generic-library/ssh2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:RELEASE.0.14
Branches Tags
generic-library:main
generic-library:libssh2-1.7.0 generic-library:libssh2-1.6.0 generic-library:libssh2-1.5.0 generic-library:libssh2-1.4.3 generic-library:libssh2-1.4.2 generic-library:libssh2-1.4.1 generic-library:libssh2-1.4.0 generic-library:libssh2-1.3.0 generic-library:libssh2-1.2.9 generic-library:libssh2-1.2.8 generic-library:libssh2-1.2.7 generic-library:libssh2-1.2.6 generic-library:libssh2-1.2.5 generic-library:libssh2-1.2.4 generic-library:libssh2-1.2.3 generic-library:libssh2-1.2.2 generic-library:libssh2-1.2.1 generic-library:libssh2-1.2 generic-library:RELEASE.1.1 generic-library:RELEASE.1.0 generic-library:RELEASE.0.18 generic-library:RELEASE.0.17 generic-library:RELEASE.0.16 generic-library:RELEASE.0.15 generic-library:beforenb2-0.14 generic-library:beforenb-0.14 generic-library:RELEASE.0.14 generic-library:RELEASE.0.13 generic-library:RELEASE.0.12 generic-library:RELEASE.0.11 generic-library:RELEASE.0.10 generic-library:RELEASE.0.8 generic-library:RELEASE.0.7 generic-library:RELEASE.0.6 generic-library:RELEASE.0.5 generic-library:RELEASE.0.3 generic-library:RELEASE.0.1 generic-library:start
..
compare: generic-library:beforenb-0.14
Branches Tags
generic-library:main
generic-library:libssh2-1.7.0 generic-library:libssh2-1.6.0 generic-library:libssh2-1.5.0 generic-library:libssh2-1.4.3 generic-library:libssh2-1.4.2 generic-library:libssh2-1.4.1 generic-library:libssh2-1.4.0 generic-library:libssh2-1.3.0 generic-library:libssh2-1.2.9 generic-library:libssh2-1.2.8 generic-library:libssh2-1.2.7 generic-library:libssh2-1.2.6 generic-library:libssh2-1.2.5 generic-library:libssh2-1.2.4 generic-library:libssh2-1.2.3 generic-library:libssh2-1.2.2 generic-library:libssh2-1.2.1 generic-library:libssh2-1.2 generic-library:RELEASE.1.1 generic-library:RELEASE.1.0 generic-library:RELEASE.0.18 generic-library:RELEASE.0.17 generic-library:RELEASE.0.16 generic-library:RELEASE.0.15 generic-library:beforenb2-0.14 generic-library:beforenb-0.14 generic-library:RELEASE.0.14 generic-library:RELEASE.0.13 generic-library:RELEASE.0.12 generic-library:RELEASE.0.11 generic-library:RELEASE.0.10 generic-library:RELEASE.0.8 generic-library:RELEASE.0.7 generic-library:RELEASE.0.6 generic-library:RELEASE.0.5 generic-library:RELEASE.0.3 generic-library:RELEASE.0.1 generic-library:start

92 Commits
RELEASE.0. ... beforenb-0

Author SHA1 Message Date
Daniel Stenberg
c63ef86075 non-blocking stuff removed, see *readnb_ex() 2007-02-02 16:11:55 +00:00
Daniel Stenberg
1b733d1196 more docs, including a template.3 for new man pages 2007-02-02 16:09:12 +00:00
Simon Josefsson
3c61a44224 Libgcrypt stuff works. 2007-02-02 11:22:39 +00:00
Simon Josefsson
20527d9688 Mind your p's and q's! RSA authentication now works. 2007-02-02 11:18:34 +00:00
Daniel Stenberg
09ee2d4086 Chris Nystrom helped me realize I must count the received bytes myself to 
know when the transfer is complete
 2007-02-01 22:39:45 +00:00
Daniel Stenberg
5859642888 oops, it shouldn't be non-blocking when doing blocking transfers... 2007-01-30 11:10:26 +00:00
Daniel Stenberg
ba1eb9f8fc simple (blocking) SCP transfer 2007-01-30 11:07:14 +00:00
Daniel Stenberg
e2f6518d95 two simple samples 2007-01-24 14:15:36 +00:00
Daniel Stenberg
a139ab0b45 fix compiler warnings 2007-01-23 21:36:40 +00:00
Simon Josefsson
f1e7eb7ae8 Fix RSA private key reading (still not working). 2007-01-23 15:12:41 +00:00
Simon Josefsson
b790cabf6a Fix warnings. 2007-01-23 13:55:11 +00:00
Simon Josefsson
d2be40421a Fix warnings. 2007-01-23 12:44:14 +00:00
Simon Josefsson
b1d855d1ac Fix warnings. 2007-01-23 12:44:14 +00:00
Simon Josefsson
1826e7365d Fix warnings. 2007-01-23 12:32:06 +00:00
Simon Josefsson
7f9ea39a5d Fix mem leak. 2007-01-23 12:26:36 +00:00
Simon Josefsson
6cf4420264 Fix mem leak. 2007-01-23 12:18:50 +00:00
Simon Josefsson
bfb71f3075 Need more #include's. 2007-01-23 11:53:27 +00:00
Simon Josefsson
1f232d69ed Fix warnings. 2007-01-23 11:52:23 +00:00
Simon Josefsson
f252d350ec Fix warnings. 2007-01-23 11:52:08 +00:00
Simon Josefsson
4c2c468b08 Remove OpenSSL #include. 2007-01-23 11:29:13 +00:00
Simon Josefsson
a86a4e0cfc Fix mem leak. 2007-01-23 11:28:05 +00:00
Simon Josefsson
b1f8bafb64 If --with-libgcrypt is specified, don't check for OpenSSL. 2007-01-23 10:37:14 +00:00
Simon Josefsson
c9d40afa14 Abstract bignum API. 2007-01-23 10:29:55 +00:00
Simon Josefsson
51b9ff0f16 Abstract RSA/DSA private key file reading and RSA/DSA signing, and 
implement them in openssl/libgcrypt layer.
 2007-01-23 08:22:54 +00:00
Simon Josefsson
0d9a7e3c2e Add prototypes for pem.c functions. 2007-01-23 08:14:14 +00:00
Simon Josefsson
75115045ae Add pem.c. 2007-01-23 08:13:32 +00:00
Simon Josefsson
be984707e2 Add. Functions for reading PEM files and decoding ASN.1. 2007-01-23 08:13:10 +00:00
Daniel Stenberg
2afd706ca1 please picky compiler 2007-01-22 21:40:44 +00:00
Simon Josefsson
fe979040a2 Remove non-iovec based RSA/DSA signing (not used, and DSA code even buggy). 2007-01-22 14:15:38 +00:00
Daniel Stenberg
0fab9e9614 fix warning for memcpy() 2007-01-19 21:32:31 +00:00
Simon Josefsson
576d37dafd Indent. 
Fix mem leak on errors.
 2007-01-18 11:37:32 +00:00
Simon Josefsson
a0eda7365e Remove openssl #include. 
Protect use of 3DES.
Reorder definitions to match preference order.
 2007-01-18 11:32:20 +00:00
Simon Josefsson
1f79c7da95 Remove debug code. 2007-01-18 11:30:23 +00:00
Simon Josefsson
6ede32c5e2 Use new generic crypto APIs. 2007-01-18 11:22:10 +00:00
Simon Josefsson
10efccbb83 Align with new _LIBSSH2_CRYPT_METHOD API, for libgcrypt support. 2007-01-18 11:21:39 +00:00
Simon Josefsson
2e8d9217b4 Fix _LIBSSH2_CRYPT_METHOD for libgcrypt support. 2007-01-18 11:21:12 +00:00
Simon Josefsson
d3c334c3d6 Implement new _libssh2_cipher_* API. 2007-01-18 11:20:17 +00:00
Simon Josefsson
e1bebf979b Support DSA verifications. 2007-01-18 07:51:41 +00:00
Simon Josefsson
50d587e2bc Check return value. 
Fix SHA1_Final.
 2007-01-18 07:47:54 +00:00
Simon Josefsson
e0fe196e45 Add. 2007-01-17 20:22:12 +00:00
Simon Josefsson
dc994f64a9 Add more files. 2007-01-17 20:21:47 +00:00
Simon Josefsson
46cd4f42d8 Add more files. 2007-01-17 20:20:49 +00:00
Simon Josefsson
19690441cd Fix 3DES check. 2007-01-17 15:09:04 +00:00
Simon Josefsson
dc7cdb8cb0 Use libssh2_sha1 instead of SHA1. 2007-01-17 15:07:54 +00:00
Simon Josefsson
be4461e4cd Fix last commit. 2007-01-17 15:06:53 +00:00
Simon Josefsson
23d772867e Use libssh2_* wrappers for SHA-1. 2007-01-17 15:05:57 +00:00
Simon Josefsson
c090ac7ed1 Use LIBSSH2_* instead of OPENSSL_NO_* (should ultimately be possible 
to chose by ./configure?).
 2007-01-17 15:01:29 +00:00
Simon Josefsson
6873ada0b7 Use LIBSSH2_* instead of OPENSSL_NO_* (should ultimately be possible 
to chose by ./configure?).
 2007-01-17 14:41:06 +00:00
Simon Josefsson
5c904b112e Unconditionally use SHA-1. 2007-01-17 14:35:40 +00:00
Simon Josefsson
b4d7a4eede Add. 2007-01-16 15:51:31 +00:00
Simon Josefsson
22225099bc Add. 2007-01-16 15:36:43 +00:00
Simon Josefsson
2d8ee8b37c Begin to abstract RSA operations. 2007-01-16 15:33:09 +00:00
Simon Josefsson
219fa19a5f Also build openssl.c or libgcrypt.c. 2007-01-16 15:32:17 +00:00
Simon Josefsson
5443c76c8e Define an automake conditional iff libgcrypt is used. 2007-01-16 15:13:50 +00:00
Simon Josefsson
79761a6455 Use generic APIs for (HMAC-)MD5/SHA1 and RNG, and implement them via OpenSSL/libgcrypt. 2007-01-15 21:12:00 +00:00
Simon Josefsson
362d3466cf Add, for libgcrypt. 2007-01-15 18:16:27 +00:00
Simon Josefsson
6d65428511 Look for libgcrypt if --with-libgcrypt is given to ./configure. 
Note that until the libgcrypt work is complete, libssh2 also link to OpenSSL.
 2007-01-15 18:16:07 +00:00
Simon Josefsson
677005375b Remove unfinished OPENSSL_NO_SHA ifdef stuff, since SHA-1 is required for libssh2 to work. 2007-01-10 17:29:46 +00:00
Simon Josefsson
8a2421bad1 Add basic self test. 2007-01-09 09:49:15 +00:00
Mikhail Gusarov
5cd3efc297 --copy added to automake --add-missing to avoid symlinks in bootstrapped CVS snapshot tarballs 2007-01-03 09:56:31 +00:00
Mikhail Gusarov
f527a88095 Minus sign escaped to not be treated as emdash in man pages. 2007-01-02 05:47:00 +00:00
Daniel Stenberg
fd2368d2b1 fix compiler warnings (and some indent changes) 2006-12-21 14:21:38 +00:00
Daniel Stenberg
036bb51421 fix compiler warnings 2006-12-21 14:20:20 +00:00
Daniel Stenberg
c92d1a5a23 fix compiler warnings, minor re-indenting 2006-12-21 14:19:42 +00:00
Daniel Stenberg
862a758026 Added an initial set of man pages. 2006-12-21 14:09:12 +00:00
Daniel Stenberg
f7f897df07 fix warnings and allow passing user name and password on the command line 2006-12-21 14:06:49 +00:00
Daniel Stenberg
ef8d1a2af8 Added the configure option --enable-debug-build which not only enables a 
debug build (using -g and disabling all -O options), but also sets a whole
range of picky/strict compiler options depending on what compiler and version
that is used. This function is ripped right off the curl configure script,
written by yours truly. I left it using the same name as in the curl script
to 1) make it obvious where it comes from, so that 2) it will be easier to
update and keep it in sync with future modifications.

