lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-11-05 09:30:35 +03:00
Code Activity

code style: unify code style

Browse Source 
Indent-level: 4
Max columns: 79
No spaces after if/for/while
Unified brace positions
Unified white spaces
This commit is contained in:
Daniel Stenberg
2019-03-17 17:39:06 +01:00
parent 76f1e8735b
commit 12bddb0d45
32 changed files with 1897 additions and 1536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile.am
View File

@@ -147,3 +147,6 @@ $(VCPROJ): win32/vc8proj.head win32/vc8proj.foot Makefile.am
done; \ done; \
cat $(srcdir)/vc8proj.foot) | \ cat $(srcdir)/vc8proj.foot) | \
awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ ) awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ )
checksrc:
perl src/checksrc.pl -i4 -m79 -ASIZEOFNOPAREN -ASNPRINTF -ACOPYRIGHT -AFOPENMODE -Wsrc/libssh2_config.h src/*.[ch]

6
src/bcrypt_pbkdf.c
View File

@@ -98,7 +98,8 @@ bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
} }
int int
bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt,
size_t saltlen,
uint8_t *key, size_t keylen, unsigned int rounds) uint8_t *key, size_t keylen, unsigned int rounds)
{ {
uint8_t sha2pass[SHA512_DIGEST_LENGTH]; uint8_t sha2pass[SHA512_DIGEST_LENGTH];
@@ -117,7 +118,8 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
if(passlen == 0 || saltlen == 0 || keylen == 0 || if(passlen == 0 || saltlen == 0 || keylen == 0 ||
keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20) keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
return -1; return -1;
if ((countsalt = calloc(1, saltlen + 4)) == NULL) countsalt = calloc(1, saltlen + 4);
if(countsalt == NULL)
return -1; return -1;
stride = (keylen + sizeof(out) - 1) / sizeof(out); stride = (keylen + sizeof(out) - 1) / sizeof(out);
amt = (keylen + stride - 1) / stride; amt = (keylen + stride - 1) / stride;

3
src/blf.h
View File

@@ -82,7 +82,8 @@ void blf_cbc_decrypt(blf_ctx *, uint8_t *, uint8_t *, uint32_t);
uint32_t Blowfish_stream2word(const uint8_t *, uint16_t, uint16_t *); uint32_t Blowfish_stream2word(const uint8_t *, uint16_t, uint16_t *);
/* bcrypt with pbkd */ /* bcrypt with pbkd */
int bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, int bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt,
size_t saltlen,
uint8_t *key, size_t keylen, unsigned int rounds); uint8_t *key, size_t keylen, unsigned int rounds);
#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */ #endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */

9
src/blowfish.c
View File

@@ -41,7 +41,8 @@
#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ #if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
!defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) !defined(HAVE_BLOWFISH_EXPAND0STATE) || \
!defined(HAVE_BLF_ENC))
#if 0 #if 0
#include <stdio.h> /* used for debugging */ #include <stdio.h> /* used for debugging */
@@ -690,5 +691,7 @@ main(void)
} }
#endif #endif
#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ #endif /* !defined(HAVE_BCRYPT_PBKDF) && \
!defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */ (!defined(HAVE_BLOWFISH_INITSTATE) || \
!defined(HAVE_BLOWFISH_EXPAND0STATE) || \
'!defined(HAVE_BLF_ENC)) */

53
src/channel.c
View File

@@ -280,11 +280,13 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type,
} }
if(session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) { if(session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) {
unsigned int reason_code = _libssh2_ntohu32(session->open_data + 5); unsigned int reason_code =
_libssh2_ntohu32(session->open_data + 5);
switch(reason_code) { switch(reason_code) {
case SSH_OPEN_ADMINISTRATIVELY_PROHIBITED: case SSH_OPEN_ADMINISTRATIVELY_PROHIBITED:
_libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
"Channel open failure (administratively prohibited)"); "Channel open failure "
"(administratively prohibited)");
break; break;
case SSH_OPEN_CONNECT_FAILED: case SSH_OPEN_CONNECT_FAILED:
_libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
@@ -388,14 +390,15 @@ channel_direct_tcpip(LIBSSH2_SESSION * session, const char *host,
session->direct_host_len + session->direct_shost_len + 16; session->direct_host_len + session->direct_shost_len + 16;
_libssh2_debug(session, LIBSSH2_TRACE_CONN, _libssh2_debug(session, LIBSSH2_TRACE_CONN,
"Requesting direct-tcpip session to from %s:%d to %s:%d", "Requesting direct-tcpip session from %s:%d to %s:%d",
shost, sport, host, port); shost, sport, host, port);
s = session->direct_message = s = session->direct_message =
LIBSSH2_ALLOC(session, session->direct_message_len); LIBSSH2_ALLOC(session, session->direct_message_len);
if(!session->direct_message) { if(!session->direct_message) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC, _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for direct-tcpip connection"); "Unable to allocate memory for "
"direct-tcpip connection");
return NULL; return NULL;
} }
_libssh2_store_str(&s, host, session->direct_host_len); _libssh2_store_str(&s, host, session->direct_host_len);
@@ -443,7 +446,8 @@ libssh2_channel_direct_tcpip_ex(LIBSSH2_SESSION *session, const char *host,
return NULL; return NULL;
BLOCK_ADJUST_ERRNO(ptr, session, BLOCK_ADJUST_ERRNO(ptr, session,
channel_direct_tcpip(session, host, port, shost, sport)); channel_direct_tcpip(session, host, port,
shost, sport));
return ptr; return ptr;
} }
@@ -551,7 +555,8 @@ channel_forward_listen(LIBSSH2_SESSION * session, const char *host,
LIBSSH2_ALLOC(session, session->fwdLstn_host_len + 1); LIBSSH2_ALLOC(session, session->fwdLstn_host_len + 1);
if(!listener->host) { if(!listener->host) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC, _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for listener queue"); "Unable to allocate memory "
"for listener queue");
LIBSSH2_FREE(session, listener); LIBSSH2_FREE(session, listener);
listener = NULL; listener = NULL;
} }
@@ -562,7 +567,8 @@ channel_forward_listen(LIBSSH2_SESSION * session, const char *host,
if(data_len >= 5 && !port) { if(data_len >= 5 && !port) {
listener->port = _libssh2_ntohu32(data + 1); listener->port = _libssh2_ntohu32(data + 1);
_libssh2_debug(session, LIBSSH2_TRACE_CONN, _libssh2_debug(session, LIBSSH2_TRACE_CONN,
"Dynamic tcpip-forward port allocated: %d", "Dynamic tcpip-forward port "
"allocated: %d",
listener->port); listener->port);
} }
else else
@@ -1011,7 +1017,8 @@ static int channel_request_pty(LIBSSH2_CHANNEL *channel,
} }
return _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_REQUEST_DENIED, return _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_REQUEST_DENIED,
"Unable to complete request for channel request-pty"); "Unable to complete request for "
"channel request-pty");
} }
/* /*
@@ -1437,7 +1444,8 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid)
if(((packet_type == SSH_MSG_CHANNEL_DATA) if(((packet_type == SSH_MSG_CHANNEL_DATA)
|| (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA)) || (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA))
&& ((packet->data_len >= 5) && ((packet->data_len >= 5)
&& (_libssh2_ntohu32(packet->data + 1) == channel->local.id))) { && (_libssh2_ntohu32(packet->data + 1)
== channel->local.id))) {
/* It's our channel at least */ /* It's our channel at least */
int packet_stream_id; int packet_stream_id;
@@ -1460,7 +1468,8 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid)
|| (streamid == packet_stream_id))) || (streamid == packet_stream_id)))
|| ((packet_type == SSH_MSG_CHANNEL_DATA) || ((packet_type == SSH_MSG_CHANNEL_DATA)
&& (streamid == 0))) { && (streamid == 0))) {
size_t bytes_to_flush = packet->data_len - packet->data_head; size_t bytes_to_flush = packet->data_len -
packet->data_head;
_libssh2_debug(channel->session, LIBSSH2_TRACE_CONN, _libssh2_debug(channel->session, LIBSSH2_TRACE_CONN,
"Flushing %d bytes of data from stream " "Flushing %d bytes of data from stream "
@@ -1489,9 +1498,8 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid)
channel->remote.window_size -= channel->flush_flush_bytes; channel->remote.window_size -= channel->flush_flush_bytes;
if(channel->flush_refund_bytes) { if(channel->flush_refund_bytes) {
int rc; int rc =
_libssh2_channel_receive_window_adjust(channel,
rc = _libssh2_channel_receive_window_adjust(channel,
channel->flush_refund_bytes, channel->flush_refund_bytes,
1, NULL); 1, NULL);
if(rc == LIBSSH2_ERROR_EAGAIN) if(rc == LIBSSH2_ERROR_EAGAIN)
@@ -1831,9 +1839,11 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id,
/* expand the receiving window first if it has become too narrow */ /* expand the receiving window first if it has become too narrow */
if((channel->read_state == libssh2_NB_state_jump1) || if((channel->read_state == libssh2_NB_state_jump1) ||
(channel->remote.window_size < channel->remote.window_size_initial / 4 * 3 + buflen) ) { (channel->remote.window_size <
channel->remote.window_size_initial / 4 * 3 + buflen) ) {
uint32_t adjustment = channel->remote.window_size_initial + buflen - channel->remote.window_size; uint32_t adjustment = channel->remote.window_size_initial + buflen -
channel->remote.window_size;
if(adjustment < LIBSSH2_CHANNEL_MINADJUST) if(adjustment < LIBSSH2_CHANNEL_MINADJUST)
adjustment = LIBSSH2_CHANNEL_MINADJUST; adjustment = LIBSSH2_CHANNEL_MINADJUST;
@@ -2235,7 +2245,8 @@ static int channel_send_eof(LIBSSH2_CHANNEL *channel)
unsigned char packet[5]; /* packet_type(1) + channelno(4) */ unsigned char packet[5]; /* packet_type(1) + channelno(4) */
int rc; int rc;
_libssh2_debug(session, LIBSSH2_TRACE_CONN, "Sending EOF on channel %lu/%lu", _libssh2_debug(session, LIBSSH2_TRACE_CONN,
"Sending EOF on channel %lu/%lu",
channel->local.id, channel->remote.id); channel->local.id, channel->remote.id);
packet[0] = SSH_MSG_CHANNEL_EOF; packet[0] = SSH_MSG_CHANNEL_EOF;
_libssh2_htonu32(packet + 1, channel->remote.id); _libssh2_htonu32(packet + 1, channel->remote.id);
@@ -2343,7 +2354,8 @@ static int channel_wait_eof(LIBSSH2_CHANNEL *channel)
if((channel->remote.window_size == channel->read_avail) && if((channel->remote.window_size == channel->read_avail) &&
session->api_block_mode) session->api_block_mode)
return _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_WINDOW_FULL, return _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_WINDOW_FULL,
"Receiving channel window has been exhausted"); "Receiving channel window "
"has been exhausted");
rc = _libssh2_transport_read(session); rc = _libssh2_transport_read(session);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
@@ -2444,8 +2456,8 @@ int _libssh2_channel_close(LIBSSH2_CHANNEL * channel)
} }
if(rc != LIBSSH2_ERROR_EAGAIN) { if(rc != LIBSSH2_ERROR_EAGAIN) {
/* set the local close state first when we're perfectly confirmed to not /* set the local close state first when we're perfectly confirmed to
do any more EAGAINs */ not do any more EAGAINs */
channel->local.close = 1; channel->local.close = 1;
/* We call the callback last in this function to make it keep the local /* We call the callback last in this function to make it keep the local
@@ -2687,7 +2699,8 @@ libssh2_channel_window_read_ex(LIBSSH2_CHANNEL *channel,
if(((packet_type == SSH_MSG_CHANNEL_DATA) if(((packet_type == SSH_MSG_CHANNEL_DATA)
|| (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA)) || (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA))
&& ((packet->data_len >= 5) && ((packet->data_len >= 5)
&& (_libssh2_ntohu32(packet->data + 1) == channel->local.id))) { && (_libssh2_ntohu32(packet->data + 1) ==
channel->local.id))) {
bytes_queued += packet->data_len - packet->data_head; bytes_queued += packet->data_len - packet->data_head;
} }

8
src/comp.c
View File

@@ -1,4 +1,4 @@
/* Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org> /* Copyright (c) 2004-2007, 2019, Sara Golemon <sarag@libssh2.org>
* Copyright (c) 2010-2014, Daniel Stenberg <daniel@haxx.se> * Copyright (c) 2010-2014, Daniel Stenberg <daniel@haxx.se>
* All rights reserved. * All rights reserved.
* *
@@ -204,7 +204,8 @@ comp_method_zlib_comp(LIBSSH2_SESSION *session,
} }
_libssh2_debug(session, LIBSSH2_TRACE_TRANS, _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
"unhandled zlib compression error %d, avail_out", status, strm->avail_out); "unhandled zlib compression error %d, avail_out",
status, strm->avail_out);
return _libssh2_error(session, LIBSSH2_ERROR_ZLIB, "compression failure"); return _libssh2_error(session, LIBSSH2_ERROR_ZLIB, "compression failure");
} }
@@ -263,7 +264,8 @@ comp_method_zlib_decomp(LIBSSH2_SESSION * session,
if(status == Z_OK) { if(status == Z_OK) {
if(strm->avail_out > 0) if(strm->avail_out > 0)
/* status is OK and the output buffer has not been exhausted so we're done */ /* status is OK and the output buffer has not been exhausted
so we're done */
break; break;
} }
else if(status == Z_BUF_ERROR) { else if(status == Z_BUF_ERROR) {

36
src/crypto.h
View File

@@ -95,7 +95,8 @@ int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
size_t *signature_len); size_t *signature_len);
int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa, int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
const char *filedata, size_t filedata_len, const char *filedata,
size_t filedata_len,
unsigned const char *passphrase); unsigned const char *passphrase);
#endif #endif
@@ -122,7 +123,8 @@ int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
unsigned long hash_len, unsigned char *sig); unsigned long hash_len, unsigned char *sig);
int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa, int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
const char *filedata, size_t filedata_len, const char *filedata,
size_t filedata_len,
unsigned const char *passphrase); unsigned const char *passphrase);
#endif #endif
@@ -130,11 +132,13 @@ int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
int int
_libssh2_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx ** ecdsactx, _libssh2_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx ** ecdsactx,
const unsigned char *k, const unsigned char *k,
size_t k_len, libssh2_curve_type type); size_t k_len,
libssh2_curve_type type);
int int
_libssh2_ecdsa_new_private(libssh2_ecdsa_ctx ** ec_ctx, _libssh2_ecdsa_new_private(libssh2_ecdsa_ctx ** ec_ctx,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
const char *filename, unsigned const char *passphrase); const char *filename,
unsigned const char *passphrase);
int int
_libssh2_ecdsa_verify(libssh2_ecdsa_ctx * ctx, _libssh2_ecdsa_verify(libssh2_ecdsa_ctx * ctx,
@@ -143,13 +147,16 @@ _libssh2_ecdsa_verify(libssh2_ecdsa_ctx * ctx,
const unsigned char *m, size_t m_len); const unsigned char *m, size_t m_len);
int int
_libssh2_ecdsa_create_key(LIBSSH2_SESSION *session, _libssh2_ec_key **out_private_key, _libssh2_ecdsa_create_key(LIBSSH2_SESSION *session,
_libssh2_ec_key **out_private_key,
unsigned char **out_public_key_octal, unsigned char **out_public_key_octal,
size_t *out_public_key_octal_len, libssh2_curve_type curve_type); size_t *out_public_key_octal_len,
libssh2_curve_type curve_type);
int int
_libssh2_ecdh_gen_k(_libssh2_bn **k, _libssh2_ec_key *private_key, _libssh2_ecdh_gen_k(_libssh2_bn **k, _libssh2_ec_key *private_key,
const unsigned char *server_public_key, size_t server_public_key_len); const unsigned char *server_public_key,
size_t server_public_key_len);
int int
_libssh2_ecdsa_sign(LIBSSH2_SESSION *session, libssh2_ecdsa_ctx *ec_ctx, _libssh2_ecdsa_sign(LIBSSH2_SESSION *session, libssh2_ecdsa_ctx *ec_ctx,
@@ -158,14 +165,16 @@ _libssh2_ecdsa_sign(LIBSSH2_SESSION *session, libssh2_ecdsa_ctx *ec_ctx,
int _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx, int _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
const char *filedata, size_t filedata_len, const char *filedata,
size_t filedata_len,
unsigned const char *passphrase); unsigned const char *passphrase);
libssh2_curve_type libssh2_curve_type
_libssh2_ecdsa_key_get_curve_type(_libssh2_ec_key *key); _libssh2_ecdsa_key_get_curve_type(_libssh2_ec_key *key);
int int
_libssh2_ecdsa_curve_type_from_name(const char *name, libssh2_curve_type *out_type); _libssh2_ecdsa_curve_type_from_name(const char *name,
libssh2_curve_type *out_type);
#endif /* LIBSSH2_ECDSA */ #endif /* LIBSSH2_ECDSA */
@@ -176,7 +185,8 @@ _libssh2_curve25519_new(LIBSSH2_SESSION *session, libssh2_ed25519_ctx **ctx,
uint8_t **out_public_key, uint8_t **out_private_key); uint8_t **out_public_key, uint8_t **out_private_key);
int int
_libssh2_curve25519_gen_k(_libssh2_bn **k, uint8_t private_key[LIBSSH2_ED25519_KEY_LEN], _libssh2_curve25519_gen_k(_libssh2_bn **k,
uint8_t private_key[LIBSSH2_ED25519_KEY_LEN],
uint8_t server_public_key[LIBSSH2_ED25519_KEY_LEN]); uint8_t server_public_key[LIBSSH2_ED25519_KEY_LEN]);
int int
@@ -191,7 +201,8 @@ _libssh2_ed25519_new_private(libssh2_ed25519_ctx **ed_ctx,
int int
_libssh2_ed25519_new_public(libssh2_ed25519_ctx **ed_ctx, _libssh2_ed25519_new_public(libssh2_ed25519_ctx **ed_ctx,
LIBSSH2_SESSION *session, LIBSSH2_SESSION *session,
const unsigned char *raw_pub_key, const uint8_t key_len); const unsigned char *raw_pub_key,
const uint8_t key_len);
int int
_libssh2_ed25519_sign(libssh2_ed25519_ctx *ctx, LIBSSH2_SESSION *session, _libssh2_ed25519_sign(libssh2_ed25519_ctx *ctx, LIBSSH2_SESSION *session,
@@ -201,7 +212,8 @@ _libssh2_ed25519_sign(libssh2_ed25519_ctx *ctx, LIBSSH2_SESSION *session,
int int
_libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx **ed_ctx, _libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx **ed_ctx,
LIBSSH2_SESSION *session, LIBSSH2_SESSION *session,
const char *filedata, size_t filedata_len, const char *filedata,
size_t filedata_len,
unsigned const char *passphrase); unsigned const char *passphrase);
#endif /* LIBSSH2_ED25519 */ #endif /* LIBSSH2_ED25519 */

