostkeys, "rsa-sha2-256");
+ if (ok) {
+ session->extensions |= SSH_EXT_SIG_RSA_SHA256;
+ }
+
/*
- * Enable all the supported extensions and when the time comes
- * (after NEWKEYS) send them to the client.
+ * Ensure that the client preference is honored for the case
+ * both signature types are enabled.
*/
+ if ((session->extensions & SSH_EXT_SIG_RSA_SHA256) &&
+ (session->extensions & SSH_EXT_SIG_RSA_SHA512)) {
+ session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 |
SSH_EXT_SIG_RSA_SHA512);
+ rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256",
+
session->next_crypto->client_kex.methods[SSH_HOSTKEYS]);
+ if (rsa_sig_ext == NULL) {
+ goto error; /* should never happen */
+ } else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) {
+ session->extensions |= SSH_EXT_SIG_RSA_SHA512;
+ } else if (strcmp(rsa_sig_ext, "rsa-sha2-256") == 0) {
+ session->extensions |= SSH_EXT_SIG_RSA_SHA256;
+ } else {
+ SAFE_FREE(rsa_sig_ext);
+ goto error; /* should never happen */
+ }
+ SAFE_FREE(rsa_sig_ext);
+ }
+
SSH_LOG(SSH_LOG_DEBUG, "The client supports extension "
- "negotiation: enabling all extensions");
- session->extensions = SSH_EXT_ALL;
+ "negotiation. Enabled signature algorithms: %s%s",
+ session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" :
"",
+ session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512" :
"");
}
/*
@@ -603,6 +644,8 @@
"ecdsa-sha2-nistp521",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp256",
+ "rsa-sha2-512",
+ "rsa-sha2-256",
"ssh-rsa",
#ifdef HAVE_DSA
"ssh-dss",
@@ -628,29 +671,30 @@
for (i = 0; preferred_hostkeys[i] != NULL; ++i) {
bool found = false;
+ /* This is a signature type: We list also the SHA2 extensions */
+ enum ssh_keytypes_e base_preferred =
+ ssh_key_type_from_signature_name(preferred_hostkeys[i]);
for (it = ssh_list_get_iterator(algo_list);
it != NULL;
it = it->next) {
const char *algo = ssh_iterator_value(const char *, it);
- int cmp;
- int ok;
-
- cmp = strcmp(preferred_hostkeys[i], algo);
- if (cmp == 0) {
- ok = ssh_verify_existing_algo(SSH_HOSTKEYS, algo);
- if (ok) {
- if (needcomma) {
- strncat(methods_buffer,
- ",",
- sizeof(methods_buffer) -
strlen(methods_buffer) - 1);
- }
+ /* This is always key type so we do not have to care for the
+ * SHA2 extension */
+ enum ssh_keytypes_e base_algo = ssh_key_type_from_name(algo);
+
+ if (base_preferred == base_algo) {
+ /* Matching the keys already verified it is a known type */
+ if (needcomma) {
strncat(methods_buffer,
- algo,
+ ",",
sizeof(methods_buffer) - strlen(methods_buffer) -
1);
- needcomma = 1;
- found = true;
}
+ strncat(methods_buffer,
+ preferred_hostkeys[i],
+ sizeof(methods_buffer) - strlen(methods_buffer) - 1);
+ needcomma = 1;
+ found = true;
}
}
/* Collect the rest of the algorithms in other buffer, that will
@@ -712,10 +756,10 @@
memset(client->methods, 0, KEX_METHODS_SIZE * sizeof(char **));
/* first check if we have specific host key methods */
- if(session->opts.wanted_methods[SSH_HOSTKEYS] == NULL){
+ if (session->opts.wanted_methods[SSH_HOSTKEYS] == NULL) {
/* Only if no override */
session->opts.wanted_methods[SSH_HOSTKEYS] =
- ssh_client_select_hostkeys(session);
+ ssh_client_select_hostkeys(session);
}
for (i = 0; i < KEX_METHODS_SIZE; i++) {
diff -Nru libssh-0.8.6/src/libcrypto.c libssh-0.8.7/src/libcrypto.c
--- libssh-0.8.6/src/libcrypto.c 2018-12-24 07:35:54.000000000 +0000
+++ libssh-0.8.7/src/libcrypto.c 2019-02-25 08:58:49.000000000 +0000
@@ -427,9 +427,6 @@
case SSH_HMAC_SHA256:
HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
break;
- case SSH_HMAC_SHA384:
- HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);
- break;
case SSH_HMAC_SHA512:
HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
break;
diff -Nru libssh-0.8.6/src/libgcrypt.c libssh-0.8.7/src/libgcrypt.c
--- libssh-0.8.6/src/libgcrypt.c 2018-12-24 07:35:54.000000000 +0000
+++ libssh-0.8.7/src/libgcrypt.c 2019-02-25 08:58:49.000000000 +0000
@@ -282,9 +282,6 @@