Now, this shows MAAAAAAAAANY warnings...
 2006-12-13 08:45:49 +00:00
Daniel Stenberg
556cafc457 Removed use of ceil() since that is a math lib function and getting the 
exact accuracy of the microsecond to millisecond conversion simply cannot
be that important. We don't even explicitly link with -lm...
 2006-12-13 08:42:54 +00:00
Simon Josefsson
75b5e06773 Fix indentation. 2006-12-09 09:06:06 +00:00
Simon Josefsson
91e496ff41 Add. 2006-12-07 16:12:44 +00:00
Simon Josefsson
6b1dc88b14 Add autobuild.m4, to make it easier to use http://autobuild.josefsson.org/. 2006-12-07 15:53:01 +00:00
Simon Josefsson
14b9deef24 Move symmetric OpenSSL EVP crypto calls to crypt.c. 2006-12-07 15:44:07 +00:00
Mikhail Gusarov
82d762cae5 Improve detection of closed channel. Eleminates lock-ups on 
multi-channel operation.
 2006-11-27 07:37:40 +00:00
Mikhail Gusarov
1c1c74479e Reading bigger blocks from network before decryption. 
Significantly increases performance.
 2006-11-27 07:31:28 +00:00
Mikhail Gusarov
3a33680e14 write(2) may write only part of passed data under FreeBSD. 
Make sure whole buffer is written.
 2006-11-27 07:24:18 +00:00
Daniel Stenberg
38fea1973d mention a few recent changes 2006-11-24 10:14:31 +00:00
Daniel Stenberg
c63a212559 Add builddir/src to the include path, for the generated config header when 
building out of the source tree.
 2006-11-20 22:21:01 +00:00
Daniel Stenberg
a8451f58df ssh2_sample now gets the right include path to the current include directory 2006-11-20 22:19:40 +00:00
Daniel Stenberg
1dbe8ff365 check for inline in configure 2006-11-20 22:10:56 +00:00
Daniel Stenberg
82424d6735 Starting now, we use automake and libtool for the build. 2006-11-20 08:58:29 +00:00
Daniel Stenberg
3b1b45e644 Moved the private include files libssh2_priv.h and libssh2_config.h.in from 
include/ into the src/ directory. The include/ dir is now strictly for public
headers.

Also, I removed the special win32 source package creation target in the
makefile and I modified the contact email address in configure.in to point out
the libssh2-devel list.
 2006-11-20 08:41:04 +00:00
Daniel Stenberg
84f10fca87 kill compiler warnings 2006-11-19 13:39:01 +00:00
Daniel Stenberg
077ba3efd5 until we automake, let 'make' build all by default 2006-11-19 13:28:03 +00:00
Daniel Stenberg
ab26693769 kill warnings 2006-11-19 13:26:19 +00:00
Daniel Stenberg
1854b4536f Use pkg-config --cflags-only-I when getting the include files necessary to 
build with OpenSSL. Previous approach caused a bad compiler option get set.
 2006-11-17 10:26:11 +00:00
James Housley
1baaa31792 Patch from Daniel Stenberg 
1 - #include <inttypes.h> and uses uint32_t (this is not very portable and
    need attention as I mentioned in my separate mail)

2 - changes libssh2_blocking_read() to return ssize_t and all code that uses
    this function explicitly checks its return code (better).

3 - I fixed a bunch of compiler warnings where functions got called with
    unsigned char * when they expect char *. I strongly suggest we patch away
    all warnings - now.
 2006-11-14 01:30:39 +00:00
James Housley
7058b7fc2a Reproduce most of the POSIX permission/file type defines from sys/stat.h 
so that if compiled with a non-POSIX compiler these are still available
for client software.
 2006-11-13 22:35:02 +00:00
James Housley
1e889ca947 As pointed out, feof() will always fail after a rewind 2006-11-13 15:10:38 +00:00
James Housley
bebd14a011 Bug: [ 1592645 ] Public key can not be readed from file 
While posting a public key file to a remote server via cut-n-paste it
is possible that the key won't have the proper ending.  It might not have
the standard carriage return or line feed.  It might even have extra
spaces.  This patch is based on the originators original patch, but is
more extensive.  If reading the file ends in EOF, remove that character.
Then if there are spaces at the end of the file remove them also.

This does not fix the posibility of the same error in a multi-key file, but
it is a start.
 2006-11-13 11:33:03 +00:00
James Housley
7063d24724 /* RFC4253 section 6.1 Maximum Packet Length says: 
*
 * "All implementations MUST be able to process packets with
 * uncompressed payload length of 32768 bytes or less and
 * total packet size of 35000 bytes or less (including length,
 * padding length, payload, padding, and MAC.)."
 */
Protect against an improper packet from producing unreasonable values.
Credit goes to Daniel Stenberg
 2006-11-10 13:47:13 +00:00
James Housley
8069fa6f9a libssh2_sftp_readdir() wasn't null terminating the filename. If there is 
enough room in the buffer, all a null to the end.
 2006-11-10 12:16:24 +00:00
James Housley
1961e07287 The public *_ex() API functions, most of them, used "int" for length values. 
The convience functions pass in the return from strlen() which is "size_t",
usually an "unsigned long".  This created the possiblility of passing in
a value that could look negative.

All "int" lengths were converted to "unsigned int".  Ideally they should
all become "size_t", but that is a bigger change.  This is a good start.
 2006-11-04 19:30:31 +00:00
53 changed files with 3564 additions and 3892 deletions
Expand all files Collapse all files

16
.cvsignore
View File

@@ -1,3 +1,5 @@
.deps
.libs
*.lib
*.pdb
*.dll
@@ -7,3 +9,17 @@
Debug
Release
*.exp
Makefile
Makefile.in
aclocal.m4
autom4te.cache
config.guess
config.log
config.status
config.sub
configure
depcomp
libtool
ltmain.sh
missing
ssh2_sample

19
Makefile.am Normal file
View File

@@ -0,0 +1,19 @@
AUTOMAKE_OPTIONS = foreign nostdinc
SUBDIRS = src tests
include_HEADERS = include/libssh2.h include/libssh2_publickey.h \
include/libssh2_sftp.h
# and a sample tool
noinst_PROGRAMS = ssh2_sample
INCLUDES = -I$(top_srcdir)/include
ssh2_sample_SOURCES = ssh2_sample.c
ssh2_sample_LDADD = src/libssh2.la
EXTRA_DIST = LICENSE win32
ACLOCAL_AMFLAGS = -I m4