83
src/hostkey.c
View File

@@ -87,10 +87,12 @@ hostkey_method_ssh_rsa_init(LIBSSH2_SESSION * session,
if(_libssh2_match_string(&buf, "ssh-rsa") != 0) if(_libssh2_match_string(&buf, "ssh-rsa") != 0)
return -1; return -1;
if((e_len = _libssh2_get_c_string(&buf, &e)) <= 0) e_len = _libssh2_get_c_string(&buf, &e);
if(e_len <= 0)
return -1; return -1;
if((n_len = _libssh2_get_c_string(&buf, &n)) <= 0) n_len = _libssh2_get_c_string(&buf, &n);
if(n_len <= 0)
return -1; return -1;
if(_libssh2_rsa_new(&rsactx, e, e_len, n, n_len, NULL, 0, if(_libssh2_rsa_new(&rsactx, e, e_len, n, n_len, NULL, 0,
@@ -306,16 +308,20 @@ hostkey_method_ssh_dss_init(LIBSSH2_SESSION * session,
if(_libssh2_match_string(&buf, "ssh-dss") != 0) if(_libssh2_match_string(&buf, "ssh-dss") != 0)
return -1; return -1;
if((p_len = _libssh2_get_c_string(&buf, &p)) < 0) p_len = _libssh2_get_c_string(&buf, &p);
if(p_len < 0)
return -1; return -1;
if((q_len = _libssh2_get_c_string(&buf, &q)) < 0) q_len = _libssh2_get_c_string(&buf, &q);
if(q_len < 0)
return -1; return -1;
if((g_len = _libssh2_get_c_string(&buf, &g)) < 0) g_len = _libssh2_get_c_string(&buf, &g);
if(g_len < 0)
return -1; return -1;
if((y_len = _libssh2_get_c_string(&buf, &y)) < 0) y_len = _libssh2_get_c_string(&buf, &y);
if(y_len < 0)
return -1; return -1;
if(_libssh2_dsa_new(&dsactx, p, p_len, q, q_len, if(_libssh2_dsa_new(&dsactx, p, p_len, q, q_len,
@@ -533,30 +539,40 @@ hostkey_method_ssh_ecdsa_init(LIBSSH2_SESSION * session,
if(strncmp((char *) type_str, "ecdsa-sha2-nistp256", 19) == 0) { if(strncmp((char *) type_str, "ecdsa-sha2-nistp256", 19) == 0) {
type = LIBSSH2_EC_CURVE_NISTP256; type = LIBSSH2_EC_CURVE_NISTP256;
}else if(strncmp((char*) type_str, "ecdsa-sha2-nistp384", 19) == 0 ){ }
else if(strncmp((char *) type_str, "ecdsa-sha2-nistp384", 19) == 0) {
type = LIBSSH2_EC_CURVE_NISTP384; type = LIBSSH2_EC_CURVE_NISTP384;
}else if(strncmp((char*) type_str, "ecdsa-sha2-nistp521", 19) == 0 ){ }
else if(strncmp((char *) type_str, "ecdsa-sha2-nistp521", 19) == 0) {
type = LIBSSH2_EC_CURVE_NISTP521; type = LIBSSH2_EC_CURVE_NISTP521;
}else{ }
else {
return -1; return -1;
} }
if(_libssh2_get_c_string(&buf, &domain) != 8) if(_libssh2_get_c_string(&buf, &domain) != 8)
return -1; return -1;
if ( type == LIBSSH2_EC_CURVE_NISTP256 && strncmp((char*)domain, "nistp256", 8) != 0){ if(type == LIBSSH2_EC_CURVE_NISTP256 &&
strncmp((char *)domain, "nistp256", 8) != 0) {
return -1; return -1;
}else if ( type == LIBSSH2_EC_CURVE_NISTP384 && strncmp((char*)domain, "nistp384", 8) != 0){ }
else if(type == LIBSSH2_EC_CURVE_NISTP384 &&
strncmp((char *)domain, "nistp384", 8) != 0) {
return -1; return -1;
}else if ( type == LIBSSH2_EC_CURVE_NISTP521 && strncmp((char*)domain, "nistp521", 8) != 0){ }
else if(type == LIBSSH2_EC_CURVE_NISTP521 &&
strncmp((char *)domain, "nistp521", 8) != 0) {
return -1; return -1;
} }
/* public key */ /* public key */
if((key_len = _libssh2_get_c_string(&buf, &public_key)) <= 0) key_len = _libssh2_get_c_string(&buf, &public_key);
if(key_len <= 0)
return -1; return -1;
if(_libssh2_ecdsa_curve_name_with_octal_new(&ecdsactx, public_key, key_len, type) ) if(_libssh2_ecdsa_curve_name_with_octal_new(&ecdsactx, public_key,
key_len, type))
return -1; return -1;
if(abstract != NULL) if(abstract != NULL)
@@ -584,7 +600,8 @@ hostkey_method_ssh_ecdsa_initPEM(LIBSSH2_SESSION * session,
*abstract = NULL; *abstract = NULL;
} }
ret = _libssh2_ecdsa_new_private(&ec_ctx, session, privkeyfile, passphrase); ret = _libssh2_ecdsa_new_private(&ec_ctx, session,
privkeyfile, passphrase);
if(abstract != NULL) if(abstract != NULL)
*abstract = ec_ctx; *abstract = ec_ctx;
@@ -614,7 +631,8 @@ hostkey_method_ssh_ecdsa_initPEMFromMemory(LIBSSH2_SESSION * session,
ret = _libssh2_ecdsa_new_private_frommemory(&ec_ctx, session, ret = _libssh2_ecdsa_new_private_frommemory(&ec_ctx, session,
privkeyfiledata, privkeyfiledata,
privkeyfiledata_len, passphrase); privkeyfiledata_len,
passphrase);
if(ret) { if(ret) {
return -1; return -1;
} }
@@ -647,7 +665,8 @@ hostkey_method_ssh_ecdsa_sig_verify(LIBSSH2_SESSION * session,
if(sig_len < 35) if(sig_len < 35)
return -1; return -1;
/* keyname_len(4) + keyname(19){"ecdsa-sha2-nistp256"} + signature_len(4) */ /* keyname_len(4) + keyname(19){"ecdsa-sha2-nistp256"} +
signature_len(4) */
buf.offset = 0; buf.offset = 0;
buf.data = (unsigned char *)sig; buf.data = (unsigned char *)sig;
buf.dataptr = buf.data; buf.dataptr = buf.data;
@@ -659,10 +678,12 @@ hostkey_method_ssh_ecdsa_sig_verify(LIBSSH2_SESSION * session,
if(_libssh2_get_u32(&buf, &len) != 0 || len < 8) if(_libssh2_get_u32(&buf, &len) != 0 || len < 8)
return -1; return -1;
if((r_len = _libssh2_get_c_string(&buf, &r)) <= 0) r_len = _libssh2_get_c_string(&buf, &r);
if(r_len <= 0)
return -1; return -1;
if((s_len = _libssh2_get_c_string(&buf, &s)) <= 0) s_len = _libssh2_get_c_string(&buf, &s);
if(s_len <= 0)
return -1; return -1;
return _libssh2_ecdsa_verify(ctx, r, r_len, s, s_len, m, m_len); return _libssh2_ecdsa_verify(ctx, r, r_len, s, s_len, m, m_len);
@@ -676,10 +697,12 @@ hostkey_method_ssh_ecdsa_sig_verify(LIBSSH2_SESSION * session,
int i; \ int i; \
libssh2_sha##digest_type##_init(&ctx); \ libssh2_sha##digest_type##_init(&ctx); \
for(i = 0; i < veccount; i++) { \ for(i = 0; i < veccount; i++) { \
libssh2_sha##digest_type##_update(ctx, datavec[i].iov_base, datavec[i].iov_len); \ libssh2_sha##digest_type##_update(ctx, datavec[i].iov_base, \
datavec[i].iov_len); \
} \ } \
libssh2_sha##digest_type##_final(ctx, hash); \ libssh2_sha##digest_type##_final(ctx, hash); \
ret = _libssh2_ecdsa_sign(session, ec_ctx, hash, SHA##digest_type##_DIGEST_LENGTH, \ ret = _libssh2_ecdsa_sign(session, ec_ctx, hash, \
SHA##digest_type##_DIGEST_LENGTH, \
signature, signature_len); \ signature, signature_len); \
} }
@@ -851,7 +874,8 @@ hostkey_method_ssh_ed25519_initPEM(LIBSSH2_SESSION * session,
*abstract = NULL; *abstract = NULL;
} }
ret = _libssh2_ed25519_new_private(&ec_ctx, session, privkeyfile, passphrase); ret = _libssh2_ed25519_new_private(&ec_ctx, session,
privkeyfile, passphrase);
if(ret) { if(ret) {
return -1; return -1;
} }
@@ -883,7 +907,8 @@ hostkey_method_ssh_ed25519_initPEMFromMemory(LIBSSH2_SESSION * session,
ret = _libssh2_ed25519_new_private_frommemory(&ed_ctx, session, ret = _libssh2_ed25519_new_private_frommemory(&ed_ctx, session,
privkeyfiledata, privkeyfiledata,
privkeyfiledata_len, passphrase); privkeyfiledata_len,
passphrase);
if(ret) { if(ret) {
return -1; return -1;
} }
@@ -912,7 +937,8 @@ hostkey_method_ssh_ed25519_sig_verify(LIBSSH2_SESSION * session,
if(sig_len < 19) if(sig_len < 19)
return -1; return -1;
/* Skip past keyname_len(4) + keyname(11){"ssh-ed25519"} + signature_len(4) */ /* Skip past keyname_len(4) + keyname(11){"ssh-ed25519"} +
signature_len(4) */
sig += 19; sig += 19;
sig_len -= 19; sig_len -= 19;
@@ -1047,13 +1073,16 @@ static int hostkey_type(const unsigned char *hostkey, size_t len)
0, 0, 0, 0x07, 's', 's', 'h', '-', 'd', 's', 's' 0, 0, 0, 0x07, 's', 's', 'h', '-', 'd', 's', 's'
}; };
static const unsigned char ecdsa_256[] = { static const unsigned char ecdsa_256[] = {
0, 0, 0, 0x13, 'e', 'c', 'd', 's', 'a', '-', 's', 'h', 'a', '2', '-', 'n', 'i', 's', 't', 'p', '2', '5', '6' 0, 0, 0, 0x13, 'e', 'c', 'd', 's', 'a', '-', 's', 'h', 'a', '2', '-',
'n', 'i', 's', 't', 'p', '2', '5', '6'
}; };
static const unsigned char ecdsa_384[] = { static const unsigned char ecdsa_384[] = {
0, 0, 0, 0x13, 'e', 'c', 'd', 's', 'a', '-', 's', 'h', 'a', '2', '-', 'n', 'i', 's', 't', 'p', '3', '8', '4' 0, 0, 0, 0x13, 'e', 'c', 'd', 's', 'a', '-', 's', 'h', 'a', '2', '-',
'n', 'i', 's', 't', 'p', '3', '8', '4'
}; };
static const unsigned char ecdsa_521[] = { static const unsigned char ecdsa_521[] = {
0, 0, 0, 0x13, 'e', 'c', 'd', 's', 'a', '-', 's', 'h', 'a', '2', '-', 'n', 'i', 's', 't', 'p', '5', '2', '1' 0, 0, 0, 0x13, 'e', 'c', 'd', 's', 'a', '-', 's', 'h', 'a', '2', '-',
'n', 'i', 's', 't', 'p', '5', '2', '1'
}; };
static const unsigned char ed25519[] = { static const unsigned char ed25519[] = {
0, 0, 0, 0x0b, 's', 's', 'h', '-', 'e', 'd', '2', '5', '5', '1', '9' 0, 0, 0, 0x0b, 's', 's', 'h', '-', 'e', 'd', '2', '5', '5', '1', '9'