case SSH_HMAC_SHA256:
gcry_md_open(&c, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
break;
- case SSH_HMAC_SHA384:
- gcry_md_open(&c, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC);
- break;
case SSH_HMAC_SHA512:
gcry_md_open(&c, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC);
break;
diff -Nru libssh-0.8.6/src/libmbedcrypto.c libssh-0.8.7/src/libmbedcrypto.c
--- libssh-0.8.6/src/libmbedcrypto.c 2018-12-24 07:35:54.000000000 +0000
+++ libssh-0.8.7/src/libmbedcrypto.c 2019-02-25 08:58:49.000000000 +0000
@@ -462,9 +462,6 @@
case SSH_HMAC_SHA256:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
break;
- case SSH_HMAC_SHA384:
- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
- break;
case SSH_HMAC_SHA512:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
break;
diff -Nru libssh-0.8.6/src/options.c libssh-0.8.7/src/options.c
--- libssh-0.8.6/src/options.c 2018-12-24 07:35:55.000000000 +0000
+++ libssh-0.8.7/src/options.c 2019-02-25 08:58:49.000000000 +0000
@@ -302,37 +302,6 @@
* \n
* See the corresponding numbers in libssh.h.
*
- * - SSH_OPTIONS_AUTH_CALLBACK:
- * Set a callback to use your own authentication function
- * (function pointer).
- *
- * - SSH_OPTIONS_AUTH_USERDATA:
- * Set the user data passed to the authentication
- * function (generic pointer).
- *
- * - SSH_OPTIONS_LOG_CALLBACK:
- * Set a callback to use your own logging function
- * (function pointer).
- *
- * - SSH_OPTIONS_LOG_USERDATA:
- * Set the user data passed to the logging function
- * (generic pointer).
- *
- * - SSH_OPTIONS_STATUS_CALLBACK:
- * Set a callback to show connection status in realtime
- * (function pointer).\n
- * \n
- * @code
- * fn(void *arg, float status)
- * @endcode
- * \n
- * During ssh_connect(), libssh will call the callback
- * with status from 0.0 to 1.0.
- *
- * - SSH_OPTIONS_STATUS_ARG:
- * Set the status argument which should be passed to the
- * status callback (generic pointer).
- *
* - SSH_OPTIONS_CIPHERS_C_S:
* Set the symmetric cipher client to server (const char *,
* comma-separated list).
diff -Nru libssh-0.8.6/src/packet_crypt.c libssh-0.8.7/src/packet_crypt.c
--- libssh-0.8.6/src/packet_crypt.c 2018-12-24 07:35:55.000000000 +0000
+++ libssh-0.8.7/src/packet_crypt.c 2019-02-25 08:58:49.000000000 +0000
@@ -176,6 +176,17 @@
return session->current_crypto->hmacbuf;
}
+static int secure_memcmp(const void *s1, const void *s2, size_t n)
+{
+ int rc = 0;
+ const unsigned char *p1 = s1;
+ const unsigned char *p2 = s2;
+ for (; n > 0; --n) {
+ rc |= *p1++ ^ *p2++;
+ }
+ return (rc != 0);
+}
+
/**
* @internal
*
@@ -219,7 +230,7 @@
ssh_print_hexa("Computed mac",hmacbuf,len);
ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t));
#endif
- if (memcmp(mac, hmacbuf, len) == 0) {
+ if (secure_memcmp(mac, hmacbuf, len) == 0) {
return 0;
}
diff -Nru libssh-0.8.6/src/pki_container_openssh.c
libssh-0.8.7/src/pki_container_openssh.c
--- libssh-0.8.6/src/pki_container_openssh.c 2018-12-24 07:35:55.000000000
+0000
+++ libssh-0.8.7/src/pki_container_openssh.c 2019-02-25 08:58:49.000000000
+0000
@@ -409,7 +409,7 @@
return SSH_ERROR;
}
if (privkey->ed25519_privkey == NULL ||
- privkey->ed25519_pubkey == NULL){
+ privkey->ed25519_pubkey == NULL) {
return SSH_ERROR;
}
rc = ssh_buffer_pack(buffer,
@@ -442,7 +442,6 @@
char passphrase_buffer[128];
int rc;
int i;
- uint8_t padding = 1;
int cmp;
cmp = strcmp(ciphername, "none");
@@ -469,14 +468,6 @@
SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname);
return SSH_ERROR;
}
- while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) {
- rc = ssh_buffer_add_u8(privkey_buffer, padding);
- if (rc < 0) {
- return SSH_ERROR;
- }
- padding++;
- }
-
/* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)){
@@ -553,6 +544,7 @@
int to_encrypt=0;
unsigned char *b64;
uint32_t str_len, len;
+ uint8_t padding = 1;
int ok;
int rc;
@@ -603,6 +595,18 @@
goto error;
}
+ /* Add padding regardless encryption because it is expected
+ * by OpenSSH tools.