67
Makefile.in
View File

@@ -1,67 +0,0 @@
subdirs = src/
top_srcdir = @top_srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @exec_prefix@/lib
incldir = @prefix@/include
distdir = @top_srcdir@/dist
CC = @CC@
CFLAGS = -c @CFLAGS@ -Iinclude/ -Wall
LIBS = -lssh2 -Lsrc/
INSTALL = @INSTALL@
VERSION=@PACKAGE_VERSION@
DISTLIB=libssh2-$(VERSION)
all:
@for dir in ${subdirs}; do \
(cd $$dir && $(MAKE) all) \
|| case "$(MFLAGS)" in *k*) fail=yes;; *) exit 1;; esac; \
done && test -z "$$fail"
sample:
$(CC) -o ssh2_sample.o ssh2_sample.c $(CFLAGS)
$(CC) -o ssh2_sample ssh2_sample.o $(LIBS)
install: all
$(top_srcdir)/mkinstalldirs $(DESTDIR)$(incldir)
$(top_srcdir)/mkinstalldirs $(DESTDIR)$(libdir)
@for dir in ${subdirs}; do \
(cd $$dir && $(MAKE) install) \
|| case "$(MFLAGS)" in *k*) fail=yes;; *) exit 1;; esac; \
done && test -z "$$fail"
$(INSTALL) -m 644 include/libssh2.h $(DESTDIR)$(incldir)/
$(INSTALL) -m 644 include/libssh2_sftp.h $(DESTDIR)$(incldir)/
$(INSTALL) -m 644 include/libssh2_publickey.h $(DESTDIR)$(incldir)/
clean:
@for dir in ${subdirs}; do \
(cd $$dir && $(MAKE) clean) \
|| case "$(MFLAGS)" in *k*) fail=yes;; *) exit 1;; esac; \
done && test -z "$$fail"
rm -f ssh2_sample.o ssh2_sample
dist:
autoheader
autoconf
rm -f $(DISTLIB)
ln -s . $(DISTLIB)
tar -zcf $(DISTLIB).tar.gz \
$(DISTLIB)/configure $(DISTLIB)/Makefile.in $(DISTLIB)/ssh2_sample.c \
$(DISTLIB)/LICENSE $(DISTLIB)/README $(DISTLIB)/INSTALL \
$(DISTLIB)/mkinstalldirs $(DISTLIB)/install-sh $(DISTLIB)/config.sub $(DISTLIB)/config.guess \
$(DISTLIB)/src/*.c $(DISTLIB)/src/Makefile.in \
$(DISTLIB)/include/libssh2.h $(DISTLIB)/include/libssh2_priv.h $(DISTLIB)/include/libssh2_sftp.h \
$(DISTLIB)/include/libssh2_publickey.h $(DISTLIB)/include/libssh2_config.h.in \
$(DISTLIB)/win32/config.mk $(DISTLIB)/win32/libssh2_config.h $(DISTLIB)/win32/rules.mk \
$(DISTLIB)/win32/libssh2.dsp $(DISTLIB)/win32/libssh2.dsw $(DISTLIB)/win32/ssh2_sample.dsp
rm -f $(DISTLIB)
dist_nmake:
autoheader
autoconf
rm -f $(DISTLIB)
ln -s . $(DISTLIB)
tar -zcf $(DISTLIB)-win32.tar.gz \
$(DISTLIB)/NMakefile $(DISTLIB)/ssh2_sample.c $(DISTLIB)/src/*.c \
$(DISTLIB)/LICENSE $(DISTLIB)/README $(DISTLIB)/TODO $(DISTLIB)/INSTALL \
$(DISTLIB)/include/libssh2.h $(DISTLIB)/include/libssh2_priv.h $(DISTLIB)/include/libssh2_sftp.h \
$(DISTLIB)/include/libssh2_publickey.h \
$(DISTLIB)/win32/config.mk $(DISTLIB)/win32/libssh2_config.h $(DISTLIB)/win32/rules.mk
rm -f $(DISTLIB)

17
README
View File

@@ -1,6 +1,23 @@
libssh2 - SSH2 library
======================
libssh2 is a library implementing the SSH2 protocol
Version
------------
maximum SSH packet size is now some 35000 bytes
private include files are now in src/ and only public headers are in include/
automake and libtool are being used (increased portability)
fixed OpenSSL detection using pkg-config
simple self test added to tests/
libgcrypt is fully supported
Version 0.14
------------

149
acinclude.m4 Normal file
View File

@@ -0,0 +1,149 @@
dnl **********************************************************************
dnl CURL_DETECT_ICC ([ACTION-IF-YES])
dnl
dnl check if this is the Intel ICC compiler, and if so run the ACTION-IF-YES
dnl sets the $ICC variable to "yes" or "no"
dnl **********************************************************************
AC_DEFUN([CURL_DETECT_ICC],
[
ICC="no"
AC_MSG_CHECKING([for icc in use])
if test "$GCC" = "yes"; then
dnl check if this is icc acting as gcc in disguise
AC_EGREP_CPP([^__INTEL_COMPILER], [__INTEL_COMPILER],
dnl action if the text is found, this it has not been replaced by the
dnl cpp
ICC="no",
dnl the text was not found, it was replaced by the cpp
ICC="yes"
AC_MSG_RESULT([yes])
[$1]
)
fi
if test "$ICC" = "no"; then
# this is not ICC
AC_MSG_RESULT([no])
fi
])
dnl We create a function for detecting which compiler we use and then set as
dnl pendantic compiler options as possible for that particular compiler. The
dnl options are only used for debug-builds.
AC_DEFUN([CURL_CC_DEBUG_OPTS],
[
if test "z$ICC" = "z"; then
CURL_DETECT_ICC
fi
if test "$GCC" = "yes"; then
dnl figure out gcc version!
AC_MSG_CHECKING([gcc version])
gccver=`$CC -dumpversion`
num1=`echo $gccver | cut -d . -f1`
num2=`echo $gccver | cut -d . -f2`
gccnum=`(expr $num1 "*" 100 + $num2) 2>/dev/null`
AC_MSG_RESULT($gccver)
if test "$ICC" = "yes"; then
dnl this is icc, not gcc.
dnl ICC warnings we ignore:
dnl * 269 warns on our "%Od" printf formatters for curl_off_t output:
dnl "invalid format string conversion"
dnl * 279 warns on static conditions in while expressions
dnl * 981 warns on "operands are evaluated in unspecified order"
dnl * 1418 "external definition with no prior declaration"
dnl * 1419 warns on "external declaration in primary source file"
dnl which we know and do on purpose.
WARN="-wd279,269,981,1418,1419"
if test "$gccnum" -gt "600"; then
dnl icc 6.0 and older doesn't have the -Wall flag
WARN="-Wall $WARN"
fi
else dnl $ICC = yes
dnl this is a set of options we believe *ALL* gcc versions support:
WARN="-W -Wall -Wwrite-strings -pedantic -Wpointer-arith -Wnested-externs -Winline -Wmissing-prototypes"
dnl -Wcast-align is a bit too annoying on all gcc versions ;-)
if test "$gccnum" -ge "207"; then
dnl gcc 2.7 or later
WARN="$WARN -Wmissing-declarations"
fi
if test "$gccnum" -gt "295"; then
dnl only if the compiler is newer than 2.95 since we got lots of
dnl "`_POSIX_C_SOURCE' is not defined" in system headers with
dnl gcc 2.95.4 on FreeBSD 4.9!
WARN="$WARN -Wundef -Wno-long-long -Wsign-compare"
fi
if test "$gccnum" -ge "296"; then
dnl gcc 2.96 or later
WARN="$WARN -Wfloat-equal"
fi
if test "$gccnum" -gt "296"; then
dnl this option does not exist in 2.96
WARN="$WARN -Wno-format-nonliteral"
fi
dnl -Wunreachable-code seems totally unreliable on my gcc 3.3.2 on
dnl on i686-Linux as it gives us heaps with false positives.
dnl Also, on gcc 4.0.X it is totally unbearable and complains all
dnl over making it unusable for generic purposes. Let's not use it.
if test "$gccnum" -ge "303"; then
dnl gcc 3.3 and later
WARN="$WARN -Wendif-labels -Wstrict-prototypes"
fi
if test "$gccnum" -ge "304"; then
# try these on gcc 3.4
WARN="$WARN -Wdeclaration-after-statement"
fi
for flag in $CPPFLAGS; do
case "$flag" in
-I*)
dnl Include path, provide a -isystem option for the same dir
dnl to prevent warnings in those dirs. The -isystem was not very
dnl reliable on earlier gcc versions.
add=`echo $flag | sed 's/^-I/-isystem /g'`
WARN="$WARN $add"
;;
esac
done
fi dnl $ICC = no
CFLAGS="$CFLAGS $WARN"
AC_MSG_NOTICE([Added this set of compiler options: $WARN])
else dnl $GCC = yes
AC_MSG_NOTICE([Added no extra compiler options])
fi dnl $GCC = yes
dnl strip off optimizer flags
NEWFLAGS=""
for flag in $CFLAGS; do
case "$flag" in
-O*)
dnl echo "cut off $flag"
;;
*)
NEWFLAGS="$NEWFLAGS $flag"
;;
esac
done
CFLAGS=$NEWFLAGS
]) dnl end of AC_DEFUN()

7
buildconf Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
${LIBTOOLIZE:-libtoolize} --copy --automake --force
${ACLOCAL:-aclocal} -I m4 $ACLOCAL_FLAGS
${AUTOHEADER:-autoheader}
${AUTOCONF:-autoconf}
${AUTOMAKE:-automake} --add-missing --copy