321
src/kex.c
View File

@@ -43,7 +43,8 @@
#include "mac.h" #include "mac.h"
/* TODO: Switch this to an inline and handle alloc() failures */ /* TODO: Switch this to an inline and handle alloc() failures */
/* Helper macro called from kex_method_diffie_hellman_group1_sha1_key_exchange */ /* Helper macro called from
kex_method_diffie_hellman_group1_sha1_key_exchange */
#define LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(value, reqlen, version) \ #define LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(value, reqlen, version) \
{ \ { \
libssh2_sha1_ctx hash; \ libssh2_sha1_ctx hash; \
@@ -86,19 +87,23 @@
} \ } \
#define LIBSSH2_KEX_METHOD_SHA_VALUE_HASH(digest_type, value, reqlen, version) \ #define LIBSSH2_KEX_METHOD_SHA_VALUE_HASH(digest_type, value, \
reqlen, version) \
{ \ { \
libssh2_sha##digest_type##_ctx hash; \ libssh2_sha##digest_type##_ctx hash; \
unsigned long len = 0; \ unsigned long len = 0; \
if(!(value)) { \ if(!(value)) { \
value = LIBSSH2_ALLOC(session, reqlen + SHA##digest_type##_DIGEST_LENGTH); \ value = LIBSSH2_ALLOC(session, \
reqlen + SHA##digest_type##_DIGEST_LENGTH); \
} \ } \
if(value) \ if(value) \
while(len < (unsigned long)reqlen) { \ while(len < (unsigned long)reqlen) { \
libssh2_sha##digest_type##_init(&hash); \ libssh2_sha##digest_type##_init(&hash); \
libssh2_sha##digest_type##_update(hash, exchange_state->k_value, \ libssh2_sha##digest_type##_update(hash, \
exchange_state->k_value, \
exchange_state->k_value_len); \ exchange_state->k_value_len); \
libssh2_sha##digest_type##_update(hash, exchange_state->h_sig_comp, \ libssh2_sha##digest_type##_update(hash, \
exchange_state->h_sig_comp, \
SHA##digest_type##_DIGEST_LENGTH); \ SHA##digest_type##_DIGEST_LENGTH); \
if(len > 0) { \ if(len > 0) { \
libssh2_sha##digest_type##_update(hash, value, len); \ libssh2_sha##digest_type##_update(hash, value, len); \
@@ -141,8 +146,10 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
exchange_state->ctx = _libssh2_bn_ctx_new(); exchange_state->ctx = _libssh2_bn_ctx_new();
libssh2_dh_init(&exchange_state->x); libssh2_dh_init(&exchange_state->x);
exchange_state->e = _libssh2_bn_init(); /* g^x mod p */ exchange_state->e = _libssh2_bn_init(); /* g^x mod p */
exchange_state->f = _libssh2_bn_init_from_bin(); /* g^(Random from server) mod p */ exchange_state->f = _libssh2_bn_init_from_bin(); /* g^(Random from
exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod p */ server) mod p */
exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod
p */
/* Zero the whole thing out */ /* Zero the whole thing out */
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
@@ -210,7 +217,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
int burn_type; int burn_type;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Waiting for badly guessed KEX packet (to be ignored)"); "Waiting for badly guessed KEX packet "
"(to be ignored)");
burn_type = burn_type =
_libssh2_packet_burn(session, &exchange_state->burn_state); _libssh2_packet_burn(session, &exchange_state->burn_state);
if(burn_type == LIBSSH2_ERROR_EAGAIN) { if(burn_type == LIBSSH2_ERROR_EAGAIN) {
@@ -353,11 +361,14 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
#ifdef LIBSSH2DEBUG #ifdef LIBSSH2DEBUG
{ {
char *base64Fingerprint = NULL; char *base64Fingerprint = NULL;
_libssh2_base64_encode(session, (const char *)session->server_hostkey_sha256, _libssh2_base64_encode(session,
(const char *)
session->server_hostkey_sha256,
SHA256_DIGEST_LENGTH, &base64Fingerprint); SHA256_DIGEST_LENGTH, &base64Fingerprint);
if(base64Fingerprint != NULL) { if(base64Fingerprint != NULL) {
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Server's SHA256 Fingerprint: %s", base64Fingerprint); "Server's SHA256 Fingerprint: %s",
base64Fingerprint);
LIBSSH2_FREE(session, base64Fingerprint); LIBSSH2_FREE(session, base64Fingerprint);
} }
} }
@@ -426,7 +437,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
libssh2_sha1_update(exchange_hash_ctx, libssh2_sha1_update(exchange_hash_ctx,
exchange_state->h_sig_comp, 4); exchange_state->h_sig_comp, 4);
libssh2_sha1_update(exchange_hash_ctx, libssh2_sha1_update(exchange_hash_ctx,
(const unsigned char *)LIBSSH2_SSH_DEFAULT_BANNER, (const unsigned char *)
LIBSSH2_SSH_DEFAULT_BANNER,
sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1); sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
} }
@@ -526,7 +538,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
return rc; return rc;
} }
else if(rc) { else if(rc) {
ret = _libssh2_error(session, rc, "Unable to send NEWKEYS message"); ret = _libssh2_error(session, rc,
"Unable to send NEWKEYS message");
goto clean_exit; goto clean_exit;
} }
@@ -558,13 +571,15 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
session->session_id = LIBSSH2_ALLOC(session, SHA_DIGEST_LENGTH); session->session_id = LIBSSH2_ALLOC(session, SHA_DIGEST_LENGTH);
if(!session->session_id) { if(!session->session_id) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate buffer for SHA digest"); "Unable to allocate buffer for "
"SHA digest");
goto clean_exit; goto clean_exit;
} }
memcpy(session->session_id, exchange_state->h_sig_comp, memcpy(session->session_id, exchange_state->h_sig_comp,
SHA_DIGEST_LENGTH); SHA_DIGEST_LENGTH);
session->session_id_len = SHA_DIGEST_LENGTH; session->session_id_len = SHA_DIGEST_LENGTH;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, "session_id calculated"); _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"session_id calculated");
} }
/* Cleanup any existing cipher */ /* Cleanup any existing cipher */
@@ -581,7 +596,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(iv, LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(iv,
session->local.crypt-> session->local.crypt->
iv_len, iv_len,
(const unsigned char *)"A"); (const unsigned char *)
"A");
if(!iv) { if(!iv) {
ret = -1; ret = -1;
goto clean_exit; goto clean_exit;
@@ -589,7 +605,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret, LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret,
session->local.crypt-> session->local.crypt->
secret_len, secret_len,
(const unsigned char *)"C"); (const unsigned char *)
"C");
if(!secret) { if(!secret) {
LIBSSH2_FREE(session, iv); LIBSSH2_FREE(session, iv);
ret = LIBSSH2_ERROR_KEX_FAILURE; ret = LIBSSH2_ERROR_KEX_FAILURE;
@@ -610,7 +627,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
} }
if(free_secret) { if(free_secret) {
_libssh2_explicit_zero(secret, session->local.crypt->secret_len); _libssh2_explicit_zero(secret,
session->local.crypt->secret_len);
LIBSSH2_FREE(session, secret); LIBSSH2_FREE(session, secret);
} }
} }
@@ -630,7 +648,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(iv, LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(iv,
session->remote.crypt-> session->remote.crypt->
iv_len, iv_len,
(const unsigned char *)"B"); (const unsigned char *)
"B");
if(!iv) { if(!iv) {
ret = LIBSSH2_ERROR_KEX_FAILURE; ret = LIBSSH2_ERROR_KEX_FAILURE;
goto clean_exit; goto clean_exit;
@@ -638,7 +657,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret, LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret,
session->remote.crypt-> session->remote.crypt->
secret_len, secret_len,
(const unsigned char *)"D"); (const unsigned char *)
"D");
if(!secret) { if(!secret) {
LIBSSH2_FREE(session, iv); LIBSSH2_FREE(session, iv);
ret = LIBSSH2_ERROR_KEX_FAILURE; ret = LIBSSH2_ERROR_KEX_FAILURE;
@@ -659,7 +679,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
} }
if(free_secret) { if(free_secret) {
_libssh2_explicit_zero(secret, session->remote.crypt->secret_len); _libssh2_explicit_zero(secret,
session->remote.crypt->secret_len);
LIBSSH2_FREE(session, secret); LIBSSH2_FREE(session, secret);
} }
} }
@@ -677,7 +698,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key, LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key,
session->local.mac-> session->local.mac->
key_len, key_len,
(const unsigned char *)"E"); (const unsigned char *)
"E");
if(!key) { if(!key) {
ret = LIBSSH2_ERROR_KEX_FAILURE; ret = LIBSSH2_ERROR_KEX_FAILURE;
goto clean_exit; goto clean_exit;
@@ -704,7 +726,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key, LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key,
session->remote.mac-> session->remote.mac->
key_len, key_len,
(const unsigned char *)"F"); (const unsigned char *)
"F");
if(!key) { if(!key) {
ret = LIBSSH2_ERROR_KEX_FAILURE; ret = LIBSSH2_ERROR_KEX_FAILURE;
goto clean_exit; goto clean_exit;
@@ -814,8 +837,10 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
exchange_state->ctx = _libssh2_bn_ctx_new(); exchange_state->ctx = _libssh2_bn_ctx_new();
libssh2_dh_init(&exchange_state->x); libssh2_dh_init(&exchange_state->x);
exchange_state->e = _libssh2_bn_init(); /* g^x mod p */ exchange_state->e = _libssh2_bn_init(); /* g^x mod p */
exchange_state->f = _libssh2_bn_init_from_bin(); /* g^(Random from server) mod p */ exchange_state->f = _libssh2_bn_init_from_bin(); /* g^(Random from
exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod p */ server) mod p */
exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod
p */
/* Zero the whole thing out */ /* Zero the whole thing out */
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
@@ -883,7 +908,8 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
int burn_type; int burn_type;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Waiting for badly guessed KEX packet (to be ignored)"); "Waiting for badly guessed KEX packet "
"(to be ignored)");
burn_type = burn_type =
_libssh2_packet_burn(session, &exchange_state->burn_state); _libssh2_packet_burn(session, &exchange_state->burn_state);
if(burn_type == LIBSSH2_ERROR_EAGAIN) { if(burn_type == LIBSSH2_ERROR_EAGAIN) {
@@ -1026,11 +1052,14 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
#ifdef LIBSSH2DEBUG #ifdef LIBSSH2DEBUG
{ {
char *base64Fingerprint = NULL; char *base64Fingerprint = NULL;
_libssh2_base64_encode(session, (const char *)session->server_hostkey_sha256, _libssh2_base64_encode(session,
(const char *)
session->server_hostkey_sha256,
SHA256_DIGEST_LENGTH, &base64Fingerprint); SHA256_DIGEST_LENGTH, &base64Fingerprint);
if(base64Fingerprint != NULL) { if(base64Fingerprint != NULL) {
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Server's SHA256 Fingerprint: %s", base64Fingerprint); "Server's SHA256 Fingerprint: %s",
base64Fingerprint);
LIBSSH2_FREE(session, base64Fingerprint); LIBSSH2_FREE(session, base64Fingerprint);
} }
} }
@@ -1098,7 +1127,8 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
libssh2_sha256_update(exchange_hash_ctx, libssh2_sha256_update(exchange_hash_ctx,
exchange_state->h_sig_comp, 4); exchange_state->h_sig_comp, 4);
libssh2_sha256_update(exchange_hash_ctx, libssh2_sha256_update(exchange_hash_ctx,
(const unsigned char *)LIBSSH2_SSH_DEFAULT_BANNER, (const unsigned char *)
LIBSSH2_SSH_DEFAULT_BANNER,
sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1); sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
} }
@@ -1180,7 +1210,8 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
if(session->hostkey-> if(session->hostkey->
sig_verify(session, exchange_state->h_sig, sig_verify(session, exchange_state->h_sig,
exchange_state->h_sig_len, exchange_state->h_sig_comp, exchange_state->h_sig_len, exchange_state->h_sig_comp,
SHA256_DIGEST_LENGTH, &session->server_hostkey_abstract)) { SHA256_DIGEST_LENGTH,
&session->server_hostkey_abstract)) {
ret = _libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_SIGN, ret = _libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_SIGN,
"Unable to verify hostkey signature"); "Unable to verify hostkey signature");
goto clean_exit; goto clean_exit;
@@ -1200,7 +1231,8 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
return rc; return rc;
} }
else if(rc) { else if(rc) {
ret = _libssh2_error(session, rc, "Unable to send NEWKEYS message"); ret = _libssh2_error(session, rc,
"Unable to send NEWKEYS message");
goto clean_exit; goto clean_exit;
} }
@@ -1232,13 +1264,15 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
session->session_id = LIBSSH2_ALLOC(session, SHA256_DIGEST_LENGTH); session->session_id = LIBSSH2_ALLOC(session, SHA256_DIGEST_LENGTH);
if(!session->session_id) { if(!session->session_id) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate buffer for SHA digest"); "Unable to allocate buffer for "
"SHA digest");
goto clean_exit; goto clean_exit;
} }
memcpy(session->session_id, exchange_state->h_sig_comp, memcpy(session->session_id, exchange_state->h_sig_comp,
SHA256_DIGEST_LENGTH); SHA256_DIGEST_LENGTH);
session->session_id_len = SHA256_DIGEST_LENGTH; session->session_id_len = SHA256_DIGEST_LENGTH;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, "session_id calculated"); _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"session_id calculated");
} }
/* Cleanup any existing cipher */ /* Cleanup any existing cipher */
@@ -1284,7 +1318,8 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
} }
if(free_secret) { if(free_secret) {
_libssh2_explicit_zero(secret, session->local.crypt->secret_len); _libssh2_explicit_zero(secret,
session->local.crypt->secret_len);
LIBSSH2_FREE(session, secret); LIBSSH2_FREE(session, secret);
} }
} }
@@ -1333,7 +1368,8 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
} }
if(free_secret) { if(free_secret) {
_libssh2_explicit_zero(secret, session->remote.crypt->secret_len); _libssh2_explicit_zero(secret,
session->remote.crypt->secret_len);
LIBSSH2_FREE(session, secret); LIBSSH2_FREE(session, secret);
} }
} }
@@ -1493,7 +1529,8 @@ kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SESSION *session,
if(key_state->state == libssh2_NB_state_idle) { if(key_state->state == libssh2_NB_state_idle) {
/* g == 2 */ /* g == 2 */
key_state->p = _libssh2_bn_init_from_bin(); /* SSH2 defined value (p_value) */ key_state->p = _libssh2_bn_init_from_bin(); /* SSH2 defined value
(p_value) */
key_state->g = _libssh2_bn_init(); /* SSH2 defined value (2) */ key_state->g = _libssh2_bn_init(); /* SSH2 defined value (2) */
/* Initialize P and G */ /* Initialize P and G */
@@ -1568,7 +1605,8 @@ kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_SESSION *session,
int ret; int ret;
if(key_state->state == libssh2_NB_state_idle) { if(key_state->state == libssh2_NB_state_idle) {
key_state->p = _libssh2_bn_init_from_bin(); /* SSH2 defined value (p_value) */ key_state->p = _libssh2_bn_init_from_bin(); /* SSH2 defined value
(p_value) */
key_state->g = _libssh2_bn_init(); /* SSH2 defined value (2) */ key_state->g = _libssh2_bn_init(); /* SSH2 defined value (2) */
/* g == 2 */ /* g == 2 */
@@ -1621,13 +1659,15 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
_libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP); _libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP);
key_state->request_len = 13; key_state->request_len = 13;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Initiating Diffie-Hellman Group-Exchange (New Method)"); "Initiating Diffie-Hellman Group-Exchange "
"(New Method)");
#else #else
key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD; key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD;
_libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP); _libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP);
key_state->request_len = 5; key_state->request_len = 5;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Initiating Diffie-Hellman Group-Exchange (Old Method)"); "Initiating Diffie-Hellman Group-Exchange "
"(Old Method)");
#endif #endif
key_state->state = libssh2_NB_state_created; key_state->state = libssh2_NB_state_created;
@@ -1682,13 +1722,15 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
buf.dataptr++; /* increment to big num */ buf.dataptr++; /* increment to big num */
if((p_len = _libssh2_get_bignum_bytes(&buf, &p)) <= 0) { p_len = _libssh2_get_bignum_bytes(&buf, &p);
if(p_len <= 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Unexpected value"); "Unexpected value");
goto dh_gex_clean_exit; goto dh_gex_clean_exit;
} }
if((g_len = _libssh2_get_bignum_bytes(&buf, &g)) <= 0) { g_len = _libssh2_get_bignum_bytes(&buf, &g);
if(g_len <= 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Unexpected value"); "Unexpected value");
goto dh_gex_clean_exit; goto dh_gex_clean_exit;
@@ -1744,13 +1786,15 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
_libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP); _libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP);
key_state->request_len = 13; key_state->request_len = 13;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Initiating Diffie-Hellman Group-Exchange (New Method SHA256)"); "Initiating Diffie-Hellman Group-Exchange "
"(New Method SHA256)");
#else #else
key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD; key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD;
_libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP); _libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP);
key_state->request_len = 5; key_state->request_len = 5;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Initiating Diffie-Hellman Group-Exchange (Old Method SHA256)"); "Initiating Diffie-Hellman Group-Exchange "
"(Old Method SHA256)");
#endif #endif
key_state->state = libssh2_NB_state_created; key_state->state = libssh2_NB_state_created;
@@ -1764,7 +1808,8 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
} }
else if(rc) { else if(rc) {
ret = _libssh2_error(session, rc, ret = _libssh2_error(session, rc,
"Unable to send Group Exchange Request SHA256"); "Unable to send "
"Group Exchange Request SHA256");
goto dh_gex_clean_exit; goto dh_gex_clean_exit;
} }
@@ -1805,13 +1850,15 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
buf.dataptr++; /* increment to big num */ buf.dataptr++; /* increment to big num */
if((p_len = _libssh2_get_bignum_bytes(&buf, &p)) <= 0) { p_len = _libssh2_get_bignum_bytes(&buf, &p);
if(p_len <= 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Unexpected value"); "Unexpected value");
goto dh_gex_clean_exit; goto dh_gex_clean_exit;
} }
if((g_len = _libssh2_get_bignum_bytes(&buf, &g)) <= 0) { g_len = _libssh2_get_bignum_bytes(&buf, &g);
if(g_len <= 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Unexpected value"); "Unexpected value");
goto dh_gex_clean_exit; goto dh_gex_clean_exit;
@@ -1896,10 +1943,8 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
#define LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY(digest_type) \ #define LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY(digest_type) \
{ \ { \
\
libssh2_sha##digest_type##_ctx ctx; \ libssh2_sha##digest_type##_ctx ctx; \
exchange_state->exchange_hash = (void *)&ctx; \ exchange_state->exchange_hash = (void *)&ctx; \
\
libssh2_sha##digest_type##_init(&ctx); \ libssh2_sha##digest_type##_init(&ctx); \
if(session->local.banner) { \ if(session->local.banner) { \
_libssh2_htonu32(exchange_state->h_sig_comp, \ _libssh2_htonu32(exchange_state->h_sig_comp, \
@@ -1908,7 +1953,9 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
exchange_state->h_sig_comp, 4); \ exchange_state->h_sig_comp, 4); \
libssh2_sha##digest_type##_update(ctx, \ libssh2_sha##digest_type##_update(ctx, \
(char *) session->local.banner, \ (char *) session->local.banner, \
strlen((char *) session->local.banner) - 2); \ strlen((char *) \
session->local.banner) \
- 2); \
} \ } \
else { \ else { \
_libssh2_htonu32(exchange_state->h_sig_comp, \ _libssh2_htonu32(exchange_state->h_sig_comp, \
@@ -1917,7 +1964,8 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
exchange_state->h_sig_comp, 4); \ exchange_state->h_sig_comp, 4); \
libssh2_sha##digest_type##_update(ctx, \ libssh2_sha##digest_type##_update(ctx, \
LIBSSH2_SSH_DEFAULT_BANNER, \ LIBSSH2_SSH_DEFAULT_BANNER, \
sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1); \ sizeof(LIBSSH2_SSH_DEFAULT_BANNER) \
- 1); \
} \ } \
\ \
_libssh2_htonu32(exchange_state->h_sig_comp, \ _libssh2_htonu32(exchange_state->h_sig_comp, \
@@ -1926,7 +1974,8 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
exchange_state->h_sig_comp, 4); \ exchange_state->h_sig_comp, 4); \
libssh2_sha##digest_type##_update(ctx, \ libssh2_sha##digest_type##_update(ctx, \
session->remote.banner, \ session->remote.banner, \
strlen((char *) session->remote.banner)); \ strlen((char *) \
session->remote.banner)); \
\ \
_libssh2_htonu32(exchange_state->h_sig_comp, \ _libssh2_htonu32(exchange_state->h_sig_comp, \
session->local.kexinit_len); \ session->local.kexinit_len); \
@@ -1977,7 +2026,8 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
if(session->hostkey-> \ if(session->hostkey-> \
sig_verify(session, exchange_state->h_sig, \ sig_verify(session, exchange_state->h_sig, \
exchange_state->h_sig_len, exchange_state->h_sig_comp, \ exchange_state->h_sig_len, exchange_state->h_sig_comp, \
SHA##digest_type##_DIGEST_LENGTH, &session->server_hostkey_abstract)) { \ SHA##digest_type##_DIGEST_LENGTH, \
&session->server_hostkey_abstract)) { \
rc = -1; \ rc = -1; \
} \ } \
} \ } \
@@ -1988,7 +2038,8 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
*/ */
static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type, static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
unsigned char *data, size_t data_len, unsigned char *public_key, unsigned char *data, size_t data_len,
unsigned char *public_key,
size_t public_key_len, _libssh2_ec_key *private_key, size_t public_key_len, _libssh2_ec_key *private_key,
kmdhgGPshakex_state_t *exchange_state) kmdhgGPshakex_state_t *exchange_state)
{ {
@@ -2018,10 +2069,12 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
size_t server_public_key_len; size_t server_public_key_len;
size_t host_sig_len; size_t host_sig_len;
session->server_hostkey_len = _libssh2_ntohu32((const unsigned char *)s); session->server_hostkey_len =
_libssh2_ntohu32((const unsigned char *)s);
s += 4; s += 4;
session->server_hostkey = LIBSSH2_ALLOC(session, session->server_hostkey_len); session->server_hostkey = LIBSSH2_ALLOC(session,
session->server_hostkey_len);
if(!session->server_hostkey) { if(!session->server_hostkey) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for a copy " "Unable to allocate memory for a copy "
@@ -2039,7 +2092,8 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
if(libssh2_md5_init(&fingerprint_ctx)) { if(libssh2_md5_init(&fingerprint_ctx)) {
libssh2_md5_update(fingerprint_ctx, session->server_hostkey, libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len); session->server_hostkey_len);
libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5); libssh2_md5_final(fingerprint_ctx,
session->server_hostkey_md5);
session->server_hostkey_md5_valid = TRUE; session->server_hostkey_md5_valid = TRUE;
} }
else { else {
@@ -2066,7 +2120,8 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
if(libssh2_sha1_init(&fingerprint_ctx)) { if(libssh2_sha1_init(&fingerprint_ctx)) {
libssh2_sha1_update(fingerprint_ctx, session->server_hostkey, libssh2_sha1_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len); session->server_hostkey_len);
libssh2_sha1_final(fingerprint_ctx, session->server_hostkey_sha1); libssh2_sha1_final(fingerprint_ctx,
session->server_hostkey_sha1);
session->server_hostkey_sha1_valid = TRUE; session->server_hostkey_sha1_valid = TRUE;
} }
else { else {
@@ -2094,7 +2149,8 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
if(libssh2_sha256_init(&fingerprint_ctx)) { if(libssh2_sha256_init(&fingerprint_ctx)) {
libssh2_sha256_update(fingerprint_ctx, session->server_hostkey, libssh2_sha256_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len); session->server_hostkey_len);
libssh2_sha256_final(fingerprint_ctx, session->server_hostkey_sha256); libssh2_sha256_final(fingerprint_ctx,
session->server_hostkey_sha256);
session->server_hostkey_sha256_valid = TRUE; session->server_hostkey_sha256_valid = TRUE;
} }
else { else {
@@ -2104,10 +2160,14 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
#ifdef LIBSSH2DEBUG #ifdef LIBSSH2DEBUG
{ {
char *base64Fingerprint = NULL; char *base64Fingerprint = NULL;
_libssh2_base64_encode(session, (const char *)session->server_hostkey_sha256, SHA256_DIGEST_LENGTH, &base64Fingerprint); _libssh2_base64_encode(session,
(const char *)
session->server_hostkey_sha256,
SHA256_DIGEST_LENGTH, &base64Fingerprint);
if(base64Fingerprint != NULL) { if(base64Fingerprint != NULL) {
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Server's SHA256 Fingerprint: %s", base64Fingerprint); "Server's SHA256 Fingerprint: %s",
base64Fingerprint);
LIBSSH2_FREE(session, base64Fingerprint); LIBSSH2_FREE(session, base64Fingerprint);
} }
} }
@@ -2137,7 +2197,8 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
s += host_sig_len; s += host_sig_len;
/* Compute the shared secret K */ /* Compute the shared secret K */
rc = _libssh2_ecdh_gen_k(&exchange_state->k, private_key, server_public_key, server_public_key_len); rc = _libssh2_ecdh_gen_k(&exchange_state->k, private_key,
server_public_key, server_public_key_len);
if(rc != 0) { if(rc != 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_KEX_FAILURE, ret = _libssh2_error(session, LIBSSH2_ERROR_KEX_FAILURE,
"Unable to create ECDH shared secret"); "Unable to create ECDH shared secret");
@@ -2197,7 +2258,8 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
return rc; return rc;
} }
else if(rc) { else if(rc) {
ret = _libssh2_error(session, rc, "Unable to send NEWKEYS message"); ret = _libssh2_error(session, rc,
"Unable to send NEWKEYS message");
goto clean_exit; goto clean_exit;
} }
@@ -2245,13 +2307,15 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
session->session_id = LIBSSH2_ALLOC(session, digest_length); session->session_id = LIBSSH2_ALLOC(session, digest_length);
if(!session->session_id) { if(!session->session_id) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate buffer for SHA digest"); "Unable to allocate buffer for "
"SHA digest");
goto clean_exit; goto clean_exit;
} }
memcpy(session->session_id, exchange_state->h_sig_comp, memcpy(session->session_id, exchange_state->h_sig_comp,
digest_length); digest_length);
session->session_id_len = digest_length; session->session_id_len = digest_length;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, "session_id calculated"); _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"session_id calculated");
} }
/* Cleanup any existing cipher */ /* Cleanup any existing cipher */
@@ -2297,7 +2361,8 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
} }
if(free_secret) { if(free_secret) {
_libssh2_explicit_zero(secret, session->local.crypt->secret_len); _libssh2_explicit_zero(secret,
session->local.crypt->secret_len);
LIBSSH2_FREE(session, secret); LIBSSH2_FREE(session, secret);
} }
} }
@@ -2346,7 +2411,8 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
} }
if(free_secret) { if(free_secret) {
_libssh2_explicit_zero(secret, session->remote.crypt->secret_len); _libssh2_explicit_zero(secret,
session->remote.crypt->secret_len);
LIBSSH2_FREE(session, secret); LIBSSH2_FREE(session, secret);
} }
} }
@@ -2488,7 +2554,8 @@ kex_method_ecdh_key_exchange
} }
rc = _libssh2_ecdsa_create_key(session, &key_state->private_key, rc = _libssh2_ecdsa_create_key(session, &key_state->private_key,
&key_state->public_key_oct, &key_state->public_key_oct_len, type); &key_state->public_key_oct,
&key_state->public_key_oct_len, type);
if(rc != 0) { if(rc != 0) {
ret = _libssh2_error(session, rc, ret = _libssh2_error(session, rc,
@@ -2498,7 +2565,8 @@ kex_method_ecdh_key_exchange
key_state->request[0] = SSH2_MSG_KEX_ECDH_INIT; key_state->request[0] = SSH2_MSG_KEX_ECDH_INIT;
s = key_state->request + 1; s = key_state->request + 1;
_libssh2_store_str(&s, (const char *)key_state->public_key_oct, key_state->public_key_oct_len); _libssh2_store_str(&s, (const char *)key_state->public_key_oct,
key_state->public_key_oct_len);
key_state->request_len = key_state->public_key_oct_len + 5; key_state->request_len = key_state->public_key_oct_len + 5;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
@@ -2542,8 +2610,12 @@ kex_method_ecdh_key_exchange
(void)kex_session_ecdh_curve_type(session->kex->name, &type); (void)kex_session_ecdh_curve_type(session->kex->name, &type);
ret = ecdh_sha2_nistp(session, type, key_state->data, key_state->data_len, (unsigned char *)key_state->public_key_oct, ret = ecdh_sha2_nistp(session, type, key_state->data,
key_state->public_key_oct_len, key_state->private_key, &key_state->exchange_state); key_state->data_len,
(unsigned char *)key_state->public_key_oct,
key_state->public_key_oct_len,
key_state->private_key,
&key_state->exchange_state);
if(ret == LIBSSH2_ERROR_EAGAIN) { if(ret == LIBSSH2_ERROR_EAGAIN) {
return ret; return ret;
@@ -2578,8 +2650,10 @@ ecdh_clean_exit:
* Elliptic Curve Key Exchange * Elliptic Curve Key Exchange
*/ */
static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data, static int
size_t data_len, unsigned char public_key[LIBSSH2_ED25519_KEY_LEN], curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
size_t data_len,
unsigned char public_key[LIBSSH2_ED25519_KEY_LEN],
unsigned char private_key[LIBSSH2_ED25519_KEY_LEN], unsigned char private_key[LIBSSH2_ED25519_KEY_LEN],
kmdhgGPshakex_state_t *exchange_state) kmdhgGPshakex_state_t *exchange_state)
{ {
@@ -2618,13 +2692,16 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
buf.dataptr = buf.data; buf.dataptr = buf.data;
buf.dataptr++; /* advance past packet type */ buf.dataptr++; /* advance past packet type */
if((session->server_hostkey_len = _libssh2_get_c_string(&buf, &server_host_key)) <= 0) { session->server_hostkey_len =
_libssh2_get_c_string(&buf, &server_host_key);
if(session->server_hostkey_len <= 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Unexpected key length"); "Unexpected key length");
goto clean_exit; goto clean_exit;
} }
session->server_hostkey = LIBSSH2_ALLOC(session, session->server_hostkey_len); session->server_hostkey = LIBSSH2_ALLOC(session,
session->server_hostkey_len);
if(!session->server_hostkey) { if(!session->server_hostkey) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for a copy " "Unable to allocate memory for a copy "
@@ -2632,7 +2709,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
goto clean_exit; goto clean_exit;
} }
memcpy(session->server_hostkey, server_host_key, session->server_hostkey_len); memcpy(session->server_hostkey, server_host_key,
session->server_hostkey_len);
#if LIBSSH2_MD5 #if LIBSSH2_MD5
{ {
@@ -2641,7 +2719,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
if(libssh2_md5_init(&fingerprint_ctx)) { if(libssh2_md5_init(&fingerprint_ctx)) {
libssh2_md5_update(fingerprint_ctx, session->server_hostkey, libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len); session->server_hostkey_len);
libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5); libssh2_md5_final(fingerprint_ctx,
session->server_hostkey_md5);
session->server_hostkey_md5_valid = TRUE; session->server_hostkey_md5_valid = TRUE;
} }
else { else {
@@ -2668,7 +2747,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
if(libssh2_sha1_init(&fingerprint_ctx)) { if(libssh2_sha1_init(&fingerprint_ctx)) {
libssh2_sha1_update(fingerprint_ctx, session->server_hostkey, libssh2_sha1_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len); session->server_hostkey_len);
libssh2_sha1_final(fingerprint_ctx, session->server_hostkey_sha1); libssh2_sha1_final(fingerprint_ctx,
session->server_hostkey_sha1);
session->server_hostkey_sha1_valid = TRUE; session->server_hostkey_sha1_valid = TRUE;
} }
else { else {
@@ -2696,7 +2776,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
if(libssh2_sha256_init(&fingerprint_ctx)) { if(libssh2_sha256_init(&fingerprint_ctx)) {
libssh2_sha256_update(fingerprint_ctx, session->server_hostkey, libssh2_sha256_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len); session->server_hostkey_len);
libssh2_sha256_final(fingerprint_ctx, session->server_hostkey_sha256); libssh2_sha256_final(fingerprint_ctx,
session->server_hostkey_sha256);
session->server_hostkey_sha256_valid = TRUE; session->server_hostkey_sha256_valid = TRUE;
} }
else { else {
@@ -2706,10 +2787,14 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
#ifdef LIBSSH2DEBUG #ifdef LIBSSH2DEBUG
{ {
char *base64Fingerprint = NULL; char *base64Fingerprint = NULL;
_libssh2_base64_encode(session, (const char*)session->server_hostkey_sha256, SHA256_DIGEST_LENGTH, &base64Fingerprint); _libssh2_base64_encode(session,
(const char *)
session->server_hostkey_sha256,
SHA256_DIGEST_LENGTH, &base64Fingerprint);
if(base64Fingerprint != NULL) { if(base64Fingerprint != NULL) {
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Server's SHA256 Fingerprint: %s", base64Fingerprint); "Server's SHA256 Fingerprint: %s",
base64Fingerprint);
LIBSSH2_FREE(session, base64Fingerprint); LIBSSH2_FREE(session, base64Fingerprint);
} }
} }
@@ -2733,7 +2818,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
if(server_public_key_len != LIBSSH2_ED25519_KEY_LEN) { if(server_public_key_len != LIBSSH2_ED25519_KEY_LEN) {
ret = _libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_INIT, ret = _libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_INIT,
"Unexpected curve25519 server public key length"); "Unexpected curve25519 server "
"public key length");
goto clean_exit; goto clean_exit;
} }
@@ -2747,7 +2833,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
} }
/* Compute the shared secret K */ /* Compute the shared secret K */
rc = _libssh2_curve25519_gen_k(&exchange_state->k, private_key, server_public_key); rc = _libssh2_curve25519_gen_k(&exchange_state->k, private_key,
server_public_key);
if(rc != 0) { if(rc != 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_KEX_FAILURE, ret = _libssh2_error(session, LIBSSH2_ERROR_KEX_FAILURE,
"Unable to create ECDH shared secret"); "Unable to create ECDH shared secret");
@@ -2770,7 +2857,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
exchange_state->k_value_len - 4); exchange_state->k_value_len - 4);
if(_libssh2_bn_bits(exchange_state->k) % 8) { if(_libssh2_bn_bits(exchange_state->k) % 8) {
_libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 4); _libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 4);
} else { }
else {
exchange_state->k_value[4] = 0; exchange_state->k_value[4] = 0;
_libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 5); _libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 5);
} }
@@ -2792,8 +2880,10 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
rc = _libssh2_transport_send(session, &exchange_state->c, 1, NULL, 0); rc = _libssh2_transport_send(session, &exchange_state->c, 1, NULL, 0);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return rc; return rc;
} else if(rc) { }
ret = _libssh2_error(session, rc, "Unable to send NEWKEYS message"); else if(rc) {
ret = _libssh2_error(session, rc,
"Unable to send NEWKEYS message");
goto clean_exit; goto clean_exit;
} }
@@ -2807,7 +2897,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
&exchange_state->req_state); &exchange_state->req_state);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return rc; return rc;
} else if(rc) { }
else if(rc) {
ret = _libssh2_error(session, rc, "Timed out waiting for NEWKEYS"); ret = _libssh2_error(session, rc, "Timed out waiting for NEWKEYS");
goto clean_exit; goto clean_exit;
} }
@@ -2828,13 +2919,15 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
session->session_id = LIBSSH2_ALLOC(session, digest_length); session->session_id = LIBSSH2_ALLOC(session, digest_length);
if(!session->session_id) { if(!session->session_id) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate buffer for SHA digest"); "Unable to allxcocate buffer for "
"SHA digest");
goto clean_exit; goto clean_exit;
} }
memcpy(session->session_id, exchange_state->h_sig_comp, memcpy(session->session_id, exchange_state->h_sig_comp,
digest_length); digest_length);
session->session_id_len = digest_length; session->session_id_len = digest_length;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, "session_id calculated"); _libssh2_debug(session, LIBSSH2_TRACE_KEX,
"session_id calculated");
} }
/* Cleanup any existing cipher */ /* Cleanup any existing cipher */
@@ -2880,7 +2973,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
} }
if(free_secret) { if(free_secret) {
_libssh2_explicit_zero(secret, session->local.crypt->secret_len); _libssh2_explicit_zero(secret,
session->local.crypt->secret_len);
LIBSSH2_FREE(session, secret); LIBSSH2_FREE(session, secret);
} }
} }
@@ -2929,7 +3023,8 @@ static int curve25519_sha256(LIBSSH2_SESSION *session, unsigned char *data,
} }
if(free_secret) { if(free_secret) {
_libssh2_explicit_zero(secret, session->remote.crypt->secret_len); _libssh2_explicit_zero(secret,
session->remote.crypt->secret_len);
LIBSSH2_FREE(session, secret); LIBSSH2_FREE(session, secret);
} }
} }
@@ -3070,11 +3165,11 @@ kex_method_curve25519_key_exchange
goto clean_exit; goto clean_exit;
} }
rc = _libssh2_curve25519_new(session, NULL, &key_state->curve25519_public_key, rc = _libssh2_curve25519_new(session, NULL,
&key_state->curve25519_public_key,
&key_state->curve25519_private_key); &key_state->curve25519_private_key);
if( rc != 0 ) if(rc != 0) {
{
ret = _libssh2_error(session, rc, ret = _libssh2_error(session, rc,
"Unable to create private key"); "Unable to create private key");
goto clean_exit; goto clean_exit;
@@ -3082,7 +3177,8 @@ kex_method_curve25519_key_exchange
key_state->request[0] = SSH2_MSG_KEX_ECDH_INIT; key_state->request[0] = SSH2_MSG_KEX_ECDH_INIT;
s = key_state->request + 1; s = key_state->request + 1;
_libssh2_store_str(&s, (const char*)key_state->curve25519_public_key, LIBSSH2_ED25519_KEY_LEN); _libssh2_store_str(&s, (const char *)key_state->curve25519_public_key,
LIBSSH2_ED25519_KEY_LEN);
key_state->request_len = LIBSSH2_ED25519_KEY_LEN + 5; key_state->request_len = LIBSSH2_ED25519_KEY_LEN + 5;
_libssh2_debug(session, LIBSSH2_TRACE_KEX, _libssh2_debug(session, LIBSSH2_TRACE_KEX,
@@ -3096,7 +3192,8 @@ kex_method_curve25519_key_exchange
key_state->request_len, NULL, 0); key_state->request_len, NULL, 0);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return rc; return rc;
} else if(rc) { }
else if(rc) {
ret = _libssh2_error(session, rc, ret = _libssh2_error(session, rc,
"Unable to send ECDH_INIT"); "Unable to send ECDH_INIT");
goto clean_exit; goto clean_exit;
@@ -3111,7 +3208,8 @@ kex_method_curve25519_key_exchange
0, NULL, 0, &key_state->req_state); 0, NULL, 0, &key_state->req_state);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return rc; return rc;
} else if(rc) { }
else if(rc) {
ret = _libssh2_error(session, rc, ret = _libssh2_error(session, rc,
"Timeout waiting for ECDH_REPLY reply"); "Timeout waiting for ECDH_REPLY reply");
goto clean_exit; goto clean_exit;
@@ -3123,7 +3221,8 @@ kex_method_curve25519_key_exchange
if(key_state->state == libssh2_NB_state_sent2) { if(key_state->state == libssh2_NB_state_sent2) {
ret = curve25519_sha256(session, key_state->data, key_state->data_len, ret = curve25519_sha256(session, key_state->data, key_state->data_len,
key_state->curve25519_public_key, key_state->curve25519_private_key, key_state->curve25519_public_key,
key_state->curve25519_private_key,
&key_state->exchange_state); &key_state->exchange_state);
if(ret == LIBSSH2_ERROR_EAGAIN) { if(ret == LIBSSH2_ERROR_EAGAIN) {
@@ -3136,13 +3235,15 @@ kex_method_curve25519_key_exchange
clean_exit: clean_exit:
if(key_state->curve25519_public_key) { if(key_state->curve25519_public_key) {
_libssh2_explicit_zero(key_state->curve25519_public_key, LIBSSH2_ED25519_KEY_LEN); _libssh2_explicit_zero(key_state->curve25519_public_key,
LIBSSH2_ED25519_KEY_LEN);
LIBSSH2_FREE(session, key_state->curve25519_public_key); LIBSSH2_FREE(session, key_state->curve25519_public_key);
key_state->curve25519_public_key = NULL; key_state->curve25519_public_key = NULL;
} }
if(key_state->curve25519_private_key) { if(key_state->curve25519_private_key) {
_libssh2_explicit_zero(key_state->curve25519_private_key, LIBSSH2_ED25519_KEY_LEN); _libssh2_explicit_zero(key_state->curve25519_private_key,
LIBSSH2_ED25519_KEY_LEN);
LIBSSH2_FREE(session, key_state->curve25519_private_key); LIBSSH2_FREE(session, key_state->curve25519_private_key);
key_state->curve25519_private_key = NULL; key_state->curve25519_private_key = NULL;
} }
@@ -3247,7 +3348,8 @@ typedef struct _LIBSSH2_COMMON_METHOD
/* kex_method_strlen /* kex_method_strlen
* Calculate the length of a particular method list's resulting string * Calculate the length of a particular method list's resulting string
* Includes SUM(strlen() of each individual method plus 1 (for coma)) - 1 (because the last coma isn't used) * Includes SUM(strlen() of each individual method plus 1 (for coma)) - 1
* (because the last coma isn't used)
* Another sign of bad coding practices gone mad. Pretend you don't see this. * Another sign of bad coding practices gone mad. Pretend you don't see this.
*/ */
static size_t static size_t
@@ -3640,9 +3742,9 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex,
hostkey_len) == 0) { hostkey_len) == 0) {
session->kex = method; session->kex = method;
if(session->burn_optimistic_kexinit && (kex == q)) { if(session->burn_optimistic_kexinit && (kex == q)) {
/* Server sent an optimistic packet, /* Server sent an optimistic packet, and client agrees
* and client agrees with preference * with preference cancel burning the first KEX_INIT
* cancel burning the first KEX_INIT packet that comes in */ * packet that comes in */
session->burn_optimistic_kexinit = 0; session->burn_optimistic_kexinit = 0;
} }
return 0; return 0;
@@ -3666,9 +3768,9 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex,
hostkey_len) == 0) { hostkey_len) == 0) {
session->kex = *kexp; session->kex = *kexp;
if(session->burn_optimistic_kexinit && (kex == s)) { if(session->burn_optimistic_kexinit && (kex == s)) {
/* Server sent an optimistic packet, /* Server sent an optimistic packet, and client agrees
* and client agrees with preference * with preference cancel burning the first KEX_INIT
* cancel burning the first KEX_INIT packet that comes in */ * packet that comes in */
session->burn_optimistic_kexinit = 0; session->burn_optimistic_kexinit = 0;
} }
return 0; return 0;
@@ -3923,7 +4025,8 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data,
} }
if(kex_agree_crypt(session, &session->local, crypt_cs, crypt_cs_len) if(kex_agree_crypt(session, &session->local, crypt_cs, crypt_cs_len)
|| kex_agree_crypt(session, &session->remote, crypt_sc, crypt_sc_len)) { || kex_agree_crypt(session, &session->remote, crypt_sc,
crypt_sc_len)) {
return -1; return -1;
} }
@@ -4076,7 +4179,8 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
return retcode; return retcode;
} }
else if(retcode) { else if(retcode) {
rc = _libssh2_error(session, LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE, rc = _libssh2_error(session,
LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE,
"Unrecoverable error exchanging keys"); "Unrecoverable error exchanging keys");
} }
} }
@@ -4257,7 +4361,8 @@ LIBSSH2_API int libssh2_session_supported_algs(LIBSSH2_SESSION* session,
case LIBSSH2_METHOD_COMP_CS: case LIBSSH2_METHOD_COMP_CS:
case LIBSSH2_METHOD_COMP_SC: case LIBSSH2_METHOD_COMP_SC:
mlist = (const LIBSSH2_COMMON_METHOD **) _libssh2_comp_methods(session); mlist = (const LIBSSH2_COMMON_METHOD **)
_libssh2_comp_methods(session);
break; break;
default: default:

6
src/libgcrypt.c
View File

@@ -437,7 +437,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
memcpy(zhash + 1, hash, hash_len); memcpy(zhash + 1, hash, hash_len);
zhash[0] = 0; zhash[0] = 0;
if(gcry_sexp_build(&data, NULL, "(data (value %b))", hash_len + 1, zhash)) { if(gcry_sexp_build(&data, NULL, "(data (value %b))",
hash_len + 1, zhash)) {
return -1; return -1;
} }
@@ -603,7 +604,8 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
const char *passphrase) const char *passphrase)
{ {
return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED, return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
"Unable to extract public key from private key in memory: " "Unable to extract public key from private "
"key in memory: "
"Method unimplemented in libgcrypt backend"); "Method unimplemented in libgcrypt backend");
} }

13
src/libgcrypt.h
View File

@@ -204,11 +204,16 @@
#define _libssh2_bn_ctx_new() 0 #define _libssh2_bn_ctx_new() 0
#define _libssh2_bn_ctx_free(bnctx) ((void)0) #define _libssh2_bn_ctx_free(bnctx) ((void)0)
#define _libssh2_bn_init() gcry_mpi_new(0) #define _libssh2_bn_init() gcry_mpi_new(0)
#define _libssh2_bn_init_from_bin() NULL /* because gcry_mpi_scan() creates a new bignum */ #define _libssh2_bn_init_from_bin() NULL /* because gcry_mpi_scan() creates a
new bignum */
#define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val) #define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val)
#define _libssh2_bn_from_bin(bn, len, val) gcry_mpi_scan(&((bn)), GCRYMPI_FMT_USG, val, len, NULL) #define _libssh2_bn_from_bin(bn, len, val) \
#define _libssh2_bn_to_bin(bn, val) gcry_mpi_print (GCRYMPI_FMT_USG, val, _libssh2_bn_bytes(bn), NULL, bn) gcry_mpi_scan(&((bn)), GCRYMPI_FMT_USG, val, len, NULL)
#define _libssh2_bn_bytes(bn) (gcry_mpi_get_nbits (bn) / 8 + ((gcry_mpi_get_nbits (bn) % 8 == 0) ? 0 : 1)) #define _libssh2_bn_to_bin(bn, val) \
gcry_mpi_print(GCRYMPI_FMT_USG, val, _libssh2_bn_bytes(bn), NULL, bn)
#define _libssh2_bn_bytes(bn) \
(gcry_mpi_get_nbits (bn) / 8 + \
((gcry_mpi_get_nbits (bn) % 8 == 0) ? 0 : 1))
#define _libssh2_bn_bits(bn) gcry_mpi_get_nbits (bn) #define _libssh2_bn_bits(bn) gcry_mpi_get_nbits (bn)
#define _libssh2_bn_free(bn) gcry_mpi_release(bn) #define _libssh2_bn_free(bn) gcry_mpi_release(bn)

48
src/libssh2_priv.h
View File

@@ -58,15 +58,12 @@
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
/* The following CPP block should really only be in session.c and /* The following CPP block should really only be in session.c and packet.c.
packet.c. However, AIX have #define's for 'events' and 'revents' However, AIX have #define's for 'events' and 'revents' and we are using
and we are using those names in libssh2.h, so we need to include those names in libssh2.h, so we need to include the AIX headers first, to
the AIX headers first, to make sure all code is compiled with make sure all code is compiled with consistent names of these fields.
consistent names of these fields. While arguable the best would to While arguable the best would to change libssh2.h to use other names, that
change libssh2.h to use other names, that would break backwards would break backwards compatibility.
compatibility. For more information, see:
https://www.mail-archive.com/libssh2-devel%40lists.sourceforge.net/msg00003.html
https://www.mail-archive.com/libssh2-devel%40lists.sourceforge.net/msg00224.html
*/ */
#ifdef HAVE_POLL #ifdef HAVE_POLL
# include <sys/poll.h> # include <sys/poll.h>
@@ -289,9 +286,12 @@ typedef struct key_exchange_state_low_t
size_t data_len; size_t data_len;
_libssh2_ec_key *private_key; /* SSH2 ecdh private key */ _libssh2_ec_key *private_key; /* SSH2 ecdh private key */
unsigned char *public_key_oct; /* SSH2 ecdh public key octal value */ unsigned char *public_key_oct; /* SSH2 ecdh public key octal value */
size_t public_key_oct_len; /* SSH2 ecdh public key octal value length */ size_t public_key_oct_len; /* SSH2 ecdh public key octal value
unsigned char *curve25519_public_key; /* curve25519 public key, 32 bytes */ length */
unsigned char *curve25519_private_key; /* curve25519 private key, 32 bytes */ unsigned char *curve25519_public_key; /* curve25519 public key, 32
bytes */
unsigned char *curve25519_private_key; /* curve25519 private key, 32
bytes */
} key_exchange_state_low_t; } key_exchange_state_low_t;
typedef struct key_exchange_state_t typedef struct key_exchange_state_t
@@ -423,7 +423,8 @@ struct _LIBSSH2_CHANNEL
/* State variables used in libssh2_channel_receive_window_adjust() */ /* State variables used in libssh2_channel_receive_window_adjust() */
libssh2_nonblocking_states adjust_state; libssh2_nonblocking_states adjust_state;
unsigned char adjust_adjust[9]; /* packet_type(1) + channel(4) + adjustment(4) */ unsigned char adjust_adjust[9]; /* packet_type(1) + channel(4) +
adjustment(4) */
/* State variables used in libssh2_channel_read_ex() */ /* State variables used in libssh2_channel_read_ex() */
libssh2_nonblocking_states read_state; libssh2_nonblocking_states read_state;
@@ -662,7 +663,8 @@ struct _LIBSSH2_SESSION
struct transportpacket packet; struct transportpacket packet;
#ifdef LIBSSH2DEBUG #ifdef LIBSSH2DEBUG
int showmask; /* what debug/trace messages to display */ int showmask; /* what debug/trace messages to display */
libssh2_trace_handler_func tracehandler; /* callback to display trace messages */ libssh2_trace_handler_func tracehandler; /* callback to display trace
messages */
void *tracehandler_context; /* context for the trace handler */ void *tracehandler_context; /* context for the trace handler */
#endif #endif
@@ -870,7 +872,8 @@ struct _LIBSSH2_KEX_METHOD
{ {
const char *name; const char *name;
/* Key exchange, populates session->* and returns 0 on success, non-0 on error */ /* Key exchange, populates session->* and returns 0 on success, non-0 on
error */
int (*exchange_keys) (LIBSSH2_SESSION * session, int (*exchange_keys) (LIBSSH2_SESSION * session,
key_exchange_state_low_t * key_state); key_exchange_state_low_t * key_state);
@@ -887,8 +890,10 @@ struct _LIBSSH2_HOSTKEY_METHOD
int (*initPEM) (LIBSSH2_SESSION * session, const char *privkeyfile, int (*initPEM) (LIBSSH2_SESSION * session, const char *privkeyfile,
unsigned const char *passphrase, void **abstract); unsigned const char *passphrase, void **abstract);
int (*initPEMFromMemory) (LIBSSH2_SESSION * session, int (*initPEMFromMemory) (LIBSSH2_SESSION * session,
const char *privkeyfiledata, size_t privkeyfiledata_len, const char *privkeyfiledata,
unsigned const char *passphrase, void **abstract); size_t privkeyfiledata_len,
unsigned const char *passphrase,
void **abstract);
int (*sig_verify) (LIBSSH2_SESSION * session, const unsigned char *sig, int (*sig_verify) (LIBSSH2_SESSION * session, const unsigned char *sig,
size_t sig_len, const unsigned char *m, size_t sig_len, const unsigned char *m,
size_t m_len, void **abstract); size_t m_len, void **abstract);
@@ -951,7 +956,8 @@ struct _LIBSSH2_COMP_METHOD
void _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, void _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format,
...); ...);
#else #else
#if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__) #if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || \
defined(__GNUC__)
/* C99 supported and also by older GCC */ /* C99 supported and also by older GCC */
#define _libssh2_debug(x,y,z,...) do {} while (0) #define _libssh2_debug(x,y,z,...) do {} while (0)
#else #else
@@ -972,7 +978,8 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
/* Initial packet state, prior to MAC check */ /* Initial packet state, prior to MAC check */
#define LIBSSH2_MAC_UNCONFIRMED 1 #define LIBSSH2_MAC_UNCONFIRMED 1
/* When MAC type is "none" (proto initiation phase) all packets are deemed "confirmed" */ /* When MAC type is "none" (proto initiation phase) all packets are deemed
"confirmed" */
#define LIBSSH2_MAC_CONFIRMED 0 #define LIBSSH2_MAC_CONFIRMED 0
/* Something very bad is going on */ /* Something very bad is going on */
#define LIBSSH2_MAC_INVALID -1 #define LIBSSH2_MAC_INVALID -1
@@ -997,7 +1004,8 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
#define SSH_MSG_KEXDH_INIT 30 #define SSH_MSG_KEXDH_INIT 30
#define SSH_MSG_KEXDH_REPLY 31 #define SSH_MSG_KEXDH_REPLY 31
/* diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256 */ /* diffie-hellman-group-exchange-sha1 and
diffie-hellman-group-exchange-sha256 */
#define SSH_MSG_KEX_DH_GEX_REQUEST_OLD 30 #define SSH_MSG_KEX_DH_GEX_REQUEST_OLD 30
#define SSH_MSG_KEX_DH_GEX_REQUEST 34 #define SSH_MSG_KEX_DH_GEX_REQUEST 34
#define SSH_MSG_KEX_DH_GEX_GROUP 31 #define SSH_MSG_KEX_DH_GEX_GROUP 31

