Notes:
Add CIFuzz integration to run fuzzer using the OSS-Fuzz infrastructure
at each PR.
Signed-off-by: David Korczynski <david@adalogics.com>
Closes#635
Files: libssh2.h
Notes:
`_WINDLL` is only defined when a Visual Studio CMake generator is used, `libssh2_EXPORTS` is used though for all CMake generator if a shared libssh2 library is being built.
Credit:
Uwe L. Korn
Fix these categories of warning:
- in `wincng.c` disagreement in signed/unsigned char when passing around
the passphrase string:
`warning: pointer targets in passing argument [...] differ in signedness [-Wpointer-sign]`
Fixed by using `const unsigned char *` in all static functions and
applying/updating casts as necessary.
- in each use of `libssh2_*_init()` macros where the result is not used:
`warning: value computed is not used [-Wunused-value]`
Fixed by using `(void)` casts.
- `channel.c:1171:7: warning: 'rc' may be used uninitialized in this function [-Wmaybe-uninitialized]`
Fixed by initializing this variable with `LIBSSH2_ERROR_CHANNEL_UNKNOWN`.
While there I replaced a few 0 literals with `LIBSSH2_ERROR_NONE`.
- in `sftp.c`, several of these two warnings:
`warning: 'data' may be used uninitialized in this function [-Wmaybe-uninitialized]`
`warning: 'data_len' may be used uninitialized in this function [-Wmaybe-uninitialized]`
Fixed by initializing these variables with NULL and 0 respectively.
- Also removed the exec attribute from `wincng.h`.
Notes:
- There are many pre-existing checksrc issues.
- The `sftp.c` and `channel.c` warnings may apply to other platforms as well.
Closes#628
Sometimes, as the OCI container is run in detached mode, it is possible
the actual server is not ready yet to handle SSH traffic. The goal of
this PR is to try several times (max 3). The mechanism is the same as
for the connection to the docker machine.
The current tests suite starts SSH server as OCI container. This commit
add the possibility to run the tests in a container provided that:
* the docker client is installed builder container
* the host docker daemon unix socket has been mounted in the builder
container (with, if needed, the DOCKER_HOST environment variable
accordingly set, and the permission to write on this socket)
* the builder container is run on the default bridge network, or the
host network. This PR does not handle the case where the builder
container is on another network.
No longer rely on DigitalOcean to host the Docker container.
Unfortunately we require a small dispatcher script that has
access to a GitHub access token with scope repo in order to
trigger the daemon workflow on GitHub Actions also for PRs.
This script is hosted by myself for the time being until GitHub
provides a tighter scope to trigger the workflow_dispatch event.
Notes:
FIPS_mode() is not implemented in LibreSSL and this API is removed in OpenSSL 3.0 and was introduced in 0.9.7. Added guards around making this call.
Credit:
Will Cosgrove
* configure.ac: don't undefine scoped variable
To get this script to run with Autoconf 2.71 on macOS I had to remove the undefine of the backend for loop variable. It seems scoped to the for loop and also isn't referenced later in the script so it seems OK to remove it.
* configure.ac: remove cygwin specific CFLAGS #598
Notes:
Remove cygwin specific Win32 CFLAGS and treat the build like a posix build
Credit:
Will Cosgrove, Brian Inglis
File:
packet.c
Notes:
Attempt keyboard interactive login (Azure AD 2FA login) and use more than 60 seconds to complete the login, the connection fails.
The _libssh2_packet_require function does almost the same as _libssh2_packet_requirev but this function sets state->start = 0 before returning.
Credit:
teottin, Co-authored-by: Tor Erik Ottinsen <tor.ottinsen@kdi.kongsberg.com>
Files: hostkey.c, userauth.c, test_public_key_auth_succeeds_with_correct_ecdsa_key.c
Notes:
Support ECDSA certificate authentication
Add a test for:
- Existing ecdsa basic public key authentication
- ecdsa public key authentication with a signed public key
Credit:
kkoenig
Files: agent.c, agent.h, agent_win.c
Notes:
* agent: Add support for Windows OpenSSH agent
The implementation was partially taken and modified from that found in
the Portable OpenSSH port to Win32 by the PowerShell team, but mostly
based on the existing Unix OpenSSH agent support.
https://github.com/PowerShell/openssh-portable
Regarding the partial transfer support implementation: partial transfers
are easy to deal with, but you need to track additional state when
non-blocking IO enters the picture. A tracker of how many bytes have
been transfered has been placed in the transfer context struct as that's
where it makes most sense. This tracker isn't placed behind a WIN32
#ifdef as it will probably be useful for other agent implementations.