1415
config.guess vendored
View File

File diff suppressed because it is too large Load Diff

1510
config.sub vendored
View File

File diff suppressed because it is too large Load Diff

72
configure.in
View File

@@ -1,32 +1,24 @@
# AC_PREREQ(2.57)
AC_INIT(libssh2,0.14,sarag@libssh2.org)
AC_INIT(libssh2, 0.15, libssh2-devel@lists.sourceforge.net)
AM_INIT_AUTOMAKE(libssh2, 0.15)
AC_CONFIG_SRCDIR([src])
AC_CONFIG_HEADER([include/libssh2_config.h])
# Default to the same as CC
LDCC="\$(CC)"
AC_CONFIG_HEADER([src/libssh2_config.h])
AB_INIT
# Check for the OS.
# Daniel's note: this should not be necessary and we need to work to
# get this removed.
AC_CANONICAL_HOST
case "$host" in
*-cygwin)
SHLIB_SUFFIX_NAME="dll"
SHLIB_LDFLAGS="-shared"
CFLAGS="$CFLAGS -DLIBSSH2_WIN32"
;;
*darwin*)
SHLIB_SUFFIX_NAME="dylib"
SHLIB_LDFLAGS="-dynamiclib -flat_namespace"
CFLAGS="$CFLAGS -DLIBSSH2_DARWIN"
;;
*hpux*)
SHLIB_SUFFIX_NAME="sl"
SHLIB_LDFLAGS="-b +vnocompatwarnings -L/lib/pa20_64"
LDCC="ld"
;;
*)
SHLIB_SUFFIX_NAME="so"
SHLIB_LDFLAGS="-shared"
;;
esac
@@ -39,19 +31,32 @@ AC_CHECK_LIB(m, ceil, [ SHLIB_LDFLAGS="$SHLIB_LDFLAGS -lm" ])
AC_SUBST(SHLIB_SUFFIX_NAME)
AC_SUBST(SHLIB_LDFLAGS)
AC_SUBST(LDCC)
AC_SUBST(LIBS)
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_RANLIB
AC_PROG_LIBTOOL
AC_C_BIGENDIAN
if test -z "$PKG_CONFIG"; then
AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
fi
# Look for libgcrypt.
AC_ARG_WITH(libgcrypt,
AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]),
use_libgcrypt=$withval,use_libgcrypt=no)
if test "$use_libgcrypt" != "no"; then
AM_PATH_LIBGCRYPT(1:1.2.2,,use_libgcrypt=no)
fi
if test "$use_libgcrypt" != "no"; then
CFLAGS="$CFLAGS $LIBGCRYPT_CFLAGS"
LDFLAGS="$LDFLAGS $LIBGCRYPT_LIBS"
AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use libgcrypt])
fi
AM_CONDITIONAL(LIBGCRYPT, test "$use_libgcrypt" != "no")
#
# Look for OpenSSL
#
@@ -59,6 +64,8 @@ AC_ARG_WITH(openssl,
AC_HELP_STRING([--with-openssl=DIR],[Look for OpenSSL in PATH]),
[LIBSSH2_OPENSSL_DIR=$withval],[LIBSSH2_OPENSSL_DIR=yes])
if test "$use_libgcrypt" = "no"; then
if test "$LIBSSH2_OPENSSL_DIR" = "no" || test "$LIBSSH2_OPENSSL_DIR" = "yes"; then
unset LIBSSH2_OPENSSL_DIR
fi
@@ -85,7 +92,7 @@ if test "$found_openssl" = "no" && test -x "$PKG_CONFIG" && $PKG_CONFIG --exists
found_openssl=yes
pkgcfg_openssl=yes
OPENSSL_LIBLINE=`$PKG_CONFIG --libs openssl`
OPENSSL_INCLINE=`$PKG_CONFIG --variable=includedir openssl`
OPENSSL_INCLINE=`$PKG_CONFIG --cflags-only-I openssl`
AC_MSG_RESULT([Using paths from pkg-config])
fi
@@ -133,6 +140,8 @@ fi
CFLAGS="$CFLAGS $OPENSSL_INCLINE"
LDFLAGS="$LDFLAGS $OPENSSL_LIBLINE"
fi
#
# zlib
#
@@ -228,6 +237,31 @@ AC_ARG_ENABLE(debug-all,
])
dnl ************************************************************
dnl option to switch on compiler debug options
dnl
AC_MSG_CHECKING([whether to enable pedantic and debug compiler options])
AC_ARG_ENABLE(debug-build,
AC_HELP_STRING([--enable-debug-build],[Enable pedantic debug options])
AC_HELP_STRING([--disable-debug-build],[Disable debug options]),
[ case "$enableval" in
no)
AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(yes)
CPPFLAGS="$CPPFLAGS -DLIBSSH2DEBUG"
CFLAGS="$CFLAGS -g"
dnl set compiler "debug" options to become more picky, and remove
dnl optimize options from CFLAGS
CURL_CC_DEBUG_OPTS
;;
esac
],
AC_MSG_RESULT(no)
)
# Checks for header files.
# AC_HEADER_STDC
AC_CHECK_HEADERS([errno.h fcntl.h stdio.h stdlib.h unistd.h sys/uio.h sys/select.h])
@@ -235,7 +269,9 @@ AC_CHECK_FUNCS(poll gettimeofday select)
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_C_INLINE
AC_CONFIG_FILES([Makefile
src/Makefile])
src/Makefile
tests/Makefile])
AC_OUTPUT

16
docs/libssh2_channel_forward_accept.3 Normal file
View File

@@ -0,0 +1,16 @@
.\" $Id: libssh2_channel_forward_accept.3,v 1.1 2006/12/21 14:09:12 bagder Exp $
.\"
.TH libssh2_channel_forward_accept 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_channel_forward_accept - accept a queued connection
.SH SYNOPSIS
.B #include <libssh2.h>
.B LIBSSH2_CHANNEL * libssh2_channel_forward_accept(LIBSSH2_LISTENER *listener);
.SH DESCRIPTION
\fIlistener\fP is a forwarding listener instance as returned by
\fBlibssh2_channel_forward_listen(3)\fP.
.SH RETURN VALUE
A newly allocated channel instance or NULL on failure.
.SH "SEE ALSO"
.BI libssh2_channel_forward_listen(3)

40
docs/libssh2_channel_forward_listen_ex.3 Normal file
View File

@@ -0,0 +1,40 @@
.\" $Id: libssh2_channel_forward_listen_ex.3,v 1.1 2006/12/21 14:09:13 bagder Exp $
.\"
.TH libssh2_channel_forward_listen_ex 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_channel_forward_listen_ex - listen to inbound connections
.SH SYNOPSIS
#include <libssh2.h>
LIBSSH2_LISTENER * libssh2_channel_forward_listen_ex(LIBSSH2_SESSION *session,
char *host,
int port,
int *bound_port,
int queue_maxsize);
LIBSSH2_LISTENER * libssh2_channel_forward_listen(LIBSSH2_SESSION *session,
int port);
.SH DESCRIPTION
Instruct the remote SSH server to begin listening for inbound TCP/IP
connections. New connections will be queued by the library until accepted by
\fIlibssh2_channel_forward_accept(3)\fP.
\fIsession\fP - instance as returned by libssh2_session_init().
\fIhost\fP - specific address to bind to on the remote host. Binding to
0.0.0.0 (default when NULL is passed) will bind to all available addresses.
\fIport\fP - port to bind to on the remote host. When 0 is passed, the remote
host will select the first available dynamic port.
\fIbound_port\fP - Populated with the actual port bound on the remote
host. Useful when requesting dynamic port numbers.
\fIqueue_maxsize\fP - Maximum nuber of pending connections to queue before
rejecting further attempts.
\fIlibssh2_channel_forward_listen(3)\fP is a macro.
.SH RETURN VALUE
A newly allocated LIBSSH2_LISTENER instance or NULL on failure.
.SH "SEE ALSO"
.BI libssh2_channel_forward_accept(3)

36
docs/libssh2_channel_read_ex.3 Normal file
View File

@@ -0,0 +1,36 @@
.\" $Id: libssh2_channel_read_ex.3,v 1.4 2007/02/02 16:11:55 bagder Exp $
.\"
.TH libssh2_channel_read_ex 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_channel_read_ex - read data from a channel stream
.SH SYNOPSIS
#include <libssh2.h>
int libssh2_channel_read_ex(LIBSSH2_CHANNEL *channel, int stream_id,
char *buf, size_t buflen);
int libssh2_channel_read(LIBSSH2_CHANNEL *channel, char *buf,
size_t buflen);
int libssh2_channel_read_stderr(LIBSSH2_CHANNEL *channel, char *buf,
size_t buflen);
.SH DESCRIPTION
Attempt to read data from an active channel stream. All channel streams have
one standard I/O substream (stream_id == 0), and may have up to 2^32 extended
data streams as identified by the selected \fIstream_id\fP. The SSH2 protocol
currently defines a stream ID of 1 to be the stderr substream.
\fIchannel\fP - active channel stream to read from.
\fIstream_id\fP - substream ID number (e.g. 0 or SSH_EXTENDED_DATA_STDERR)
\fIbuf\fP - pointer to storage buffer to read data into
\fIbuflen\fP - size of the buf storage
\fIlibssh2_channel_read(3)\fP and \fIlibssh2_channel_read_stderr(3)\fP are
macros.
.SH RETURN VALUE
Actual number of bytes read or negative on failure.
.SH "SEE ALSO"

37
docs/libssh2_channel_readnb_ex.3 Normal file
View File

@@ -0,0 +1,37 @@
.\" $Id: libssh2_channel_readnb_ex.3,v 1.1 2007/02/02 16:09:12 bagder Exp $
.\"
.TH libssh2_channel_read_ex 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_channel_read_ex - read data from a channel stream
.SH SYNOPSIS
#include <libssh2.h>
int libssh2_channel_readnb_ex(LIBSSH2_CHANNEL *channel, int stream_id,
char *buf, size_t buflen);
int libssh2_channel_readnb(LIBSSH2_CHANNEL *channel, char *buf,
size_t buflen);
int libssh2_channel_readnb_stderr(LIBSSH2_CHANNEL *channel, char *buf,
size_t buflen);
.SH DESCRIPTION
Attempt to read data from an active channel stream. All channel streams have
one standard I/O substream (stream_id == 0), and may have up to 2^32 extended
data streams as identified by the selected \fIstream_id\fP. The SSH2 protocol
currently defines a stream ID of 1 to be the stderr substream.
\fIchannel\fP - active channel stream to read from.
\fIstream_id\fP - substream ID number (e.g. 0 or SSH_EXTENDED_DATA_STDERR)
\fIbuf\fP - pointer to storage buffer to read data into
\fIbuflen\fP - size of the buf storage
\fIlibssh2_channel_read(3)\fP and \fIlibssh2_channel_read_stderr(3)\fP are
macros.
.SH RETURN VALUE
Actual number of bytes read or negative on failure. It returns
LIBSSH2CHANNEL_EAGAIN when it would otherwise block. While
LIBSSH2CHANNEL_EAGAIN is a negative number, it isn't really a failure per se.
.SH "SEE ALSO"