18
src/mbedtls.c
View File

@@ -267,7 +267,8 @@ _libssh2_mbedtls_bignum_random(_libssh2_bn *bn, int bits, int top, int bottom)
return -1; return -1;
len = (bits + 7) >> 3; len = (bits + 7) >> 3;
err = mbedtls_mpi_fill_random(bn, len, mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg); err = mbedtls_mpi_fill_random(bn, len, mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg);
if(err) if(err)
return -1; return -1;
@@ -278,10 +279,11 @@ _libssh2_mbedtls_bignum_random(_libssh2_bn *bn, int bits, int top, int bottom)
return -1; return -1;
} }
/* If `top` is -1, the most significant bit of the random number can be zero. /* If `top` is -1, the most significant bit of the random number can be
If top is 0, the most significant bit of the random number is set to 1, zero. If top is 0, the most significant bit of the random number is
and if top is 1, the two most significant bits of the number will be set set to 1, and if top is 1, the two most significant bits of the number
to 1, so that the product of two such random numbers will always have 2*bits length. will be set to 1, so that the product of two such random numbers will
always have 2*bits length.
*/ */
for(i = 0; i <= top; ++i) { for(i = 0; i <= top; ++i) {
err = mbedtls_mpi_set_bit(bn, bits-i-1, 1); err = mbedtls_mpi_set_bit(bn, bits-i-1, 1);
@@ -351,7 +353,8 @@ _libssh2_mbedtls_rsa_new(libssh2_rsa_ctx **rsa,
(ret = mbedtls_mpi_read_binary(&(ctx->Q), qdata, qlen) ) != 0 || (ret = mbedtls_mpi_read_binary(&(ctx->Q), qdata, qlen) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->DP), e1data, e1len) ) != 0 || (ret = mbedtls_mpi_read_binary(&(ctx->DP), e1data, e1len) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->DQ), e2data, e2len) ) != 0 || (ret = mbedtls_mpi_read_binary(&(ctx->DQ), e2data, e2len) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->QP), coeffdata, coefflen) ) != 0) { (ret = mbedtls_mpi_read_binary(&(ctx->QP), coeffdata, coefflen) )
!= 0) {
ret = -1; ret = -1;
} }
ret = mbedtls_rsa_check_privkey(ctx); ret = mbedtls_rsa_check_privkey(ctx);
@@ -450,7 +453,8 @@ _libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
return -1; /* failure */ return -1; /* failure */
ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA1, SHA_DIGEST_LENGTH, hash, sig); MBEDTLS_MD_SHA1, SHA_DIGEST_LENGTH,
hash, sig);
return (ret == 0) ? 0 : -1; return (ret == 0) ? 0 : -1;
} }

12
src/misc.c
View File

@@ -62,7 +62,8 @@
#include <stdio.h> #include <stdio.h>
#include <errno.h> #include <errno.h>
int _libssh2_error_flags(LIBSSH2_SESSION* session, int errcode, const char *errmsg, int errflags) int _libssh2_error_flags(LIBSSH2_SESSION* session, int errcode,
const char *errmsg, int errflags)
{ {
if(session->err_flags & LIBSSH2_ERR_FLAG_DUP) if(session->err_flags & LIBSSH2_ERR_FLAG_DUP)
LIBSSH2_FREE(session, (char *)session->err_msg); LIBSSH2_FREE(session, (char *)session->err_msg);
@@ -342,7 +343,8 @@ size_t _libssh2_base64_encode(LIBSSH2_SESSION *session,
char *base64data; char *base64data;
const char *indata = inp; const char *indata = inp;
*outptr = NULL; /* set to NULL in case of failure before we reach the end */ *outptr = NULL; /* set to NULL in case of failure before we reach the
end */
if(0 == insize) if(0 == insize)
insize = strlen(indata); insize = strlen(indata);
@@ -688,7 +690,8 @@ void _libssh2_aes_ctr_increment(unsigned char *ctr,
} }
#ifdef WIN32 #ifdef WIN32
static void * (__cdecl * const volatile memset_libssh)(void *, int, size_t) = memset; static void * (__cdecl * const volatile memset_libssh)(void *, int, size_t) =
memset;
#else #else
static void * (* const volatile memset_libssh)(void *, int, size_t) = memset; static void * (* const volatile memset_libssh)(void *, int, size_t) = memset;
#endif #endif
@@ -712,7 +715,8 @@ struct string_buf* _libssh2_string_buf_new(LIBSSH2_SESSION *session)
{ {
struct string_buf *ret; struct string_buf *ret;
if((ret = _libssh2_calloc(session, sizeof(*ret))) == NULL) ret = _libssh2_calloc(session, sizeof(*ret));
if(ret == NULL)
return NULL; return NULL;
return ret; return ret;

6
src/misc.h
View File

@@ -56,7 +56,8 @@ struct string_buf {
size_t offset; size_t offset;
}; };
int _libssh2_error_flags(LIBSSH2_SESSION* session, int errcode, const char *errmsg, int errflags); int _libssh2_error_flags(LIBSSH2_SESSION* session, int errcode,
const char *errmsg, int errflags);
int _libssh2_error(LIBSSH2_SESSION* session, int errcode, const char *errmsg); int _libssh2_error(LIBSSH2_SESSION* session, int errcode, const char *errmsg);
void _libssh2_list_init(struct list_head *head); void _libssh2_list_init(struct list_head *head);
@@ -89,7 +90,8 @@ void *_libssh2_calloc(LIBSSH2_SESSION *session, size_t size);
void _libssh2_explicit_zero(void *buf, size_t size); void _libssh2_explicit_zero(void *buf, size_t size);
struct string_buf* _libssh2_string_buf_new(LIBSSH2_SESSION *session); struct string_buf* _libssh2_string_buf_new(LIBSSH2_SESSION *session);
void _libssh2_string_buf_free(LIBSSH2_SESSION *session, struct string_buf *buf); void _libssh2_string_buf_free(LIBSSH2_SESSION *session,
struct string_buf *buf);
int _libssh2_get_u32(struct string_buf *buf, uint32_t *out); int _libssh2_get_u32(struct string_buf *buf, uint32_t *out);
int _libssh2_get_u64(struct string_buf *buf, libssh2_uint64_t *out); int _libssh2_get_u64(struct string_buf *buf, libssh2_uint64_t *out);
int _libssh2_match_string(struct string_buf *buf, const char *match); int _libssh2_match_string(struct string_buf *buf, const char *match);

234
src/openssl.c
View File

@@ -279,7 +279,8 @@ _libssh2_ecdsa_key_get_curve_type(_libssh2_ec_key *key)
*/ */
int int
_libssh2_ecdsa_curve_type_from_name(const char *name, libssh2_curve_type *out_type) _libssh2_ecdsa_curve_type_from_name(const char *name,
libssh2_curve_type *out_type)
{ {
int ret = 0; int ret = 0;
libssh2_curve_type type; libssh2_curve_type type;
@@ -526,7 +527,8 @@ aes_ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
the ciphertext block C1. The counter X is then incremented the ciphertext block C1. The counter X is then incremented
*/ */
if(EVP_EncryptUpdate(c->aes_ctx, b1, &outlen, c->ctr, AES_BLOCK_SIZE) != 1) { if(EVP_EncryptUpdate(c->aes_ctx, b1, &outlen,
c->ctr, AES_BLOCK_SIZE) != 1) {
return 0; return 0;
} }
@@ -891,20 +893,24 @@ static int _libssh2_rsa_new_additional_parameters(RSA *rsa)
q = (*rsa).q; q = (*rsa).q;
#endif #endif
if((ctx = BN_CTX_new()) == NULL) ctx = BN_CTX_new();
if(ctx == NULL)
return -1; return -1;
if((aux = BN_new()) == NULL) { aux = BN_new();
if(aux == NULL) {
rc = -1; rc = -1;
goto out; goto out;
} }
if((dmp1 = BN_new()) == NULL) { dmp1 = BN_new();
if(dmp1 == NULL) {
rc = -1; rc = -1;
goto out; goto out;
} }
if((dmq1 = BN_new()) == NULL) { dmq1 = BN_new();
if(dmq1 == NULL) {
rc = -1; rc = -1;
goto out; goto out;
} }
@@ -959,51 +965,59 @@ gen_publickey_from_rsa_openssh_priv_data(LIBSSH2_SESSION *session,
"Computing RSA keys from private key data"); "Computing RSA keys from private key data");
/* public key data */ /* public key data */
if((nlen = _libssh2_get_bignum_bytes(decrypted, &n)) <= 0) { nlen = _libssh2_get_bignum_bytes(decrypted, &n);
if(nlen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"RSA no n"); "RSA no n");
return -1; return -1;
} }
if((elen = _libssh2_get_bignum_bytes(decrypted, &e)) <= 0) { elen = _libssh2_get_bignum_bytes(decrypted, &e);
if(elen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"RSA no e"); "RSA no e");
return -1; return -1;
} }
/* private key data */ /* private key data */
if((dlen = _libssh2_get_bignum_bytes(decrypted, &d)) <= 0) { dlen = _libssh2_get_bignum_bytes(decrypted, &d);
if(dlen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"RSA no d"); "RSA no d");
return -1; return -1;
} }
if((coefflen = _libssh2_get_bignum_bytes(decrypted, &coeff)) <= 0) { coefflen = _libssh2_get_bignum_bytes(decrypted, &coeff);
if(coefflen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"RSA no coeff"); "RSA no coeff");
return -1; return -1;
} }
if((plen = _libssh2_get_bignum_bytes(decrypted, &p)) <= 0) { plen = _libssh2_get_bignum_bytes(decrypted, &p);
if(plen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"RSA no p"); "RSA no p");
return -1; return -1;
} }
if((qlen = _libssh2_get_bignum_bytes(decrypted, &q)) <= 0) { qlen = _libssh2_get_bignum_bytes(decrypted, &q);
if(qlen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"RSA no q"); "RSA no q");
return -1; return -1;
} }
if((commentlen = _libssh2_get_c_string(decrypted, &comment)) < 0) { commentlen = _libssh2_get_c_string(decrypted, &comment);
if(commentlen < 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"RSA no comment"); "RSA no comment");
return -1; return -1;
} }
if((rc = _libssh2_rsa_new(&rsa, e, elen, n, nlen, d, dlen, p, plen, if((rc = _libssh2_rsa_new(&rsa, e, elen, n, nlen, d, dlen, p, plen,
q, qlen, NULL, 0, NULL, 0, coeff, coefflen)) != 0) { q, qlen, NULL, 0, NULL, 0,
coeff, coefflen)) != 0) {
_libssh2_debug(session, _libssh2_debug(session,
LIBSSH2_TRACE_AUTH, LIBSSH2_TRACE_AUTH,
"Could not create RSA private key"); "Could not create RSA private key");
@@ -1087,7 +1101,8 @@ _libssh2_rsa_new_openssh_private(libssh2_rsa_ctx ** rsa,
rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted, rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted,
NULL, 0, NULL, 0,
NULL, 0, rsa); NULL, 0, rsa);
} else { }
else {
rc = -1; rc = -1;
} }
@@ -1114,7 +1129,8 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
filename, passphrase); filename, passphrase);
if(rc) { if(rc) {
rc = _libssh2_rsa_new_openssh_private(rsa, session, filename, passphrase); rc = _libssh2_rsa_new_openssh_private(rsa, session,
filename, passphrase);
} }
return rc; return rc;
@@ -1274,38 +1290,44 @@ gen_publickey_from_dsa_openssh_priv_data(LIBSSH2_SESSION *session,
LIBSSH2_TRACE_AUTH, LIBSSH2_TRACE_AUTH,
"Computing DSA keys from private key data"); "Computing DSA keys from private key data");
if((plen = _libssh2_get_bignum_bytes(decrypted, &p)) <= 0) { plen = _libssh2_get_bignum_bytes(decrypted, &p);
if(plen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"DSA no p"); "DSA no p");
return -1; return -1;
} }
if((qlen = _libssh2_get_bignum_bytes(decrypted, &q)) <= 0) { qlen = _libssh2_get_bignum_bytes(decrypted, &q);
if(qlen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"DSA no q"); "DSA no q");
return -1; return -1;
} }
if((glen = _libssh2_get_bignum_bytes(decrypted, &g)) <= 0) { glen = _libssh2_get_bignum_bytes(decrypted, &g);
if(glen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"DSA no g"); "DSA no g");
return -1; return -1;
} }
if((pub_len = _libssh2_get_bignum_bytes(decrypted, &pub_key)) <= 0) { pub_len = _libssh2_get_bignum_bytes(decrypted, &pub_key);
if(pub_len <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"DSA no public key"); "DSA no public key");
return -1; return -1;
} }
if((priv_len = _libssh2_get_bignum_bytes(decrypted, &priv_key)) <= 0) { priv_len = _libssh2_get_bignum_bytes(decrypted, &priv_key);
if(priv_len <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"DSA no private key"); "DSA no private key");
return -1; return -1;
} }
if((rc = _libssh2_dsa_new(&dsa, p, plen, q, qlen, g, glen, pub_key, pub_len, rc = _libssh2_dsa_new(&dsa, p, plen, q, qlen, g, glen, pub_key, pub_len,
priv_key, priv_len)) != 0 ) { priv_key, priv_len);
if(rc != 0) {
_libssh2_debug(session, _libssh2_debug(session,
LIBSSH2_ERROR_PROTO, LIBSSH2_ERROR_PROTO,
"Could not create DSA private key"); "Could not create DSA private key");
@@ -1414,7 +1436,8 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
filename, passphrase); filename, passphrase);
if(rc) { if(rc) {
rc = _libssh2_dsa_new_openssh_private(dsa, session, filename, passphrase); rc = _libssh2_dsa_new_openssh_private(dsa, session,
filename, passphrase);
} }
return rc; return rc;
@@ -1443,7 +1466,8 @@ _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx,
if(rc) { if(rc) {
rc = read_openssh_private_key_from_memory((void **)ec_ctx, session, rc = read_openssh_private_key_from_memory((void **)ec_ctx, session,
"ssh-ecdsa", filedata, filedata_len, passphrase); "ssh-ecdsa", filedata,
filedata_len, passphrase);
} }
return rc; return rc;
@@ -1456,7 +1480,8 @@ _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx,
int int
_libssh2_curve25519_new(LIBSSH2_SESSION *session, libssh2_x25519_ctx **out_ctx, _libssh2_curve25519_new(LIBSSH2_SESSION *session, libssh2_x25519_ctx **out_ctx,
unsigned char **out_public_key, unsigned char **out_private_key) unsigned char **out_public_key,
unsigned char **out_private_key)
{ {
EVP_PKEY *key = NULL; EVP_PKEY *key = NULL;
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
@@ -1521,11 +1546,13 @@ _libssh2_curve25519_new(LIBSSH2_SESSION *session, libssh2_x25519_ctx **out_ctx,
if(ctx == NULL) if(ctx == NULL)
goto cleanExit; goto cleanExit;
ctx->private_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL, ctx->private_key =
EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL,
(const unsigned char *)priv, (const unsigned char *)priv,
LIBSSH2_ED25519_KEY_LEN); LIBSSH2_ED25519_KEY_LEN);
ctx->public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_X25519, NULL, ctx->public_key =
EVP_PKEY_new_raw_public_key(EVP_PKEY_X25519, NULL,
(const unsigned char *)pub, (const unsigned char *)pub,
LIBSSH2_ED25519_KEY_LEN); LIBSSH2_ED25519_KEY_LEN);
@@ -1583,7 +1610,8 @@ gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION *session,
return -1; return -1;
} }
if(_libssh2_get_c_string(decrypted, &priv_key) != LIBSSH2_ED25519_PRIVATE_KEY_LEN) { if(_libssh2_get_c_string(decrypted, &priv_key) !=
LIBSSH2_ED25519_PRIVATE_KEY_LEN) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Wrong private key length"); "Wrong private key length");
ret = -1; ret = -1;
@@ -1598,15 +1626,21 @@ gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION *session,
goto clean_exit; goto clean_exit;
} }
/* first 32 bytes of priv_key is the private key, the last 32 bytes are the public key */ /* first 32 bytes of priv_key is the private key, the last 32 bytes are
ctx->private_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, the public key */
(const unsigned char*)priv_key, LIBSSH2_ED25519_KEY_LEN); ctx->private_key =
EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL,
(const unsigned char *)priv_key,
LIBSSH2_ED25519_KEY_LEN);
ctx->public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, ctx->public_key =
(const unsigned char*)pub_key, LIBSSH2_ED25519_KEY_LEN); EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL,
(const unsigned char *)pub_key,
LIBSSH2_ED25519_KEY_LEN);
/* comment */ /* comment */
if((rc = _libssh2_get_c_string(decrypted, &buf)) < 0) { rc = _libssh2_get_c_string(decrypted, &buf);
if(rc < 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Unable to read comment"); "Unable to read comment");
ret = -1; ret = -1;
@@ -1619,7 +1653,8 @@ gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION *session,
memcpy(comment, buf, rc); memcpy(comment, buf, rc);
memcpy(comment + rc, "\0", 1); memcpy(comment + rc, "\0", 1);
_libssh2_debug(session, LIBSSH2_TRACE_AUTH, "Key comment: %s", comment); _libssh2_debug(session, LIBSSH2_TRACE_AUTH, "Key comment: %s",
comment);
LIBSSH2_FREE(session, comment); LIBSSH2_FREE(session, comment);
} }
@@ -1641,14 +1676,16 @@ gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION *session,
if(ret == 0) { if(ret == 0) {
_libssh2_debug(session, _libssh2_debug(session,
LIBSSH2_TRACE_AUTH, LIBSSH2_TRACE_AUTH,
"Computing public key from ED25519 private key envelop"); "Computing public key from ED25519 "
"private key envelop");
method_buf = LIBSSH2_ALLOC(session, 11); /* ssh-ed25519. */ method_buf = LIBSSH2_ALLOC(session, 11); /* ssh-ed25519. */
if(method_buf == NULL) { if(method_buf == NULL) {
goto clean_exit; goto clean_exit;
} }
/* Key form is: type_len(4) + type(11) + pub_key_len(4) + pub_key(32). */ /* Key form is: type_len(4) + type(11) + pub_key_len(4) +
pub_key(32). */
key_len = LIBSSH2_ED25519_KEY_LEN + 19; key_len = LIBSSH2_ED25519_KEY_LEN + 19;
key = LIBSSH2_CALLOC(session, key_len); key = LIBSSH2_CALLOC(session, key_len);
if(key == NULL) { if(key == NULL) {
@@ -1767,17 +1804,21 @@ _libssh2_ed25519_new_private(libssh2_ed25519_ctx ** ed_ctx,
int int
_libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx ** ed_ctx, _libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx ** ed_ctx,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
const char *filedata, size_t filedata_len, const char *filedata,
size_t filedata_len,
unsigned const char *passphrase) unsigned const char *passphrase)
{ {
return read_openssh_private_key_from_memory((void**)ed_ctx, session, "ssh-ed25519", return read_openssh_private_key_from_memory((void **)ed_ctx, session,
filedata, filedata_len, passphrase); "ssh-ed25519",
filedata, filedata_len,
passphrase);
} }
int int
_libssh2_ed25519_new_public(libssh2_ed25519_ctx ** ed_ctx, _libssh2_ed25519_new_public(libssh2_ed25519_ctx ** ed_ctx,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
const unsigned char *raw_pub_key, const uint8_t key_len) const unsigned char *raw_pub_key,
const uint8_t key_len)
{ {
libssh2_ed25519_ctx *ctx = NULL; libssh2_ed25519_ctx *ctx = NULL;
EVP_PKEY *public_key = NULL; EVP_PKEY *public_key = NULL;
@@ -1785,14 +1826,19 @@ _libssh2_ed25519_new_public(libssh2_ed25519_ctx ** ed_ctx,
if(ed_ctx == NULL) if(ed_ctx == NULL)
return -1; return -1;
public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, (const unsigned char*)raw_pub_key, key_len); public_key =
EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL,
(const unsigned char *)raw_pub_key,
key_len);
if(public_key == NULL) { if(public_key == NULL) {
return _libssh2_error(session, LIBSSH2_ERROR_PROTO, "could not create ED25519 public key"); return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"could not create ED25519 public key");
} }
ctx = _libssh2_ed25519_new_ctx(); ctx = _libssh2_ed25519_new_ctx();
if(ctx == NULL) { if(ctx == NULL) {
return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, "could not alloc public/private key"); return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"could not alloc public/private key");
} }
ctx->public_key = public_key; ctx->public_key = public_key;
@@ -2238,7 +2284,9 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
} }
/* get length */ /* get length */
octal_len = EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); octal_len = EC_POINT_point2oct(group, public_key,
POINT_CONVERSION_UNCOMPRESSED,
NULL, 0, bn_ctx);
if(octal_len > EC_MAX_POINT_LEN) { if(octal_len > EC_MAX_POINT_LEN) {
rc = -1; rc = -1;
goto clean_exit; goto clean_exit;
@@ -2257,7 +2305,8 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
goto clean_exit; goto clean_exit;
} }
/* Key form is: type_len(4) + type(19) + domain_len(4) + domain(8) + pub_key_len(4) + pub_key(~65). */ /* Key form is: type_len(4) + type(19) + domain_len(4) + domain(8) +
pub_key_len(4) + pub_key(~65). */
key_len = 4 + 19 + 4 + 8 + 4 + octal_len; key_len = 4 + 19 + 4 + 8 + 4 + octal_len;
key = LIBSSH2_ALLOC(session, key_len); key = LIBSSH2_ALLOC(session, key_len);
if(key == NULL) { if(key == NULL) {
@@ -2323,32 +2372,37 @@ gen_publickey_from_ecdsa_openssh_priv_data(LIBSSH2_SESSION *session,
LIBSSH2_TRACE_AUTH, LIBSSH2_TRACE_AUTH,
"Computing ECDSA keys from private key data"); "Computing ECDSA keys from private key data");
if ((curvelen = _libssh2_get_c_string(decrypted, &curve)) <= 0) { curvelen = _libssh2_get_c_string(decrypted, &curve);
if(curvelen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"ECDSA no curve"); "ECDSA no curve");
return -1; return -1;
} }
if ((pointlen = _libssh2_get_c_string(decrypted, &point_buf)) <= 0) { pointlen = _libssh2_get_c_string(decrypted, &point_buf);
if(pointlen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"ECDSA no point"); "ECDSA no point");
return -1; return -1;
} }
if ((exponentlen = _libssh2_get_bignum_bytes(decrypted, &exponent)) <= 0) { exponentlen = _libssh2_get_bignum_bytes(decrypted, &exponent);
if(exponentlen <= 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"ECDSA no exponent"); "ECDSA no exponent");
return -1; return -1;
} }
if ((rc = _libssh2_ecdsa_curve_name_with_octal_new(&ec_key, point_buf, rc = _libssh2_ecdsa_curve_name_with_octal_new(&ec_key, point_buf,
pointlen, curve_type)) != 0) { pointlen, curve_type);
if(rc != 0) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"ECDSA could not create key"); "ECDSA could not create key");
goto fail; goto fail;
} }
if ((bn_exponent = BN_new()) == NULL) { bn_exponent = BN_new();
if(bn_exponent == NULL) {
rc = -1; rc = -1;
goto fail; goto fail;
} }
@@ -2462,7 +2516,8 @@ _libssh2_ecdsa_new_private(libssh2_ecdsa_ctx ** ec_ctx,
filename, passphrase); filename, passphrase);
if(rc) { if(rc) {
return _libssh2_ecdsa_new_openssh_private(ec_ctx, session, filename, passphrase); return _libssh2_ecdsa_new_openssh_private(ec_ctx, session,
filename, passphrase);
} }
return rc; return rc;
@@ -2477,9 +2532,11 @@ _libssh2_ecdsa_new_private(libssh2_ecdsa_ctx ** ec_ctx,
*/ */
int int
_libssh2_ecdsa_create_key(LIBSSH2_SESSION *session, _libssh2_ec_key **out_private_key, _libssh2_ecdsa_create_key(LIBSSH2_SESSION *session,
_libssh2_ec_key **out_private_key,
unsigned char **out_public_key_octal, unsigned char **out_public_key_octal,
size_t *out_public_key_octal_len, libssh2_curve_type curve_type) size_t *out_public_key_octal_len,
libssh2_curve_type curve_type)
{ {
int ret = 1; int ret = 1;
size_t octal_len = 0; size_t octal_len = 0;
@@ -2500,7 +2557,9 @@ _libssh2_ecdsa_create_key(LIBSSH2_SESSION *session, _libssh2_ec_key **out_privat
public_key = EC_KEY_get0_public_key(private_key); public_key = EC_KEY_get0_public_key(private_key);
/* get length */ /* get length */
octal_len = EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); octal_len = EC_POINT_point2oct(group, public_key,
POINT_CONVERSION_UNCOMPRESSED,
NULL, 0, bn_ctx);
if(octal_len > EC_MAX_POINT_LEN) { if(octal_len > EC_MAX_POINT_LEN) {
ret = -1; ret = -1;
goto clean_exit; goto clean_exit;
@@ -2568,7 +2627,8 @@ _libssh2_ecdh_gen_k(_libssh2_bn **k, _libssh2_ec_key *private_key,
if(server_public_key_point == NULL) if(server_public_key_point == NULL)
return -1; return -1;
rc = EC_POINT_oct2point(private_key_group, server_public_key_point, server_public_key, server_public_key_len, bn_ctx); rc = EC_POINT_oct2point(private_key_group, server_public_key_point,
server_public_key, server_public_key_len, bn_ctx);
if(rc != 1) { if(rc != 1) {
ret = -1; ret = -1;
goto clean_exit; goto clean_exit;
@@ -2581,7 +2641,8 @@ _libssh2_ecdh_gen_k(_libssh2_bn **k, _libssh2_ec_key *private_key,
goto clean_exit; goto clean_exit;
} }
secret_len = ECDH_compute_key(secret, secret_len, server_public_key_point, private_key, NULL); secret_len = ECDH_compute_key(secret, secret_len, server_public_key_point,
private_key, NULL);
if(secret_len <= 0 || secret_len > EC_MAX_POINT_LEN) { if(secret_len <= 0 || secret_len > EC_MAX_POINT_LEN) {
ret = -1; ret = -1;
@@ -2638,7 +2699,8 @@ _libssh2_ed25519_sign(libssh2_ed25519_ctx *ctx, LIBSSH2_SESSION *session,
if(rc == 1) { if(rc == 1) {
*out_sig = sig; *out_sig = sig;
*out_sig_len = sig_len; *out_sig_len = sig_len;
} else { }
else {
*out_sig_len = 0; *out_sig_len = 0;
*out_sig = NULL; *out_sig = NULL;
LIBSSH2_FREE(session, sig); LIBSSH2_FREE(session, sig);
@@ -2706,7 +2768,8 @@ _libssh2_curve25519_gen_k(_libssh2_bn **k,
if(rc == 1 && out_len == LIBSSH2_ED25519_KEY_LEN) { if(rc == 1 && out_len == LIBSSH2_ED25519_KEY_LEN) {
BN_bin2bn(out_shared_key, LIBSSH2_ED25519_KEY_LEN, *k); BN_bin2bn(out_shared_key, LIBSSH2_ED25519_KEY_LEN, *k);
} else { }
else {
rc = -1; rc = -1;
} }
@@ -2764,8 +2827,7 @@ _libssh2_pub_priv_openssh_keyfile(LIBSSH2_SESSION *session,
struct string_buf *decrypted = NULL; struct string_buf *decrypted = NULL;
int rc = 0; int rc = 0;
if(session == NULL) if(session == NULL) {
{
_libssh2_error(session, LIBSSH2_ERROR_PROTO, _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Session is required"); "Session is required");
return -1; return -1;
@@ -2804,31 +2866,41 @@ _libssh2_pub_priv_openssh_keyfile(LIBSSH2_SESSION *session,
if(strcmp("ssh-ed25519", (const char *)buf) == 0) { if(strcmp("ssh-ed25519", (const char *)buf) == 0) {
rc = gen_publickey_from_ed25519_openssh_priv_data(session, decrypted, rc = gen_publickey_from_ed25519_openssh_priv_data(session, decrypted,
method, method_len, method, method_len,
pubkeydata, pubkeydata_len, NULL); pubkeydata,
pubkeydata_len,
NULL);
} }
#endif #endif
#if LIBSSH2_RSA #if LIBSSH2_RSA
if(strcmp("ssh-rsa", (const char *)buf) == 0) { if(strcmp("ssh-rsa", (const char *)buf) == 0) {
rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted, rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted,
method, method_len, method, method_len,
pubkeydata, pubkeydata_len, NULL); pubkeydata,
pubkeydata_len,
NULL);
} }
#endif #endif
#if LIBSSH2_DSA #if LIBSSH2_DSA
if(strcmp("ssh-dss", (const char *)buf) == 0) { if(strcmp("ssh-dss", (const char *)buf) == 0) {
rc = gen_publickey_from_dsa_openssh_priv_data(session, decrypted, rc = gen_publickey_from_dsa_openssh_priv_data(session, decrypted,
method, method_len, method, method_len,
pubkeydata, pubkeydata_len, NULL); pubkeydata,
pubkeydata_len,
NULL);
} }
#endif #endif
#if LIBSSH2_ECDSA #if LIBSSH2_ECDSA
{ {
libssh2_curve_type type; libssh2_curve_type type;
if(_libssh2_ecdsa_curve_type_from_name((const char*)buf, &type) == 0) { if(_libssh2_ecdsa_curve_type_from_name((const char *)buf,
rc = gen_publickey_from_ecdsa_openssh_priv_data(session, type, decrypted, &type) == 0) {
rc = gen_publickey_from_ecdsa_openssh_priv_data(session, type,
decrypted,
method, method_len, method, method_len,
pubkeydata, pubkeydata_len, NULL); pubkeydata,
pubkeydata_len,
NULL);
} }
} }
#endif #endif
@@ -2988,9 +3060,12 @@ _libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION *session,
#if LIBSSH2_ED25519 #if LIBSSH2_ED25519
if(strcmp("ssh-ed25519", (const char *)buf) == 0) { if(strcmp("ssh-ed25519", (const char *)buf) == 0) {
if(key_type == NULL || strcmp("ssh-ed25519", key_type) == 0) { if(key_type == NULL || strcmp("ssh-ed25519", key_type) == 0) {
rc = gen_publickey_from_ed25519_openssh_priv_data(session, decrypted, rc = gen_publickey_from_ed25519_openssh_priv_data(session,
method, method_len, decrypted,
pubkeydata, pubkeydata_len, method,
method_len,
pubkeydata,
pubkeydata_len,
(libssh2_ed25519_ctx**)key_ctx); (libssh2_ed25519_ctx**)key_ctx);
} }
} }
@@ -3000,7 +3075,8 @@ _libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION *session,
if(key_type == NULL || strcmp("ssh-rsa", key_type) == 0) { if(key_type == NULL || strcmp("ssh-rsa", key_type) == 0) {
rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted, rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted,
method, method_len, method, method_len,
pubkeydata, pubkeydata_len, pubkeydata,
pubkeydata_len,
(libssh2_rsa_ctx**)key_ctx); (libssh2_rsa_ctx**)key_ctx);
} }
} }
@@ -3010,7 +3086,8 @@ _libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION *session,
if(key_type == NULL || strcmp("ssh-dss", key_type) == 0) { if(key_type == NULL || strcmp("ssh-dss", key_type) == 0) {
rc = gen_publickey_from_dsa_openssh_priv_data(session, decrypted, rc = gen_publickey_from_dsa_openssh_priv_data(session, decrypted,
method, method_len, method, method_len,
pubkeydata, pubkeydata_len, pubkeydata,
pubkeydata_len,
(libssh2_dsa_ctx**)key_ctx); (libssh2_dsa_ctx**)key_ctx);
} }
} }
@@ -3021,9 +3098,11 @@ _libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION *session,
if(_libssh2_ecdsa_curve_type_from_name((const char *)buf, &type) == 0) { if(_libssh2_ecdsa_curve_type_from_name((const char *)buf, &type) == 0) {
if(key_type == NULL || strcmp("ssh-ecdsa", key_type) == 0) { if(key_type == NULL || strcmp("ssh-ecdsa", key_type) == 0) {
rc = gen_publickey_from_ecdsa_openssh_priv_data(session, type, decrypted, rc = gen_publickey_from_ecdsa_openssh_priv_data(session, type,
decrypted,
method, method_len, method, method_len,
pubkeydata, pubkeydata_len, pubkeydata,
pubkeydata_len,
(libssh2_ecdsa_ctx**)key_ctx); (libssh2_ecdsa_ctx**)key_ctx);
} }
} }
@@ -3079,7 +3158,8 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
if(pk == NULL) { if(pk == NULL) {
/* Try OpenSSH format */ /* Try OpenSSH format */
st = _libssh2_pub_priv_openssh_keyfilememory(session, NULL, NULL, method, st = _libssh2_pub_priv_openssh_keyfilememory(session, NULL, NULL,
method,
method_len, method_len,
pubkeydata, pubkeydata,
pubkeydata_len, pubkeydata_len,