* agent: win32 openssh: Disable overlapped IO
Non-blocking IO is not currently supported by the surrounding agent
code, despite a lot of the code having everything set up to handle it.
Credit:
Co-authored-by: Gabriel Smith <gabriel.smith@precisionot.com>
Notes:
* Make _libssh2_random return code consistent
Previously, _libssh2_random was advertized in HACKING.CRYPTO as
returning `void` (and was implemented that way in os400qc3.c), but that
was in other crypto backends a lie; _libssh2_random is (a macro
expanding) to an int-value expression or function.
Moreover, that returned code was:
— 0 or success, -1 on error for the MbedTLS & WinCNG crypto backends
But also:
— 1 on success, -1 or 0 on error for the OpenSSL backend!
– 1 on success, error cannot happen for libgcrypt!
This commit makes explicit that _libssh2_random can fail (because most of
the underlying crypto functions can indeed fail!), and it makes its result
code consistent: 0 on success, -1 on error.
This is related to issue #519https://github.com/libssh2/libssh2/issues/519
It fixes the first half of it.
* Don't silent errors of _libssh2_random
Make sure to check the returned code of _libssh2_random(), and
propagates any failure.
A new LIBSSH_ERROR_RANDGEN constant is added to libssh2.h
None of the existing error constants seemed fit.
This commit is related to d74285b684
and to https://github.com/libssh2/libssh2/issues/519 (see the issue
for more info.) It closes#519.
Credit:
Paul Capron
Notes:
The OpenSSH server docker image used for tests is pre-built to prevent
wasting time building it during a test, and unneeded rebuilds are
prevented by caching the image layers.
Credit:
Gabriel Smith
file: userauth.c
notes: libssh2 now supports many other key types besides RSA, if the library is built without RSA support and a user attempts RSA auth it shouldn't be an automatic error
credit:
Will Cosgrove
File:
openssh_fixture.c
Notes:
If reading the full output from the executed command took multiple
passes (such as when reading multiple lines) the old code would read
into the buffer starting at the some position (the start) every time.
The old code only works if fgets updated p or had an offset parameter,
both of which are not true.
Credit:
Gabriel Smith
File: bcrypt_pbkdf.c
Notes:
blf_enc() takes a number of 64-bit blocks to encrypt, but using
sizeof(uint64_t) in the calculation triggers a warning with
clang 10 because the actual data type is uint32_t. Pass
BCRYPT_BLOCKS / 2 for the number of blocks like libc bcrypt(3)
does.
Ref: 04a2240bd8Fixes#562
Credit:
Viktor Szakats
file: ssh_client_fuzzer.cc
notes: the session needs blocking mode turned on to avoid EAGAIN being returned from libssh2_session_handshake()
credit:
Will Cosgrove, reviewed by Michael Buckley
* kex.c: kex_agree_instr() improve string reading
file: kex.c
notes: if haystack isn't null terminated we should use memchr() not strchar(). We should also make sure we don't walk off the end of the buffer.
credit:
Will Cosgrove, reviewed by Michael Buckley
File: kex.c
Notes:
Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code.
Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up.
Credit:
Stefan-Ghinea
The old function would set the least significant bits in
the most significant byte instead of the most significant bits.
The old function would also zero pad too much bits in the
most significant byte. This lead to a reduction of key space
in the most significant byte according to the following listing:
- 8 bits reduced to 0 bits => eg. 2048 bits to 2040 bits DH key
- 7 bits reduced to 1 bits => eg. 2047 bits to 2041 bits DH key
- 6 bits reduced to 2 bits => eg. 2046 bits to 2042 bits DH key
- 5 bits reduced to 3 bits => eg. 2045 bits to 2043 bits DH key
No change would occur for the case of 4 significant bits.
For 1 to 3 significant bits in the most significant byte
the DH key would actually be expanded instead of reduced:
- 3 bits expanded to 5 bits => eg. 2043 bits to 2045 bits DH key
- 2 bits expanded to 6 bits => eg. 2042 bits to 2046 bits DH key
- 1 bits expanded to 7 bits => eg. 2041 bits to 2047 bits DH key
There is no case of 0 significant bits in the most significant byte
since this would be a case of 8 significant bits in the next byte.
At the moment only the following case applies due to a fixed
DH key size value currently being used in libssh2:
The DH group_order is fixed to 256 (bytes) which leads to a
2047 bits DH key size by calculating (256 * 8) - 1.
This means the DH keyspace was previously reduced from 2047 bits
to 2041 bits (while the top and bottom bits are always set), so the
keyspace is actually always reduced from 2045 bits to 2039 bits.
All of this is only relevant for Windows versions supporting the
WinCNG backend (Vista or newer) before Windows 10 version 1903.
Closes#521