23
docs/libssh2_channel_set_blocking.3 Normal file
View File

@@ -0,0 +1,23 @@
.\" $Id: libssh2_channel_set_blocking.3,v 1.1 2006/12/21 14:09:13 bagder Exp $
.\"
.TH libssh2_channel_set_blocking 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_channel_set_blocking - set or clear blocking mode on channel
.SH SYNOPSIS
#include <libssh2.h>
void libssh2_channel_set_blocking(LIBSSH2_CHANNEL *channel, int blocking);
.SH DESCRIPTION
Set or clear blocking mode on the selected channel. If a read is performed on
a channel with no data currently available, a blocking channel will wait for
data to arrive and return what it receives. A non-blocking channel will return
immediately with an empty buffer.
\fIchannel\fP - channel stream to set or clean blocking status on.
\fIblocking\fP - Set to a non-zero value to make the channel block, or zero to
make it non-blocking.
.SH RETURN VALUE
None
.SH "SEE ALSO"
.BI libssh2_channel_read_ex(3)

17
docs/libssh2_session_free.3 Normal file
View File

@@ -0,0 +1,17 @@
.\" $Id: libssh2_session_free.3,v 1.1 2006/12/21 14:09:13 bagder Exp $
.\"
.TH libssh2_session_free 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_session_free - frees resources associated with a session instance
.SH SYNOPSIS
#include <libssh2.h>
void libssh2_session_free(LIBSSH2_SESSION *session);
.SH DESCRIPTION
Frees resources associated with a session instance. Typically called after
\fIlibssh2_session_disconnect(3)\fP.
.SH RETURN VALUE
None
.SH "SEE ALSO"
.BI libssh2_session_init(3),
.BI libssh2_session_disconnect(3)

29
docs/libssh2_session_init.3 Normal file
View File

@@ -0,0 +1,29 @@
.\" $Id: libssh2_session_init.3,v 1.1 2006/12/21 14:09:13 bagder Exp $
.\"
.TH libssh2_session_init 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_session_init - initializes an SSH session object
.SH SYNOPSIS
#include <libssh2.h>
LIBSSH2_SESSION *libssh2_session_init_ex(
LIBSSH2_ALLOC_FUNC((*myalloc)),
LIBSSH2_FREE_FUNC((*myfree)),
LIBSSH2_REALLOC_FUNC((*myrealloc)),
void *abstract);
LIBSSH2_SESSION *libssh2_session_init(void);
.SH DESCRIPTION
Initializes an SSH session object. By default system memory allocators
(malloc(), free(), realloc()) will be used for any dynamicly allocated memory
blocks. Alternate memory allocation functions may be specified using the
extended version of this API call, and/or optional application specific data
may be attached to the session object.
This method must be called first, prior to configuring session options or
starting up an SSH session with a remote server.
.SH RETURN VALUE
Pointer to a newly allocated LIBSSH2_SESSION instance, or NULL on errors.
.SH "SEE ALSO"
.BI libssh2_session_free(3),
.BI libssh2_session_startup(3)

16
docs/libssh2_session_startup.3 Normal file
View File

@@ -0,0 +1,16 @@
.\" $Id: libssh2_session_startup.3,v 1.2 2007/01/02 05:47:00 gusarov Exp $
.\"
.TH libssh2_session_startup 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_session_startup - begin transport layer
.SH SYNOPSIS
#include <libssh2.h>
int libssh2_session_startup(LIBSSH2_SESSION *session, int socket);
.SH DESCRIPTION
Begin transport layer protocol negotiation with the connected host.
.SH RETURN VALUE
0 on success, \-1 on failure
.SH "SEE ALSO"
.BI libssh2_session_free(3),
.BI libssh2_session_init(3)

20
docs/libssh2_sftp_init.3 Normal file
View File

@@ -0,0 +1,20 @@
.\" $Id: libssh2_sftp_init.3,v 1.1 2007/02/02 16:09:12 bagder Exp $
.\"
.TH libssh2_sftp_init 3 "23 Jan 2007" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_sftp_init -
.SH SYNOPSIS
#include <libssh2.h>
LIBSSH2_SFTP *libssh2_sftp_init(LIBSSH2_SESSION *session);
.SH DESCRIPTION
Open a channel and initialize the SFTP subsystem. Although the SFTP subsystem
operates over the same type of channel as those exported by the Channel API,
the protocol itself implements its own unique binary packet protocol which
must be managed with the libssh2_sftp_*() family of functions. When an SFTP
session is complete, it must be destroyed using the
\fIlibssh2_sftp_shutdown(3)\fP function.
.SH RETURN VALUE
A pointer to the newly allocated SFTP instance or NULL on failure.
.SH "SEE ALSO"
.BI libssh2_sftp_shutdown(3), libssh2_sftp_open_ex(3)

47
docs/libssh2_sftp_open_ex.3 Normal file
View File

@@ -0,0 +1,47 @@
.\" $Id: libssh2_sftp_open_ex.3,v 1.1 2007/02/02 16:09:12 bagder Exp $
.\"
.TH libssh2_sftp_open_ex 3 "23 Jan 2007" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_sftp_open -
.SH SYNOPSIS
#include <libssh2.h>
LIBSSH2_SFTP_HANDLE *libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp,
char *filename, int filename_len,
unsigned long flags, long mode, int open_type);
LIBSSH2_SFTP_HANDLE *libssh2_sftp_open(LIBSSH2_SFTP *sftp,
char *filename, unsigned long flags, long mode);
LIBSSH2_SFTP_HANDLE *libssh2_sftp_opendir(LIBSSH2_SFTP *sftp,
char *path);
.SH DESCRIPTION
* sftp
SFTP instance as returned by libssh2_sftp_init().
* filename
Remote file/directory resource to open
* filename_len
Length of filename
* flags
Any (reasonable) combination of the LIBSSH2_FXF_* constants corresponding fopen modes.
* mode
POSIX file permissions to assign if the file is being newly created.
* open_type
Either of LIBSSH2_SFTP_OPENFILE (to open a file) or LIBSSH2_SFTP_OPENDIR (to open a directory).
.SH RETURN VALUE
A pointer to the newly created LIBSSH2_SFTP_HANDLE instance or NULL on
failure.
.SH "SEE ALSO"
.BI libssh_sftp_close(3)

15
docs/template.3 Normal file
View File

@@ -0,0 +1,15 @@
.\" $Id: template.3,v 1.1 2007/02/02 16:09:12 bagder Exp $
.\"
.TH libssh2_template 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
.SH NAME
libssh2_template - short function description
.SH SYNOPSIS
#include <libssh2.h>
void libssh2_template(void);
.SH DESCRIPTION
Long text describing the function and its input arguments.
.SH RETURN VALUE
Describe what the funtion returns.
.SH "SEE ALSO"
Add related functions

158
example/simple/scp.c Normal file
View File

@@ -0,0 +1,158 @@
/*
* $Id: scp.c,v 1.3 2007/02/01 22:39:45 bagder Exp $
*
* Sample showing how to do a simple SCP transfer.
*/
#include <libssh2.h>
#ifndef WIN32
# include <netinet/in.h>
# include <sys/socket.h>
# include <unistd.h>
#else
# include <winsock2.h>
#endif
#include <sys/types.h>
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <ctype.h>
int main(int argc, char *argv[])
{
int sock, i, auth_pw = 1;
struct sockaddr_in sin;
const char *fingerprint;
LIBSSH2_SESSION *session;
LIBSSH2_CHANNEL *channel;
char *username=(char *)"username";
char *password=(char *)"password";
char *scppath=(char *)"/tmp/TEST";
struct stat fileinfo;
int rc;
off_t got=0;
#ifdef WIN32
WSADATA wsadata;
WSAStartup(WINSOCK_VERSION, &wsadata);
#endif
/* Ultra basic "connect to port 22 on localhost"
* Your code is responsible for creating the socket establishing the
* connection
*/
sock = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_family = AF_INET;
sin.sin_port = htons(22);
sin.sin_addr.s_addr = htonl(0x7F000001);
if (connect(sock, (struct sockaddr*)(&sin),
sizeof(struct sockaddr_in)) != 0) {
fprintf(stderr, "failed to connect!\n");
return -1;
}
/* Create a session instance
*/
session = libssh2_session_init();
if(!session)
return -1;
/* ... start it up. This will trade welcome banners, exchange keys,
* and setup crypto, compression, and MAC layers
*/
rc = libssh2_session_startup(session, sock);
if(rc) {
fprintf(stderr, "Failure establishing SSH session: %d\n", rc);
return -1;
}
/* At this point we havn't yet authenticated. The first thing to do
* is check the hostkey's fingerprint against our known hosts Your app
* may have it hard coded, may go to a file, may present it to the
* user, that's your call
*/
fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
printf("Fingerprint: ");
for(i = 0; i < 16; i++) {
printf("%02X ", (unsigned char)fingerprint[i]);
}
printf("\n");
if(argc > 1) {
username = argv[1];
}
if(argc > 2) {
password = argv[2];
}
if(argc > 3) {
scppath = argv[3];
}
if (auth_pw) {
/* We could authenticate via password */
if (libssh2_userauth_password(session, username, password)) {
printf("Authentication by password failed.\n");
goto shutdown;
}
} else {
/* Or by public key */
if (libssh2_userauth_publickey_fromfile(session, username,
"/home/username/.ssh/id_rsa.pub",
"/home/username/.ssh/id_rsa",
password)) {
printf("\tAuthentication by public key failed\n");
goto shutdown;
}
}
/* Request a file via SCP */
channel = libssh2_scp_recv(session, scppath, &fileinfo);
if (!channel) {
fprintf(stderr, "Unable to open a session\n");
goto shutdown;
}
while(got < fileinfo.st_size) {
char mem[1024];
int amount=sizeof(mem);
if((fileinfo.st_size -got) < amount) {
amount = fileinfo.st_size -got;
}
rc = libssh2_channel_read(channel, mem, amount);
if(rc == amount) {
write(2, mem, rc);
}
else {
fprintf(stderr, "libssh2_channel_read() failed: %d\n",
rc);
break;
}
got += rc;
}
libssh2_channel_free(channel);
channel = NULL;
shutdown:
libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing");
libssh2_session_free(session);
#ifdef WIN32
Sleep(1000);
closesocket(sock);
#else
sleep(1);
close(sock);
#endif
printf("all done\n");
return 0;
}