12
src/openssl.h
View File

@@ -178,7 +178,8 @@ int _libssh2_sha256_init(libssh2_sha256_ctx *ctx);
EVP_MD_CTX_free(ctx); \ EVP_MD_CTX_free(ctx); \
} while(0) } while(0)
#else #else
#define libssh2_sha256_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len) #define libssh2_sha256_update(ctx, data, len) \
EVP_DigestUpdate(&(ctx), data, len)
#define libssh2_sha256_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) #define libssh2_sha256_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
#endif #endif
int _libssh2_sha256(const unsigned char *message, unsigned long len, int _libssh2_sha256(const unsigned char *message, unsigned long len,
@@ -201,7 +202,8 @@ int _libssh2_sha384_init(libssh2_sha384_ctx *ctx);
EVP_MD_CTX_free(ctx); \ EVP_MD_CTX_free(ctx); \
} while(0) } while(0)
#else #else
#define libssh2_sha384_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len) #define libssh2_sha384_update(ctx, data, len) \
EVP_DigestUpdate(&(ctx), data, len)
#define libssh2_sha384_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) #define libssh2_sha384_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
#endif #endif
int _libssh2_sha384(const unsigned char *message, unsigned long len, int _libssh2_sha384(const unsigned char *message, unsigned long len,
@@ -224,7 +226,8 @@ int _libssh2_sha512_init(libssh2_sha512_ctx *ctx);
EVP_MD_CTX_free(ctx); \ EVP_MD_CTX_free(ctx); \
} while(0) } while(0)
#else #else
#define libssh2_sha512_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len) #define libssh2_sha512_update(ctx, data, len) \
EVP_DigestUpdate(&(ctx), data, len)
#define libssh2_sha512_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) #define libssh2_sha512_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
#endif #endif
int _libssh2_sha512(const unsigned char *message, unsigned long len, int _libssh2_sha512(const unsigned char *message, unsigned long len,
@@ -393,7 +396,8 @@ typedef struct {
#define libssh2_dh_dtor(dhctx) _libssh2_dh_dtor(dhctx) #define libssh2_dh_dtor(dhctx) _libssh2_dh_dtor(dhctx)
extern void _libssh2_dh_init(_libssh2_dh_ctx *dhctx); extern void _libssh2_dh_init(_libssh2_dh_ctx *dhctx);
extern int _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public, extern int _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
_libssh2_bn *g, _libssh2_bn *p, int group_order, _libssh2_bn *g, _libssh2_bn *p,
int group_order,
_libssh2_bn_ctx *bnctx); _libssh2_bn_ctx *bnctx);
extern int _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret, extern int _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
_libssh2_bn *f, _libssh2_bn *p, _libssh2_bn *f, _libssh2_bn *p,

12
src/os400qc3.c
View File

@@ -924,7 +924,8 @@ _libssh2_os400qc3_crypto_dtor(_libssh2_os400qc3_crypto_ctx *x)
if(!x) if(!x)
return; return;
if(!null_token(x->hash.Alg_Context_Token)) { if(!null_token(x->hash.Alg_Context_Token)) {
Qc3DestroyAlgorithmContext(x->hash.Alg_Context_Token, (char *) &ecnull); Qc3DestroyAlgorithmContext(x->hash.Alg_Context_Token,
(char *) &ecnull);
memset(x->hash.Alg_Context_Token, 0, sizeof x->hash.Alg_Context_Token); memset(x->hash.Alg_Context_Token, 0, sizeof x->hash.Alg_Context_Token);
} }
if(!null_token(x->key.Key_Context_Token)) { if(!null_token(x->key.Key_Context_Token)) {
@@ -1315,7 +1316,8 @@ _libssh2_os400qc3_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
secretbuf = alloca(pubkeysize); secretbuf = alloca(pubkeysize);
set_EC_length(errcode, sizeof errcode); set_EC_length(errcode, sizeof errcode);
Qc3CalculateDHSecretKey(dhctx->token, pubkey, &pubkeysize, Qc3CalculateDHSecretKey(dhctx->token, pubkey, &pubkeysize,
secretbuf, &secretbufsize, &secretbuflen, &errcode); secretbuf, &secretbufsize, &secretbuflen,
&errcode);
if(errcode.Bytes_Available) if(errcode.Bytes_Available)
return -1; return -1;
return _libssh2_bn_from_bin(secret, return _libssh2_bn_from_bin(secret,
@@ -1954,7 +1956,8 @@ pkcs1topkcs8(LIBSSH2_SESSION *session,
} }
if(!pkcs8) if(!pkcs8)
return -1; return -1;
data = (unsigned char *) LIBSSH2_ALLOC(session, pkcs8->end - pkcs8->header); data = (unsigned char *) LIBSSH2_ALLOC(session,
pkcs8->end - pkcs8->header);
if(!data) { if(!data) {
asn1delete(pkcs8); asn1delete(pkcs8);
return -1; return -1;
@@ -2111,7 +2114,8 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx **rsa, LIBSSH2_SESSION *session,
if(!ctx) if(!ctx)
return -1; return -1;
ret = load_rsa_private_file(session, filename, passphrase, ret = load_rsa_private_file(session, filename, passphrase,
rsapkcs1privkey, rsapkcs8privkey, (void *) ctx); rsapkcs1privkey, rsapkcs8privkey,
(void *) ctx);
if(!ret) { if(!ret) {
/* Create the algorithm context. */ /* Create the algorithm context. */
algd.Public_Key_Alg = Qc3_RSA; algd.Public_Key_Alg = Qc3_RSA;

12
src/packet.c
View File

@@ -481,7 +481,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
/* 9 = packet_type(1) + reason(4) + message_len(4) */ /* 9 = packet_type(1) + reason(4) + message_len(4) */
message = (char *) data + 9; message = (char *) data + 9;
language_len = _libssh2_ntohu32(data + 9 + message_len); language_len =
_libssh2_ntohu32(data + 9 + message_len);
language = (char *) data + 9 + message_len + 4; language = (char *) data + 9 + message_len + 4;
if(language_len > (datalen-13-message_len)) { if(language_len > (datalen-13-message_len)) {
@@ -543,7 +544,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
if(message_len <= (datalen - 10)) { if(message_len <= (datalen - 10)) {
/* 6 = packet_type(1) + display(1) + message_len(4) */ /* 6 = packet_type(1) + display(1) + message_len(4) */
message = (char *) data + 6; message = (char *) data + 6;
language_len = _libssh2_ntohu32(data + 6 + message_len); language_len = _libssh2_ntohu32(data + 6 +
message_len);
if(language_len <= (datalen - 10 - message_len)) if(language_len <= (datalen - 10 - message_len))
language = (char *) data + 10 + message_len; language = (char *) data + 10 + message_len;
@@ -665,7 +667,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
channelp->remote.window_size -= datalen - data_head; channelp->remote.window_size -= datalen - data_head;
_libssh2_debug(session, LIBSSH2_TRACE_CONN, _libssh2_debug(session, LIBSSH2_TRACE_CONN,
"shrinking window size by %lu bytes to %lu, read_avail %lu", "shrinking window size by %lu bytes to %lu, "
"read_avail %lu",
datalen - data_head, datalen - data_head,
channelp->remote.window_size, channelp->remote.window_size,
channelp->read_avail); channelp->read_avail);
@@ -833,7 +836,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
if(!channelp->exit_signal) if(!channelp->exit_signal)
rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"memory for signal name"); "memory for signal name");
else if ((sizeof("exit-signal") + 13 + namelen <= datalen)) { else if((sizeof("exit-signal") + 13 + namelen <=
datalen)) {
memcpy(channelp->exit_signal, memcpy(channelp->exit_signal,
data + 13 + sizeof("exit-signal"), namelen); data + 13 + sizeof("exit-signal"), namelen);
channelp->exit_signal[namelen] = '\0'; channelp->exit_signal[namelen] = '\0';