+ * XXX Using 16 B as we use only AES cipher below anyway.
+ */
+ while (ssh_buffer_get_len(privkey_buffer) % 16 != 0) {
+ rc = ssh_buffer_add_u8(privkey_buffer, padding);
+ if (rc < 0) {
+ goto error;
+ }
+ padding++;
+ }
+
if (to_encrypt){
ssh_buffer kdf_buf;
diff -Nru libssh-0.8.6/src/pki_crypto.c libssh-0.8.7/src/pki_crypto.c
--- libssh-0.8.6/src/pki_crypto.c 2018-12-24 07:35:55.000000000 +0000
+++ libssh-0.8.7/src/pki_crypto.c 2019-02-25 08:58:49.000000000 +0000
@@ -1657,6 +1657,7 @@
s = ssh_string_new(20);
if (s == NULL) {
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1665,6 +1666,7 @@
ps = ssh_make_string_bn(s);
ssh_string_free(s);
if (ps == NULL) {
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1673,6 +1675,8 @@
* object */
rc = DSA_SIG_set0(sig->dsa_sig, pr, ps);
if (rc == 0) {
+ bignum_safe_free(ps);
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1681,6 +1685,9 @@
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
+ if (sig == NULL) {
+ return NULL;
+ }
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break;
case SSH_KEYTYPE_ECDSA:
@@ -1734,6 +1741,7 @@
rlen = ssh_buffer_get_len(b);
ssh_buffer_free(b);
if (s == NULL) {
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1746,6 +1754,7 @@
ssh_string_burn(s);
ssh_string_free(s);
if (ps == NULL) {
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1754,6 +1763,8 @@
* ECDSA signature object */
rc = ECDSA_SIG_set0(sig->ecdsa_sig, pr, ps);
if (rc == 0) {
+ bignum_safe_free(ps);
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
diff -Nru libssh-0.8.6/src/pki_gcrypt.c libssh-0.8.7/src/pki_gcrypt.c
--- libssh-0.8.6/src/pki_gcrypt.c 2018-12-07 14:21:24.000000000 +0000
+++ libssh-0.8.7/src/pki_gcrypt.c 2019-02-22 10:42:26.000000000 +0000
@@ -28,6 +28,7 @@
#ifdef HAVE_LIBGCRYPT
#include <assert.h>
+#include <stdbool.h>
#include <string.h>
#include <stdlib.h>
#include <gcrypt.h>
@@ -389,7 +390,7 @@
while(p[len] == '\n' || p[len] == '\r') /* skip empty lines */ \
len++; \
if(p[len] == '\0') /* EOL */ \
- len = -1; \
+ eol = true; \
else /* calculate length */ \
for(p += len, len = 0; p[len] && p[len] != '\n' \
&& p[len] != '\r'; len++); \
@@ -409,7 +410,8 @@
unsigned int iv_len = 0;
int algo = 0;
int mode = 0;
- int len;
+ bool eol = false;
+ size_t len;
buffer = ssh_buffer_new();
if (buffer == NULL) {
@@ -441,25 +443,38 @@
len = 0;
get_next_line(p, len);
- while(len > 0 && strncmp(p, header_begin, header_begin_size)) {
+ while(!eol && strncmp(p, header_begin, header_begin_size)) {
/* skip line */
get_next_line(p, len);
}
- if(len < 0) {
- /* no header found */
+ if (eol) {
+ ssh_buffer_free(buffer);
return NULL;
}
+
/* skip header line */
get_next_line(p, len);
+ if (eol) {
+ ssh_buffer_free(buffer);
+ return NULL;
+ }
if (len > 11 && strncmp("Proc-Type: 4,ENCRYPTED", p, 11) == 0) {
/* skip line */
get_next_line(p, len);
+ if (eol) {
+ ssh_buffer_free(buffer);
+ return NULL;
+ }
if (len > 10 && strncmp("DEK-Info: ", p, 10) == 0) {
p += 10;
len = 0;
get_next_line(p, len);
+ if (eol) {
+ ssh_buffer_free(buffer);
+ return NULL;
+ }
if (privatekey_dek_header(p, len, &algo, &mode, &key_len,
&iv, &iv_len) < 0) {
ssh_buffer_free(buffer);
@@ -482,7 +497,7 @@
}
get_next_line(p, len);
- while(len > 0 && strncmp(p, header_end, header_end_size) != 0) {