159
example/simple/sftp.c Normal file
View File

@@ -0,0 +1,159 @@
/*
* $Id: sftp.c,v 1.1 2007/01/24 14:15:36 bagder Exp $
*
* Sample showing how to do SFTP transfers.
*/
#include <libssh2.h>
#include <libssh2_sftp.h>
#ifndef WIN32
# include <netinet/in.h>
# include <sys/socket.h>
# include <unistd.h>
#else
# include <winsock2.h>
#endif
#include <sys/types.h>
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <ctype.h>
int main(int argc, char *argv[])
{
int sock, i, auth_pw = 1;
struct sockaddr_in sin;
const char *fingerprint;
LIBSSH2_SESSION *session;
char *username=(char *)"username";
char *password=(char *)"password";
char *sftppath=(char *)"/tmp/TEST";
int rc;
LIBSSH2_SFTP *sftp_session;
LIBSSH2_SFTP_HANDLE *sftp_handle;
#ifdef WIN32
WSADATA wsadata;
WSAStartup(WINSOCK_VERSION, &wsadata);
#endif
/* Ultra basic "connect to port 22 on localhost"
* Your code is responsible for creating the socket establishing the
* connection
*/
sock = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_family = AF_INET;
sin.sin_port = htons(22);
sin.sin_addr.s_addr = htonl(0x7F000001);
if (connect(sock, (struct sockaddr*)(&sin),
sizeof(struct sockaddr_in)) != 0) {
fprintf(stderr, "failed to connect!\n");
return -1;
}
/* Create a session instance
*/
session = libssh2_session_init();
if(!session)
return -1;
/* ... start it up. This will trade welcome banners, exchange keys,
* and setup crypto, compression, and MAC layers
*/
rc = libssh2_session_startup(session, sock);
if(rc) {
fprintf(stderr, "Failure establishing SSH session: %d\n", rc);
return -1;
}
/* At this point we havn't yet authenticated. The first thing to do
* is check the hostkey's fingerprint against our known hosts Your app
* may have it hard coded, may go to a file, may present it to the
* user, that's your call
*/
fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
printf("Fingerprint: ");
for(i = 0; i < 16; i++) {
printf("%02X ", (unsigned char)fingerprint[i]);
}
printf("\n");
if(argc > 1) {
username = argv[1];
}
if(argc > 2) {
password = argv[2];
}
if(argc > 3) {
sftppath = argv[3];
}
if (auth_pw) {
/* We could authenticate via password */
if (libssh2_userauth_password(session, username, password)) {
printf("Authentication by password failed.\n");
goto shutdown;
}
} else {
/* Or by public key */
if (libssh2_userauth_publickey_fromfile(session, username,
"/home/username/.ssh/id_rsa.pub",
"/home/username/.ssh/id_rsa",
password)) {
printf("\tAuthentication by public key failed\n");
goto shutdown;
}
}
sftp_session = libssh2_sftp_init(session);
if (!sftp_session) {
fprintf(stderr, "Unable to init SFTP session\n");
goto shutdown;
}
/* Request a file via SFTP */
sftp_handle =
libssh2_sftp_open(sftp_session, sftppath, LIBSSH2_FXF_READ, 0);
if (!sftp_handle) {
fprintf(stderr, "Unable to open file with SFTP\n");
goto shutdown;
}
fprintf(stderr, "libssh2_sftp_open() is done, now receive data!\n");
do {
char mem[512];
/* loop until we fail */
rc = libssh2_sftp_read(sftp_handle, mem, sizeof(mem));
if(rc > 0) {
write(2, mem, rc);
}
else
break;
break;
} while (1);
libssh2_sftp_close(sftp_handle);
libssh2_sftp_shutdown(sftp_session);
shutdown:
libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing");
libssh2_session_free(session);
#ifdef WIN32
Sleep(1000);
closesocket(sock);
#else
sleep(1);
close(sock);
#endif
printf("all done\n");
return 0;
}

152
example/simple/ssh2.c Normal file
View File

@@ -0,0 +1,152 @@
#include "libssh2.h"
#ifndef WIN32
# include <netinet/in.h>
# include <sys/socket.h>
# include <unistd.h>
#else
# include <winsock2.h>
#endif
#include <sys/types.h>
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <ctype.h>
int main(int argc, char *argv[])
{
int sock, i, auth_pw = 1;
struct sockaddr_in sin;
const char *fingerprint;
LIBSSH2_SESSION *session;
LIBSSH2_CHANNEL *channel;
char *username=(char *)"username";
char *password=(char *)"password";
#ifdef WIN32
WSADATA wsadata;
WSAStartup(WINSOCK_VERSION, &wsadata);
#endif
/* Ultra basic "connect to port 22 on localhost"
* Your code is responsible for creating the socket establishing the connection
*/
sock = socket(AF_INET, SOCK_STREAM, 0);
#ifndef WIN32
fcntl(sock, F_SETFL, 0);
#endif
sin.sin_family = AF_INET;
sin.sin_port = htons(22);
sin.sin_addr.s_addr = htonl(0x7F000001);
if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) {
fprintf(stderr, "failed to connect!\n");
return -1;
}
/* Create a session instance and start it up
* This will trade welcome banners, exchange keys, and setup crypto, compression, and MAC layers
*/
session = libssh2_session_init();
if (libssh2_session_startup(session, sock)) {
fprintf(stderr, "Failure establishing SSH session\n");
return -1;
}
/* At this point we havn't authenticated,
* The first thing to do is check the hostkey's fingerprint against our known hosts
* Your app may have it hard coded, may go to a file, may present it to the user, that's your call
*/
fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
printf("Fingerprint: ");
for(i = 0; i < 16; i++) {
printf("%02X ", (unsigned char)fingerprint[i]);
}
printf("\n");
if(argc > 1) {
username = argv[1];
}
if(argc > 2) {
password = argv[2];
}
if (auth_pw) {
/* We could authenticate via password */
if (libssh2_userauth_password(session, username, password)) {
printf("Authentication by password failed.\n");
goto shutdown;
}
} else {
/* Or by public key */
if (libssh2_userauth_publickey_fromfile(session, username, "/home/username/.ssh/id_rsa.pub", "/home/username/.ssh/id_rsa", password)) {
printf("\tAuthentication by public key failed\n");
goto shutdown;
}
}
/* Request a shell */
if (!(channel = libssh2_channel_open_session(session))) {
fprintf(stderr, "Unable to open a session\n");
goto shutdown;
}
/* Some environment variables may be set,
* It's up to the server which ones it'll allow though
*/
libssh2_channel_setenv(channel, (char *)"FOO", (char *)"bar");
/* Request a terminal with 'vanilla' terminal emulation
* See /etc/termcap for more options
*/
if (libssh2_channel_request_pty(channel, (char *)"vanilla")) {
fprintf(stderr, "Failed requesting pty\n");
goto skip_shell;
}
/* Open a SHELL on that pty */
if (libssh2_channel_shell(channel)) {
fprintf(stderr, "Unable to request shell on allocated pty\n");
goto shutdown;
}
/* At this point the shell can be interacted with using
* libssh2_channel_read()
* libssh2_channel_read_stderr()
* libssh2_channel_write()
* libssh2_channel_write_stderr()
*
* Blocking mode may be (en|dis)abled with: libssh2_channel_set_blocking()
* If the server send EOF, libssh2_channel_eof() will return non-0
* To send EOF to the server use: libssh2_channel_send_eof()
* A channel can be closed with: libssh2_channel_close()
* A channel can be freed with: libssh2_channel_free()
*/
skip_shell:
if (channel) {
libssh2_channel_free(channel);
channel = NULL;
}
/* Other channel types are supported via:
* libssh2_scp_send()
* libssh2_scp_recv()
* libssh2_channel_direct_tcpip()
*/
shutdown:
libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing");
libssh2_session_free(session);
#ifdef WIN32
Sleep(1000);
closesocket(sock);
#else
sleep(1);
close(sock);
#endif
printf("all done\n");
return 0;
}