66
src/pem.c
View File

@@ -401,7 +401,8 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
goto out; goto out;
} }
if(strncmp((char*) decoded.dataptr, AUTH_MAGIC, strlen(AUTH_MAGIC)) != 0) { if(strncmp((char *) decoded.dataptr, AUTH_MAGIC,
strlen(AUTH_MAGIC)) != 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"key auth magic mismatch"); "key auth magic mismatch");
goto out; goto out;
@@ -409,29 +410,25 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
decoded.dataptr += strlen(AUTH_MAGIC) + 1; decoded.dataptr += strlen(AUTH_MAGIC) + 1;
if(_libssh2_get_c_string(&decoded, &ciphername) == 0) if(_libssh2_get_c_string(&decoded, &ciphername) == 0) {
{
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"ciphername is missing"); "ciphername is missing");
goto out; goto out;
} }
if(_libssh2_get_c_string(&decoded, &kdfname) == 0) if(_libssh2_get_c_string(&decoded, &kdfname) == 0) {
{
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"kdfname is missing"); "kdfname is missing");
goto out; goto out;
} }
kdf_len = _libssh2_get_c_string(&decoded, &kdf); kdf_len = _libssh2_get_c_string(&decoded, &kdf);
if(kdf == NULL ) if(kdf == NULL) {
{
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"kdf is missing"); "kdf is missing");
goto out; goto out;
} }
else else {
{
kdf_buf.data = kdf; kdf_buf.data = kdf;
kdf_buf.dataptr = kdf; kdf_buf.dataptr = kdf;
kdf_buf.len = kdf_len; kdf_buf.len = kdf_len;
@@ -444,13 +441,15 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
goto out; goto out;
} }
if(strcmp((const char*)kdfname, "none") != 0 && strcmp((const char*)kdfname, "bcrypt") != 0) { if(strcmp((const char *)kdfname, "none") != 0 &&
strcmp((const char *)kdfname, "bcrypt") != 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"unknown cipher"); "unknown cipher");
goto out; goto out;
} }
if(!strcmp((const char*)kdfname, "none") && strcmp((const char*)ciphername, "none") != 0) { if(!strcmp((const char *)kdfname, "none") &&
strcmp((const char *)ciphername, "none") != 0) {
ret =_libssh2_error(session, LIBSSH2_ERROR_PROTO, ret =_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"invalid format"); "invalid format");
goto out; goto out;
@@ -466,13 +465,13 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
if(_libssh2_get_c_string(&decoded, &buf) < 0) { if(_libssh2_get_c_string(&decoded, &buf) < 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Invalid private key; expect embedded public key"); "Invalid private key; "
"expect embedded public key");
goto out; goto out;
} }
rc = _libssh2_get_c_string(&decoded, &buf); rc = _libssh2_get_c_string(&decoded, &buf);
if(rc <= 0) if(rc <= 0) {
{
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Private key data not found"); "Private key data not found");
goto out; goto out;
@@ -482,8 +481,7 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
decrypted.data = decrypted.dataptr = buf; decrypted.data = decrypted.dataptr = buf;
decrypted.len = rc; decrypted.len = rc;
if(ciphername && strcmp((const char*)ciphername, "none") != 0) if(ciphername && strcmp((const char *)ciphername, "none") != 0) {
{
const LIBSSH2_CRYPT_METHOD **all_methods, *cur_method; const LIBSSH2_CRYPT_METHOD **all_methods, *cur_method;
all_methods = libssh2_crypt_methods(); all_methods = libssh2_crypt_methods();
@@ -513,14 +511,17 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
ivlen = method->iv_len; ivlen = method->iv_len;
total_len = keylen + ivlen; total_len = keylen + ivlen;
if((key = LIBSSH2_CALLOC(session, total_len)) == NULL) { key = LIBSSH2_CALLOC(session, total_len);
if(key == NULL) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Could not alloc key"); "Could not alloc key");
goto out; goto out;
} }
if(strcmp((const char*)kdfname, "bcrypt") == 0 && passphrase != NULL) { if(strcmp((const char *)kdfname, "bcrypt") == 0 &&
if(((salt_len = _libssh2_get_c_string(&kdf_buf, &salt)) <= 0) || passphrase != NULL) {
salt_len = _libssh2_get_c_string(&kdf_buf, &salt);
if((salt_len <= 0) ||
(_libssh2_get_u32(&kdf_buf, &rounds) != 0) ) { (_libssh2_get_u32(&kdf_buf, &rounds) != 0) ) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"kdf contains unexpected values"); "kdf contains unexpected values");
@@ -528,8 +529,10 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
goto out; goto out;
} }
if(_libssh2_bcrypt_pbkdf((const char*)passphrase, strlen((const char*)passphrase), if(_libssh2_bcrypt_pbkdf((const char *)passphrase,
salt, salt_len, key, keylen + ivlen, rounds) < 0) { strlen((const char *)passphrase),
salt, salt_len, key,
keylen + ivlen, rounds) < 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_DECRYPT, ret = _libssh2_error(session, LIBSSH2_ERROR_DECRYPT,
"invalid format"); "invalid format");
LIBSSH2_FREE(session, key); LIBSSH2_FREE(session, key);
@@ -546,13 +549,15 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
/* Set up decryption */ /* Set up decryption */
blocksize = method->blocksize; blocksize = method->blocksize;
if((key_part = LIBSSH2_CALLOC(session, keylen)) == NULL) { key_part = LIBSSH2_CALLOC(session, keylen);
if(key_part == NULL) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Could not alloc key part"); "Could not alloc key part");
goto out; goto out;
} }
if((iv_part = LIBSSH2_CALLOC(session, ivlen)) == NULL) { iv_part = LIBSSH2_CALLOC(session, ivlen);
if(iv_part == NULL) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Could not alloc iv part"); "Could not alloc iv part");
goto out; goto out;
@@ -576,7 +581,8 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
} }
while((size_t)len_decrypted <= decrypted.len - blocksize) { while((size_t)len_decrypted <= decrypted.len - blocksize) {
if (method->crypt(session, decrypted.data + len_decrypted, blocksize, if(method->crypt(session, decrypted.data + len_decrypted,
blocksize,
&abstract)) { &abstract)) {
ret = LIBSSH2_ERROR_DECRYPT; ret = LIBSSH2_ERROR_DECRYPT;
method->dtor(session, &abstract); method->dtor(session, &abstract);
@@ -607,20 +613,22 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
struct string_buf *out_buf = _libssh2_string_buf_new(session); struct string_buf *out_buf = _libssh2_string_buf_new(session);
if(!out_buf) { if(!out_buf) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for decrypted struct"); "Unable to allocate memory for "
"decrypted struct");
goto out; goto out;
} }
out_buf->data = LIBSSH2_CALLOC(session, decrypted.len); out_buf->data = LIBSSH2_CALLOC(session, decrypted.len);
if(out_buf->data == NULL) if(out_buf->data == NULL) {
{
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for decrypted struct"); "Unable to allocate memory for "
"decrypted struct");
_libssh2_string_buf_free(session, out_buf); _libssh2_string_buf_free(session, out_buf);
goto out; goto out;
} }
memcpy(out_buf->data, decrypted.data, decrypted.len); memcpy(out_buf->data, decrypted.data, decrypted.len);
out_buf->dataptr = out_buf->data + (decrypted.dataptr - decrypted.data); out_buf->dataptr = out_buf->data +
(decrypted.dataptr - decrypted.data);
out_buf->len = decrypted.len; out_buf->len = decrypted.len;
*decrypted_buf = out_buf; *decrypted_buf = out_buf;

3
src/publickey.c
View File

@@ -512,7 +512,8 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session)
if(session->pkeyInit_pkey->version > if(session->pkeyInit_pkey->version >
LIBSSH2_PUBLICKEY_VERSION) { LIBSSH2_PUBLICKEY_VERSION) {
_libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY, _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY,
"Truncate remote publickey version from %lu", "Truncate remote publickey version "
"from %lu",
session->pkeyInit_pkey->version); session->pkeyInit_pkey->version);
session->pkeyInit_pkey->version = session->pkeyInit_pkey->version =
LIBSSH2_PUBLICKEY_VERSION; LIBSSH2_PUBLICKEY_VERSION;

39
src/scp.c
View File

@@ -475,7 +475,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
LIBSSH2_SCP_RESPONSE_BUFLEN) { LIBSSH2_SCP_RESPONSE_BUFLEN) {
/* You had your chance */ /* You had your chance */
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Unterminated response from SCP server"); "Unterminated response from "
"SCP server");
goto scp_recv_error; goto scp_recv_error;
} }
/* Way too short to be an SCP response, or not done yet, /* Way too short to be an SCP response, or not done yet,
@@ -522,7 +523,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
if(!s || ((s - p) <= 0)) { if(!s || ((s - p) <= 0)) {
/* No spaces or space in the wrong spot */ /* No spaces or space in the wrong spot */
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Invalid response from SCP server, malformed mtime.usec"); "Invalid response from SCP server, "
"malformed mtime.usec");
goto scp_recv_error; goto scp_recv_error;
} }
@@ -532,7 +534,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
if(!p || ((p - s) <= 0)) { if(!p || ((p - s) <= 0)) {
/* No spaces or space in the wrong spot */ /* No spaces or space in the wrong spot */
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Invalid response from SCP server, too short or malformed"); "Invalid response from SCP server, "
"too short or malformed");
goto scp_recv_error; goto scp_recv_error;
} }
@@ -632,7 +635,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
LIBSSH2_SCP_RESPONSE_BUFLEN) { LIBSSH2_SCP_RESPONSE_BUFLEN) {
/* You had your chance */ /* You had your chance */
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Unterminated response from SCP server"); "Unterminated response "
"from SCP server");
goto scp_recv_error; goto scp_recv_error;
} }
/* Way too short to be an SCP response, or not done yet, /* Way too short to be an SCP response, or not done yet,
@@ -656,7 +660,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
if(session->scpRecv_response_len < 6) { if(session->scpRecv_response_len < 6) {
/* EOL came too soon */ /* EOL came too soon */
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Invalid response from SCP server, too short"); "Invalid response from SCP server, "
"too short");
goto scp_recv_error; goto scp_recv_error;
} }
@@ -666,7 +671,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
if(!p || ((p - s) <= 0)) { if(!p || ((p - s) <= 0)) {
/* No spaces or space in the wrong spot */ /* No spaces or space in the wrong spot */
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Invalid response from SCP server, malformed mode"); "Invalid response from SCP server, "
"malformed mode");
goto scp_recv_error; goto scp_recv_error;
} }
@@ -676,7 +682,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
session->scpRecv_mode = strtol(s, &e, 8); session->scpRecv_mode = strtol(s, &e, 8);
if(e && *e) { if(e && *e) {
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Invalid response from SCP server, invalid mode"); "Invalid response from SCP server, "
"invalid mode");
goto scp_recv_error; goto scp_recv_error;
} }
@@ -684,7 +691,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
if(!s || ((s - p) <= 0)) { if(!s || ((s - p) <= 0)) {
/* No spaces or space in the wrong spot */ /* No spaces or space in the wrong spot */
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Invalid response from SCP server, too short or malformed"); "Invalid response from SCP server, "
"too short or malformed");
goto scp_recv_error; goto scp_recv_error;
} }
@@ -693,7 +701,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
session->scpRecv_size = scpsize_strtol(p, &e, 10); session->scpRecv_size = scpsize_strtol(p, &e, 10);
if(e && *e) { if(e && *e) {
_libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL,
"Invalid response from SCP server, invalid size"); "Invalid response from SCP server, "
"invalid size");
goto scp_recv_error; goto scp_recv_error;
} }
@@ -765,9 +774,9 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
* *
* DEPRECATED * DEPRECATED
* *
* Open a channel and request a remote file via SCP. This receives files larger * Open a channel and request a remote file via SCP. This receives files
* than 2 GB, but is unable to report the proper size on platforms where the * larger than 2 GB, but is unable to report the proper size on platforms
* st_size member of struct stat is limited to 2 GB (e.g. windows). * where the st_size member of struct stat is limited to 2 GB (e.g. windows).
* *
*/ */
LIBSSH2_API LIBSSH2_CHANNEL * LIBSSH2_API LIBSSH2_CHANNEL *
@@ -775,7 +784,8 @@ libssh2_scp_recv(LIBSSH2_SESSION *session, const char *path, struct stat * sb)
{ {
LIBSSH2_CHANNEL *ptr; LIBSSH2_CHANNEL *ptr;
/* scp_recv uses libssh2_struct_stat, so pass one if the caller gave us a struct to populate... */ /* scp_recv uses libssh2_struct_stat, so pass one if the caller gave us a
struct to populate... */
libssh2_struct_stat sb_intl; libssh2_struct_stat sb_intl;
libssh2_struct_stat *sb_ptr; libssh2_struct_stat *sb_ptr;
memset(&sb_intl, 0, sizeof(sb_intl)); memset(&sb_intl, 0, sizeof(sb_intl));
@@ -804,7 +814,8 @@ libssh2_scp_recv(LIBSSH2_SESSION *session, const char *path, struct stat * sb)
* *
*/ */
LIBSSH2_API LIBSSH2_CHANNEL * LIBSSH2_API LIBSSH2_CHANNEL *
libssh2_scp_recv2(LIBSSH2_SESSION *session, const char *path, libssh2_struct_stat * sb) libssh2_scp_recv2(LIBSSH2_SESSION *session, const char *path,
libssh2_struct_stat *sb)
{ {
LIBSSH2_CHANNEL *ptr; LIBSSH2_CHANNEL *ptr;
BLOCK_ADJUST_ERRNO(ptr, session, scp_recv(session, path, sb)); BLOCK_ADJUST_ERRNO(ptr, session, scp_recv(session, path, sb));

27
src/session.c
View File

@@ -557,7 +557,8 @@ libssh2_session_callback_set(LIBSSH2_SESSION * session,
session->recv = callback; session->recv = callback;
return oldcb; return oldcb;
} }
_libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Setting Callback %d", cbtype); _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Setting Callback %d",
cbtype);
return NULL; return NULL;
} }
@@ -858,7 +859,8 @@ session_free(LIBSSH2_SESSION *session)
int packets_left = 0; int packets_left = 0;
if(session->free_state == libssh2_NB_state_idle) { if(session->free_state == libssh2_NB_state_idle) {
_libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Freeing session resource", _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
"Freeing session resource",
session->remote.banner); session->remote.banner);
session->free_state = libssh2_NB_state_created; session->free_state = libssh2_NB_state_created;
@@ -1081,7 +1083,8 @@ session_free(LIBSSH2_SESSION *session)
} }
/* error string */ /* error string */
if(session->err_msg && ((session->err_flags & LIBSSH2_ERR_FLAG_DUP) != 0)) { if(session->err_msg &&
((session->err_flags & LIBSSH2_ERR_FLAG_DUP) != 0)) {
LIBSSH2_FREE(session, (char *)session->err_msg); LIBSSH2_FREE(session, (char *)session->err_msg);
} }
@@ -1692,7 +1695,8 @@ libssh2_poll(LIBSSH2_POLLFD * fds, unsigned int nfds, long timeout)
switch(fds[i].type) { switch(fds[i].type) {
case LIBSSH2_POLLFD_SOCKET: case LIBSSH2_POLLFD_SOCKET:
fds[i].revents = sockets[i].revents; fds[i].revents = sockets[i].revents;
sockets[i].revents = 0; /* In case we loop again, be nice */ sockets[i].revents = 0; /* In case we loop again, be
nice */
if(fds[i].revents) { if(fds[i].revents) {
active_fds++; active_fds++;
} }
@@ -1700,7 +1704,8 @@ libssh2_poll(LIBSSH2_POLLFD * fds, unsigned int nfds, long timeout)
case LIBSSH2_POLLFD_CHANNEL: case LIBSSH2_POLLFD_CHANNEL:
if(sockets[i].events & POLLIN) { if(sockets[i].events & POLLIN) {
/* Spin session until no data available */ /* Spin session until no data available */
while(_libssh2_transport_read(fds[i].fd.channel->session) while(_libssh2_transport_read(fds[i].fd.
channel->session)
> 0); > 0);
} }
if(sockets[i].revents & POLLHUP) { if(sockets[i].revents & POLLHUP) {
@@ -1713,7 +1718,8 @@ libssh2_poll(LIBSSH2_POLLFD * fds, unsigned int nfds, long timeout)
case LIBSSH2_POLLFD_LISTENER: case LIBSSH2_POLLFD_LISTENER:
if(sockets[i].events & POLLIN) { if(sockets[i].events & POLLIN) {
/* Spin session until no data available */ /* Spin session until no data available */
while(_libssh2_transport_read(fds[i].fd.listener->session) while(_libssh2_transport_read(fds[i].fd.
listener->session)
> 0); > 0);
} }
if(sockets[i].revents & POLLHUP) { if(sockets[i].revents & POLLHUP) {
@@ -1764,9 +1770,11 @@ libssh2_poll(LIBSSH2_POLLFD * fds, unsigned int nfds, long timeout)
break; break;
case LIBSSH2_POLLFD_CHANNEL: case LIBSSH2_POLLFD_CHANNEL:
if(FD_ISSET(fds[i].fd.channel->session->socket_fd, &rfds)) { if(FD_ISSET(fds[i].fd.channel->session->socket_fd,
&rfds)) {
/* Spin session until no data available */ /* Spin session until no data available */
while(_libssh2_transport_read(fds[i].fd.channel->session) while(_libssh2_transport_read(fds[i].fd.
channel->session)
> 0); > 0);
} }
break; break;
@@ -1775,7 +1783,8 @@ libssh2_poll(LIBSSH2_POLLFD * fds, unsigned int nfds, long timeout)
if(FD_ISSET if(FD_ISSET
(fds[i].fd.listener->session->socket_fd, &rfds)) { (fds[i].fd.listener->session->socket_fd, &rfds)) {
/* Spin session until no data available */ /* Spin session until no data available */
while(_libssh2_transport_read(fds[i].fd.listener->session) while(_libssh2_transport_read(fds[i].fd.
listener->session)
> 0); > 0);
} }
break; break;