+ while(!eol && strncmp(p, header_end, header_end_size) != 0) {
if (ssh_buffer_add_data(buffer, p, len) < 0) {
ssh_buffer_free(buffer);
SAFE_FREE(iv);
@@ -491,7 +506,7 @@
get_next_line(p, len);
}
- if (len == -1 || strncmp(p, header_end, header_end_size) != 0) {
+ if (eol || strncmp(p, header_end, header_end_size) != 0) {
ssh_buffer_free(buffer);
SAFE_FREE(iv);
return NULL;
diff -Nru libssh-0.8.6/src/pki_mbedcrypto.c libssh-0.8.7/src/pki_mbedcrypto.c
--- libssh-0.8.6/src/pki_mbedcrypto.c 2018-12-07 14:21:24.000000000 +0000
+++ libssh-0.8.7/src/pki_mbedcrypto.c 2019-02-07 13:22:23.000000000 +0000
@@ -917,6 +917,9 @@
switch(type) {
case SSH_KEYTYPE_RSA:
sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
+ if (sig == NULL) {
+ return NULL;
+ }
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break;
case SSH_KEYTYPE_ECDSA: {
diff -Nru libssh-0.8.6/src/server.c libssh-0.8.7/src/server.c
--- libssh-0.8.6/src/server.c 2018-12-07 13:33:25.000000000 +0000
+++ libssh-0.8.7/src/server.c 2019-02-25 08:58:49.000000000 +0000
@@ -453,6 +453,7 @@
/* from now, the packet layer is handling incoming packets */
session->socket_callbacks.data=ssh_packet_socket_callback;
+ ssh_packet_register_socket_callback(session, session->socket);
ssh_packet_set_default_callbacks(session);
set_status(session, 0.5f);
@@ -523,7 +524,7 @@
* our supported extensions now. This is the first message
after
* sending NEWKEYS message and after turning on crypto.
*/
- if (session->extensions &&
+ if (session->extensions & SSH_EXT_NEGOTIATION &&
session->session_state != SSH_SESSION_STATE_AUTHENTICATED)
{
ssh_server_send_extensions(session);
}
diff -Nru libssh-0.8.6/src/wrapper.c libssh-0.8.7/src/wrapper.c
--- libssh-0.8.6/src/wrapper.c 2018-12-24 07:35:55.000000000 +0000
+++ libssh-0.8.7/src/wrapper.c 2019-02-25 08:58:49.000000000 +0000
@@ -52,7 +52,6 @@
static struct ssh_hmac_struct ssh_hmac_tab[] = {
{ "hmac-sha1", SSH_HMAC_SHA1 },
{ "hmac-sha2-256", SSH_HMAC_SHA256 },
- { "hmac-sha2-384", SSH_HMAC_SHA384 },
{ "hmac-sha2-512", SSH_HMAC_SHA512 },
{ "hmac-md5", SSH_HMAC_MD5 },
{ "aead-poly1305", SSH_HMAC_AEAD_POLY1305 },
@@ -69,8 +68,6 @@
return SHA_DIGEST_LEN;
case SSH_HMAC_SHA256:
return SHA256_DIGEST_LEN;
- case SSH_HMAC_SHA384:
- return SHA384_DIGEST_LEN;
case SSH_HMAC_SHA512:
return SHA512_DIGEST_LEN;
case SSH_HMAC_MD5:
diff -Nru libssh-0.8.6/tests/pkd/pkd_client.h
libssh-0.8.7/tests/pkd/pkd_client.h
--- libssh-0.8.6/tests/pkd/pkd_client.h 2018-12-07 13:33:25.000000000 +0000
+++ libssh-0.8.7/tests/pkd/pkd_client.h 2019-02-25 08:58:49.000000000 +0000
@@ -46,12 +46,12 @@
OPENSSH_PKACCEPTED_ECDSA \
OPENSSH_PKACCEPTED_DSA
-#define OPENSSH_CMD_START \
+#define OPENSSH_CMD_START(hostkey_algos) \
OPENSSH_BINARY " " \
"-o UserKnownHostsFile=/dev/null " \
"-o StrictHostKeyChecking=no " \
"-F /dev/null " \
- OPENSSH_HOSTKEY_ALGOS " " \
+ hostkey_algos " " \
OPENSSH_PKACCEPTED_TYPES " " \
"-i " CLIENT_ID_FILE " " \
"1> %s.out " \
@@ -61,16 +61,19 @@
#define OPENSSH_CMD_END "-p 1234 localhost ls"
#define OPENSSH_CMD \
- OPENSSH_CMD_START OPENSSH_CMD_END
+ OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) OPENSSH_CMD_END
#define OPENSSH_KEX_CMD(kexalgo) \
- OPENSSH_CMD_START "-o KexAlgorithms=" kexalgo " " OPENSSH_CMD_END
+ OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o KexAlgorithms=" kexalgo " "