24
include/libssh2.h
View File

@@ -277,21 +277,21 @@ LIBSSH2_API int libssh2_session_last_error(LIBSSH2_SESSION *session, char **errm
LIBSSH2_API int libssh2_session_flag(LIBSSH2_SESSION *session, int flag, int value);
/* Userauth API */
LIBSSH2_API char *libssh2_userauth_list(LIBSSH2_SESSION *session, const char *username, int username_len);
LIBSSH2_API char *libssh2_userauth_list(LIBSSH2_SESSION *session, const char *username, unsigned int username_len);
LIBSSH2_API int libssh2_userauth_authenticated(LIBSSH2_SESSION *session);
LIBSSH2_API int libssh2_userauth_password_ex(LIBSSH2_SESSION *session, const char *username, int username_len, const char *password, int password_len, LIBSSH2_PASSWD_CHANGEREQ_FUNC((*passwd_change_cb)));
LIBSSH2_API int libssh2_userauth_password_ex(LIBSSH2_SESSION *session, const char *username, unsigned int username_len, const char *password, unsigned int password_len, LIBSSH2_PASSWD_CHANGEREQ_FUNC((*passwd_change_cb)));
#define libssh2_userauth_password(session, username, password) libssh2_userauth_password_ex((session), (username), strlen(username), (password), strlen(password), NULL)
LIBSSH2_API int libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session, const char *username, int username_len,
LIBSSH2_API int libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session, const char *username, unsigned int username_len,
const char *publickey, const char *privatekey,
const char *passphrase);
#define libssh2_userauth_publickey_fromfile(session, username, publickey, privatekey, passphrase) \
libssh2_userauth_publickey_fromfile_ex((session), (username), strlen(username), (publickey), (privatekey), (passphrase))
LIBSSH2_API int libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session, const char *username, int username_len,
LIBSSH2_API int libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session, const char *username, unsigned int username_len,
const char *publickey, const char *privatekey,
const char *passphrase,
const char *hostname, int hostname_len,
const char *local_username, int local_username_len);
const char *hostname, unsigned int hostname_len,
const char *local_username, unsigned int local_username_len);
#define libssh2_userauth_hostbased_fromfile(session, username, publickey, privatekey, passphrase, hostname) \
libssh2_userauth_hostbased_fromfile_ex((session), (username), strlen(username), (publickey), (privatekey), (passphrase), (hostname), strlen(hostname), (username), strlen(username))
@@ -301,7 +301,7 @@ LIBSSH2_API int libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session,
* array is already allocated. Responses data will be freed by libssh2
* after callback return, but before subsequent callback invokation.
*/
LIBSSH2_API int libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION* session, const char *username, int username_len,
LIBSSH2_API int libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION* session, const char *username, unsigned int username_len,
LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback)));
#define libssh2_userauth_keyboard_interactive(session, username, response_callback) \
libssh2_userauth_keyboard_interactive_ex((session), (username), strlen(username), (response_callback))
@@ -320,7 +320,7 @@ LIBSSH2_API int libssh2_poll(LIBSSH2_POLLFD *fds, unsigned int nfds, long timeou
#define SSH_EXTENDED_DATA_STDERR 1
LIBSSH2_API LIBSSH2_CHANNEL *libssh2_channel_open_ex(LIBSSH2_SESSION *session, const char *channel_type, int channel_type_len, int window_size, int packet_size, const char *message, int message_len);
LIBSSH2_API LIBSSH2_CHANNEL *libssh2_channel_open_ex(LIBSSH2_SESSION *session, const char *channel_type, unsigned int channel_type_len, unsigned int window_size, unsigned int packet_size, const char *message, unsigned int message_len);
#define libssh2_channel_open_session(session) libssh2_channel_open_ex((session), "session", sizeof("session") - 1, LIBSSH2_CHANNEL_WINDOW_DEFAULT, LIBSSH2_CHANNEL_PACKET_DEFAULT, NULL, 0)
LIBSSH2_API LIBSSH2_CHANNEL *libssh2_channel_direct_tcpip_ex(LIBSSH2_SESSION *session, char *host, int port, char *shost, int sport);
@@ -333,16 +333,16 @@ LIBSSH2_API int libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener);
LIBSSH2_API LIBSSH2_CHANNEL *libssh2_channel_forward_accept(LIBSSH2_LISTENER *listener);
LIBSSH2_API int libssh2_channel_setenv_ex(LIBSSH2_CHANNEL *channel, char *varname, int varname_len, char *value, int value_len);
LIBSSH2_API int libssh2_channel_setenv_ex(LIBSSH2_CHANNEL *channel, char *varname, unsigned int varname_len, char *value, unsigned int value_len);
#define libssh2_channel_setenv(channel, varname, value) libssh2_channel_setenv_ex((channel), (varname), strlen(varname), (value), strlen(value))
LIBSSH2_API int libssh2_channel_request_pty_ex(LIBSSH2_CHANNEL *channel, char *term, int term_len, char *modes, int modes_len, int width, int height, int width_px, int height_px);
LIBSSH2_API int libssh2_channel_request_pty_ex(LIBSSH2_CHANNEL *channel, char *term, unsigned int term_len, char *modes, unsigned int modes_len, int width, int height, int width_px, int height_px);
#define libssh2_channel_request_pty(channel, term) libssh2_channel_request_pty_ex((channel), (term), strlen(term), NULL, 0, LIBSSH2_TERM_WIDTH, LIBSSH2_TERM_HEIGHT, LIBSSH2_TERM_WIDTH_PX, LIBSSH2_TERM_HEIGHT_PX)
LIBSSH2_API int libssh2_channel_x11_req_ex(LIBSSH2_CHANNEL *channel, int single_connection, char *auth_proto, char *auth_cookie, int screen_number);
#define libssh2_channel_x11_req(channel, screen_number) libssh2_channel_x11_req_ex((channel), 0, NULL, NULL, (screen_number))
LIBSSH2_API int libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel, const char *request, int request_len, const char *message, int message_len);
LIBSSH2_API int libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel, const char *request, unsigned int request_len, const char *message, unsigned int message_len);
#define libssh2_channel_shell(channel) libssh2_channel_process_startup((channel), "shell", sizeof("shell") - 1, NULL, 0)
#define libssh2_channel_exec(channel, command) libssh2_channel_process_startup((channel), "exec", sizeof("exec") - 1, (command), strlen(command))
#define libssh2_channel_subsystem(channel, subsystem) libssh2_channel_process_startup((channel), "subsystem", sizeof("subsystem") - 1, (subsystem), strlen(subsystem))
@@ -391,7 +391,7 @@ LIBSSH2_API LIBSSH2_CHANNEL *libssh2_scp_recv(LIBSSH2_SESSION *session, const ch
LIBSSH2_API LIBSSH2_CHANNEL *libssh2_scp_send_ex(LIBSSH2_SESSION *session, const char *path, int mode, size_t size, long mtime, long atime);
#define libssh2_scp_send(session, path, mode, size) libssh2_scp_send_ex((session), (path), (mode), (size), 0, 0)
LIBSSH2_API int libssh2_base64_decode(LIBSSH2_SESSION *session, char **dest, int *dest_len, char *src, int src_len);
LIBSSH2_API int libssh2_base64_decode(LIBSSH2_SESSION *session, char **dest, unsigned int *dest_len, char *src, unsigned int src_len);
#ifdef __cplusplus
} /* extern "C" */

113
include/libssh2_config.h.in
View File

@@ -1,113 +0,0 @@
/* include/libssh2_config.h.in. Generated from configure.in by autoheader. */
/* Define to 1 if you have the <errno.h> header file. */
#undef HAVE_ERRNO_H
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
/* Define to 1 if you have the `gettimeofday' function. */
#undef HAVE_GETTIMEOFDAY
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the `poll' function. */
#undef HAVE_POLL
/* Define to 1 if you have the `select' function. */
#undef HAVE_SELECT
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdio.h> header file. */
#undef HAVE_STDIO_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <sys/uio.h> header file. */
#undef HAVE_SYS_UIO_H
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Enable "none" cipher -- NOT RECOMMENDED */
#undef LIBSSH2_CRYPT_NONE
/* Output connection layer debugging info to stderr */
#undef LIBSSH2_DEBUG_CONNECTION
/* Output failure events to stderr */
#undef LIBSSH2_DEBUG_ERRORS
/* Output Key Exchange debugging info to stderr */
#undef LIBSSH2_DEBUG_KEX
/* Output publickey subsystem debugging info to stderr */
#undef LIBSSH2_DEBUG_PUBLICKEY
/* Output scp subsystem debugging info to stderr */
#undef LIBSSH2_DEBUG_SCP
/* Output sftp subsystem debugging info to stderr */
#undef LIBSSH2_DEBUG_SFTP
/* Output transport layer debugging info to stderr */
#undef LIBSSH2_DEBUG_TRANSPORT
/* Output userauth layer debugging info to stderr */
#undef LIBSSH2_DEBUG_USERAUTH
/* Enable newer diffie-hellman-group-exchange-sha1 syntax */
#undef LIBSSH2_DH_GEX_NEW
/* Compile in zlib support */
#undef LIBSSH2_HAVE_ZLIB
/* Enable "none" MAC -- NOT RECOMMENDED */
#undef LIBSSH2_MAC_NONE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
/* Define to empty if `const' does not conform to ANSI C. */
#undef const