56
src/sftp.c
View File

@@ -161,7 +161,8 @@ remove_zombie_request(LIBSSH2_SFTP *sftp, uint32_t request_id)
request_id); request_id);
if(zombie) { if(zombie) {
_libssh2_debug(session, LIBSSH2_TRACE_SFTP, _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
"Removing request ID %ld from the list of zombie requests", "Removing request ID %ld from the list of "
"zombie requests",
request_id); request_id);
_libssh2_list_remove(&zombie->node); _libssh2_list_remove(&zombie->node);
@@ -372,7 +373,8 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
if(sftp->partial_len > recv_window) { if(sftp->partial_len > recv_window) {
/* ask for twice the data amount we need at once */ /* ask for twice the data amount we need at once */
rc = _libssh2_channel_receive_window_adjust(channel, rc = _libssh2_channel_receive_window_adjust(channel,
sftp->partial_len*2, sftp->partial_len
* 2,
1, NULL); 1, NULL);
/* store the state so that we continue with the correct /* store the state so that we continue with the correct
operation at next invoke */ operation at next invoke */
@@ -605,7 +607,8 @@ sftp_packet_requirev(LIBSSH2_SFTP *sftp, int num_valid_responses,
else if(rc <= 0) { else if(rc <= 0) {
/* prevent busy-looping */ /* prevent busy-looping */
long left = long left =
LIBSSH2_READ_TIMEOUT - (long)(time(NULL) - sftp->requirev_start); LIBSSH2_READ_TIMEOUT -
(long)(time(NULL) - sftp->requirev_start);
if(left <= 0) { if(left <= 0) {
sftp->requirev_start = 0; sftp->requirev_start = 0;
@@ -668,7 +671,8 @@ sftp_attr2bin(unsigned char *p, const LIBSSH2_SFTP_ATTRIBUTES * attrs)
/* sftp_bin2attr /* sftp_bin2attr
*/ */
static int static int
sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p, size_t data_len) sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p,
size_t data_len)
{ {
struct string_buf buf; struct string_buf buf;
buf.data = (unsigned char *)p; buf.data = (unsigned char *)p;
@@ -798,7 +802,8 @@ static LIBSSH2_SFTP *sftp_init(LIBSSH2_SESSION *session)
if(session->sftpInit_state == libssh2_NB_state_sent) { if(session->sftpInit_state == libssh2_NB_state_sent) {
int ret = _libssh2_channel_process_startup(session->sftpInit_channel, int ret = _libssh2_channel_process_startup(session->sftpInit_channel,
"subsystem", "subsystem",
sizeof("subsystem") - 1, "sftp", sizeof("subsystem") - 1,
"sftp",
strlen("sftp")); strlen("sftp"));
if(ret == LIBSSH2_ERROR_EAGAIN) { if(ret == LIBSSH2_ERROR_EAGAIN) {
_libssh2_error(session, LIBSSH2_ERROR_EAGAIN, _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
@@ -840,7 +845,8 @@ static LIBSSH2_SFTP *sftp_init(LIBSSH2_SESSION *session)
session->sftpInit_sent = 0; /* nothing's sent yet */ session->sftpInit_sent = 0; /* nothing's sent yet */
_libssh2_debug(session, LIBSSH2_TRACE_SFTP, _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
"Sending FXP_INIT packet advertising version %d support", "Sending FXP_INIT packet advertising "
"version %d support",
(int) LIBSSH2_SFTP_VERSION); (int) LIBSSH2_SFTP_VERSION);
session->sftpInit_state = libssh2_NB_state_sent2; session->sftpInit_state = libssh2_NB_state_sent2;
@@ -1097,7 +1103,8 @@ sftp_open(LIBSSH2_SFTP *sftp, const char *filename,
/* packet_len(4) + packet_type(1) + request_id(4) + filename_len(4) + /* packet_len(4) + packet_type(1) + request_id(4) + filename_len(4) +
flags(4) */ flags(4) */
sftp->open_packet_len = filename_len + 13 + sftp->open_packet_len = filename_len + 13 +
(open_file? (4 + sftp_attrsize(LIBSSH2_SFTP_ATTR_PERMISSIONS)) : 0); (open_file? (4 +
sftp_attrsize(LIBSSH2_SFTP_ATTR_PERMISSIONS)) : 0);
/* surprise! this starts out with nothing sent */ /* surprise! this starts out with nothing sent */
sftp->open_packet_sent = 0; sftp->open_packet_sent = 0;
@@ -1137,7 +1144,8 @@ sftp_open(LIBSSH2_SFTP *sftp, const char *filename,
sftp->open_packet_sent); sftp->open_packet_sent);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
_libssh2_error(session, LIBSSH2_ERROR_EAGAIN, _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block sending FXP_OPEN or FXP_OPENDIR command"); "Would block sending FXP_OPEN or "
"FXP_OPENDIR command");
return NULL; return NULL;
} }
else if(rc < 0) { else if(rc < 0) {
@@ -1204,7 +1212,8 @@ sftp_open(LIBSSH2_SFTP *sftp, const char *filename,
sftp->last_errno = _libssh2_ntohu32(data + 5); sftp->last_errno = _libssh2_ntohu32(data + 5);
if(LIBSSH2_FX_OK == sftp->last_errno) { if(LIBSSH2_FX_OK == sftp->last_errno) {
_libssh2_debug(session, LIBSSH2_TRACE_SFTP, "got HANDLE FXOK!"); _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
"got HANDLE FXOK!");
LIBSSH2_FREE(session, data); LIBSSH2_FREE(session, data);
@@ -1233,7 +1242,8 @@ sftp_open(LIBSSH2_SFTP *sftp, const char *filename,
if(badness) { if(badness) {
_libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
"Failed opening remote file"); "Failed opening remote file");
_libssh2_debug(session, LIBSSH2_TRACE_SFTP, "got FXP_STATUS %d", _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
"got FXP_STATUS %d",
sftp->last_errno); sftp->last_errno);
LIBSSH2_FREE(session, data); LIBSSH2_FREE(session, data);
return NULL; return NULL;
@@ -1765,7 +1775,8 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer,
goto end; goto end;
} }
if(buffer_maxlen >= filename_len && names_packet_len >= filename_len) { if(buffer_maxlen >= filename_len && names_packet_len >=
filename_len) {
memcpy(buffer, s, filename_len); memcpy(buffer, s, filename_len);
buffer[filename_len] = '\0'; /* zero terminate */ buffer[filename_len] = '\0'; /* zero terminate */
s += real_filename_len; s += real_filename_len;
@@ -1789,7 +1800,8 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer,
if(longentry && (longentry_maxlen>1)) { if(longentry && (longentry_maxlen>1)) {
longentry_len = real_longentry_len; longentry_len = real_longentry_len;
if(longentry_len >= longentry_maxlen || longentry_len > names_packet_len) { if(longentry_len >= longentry_maxlen ||
longentry_len > names_packet_len) {
filename_len = (size_t)LIBSSH2_ERROR_BUFFER_TOO_SMALL; filename_len = (size_t)LIBSSH2_ERROR_BUFFER_TOO_SMALL;
goto end; goto end;
} }
@@ -1810,7 +1822,8 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer,
if(attrs) if(attrs)
memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES));
attr_len = sftp_bin2attr(attrs ? attrs : &attrs_dummy, s, names_packet_len); attr_len = sftp_bin2attr(attrs ? attrs : &attrs_dummy, s,
names_packet_len);
if(attr_len >= 0) { if(attr_len >= 0) {
s += attr_len; s += attr_len;
@@ -2010,7 +2023,8 @@ static ssize_t sftp_write(LIBSSH2_SFTP_HANDLE *handle, const char *buffer,
acked but we haven't been able to return as such yet, so we will acked but we haven't been able to return as such yet, so we will
get that data as well passed in here again. get that data as well passed in here again.
*/ */
already = (size_t) (handle->u.file.offset_sent - handle->u.file.offset)+ already = (size_t) (handle->u.file.offset_sent -
handle->u.file.offset)+
handle->u.file.acked; handle->u.file.acked;
if(count >= already) { if(count >= already) {
@@ -2063,8 +2077,8 @@ static ssize_t sftp_write(LIBSSH2_SFTP_HANDLE *handle, const char *buffer,
to create more packets */ to create more packets */
} }
/* move through the WRITE packets that haven't been sent and send as many /* move through the WRITE packets that haven't been sent and send as
as possible - remember that we don't block */ many as possible - remember that we don't block */
chunk = _libssh2_list_first(&handle->packet_list); chunk = _libssh2_list_first(&handle->packet_list);
while(chunk) { while(chunk) {
@@ -2149,7 +2163,8 @@ static ssize_t sftp_write(LIBSSH2_SFTP_HANDLE *handle, const char *buffer,
/* since we return error now, the application will not get any /* since we return error now, the application will not get any
outstanding data acked, so we need to rewind the offset to outstanding data acked, so we need to rewind the offset to
where the application knows it has reached with acked data */ where the application knows it has reached with acked
data */
handle->u.file.offset -= handle->u.file.acked; handle->u.file.offset -= handle->u.file.acked;
/* then reset the offset_sent to be the same as the offset */ /* then reset the offset_sent to be the same as the offset */
@@ -2159,8 +2174,8 @@ static ssize_t sftp_write(LIBSSH2_SFTP_HANDLE *handle, const char *buffer,
ack after an error */ ack after an error */
handle->u.file.acked = 0; handle->u.file.acked = 0;
/* the server returned an error for that written chunk, propagate /* the server returned an error for that written chunk,
this back to our parent function */ propagate this back to our parent function */
return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
"FXP write failed"); "FXP write failed");
} }
@@ -3039,7 +3054,8 @@ libssh2_sftp_fstatvfs(LIBSSH2_SFTP_HANDLE *handle, LIBSSH2_SFTP_STATVFS *st)
int rc; int rc;
if(!handle || !st) if(!handle || !st)
return LIBSSH2_ERROR_BAD_USE; return LIBSSH2_ERROR_BAD_USE;
BLOCK_ADJUST(rc, handle->sftp->channel->session, sftp_fstatvfs(handle, st)); BLOCK_ADJUST(rc, handle->sftp->channel->session,
sftp_fstatvfs(handle, st));
return rc; return rc;
} }

19
src/transport.c
View File

@@ -485,7 +485,8 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
if(blocksize - 5 <= (int) total_num) { if(blocksize - 5 <= (int) total_num) {
memcpy(p->wptr, &block[5], blocksize - 5); memcpy(p->wptr, &block[5], blocksize - 5);
p->wptr += blocksize - 5; /* advance write pointer */ p->wptr += blocksize - 5; /* advance write pointer */
} else { }
else {
return LIBSSH2_ERROR_OUT_OF_BOUNDARY; return LIBSSH2_ERROR_OUT_OF_BOUNDARY;
} }
} }
@@ -591,12 +592,13 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
if(session->packAdd_state != libssh2_NB_state_idle) { if(session->packAdd_state != libssh2_NB_state_idle) {
/* fullpacket only returns LIBSSH2_ERROR_EAGAIN if /* fullpacket only returns LIBSSH2_ERROR_EAGAIN if
* libssh2_packet_add returns LIBSSH2_ERROR_EAGAIN. If that * libssh2_packet_add returns LIBSSH2_ERROR_EAGAIN. If
* returns LIBSSH2_ERROR_EAGAIN but the packAdd_state is idle, * that returns LIBSSH2_ERROR_EAGAIN but the packAdd_state
* then the packet has been added to the brigade, but some * is idle, then the packet has been added to the brigade,
* immediate action that was taken based on the packet * but some immediate action that was taken based on the
* type (such as key re-exchange) is not yet complete. * packet type (such as key re-exchange) is not yet
* Clear the way for a new packet to be read in. * complete. Clear the way for a new packet to be read
* in.
*/ */
session->readPack_encrypted = encrypted; session->readPack_encrypted = encrypted;
session->readPack_state = libssh2_NB_state_jump1; session->readPack_state = libssh2_NB_state_jump1;
@@ -783,7 +785,8 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session,
dest2_len -= dest_len; dest2_len -= dest_len;
rc = session->local.comp->comp(session, rc = session->local.comp->comp(session,
&p->outbuf[5 + dest_len], &dest2_len, &p->outbuf[5 + dest_len],
&dest2_len,
data2, data2_len, data2, data2_len,
&session->local.comp_abstract); &session->local.comp_abstract);
} }

83
src/userauth.c
View File

@@ -314,7 +314,8 @@ userauth_password(LIBSSH2_SESSION *session,
session->userauth_pswd_state = libssh2_NB_state_idle; session->userauth_pswd_state = libssh2_NB_state_idle;
return 0; return 0;
} }
else if(session->userauth_pswd_data[0] == SSH_MSG_USERAUTH_FAILURE) { else if(session->userauth_pswd_data[0] ==
SSH_MSG_USERAUTH_FAILURE) {
_libssh2_debug(session, LIBSSH2_TRACE_AUTH, _libssh2_debug(session, LIBSSH2_TRACE_AUTH,
"Password authentication failed"); "Password authentication failed");
LIBSSH2_FREE(session, session->userauth_pswd_data); LIBSSH2_FREE(session, session->userauth_pswd_data);
@@ -353,7 +354,8 @@ userauth_password(LIBSSH2_SESSION *session,
session->userauth_pswd_data = NULL; session->userauth_pswd_data = NULL;
} }
if(passwd_change_cb) { if(passwd_change_cb) {
if(session->userauth_pswd_state == libssh2_NB_state_sent1) { if(session->userauth_pswd_state ==
libssh2_NB_state_sent1) {
passwd_change_cb(session, passwd_change_cb(session,
&session->userauth_pswd_newpw, &session->userauth_pswd_newpw,
&session->userauth_pswd_newpw_len, &session->userauth_pswd_newpw_len,
@@ -403,7 +405,8 @@ userauth_password(LIBSSH2_SESSION *session,
session->userauth_pswd_state = libssh2_NB_state_sent2; session->userauth_pswd_state = libssh2_NB_state_sent2;
} }
if(session->userauth_pswd_state == libssh2_NB_state_sent2) { if(session->userauth_pswd_state ==
libssh2_NB_state_sent2) {
rc = _libssh2_transport_send(session, rc = _libssh2_transport_send(session,
session->userauth_pswd_data, session->userauth_pswd_data,
session->userauth_pswd_data_len, session->userauth_pswd_data_len,
@@ -411,7 +414,8 @@ userauth_password(LIBSSH2_SESSION *session,
session->userauth_pswd_newpw, session->userauth_pswd_newpw,
session->userauth_pswd_newpw_len); session->userauth_pswd_newpw_len);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, return _libssh2_error(session,
LIBSSH2_ERROR_EAGAIN,
"Would block waiting"); "Would block waiting");
} }
@@ -465,7 +469,8 @@ LIBSSH2_API int
libssh2_userauth_password_ex(LIBSSH2_SESSION *session, const char *username, libssh2_userauth_password_ex(LIBSSH2_SESSION *session, const char *username,
unsigned int username_len, const char *password, unsigned int username_len, const char *password,
unsigned int password_len, unsigned int password_len,
LIBSSH2_PASSWD_CHANGEREQ_FUNC((*passwd_change_cb))) LIBSSH2_PASSWD_CHANGEREQ_FUNC
((*passwd_change_cb)))
{ {
int rc; int rc;
BLOCK_ADJUST(rc, session, BLOCK_ADJUST(rc, session,
@@ -967,7 +972,8 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
session->userauth_host_packet + session->userauth_host_packet_len; session->userauth_host_packet + session->userauth_host_packet_len;
_libssh2_store_u32(&session->userauth_host_s, _libssh2_store_u32(&session->userauth_host_s,
4 + session->userauth_host_method_len + 4 + sig_len); 4 + session->userauth_host_method_len +
4 + sig_len);
_libssh2_store_str(&session->userauth_host_s, _libssh2_store_str(&session->userauth_host_s,
(const char *)session->userauth_host_method, (const char *)session->userauth_host_method,
session->userauth_host_method_len); session->userauth_host_method_len);
@@ -990,7 +996,8 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
session->userauth_host_packet, session->userauth_host_packet,
NULL, 0); NULL, 0);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block");
} }
else if(rc) { else if(rc) {
LIBSSH2_FREE(session, session->userauth_host_packet); LIBSSH2_FREE(session, session->userauth_host_packet);
@@ -1015,7 +1022,8 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
&session-> &session->
userauth_host_packet_requirev_state); userauth_host_packet_requirev_state);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block");
} }
session->userauth_host_state = libssh2_NB_state_idle; session->userauth_host_state = libssh2_NB_state_idle;
@@ -1075,7 +1083,8 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
unsigned int username_len, unsigned int username_len,
const unsigned char *pubkeydata, const unsigned char *pubkeydata,
unsigned long pubkeydata_len, unsigned long pubkeydata_len,
LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC((*sign_callback)), LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC
((*sign_callback)),
void *abstract) void *abstract)
{ {
unsigned char reply_codes[4] = unsigned char reply_codes[4] =
@@ -1120,8 +1129,8 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
LIBSSH2_ALLOC(session, session->userauth_pblc_method_len); LIBSSH2_ALLOC(session, session->userauth_pblc_method_len);
if(!session->userauth_pblc_method) { if(!session->userauth_pblc_method) {
return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for public key " "Unable to allocate memory "
"data"); "for public key data");
} }
memcpy(session->userauth_pblc_method, pubkeydata + 4, memcpy(session->userauth_pblc_method, pubkeydata + 4,
session->userauth_pblc_method_len); session->userauth_pblc_method_len);
@@ -1191,7 +1200,8 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
session->userauth_pblc_packet_len, session->userauth_pblc_packet_len,
NULL, 0); NULL, 0);
if(rc == LIBSSH2_ERROR_EAGAIN) if(rc == LIBSSH2_ERROR_EAGAIN)
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block");
else if(rc) { else if(rc) {
LIBSSH2_FREE(session, session->userauth_pblc_packet); LIBSSH2_FREE(session, session->userauth_pblc_packet);
session->userauth_pblc_packet = NULL; session->userauth_pblc_packet = NULL;
@@ -1213,7 +1223,8 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
&session-> &session->
userauth_pblc_packet_requirev_state); userauth_pblc_packet_requirev_state);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block");
} }
else if(rc || (session->userauth_pblc_data_len < 1)) { else if(rc || (session->userauth_pblc_data_len < 1)) {
LIBSSH2_FREE(session, session->userauth_pblc_packet); LIBSSH2_FREE(session, session->userauth_pblc_packet);
@@ -1287,7 +1298,8 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
rc = sign_callback(session, &sig, &sig_len, buf, s - buf, abstract); rc = sign_callback(session, &sig, &sig_len, buf, s - buf, abstract);
LIBSSH2_FREE(session, buf); LIBSSH2_FREE(session, buf);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block");
} }
else if(rc) { else if(rc) {
LIBSSH2_FREE(session, session->userauth_pblc_method); LIBSSH2_FREE(session, session->userauth_pblc_method);
@@ -1329,7 +1341,8 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
session->userauth_pblc_b = NULL; session->userauth_pblc_b = NULL;
_libssh2_store_u32(&s, _libssh2_store_u32(&s,
4 + session->userauth_pblc_method_len + 4 + sig_len); 4 + session->userauth_pblc_method_len + 4 +
sig_len);
_libssh2_store_str(&s, (const char *)session->userauth_pblc_method, _libssh2_store_str(&s, (const char *)session->userauth_pblc_method,
session->userauth_pblc_method_len); session->userauth_pblc_method_len);
@@ -1352,7 +1365,8 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
session->userauth_pblc_packet, session->userauth_pblc_packet,
NULL, 0); NULL, 0);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block");
} }
else if(rc) { else if(rc) {
LIBSSH2_FREE(session, session->userauth_pblc_packet); LIBSSH2_FREE(session, session->userauth_pblc_packet);
@@ -1588,7 +1602,8 @@ libssh2_userauth_publickey(LIBSSH2_SESSION *session,
const char *user, const char *user,
const unsigned char *pubkeydata, const unsigned char *pubkeydata,
size_t pubkeydata_len, size_t pubkeydata_len,
LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC((*sign_callback)), LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC
((*sign_callback)),
void **abstract) void **abstract)
{ {
int rc; int rc;
@@ -1614,7 +1629,8 @@ static int
userauth_keyboard_interactive(LIBSSH2_SESSION * session, userauth_keyboard_interactive(LIBSSH2_SESSION * session,
const char *username, const char *username,
unsigned int username_len, unsigned int username_len,
LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback))) LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC
((*response_callback)))
{ {
unsigned char *s; unsigned char *s;
int rc; int rc;
@@ -1685,14 +1701,16 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
session->userauth_kybd_packet_len, session->userauth_kybd_packet_len,
NULL, 0); NULL, 0);
if(rc == LIBSSH2_ERROR_EAGAIN) { if(rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block");
} }
else if(rc) { else if(rc) {
LIBSSH2_FREE(session, session->userauth_kybd_data); LIBSSH2_FREE(session, session->userauth_kybd_data);
session->userauth_kybd_data = NULL; session->userauth_kybd_data = NULL;
session->userauth_kybd_state = libssh2_NB_state_idle; session->userauth_kybd_state = libssh2_NB_state_idle;
return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
"Unable to send keyboard-interactive request"); "Unable to send keyboard-interactive"
" request");
} }
LIBSSH2_FREE(session, session->userauth_kybd_data); LIBSSH2_FREE(session, session->userauth_kybd_data);
session->userauth_kybd_data = NULL; session->userauth_kybd_data = NULL;
@@ -1716,12 +1734,14 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
session->userauth_kybd_state = libssh2_NB_state_idle; session->userauth_kybd_state = libssh2_NB_state_idle;
return _libssh2_error(session, return _libssh2_error(session,
LIBSSH2_ERROR_AUTHENTICATION_FAILED, LIBSSH2_ERROR_AUTHENTICATION_FAILED,
"Waiting for keyboard USERAUTH response"); "Waiting for keyboard "
"USERAUTH response");
} }
if(session->userauth_kybd_data[0] == SSH_MSG_USERAUTH_SUCCESS) { if(session->userauth_kybd_data[0] == SSH_MSG_USERAUTH_SUCCESS) {
_libssh2_debug(session, LIBSSH2_TRACE_AUTH, _libssh2_debug(session, LIBSSH2_TRACE_AUTH,
"Keyboard-interactive authentication successful"); "Keyboard-interactive "
"authentication successful");
LIBSSH2_FREE(session, session->userauth_kybd_data); LIBSSH2_FREE(session, session->userauth_kybd_data);
session->userauth_kybd_data = NULL; session->userauth_kybd_data = NULL;
session->state |= LIBSSH2_STATE_AUTHENTICATED; session->state |= LIBSSH2_STATE_AUTHENTICATED;
@@ -1900,14 +1920,16 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
} }
else { else {
_libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL, _libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL,
"userauth keyboard data buffer too small" "userauth keyboard data buffer too "
"for auth keyboard prompt length"); "small for auth keyboard "
"prompt length");
goto cleanup; goto cleanup;
} }
session->userauth_kybd_prompts[i].text = session->userauth_kybd_prompts[i].text =
LIBSSH2_CALLOC(session, LIBSSH2_CALLOC(session,
session->userauth_kybd_prompts[i].length); session->userauth_kybd_prompts[i].
length);
if(!session->userauth_kybd_prompts[i].text) { if(!session->userauth_kybd_prompts[i].text) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC, _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for " "Unable to allocate memory for "
@@ -1924,8 +1946,8 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
} }
else { else {
_libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL, _libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL,
"userauth keyboard data buffer too small" "userauth keyboard data buffer too "
"for auth keyboard prompt"); "small for auth keyboard prompt");
goto cleanup; goto cleanup;
} }
if(s < session->userauth_kybd_data + if(s < session->userauth_kybd_data +
@@ -1935,8 +1957,8 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
} }
else { else {
_libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL, _libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL,
"userauth keyboard data buffer too small" "userauth keyboard data buffer too "
"for auth keyboard prompt echo"); "small for auth keyboard prompt echo");
goto cleanup; goto cleanup;
} }
} }
@@ -2077,7 +2099,8 @@ LIBSSH2_API int
libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION *session, libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION *session,
const char *user, const char *user,
unsigned int user_len, unsigned int user_len,
LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback))) LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC
((*response_callback)))
{ {
int rc; int rc;
BLOCK_ADJUST(rc, session, BLOCK_ADJUST(rc, session,

3
src/userauth.h
View File

@@ -44,7 +44,8 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
unsigned int username_len, unsigned int username_len,
const unsigned char *pubkeydata, const unsigned char *pubkeydata,
unsigned long pubkeydata_len, unsigned long pubkeydata_len,
LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC((*sign_callback)), LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC
((*sign_callback)),
void *abstract); void *abstract);
#endif /* LIBSSH2_USERAUTH_H */ #endif /* LIBSSH2_USERAUTH_H */

3
src/wincng.c
View File

@@ -287,7 +287,8 @@ _libssh2_wincng_init(void)
(PBYTE)BCRYPT_CHAIN_MODE_CBC, (PBYTE)BCRYPT_CHAIN_MODE_CBC,
sizeof(BCRYPT_CHAIN_MODE_CBC), 0); sizeof(BCRYPT_CHAIN_MODE_CBC), 0);
if(!BCRYPT_SUCCESS(ret)) { if(!BCRYPT_SUCCESS(ret)) {
(void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlg3DES_CBC, 0); (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlg3DES_CBC,
0);
} }
} }
} }

3
src/wincng.h
View File

@@ -310,7 +310,8 @@ struct _libssh2_wincng_cipher_ctx {
struct _libssh2_wincng_cipher_type { struct _libssh2_wincng_cipher_type {
BCRYPT_ALG_HANDLE *phAlg; BCRYPT_ALG_HANDLE *phAlg;
unsigned long dwKeyLength; unsigned long dwKeyLength;
int useIV; /* TODO: Convert to bool when a C89 compatible bool type is defined */ int useIV; /* TODO: Convert to bool when a C89 compatible bool type
is defined */
int ctrMode; int ctrMode;
}; };