OPENSSH_CMD_END
#define OPENSSH_CIPHER_CMD(ciphers) \
- OPENSSH_CMD_START "-c " ciphers " " OPENSSH_CMD_END
+ OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-c " ciphers " " OPENSSH_CMD_END
#define OPENSSH_MAC_CMD(macs) \
- OPENSSH_CMD_START "-o MACs=" macs " " OPENSSH_CMD_END
+ OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o MACs=" macs " "
OPENSSH_CMD_END
+
+#define OPENSSH_HOSTKEY_CMD(hostkeyalgo) \
+ OPENSSH_CMD_START("-o HostKeyAlgorithms=" hostkeyalgo " ") OPENSSH_CMD_END
/* Dropbear */
diff -Nru libssh-0.8.6/tests/pkd/pkd_hello.c libssh-0.8.7/tests/pkd/pkd_hello.c
--- libssh-0.8.6/tests/pkd/pkd_hello.c 2018-12-24 07:36:05.000000000 +0000
+++ libssh-0.8.7/tests/pkd/pkd_hello.c 2019-02-25 08:58:49.000000000 +0000
@@ -478,6 +478,12 @@
f(client, ecdsa_521_hmac_sha2_512, maccmd("hmac-sha2-512"),
setup_ecdsa_521, teardown)
#endif
+#define PKDTESTS_HOSTKEY_OPENSSHONLY(f, client, hkcmd) \
+ f(client, rsa_sha2_256, hkcmd("rsa-sha2-256"),
setup_rsa, teardown) \
+ f(client, rsa_sha2_512, hkcmd("rsa-sha2-512"),
setup_rsa, teardown) \
+ f(client, rsa_sha2_256_512, hkcmd("rsa-sha2-256,rsa-sha2-512"),
setup_rsa, teardown) \
+ f(client, rsa_sha2_512_256, hkcmd("rsa-sha2-512,rsa-sha2-256"),
setup_rsa, teardown)
+
static void torture_pkd_client_noop(void **state) {
struct pkd_state *pstate = (struct pkd_state *) (*state);
(void) pstate;
@@ -545,6 +551,7 @@
PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD)
PKDTESTS_MAC(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD)
PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD)
+PKDTESTS_HOSTKEY_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_HOSTKEY_CMD)
#undef CLIENT_ID_FILE
#define CLIENT_ID_FILE OPENSSH_ECDSA256_TESTKEY
@@ -621,6 +628,7 @@
PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CIPHER_CMD)
PKDTESTS_MAC(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD)
PKDTESTS_MAC_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD)
+ PKDTESTS_HOSTKEY_OPENSSHONLY(emit_testmap, openssh_rsa,
OPENSSH_HOSTKEY_CMD)
PKDTESTS_DEFAULT(emit_testmap, openssh_e256, OPENSSH_CMD)
PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CMD)
diff -Nru libssh-0.8.6/tests/unittests/torture_knownhosts_parsing.c
libssh-0.8.7/tests/unittests/torture_knownhosts_parsing.c
--- libssh-0.8.6/tests/unittests/torture_knownhosts_parsing.c 2018-12-24
07:36:06.000000000 +0000
+++ libssh-0.8.7/tests/unittests/torture_knownhosts_parsing.c 2019-02-25
08:58:49.000000000 +0000
@@ -310,8 +310,9 @@
const char *knownhosts_file = *state;
char *algo_list = NULL;
ssh_session session;
- const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521,"
- "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"
+ const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,"
+ "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
+ "ecdsa-sha2-nistp256"
#ifdef HAVE_DSA
",ssh-dss"
#endif
@@ -339,8 +340,9 @@
const char *knownhosts_file = *state;
char *algo_list = NULL;
ssh_session session;
- const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521,"
- "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"
+ const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,"
+ "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
+ "ecdsa-sha2-nistp256"
#ifdef HAVE_DSA
",ssh-dss"
#endif
signature.asc
Description: PGP signature