49
include/libssh2_sftp.h
View File

@@ -103,6 +103,39 @@ struct _LIBSSH2_SFTP_ATTRIBUTES {
#define LIBSSH2_SFTP_TYPE_BLOCK_DEVICE 8
#define LIBSSH2_SFTP_TYPE_FIFO 9
/*
* Reproduce the POSIX file modes here for systems that are not
* POSIX compliant.
*
* These is used in "permissions" of "struct _LIBSSH2_SFTP_ATTRIBUTES"
*/
/* File type */
#define LIBSSH2_SFTP_S_IFMT 0170000 /* type of file mask */
#define LIBSSH2_SFTP_S_IFIFO 0010000 /* named pipe (fifo) */
#define LIBSSH2_SFTP_S_IFCHR 0020000 /* character special */
#define LIBSSH2_SFTP_S_IFDIR 0040000 /* directory */
#define LIBSSH2_SFTP_S_IFBLK 0060000 /* block special */
#define LIBSSH2_SFTP_S_IFREG 0100000 /* regular */
#define LIBSSH2_SFTP_S_IFLNK 0120000 /* symbolic link */
#define LIBSSH2_SFTP_S_IFSOCK 0140000 /* socket */
/* File mode */
/* Read, write, execute/search by owner */
#define LIBSSH2_SFTP_S_IRWXU 0000700 /* RWX mask for owner */
#define LIBSSH2_SFTP_S_IRUSR 0000400 /* R for owner */
#define LIBSSH2_SFTP_S_IWUSR 0000200 /* W for owner */
#define LIBSSH2_SFTP_S_IXUSR 0000100 /* X for owner */
/* Read, write, execute/search by group */
#define LIBSSH2_SFTP_S_IRWXG 0000070 /* RWX mask for group */
#define LIBSSH2_SFTP_S_IRGRP 0000040 /* R for group */
#define LIBSSH2_SFTP_S_IWGRP 0000020 /* W for group */
#define LIBSSH2_SFTP_S_IXGRP 0000010 /* X for group */
/* Read, write, execute/search by others */
#define LIBSSH2_SFTP_S_IRWXO 0000007 /* RWX mask for other */
#define LIBSSH2_SFTP_S_IROTH 0000004 /* R for other */
#define LIBSSH2_SFTP_S_IWOTH 0000002 /* W for other */
#define LIBSSH2_SFTP_S_IXOTH 0000001 /* X for other */
/* SFTP File Transfer Flags -- (e.g. flags parameter to sftp_open())
* Danger will robinson... APPEND doesn't have any effect on OpenSSH servers */
#define LIBSSH2_FXF_READ 0x00000001
@@ -142,7 +175,7 @@ LIBSSH2_API int libssh2_sftp_shutdown(LIBSSH2_SFTP *sftp);
LIBSSH2_API unsigned long libssh2_sftp_last_error(LIBSSH2_SFTP *sftp);
/* File / Directory Ops */
LIBSSH2_API LIBSSH2_SFTP_HANDLE *libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp, char *filename, int filename_len, unsigned long flags, long mode, int open_type);
LIBSSH2_API LIBSSH2_SFTP_HANDLE *libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp, char *filename, unsigned int filename_len, unsigned long flags, long mode, int open_type);
#define libssh2_sftp_open(sftp, filename, flags, mode) libssh2_sftp_open_ex((sftp), (filename), strlen(filename), (flags), (mode), LIBSSH2_SFTP_OPENFILE)
#define libssh2_sftp_opendir(sftp, path) libssh2_sftp_open_ex((sftp), (path), strlen(path), 0, 0, LIBSSH2_SFTP_OPENDIR)
@@ -166,27 +199,27 @@ LIBSSH2_API int libssh2_sftp_fstat_ex(LIBSSH2_SFTP_HANDLE *handle, LIBSSH2_SFTP_
/* Miscellaneous Ops */
LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp, char *source_filename, int srouce_filename_len,
char *dest_filename, int dest_filename_len,
LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp, char *source_filename, unsigned int srouce_filename_len,
char *dest_filename, unsigned int dest_filename_len,
long flags);
#define libssh2_sftp_rename(sftp, sourcefile, destfile) libssh2_sftp_rename_ex((sftp), (sourcefile), strlen(sourcefile), (destfile), strlen(destfile), \
LIBSSH2_SFTP_RENAME_OVERWRITE | LIBSSH2_SFTP_RENAME_ATOMIC | LIBSSH2_SFTP_RENAME_NATIVE)
LIBSSH2_API int libssh2_sftp_unlink_ex(LIBSSH2_SFTP *sftp, char *filename, int filename_len);
LIBSSH2_API int libssh2_sftp_unlink_ex(LIBSSH2_SFTP *sftp, char *filename, unsigned int filename_len);
#define libssh2_sftp_unlink(sftp, filename) libssh2_sftp_unlink_ex((sftp), (filename), strlen(filename))
LIBSSH2_API int libssh2_sftp_mkdir_ex(LIBSSH2_SFTP *sftp, char *path, int path_len, long mode);
LIBSSH2_API int libssh2_sftp_mkdir_ex(LIBSSH2_SFTP *sftp, char *path, unsigned int path_len, long mode);
#define libssh2_sftp_mkdir(sftp, path, mode) libssh2_sftp_mkdir_ex((sftp), (path), strlen(path), (mode))
LIBSSH2_API int libssh2_sftp_rmdir_ex(LIBSSH2_SFTP *sftp, char *path, int path_len);
LIBSSH2_API int libssh2_sftp_rmdir_ex(LIBSSH2_SFTP *sftp, char *path, unsigned int path_len);
#define libssh2_sftp_rmdir(sftp, path) libssh2_sftp_rmdir_ex((sftp), (path), strlen(path))
LIBSSH2_API int libssh2_sftp_stat_ex(LIBSSH2_SFTP *sftp, char *path, int path_len, int stat_type, LIBSSH2_SFTP_ATTRIBUTES *attrs);
LIBSSH2_API int libssh2_sftp_stat_ex(LIBSSH2_SFTP *sftp, char *path, unsigned int path_len, int stat_type, LIBSSH2_SFTP_ATTRIBUTES *attrs);
#define libssh2_sftp_stat(sftp, path, attrs) libssh2_sftp_stat_ex((sftp), (path), strlen(path), LIBSSH2_SFTP_STAT, (attrs))
#define libssh2_sftp_lstat(sftp, path, attrs) libssh2_sftp_stat_ex((sftp), (path), strlen(path), LIBSSH2_SFTP_LSTAT, (attrs))
#define libssh2_sftp_setstat(sftp, path, attrs) libssh2_sftp_stat_ex((sftp), (path), strlen(path), LIBSSH2_SFTP_SETSTAT, (attrs))
LIBSSH2_API int libssh2_sftp_symlink_ex(LIBSSH2_SFTP *sftp, const char *path, int path_len, char *target, int target_len, int link_type);
LIBSSH2_API int libssh2_sftp_symlink_ex(LIBSSH2_SFTP *sftp, const char *path, unsigned int path_len, char *target, unsigned int target_len, int link_type);
#define libssh2_sftp_symlink(sftp, orig, linkpath) libssh2_sftp_symlink_ex((sftp), (orig), strlen(orig), (linkpath), strlen(linkpath), LIBSSH2_SFTP_SYMLINK)
#define libssh2_sftp_readlink(sftp, path, target, maxlen) libssh2_sftp_symlink_ex((sftp), (path), strlen(path), (target), (maxlen), LIBSSH2_SFTP_READLINK)
#define libssh2_sftp_realpath(sftp, path, target, maxlen) libssh2_sftp_symlink_ex((sftp), (path), strlen(path), (target), (maxlen), LIBSSH2_SFTP_REALPATH)

44
m4/autobuild.m4 Normal file
View File

@@ -0,0 +1,44 @@
# autobuild.m4 serial 3
# Copyright (C) 2004, 2006 Simon Josefsson
#
# This file is free software, distributed under the terms of the GNU
# General Public License. As a special exception to the GNU General
# Public License, this file may be distributed as part of a program
# that contains a configuration script generated by Autoconf, under
# the same distribution terms as the rest of that program.
#
# This file can can be used in projects which are not available under
# the GNU General Public License or the GNU Library General Public
# License but which still want to provide support for Autobuild.
# Usage: AB_INIT([MODE]).
AC_DEFUN([AB_INIT],
[
AC_REQUIRE([AC_CANONICAL_BUILD])
AC_REQUIRE([AC_CANONICAL_HOST])
if test -z "$AB_PACKAGE"; then
AB_PACKAGE=${PACKAGE_NAME:-$PACKAGE}
fi
AC_MSG_NOTICE([autobuild project... $AB_PACKAGE])
if test -z "$AB_VERSION"; then
AB_VERSION=${PACKAGE_VERSION:-$VERSION}
fi
AC_MSG_NOTICE([autobuild revision... $AB_VERSION])
hostname=`hostname`
if test "$hostname"; then
AC_MSG_NOTICE([autobuild hostname... $hostname])
fi
ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
date=`date +%Y%m%d-%H%M%S`
if test "$?" != 0; then
date=`date`
fi
if test "$date"; then
AC_MSG_NOTICE([autobuild timestamp... $date])
fi
])

108
m4/libgcrypt.m4 Normal file
View File

@@ -0,0 +1,108 @@
dnl Autoconf macros for libgcrypt
dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc.
dnl
dnl This file is free software; as a special exception the author gives
dnl unlimited permission to copy and/or distribute it, with or without
dnl modifications, as long as this notice is preserved.
dnl
dnl This file is distributed in the hope that it will be useful, but
dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
dnl with the API version to also check the API compatibility. Example:
dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
AC_DEFUN([AM_PATH_LIBGCRYPT],
[ AC_ARG_WITH(libgcrypt-prefix,
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
[prefix where LIBGCRYPT is installed (optional)]),
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
if test x$libgcrypt_config_prefix != x ; then
if test x${LIBGCRYPT_CONFIG+set} != xset ; then
LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
fi
fi
AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
else
req_libgcrypt_api=0
min_libgcrypt_version="$tmp"
fi
AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
ok=no
if test "$LIBGCRYPT_CONFIG" != "no" ; then
req_major=`echo $min_libgcrypt_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
req_minor=`echo $min_libgcrypt_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
req_micro=`echo $min_libgcrypt_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
major=`echo $libgcrypt_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
minor=`echo $libgcrypt_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
micro=`echo $libgcrypt_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
if test "$major" -gt "$req_major"; then
ok=yes
else
if test "$major" -eq "$req_major"; then
if test "$minor" -gt "$req_minor"; then
ok=yes
else
if test "$minor" -eq "$req_minor"; then
if test "$micro" -ge "$req_micro"; then
ok=yes
fi
fi
fi
fi
fi
fi
if test $ok = yes; then
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
if test $ok = yes; then
# If we have a recent libgcrypt, we should also check that the
# API is compatible
if test "$req_libgcrypt_api" -gt 0 ; then
tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
if test "$tmp" -gt 0 ; then
AC_MSG_CHECKING([LIBGCRYPT API version])
if test "$req_libgcrypt_api" -eq "$tmp" ; then
AC_MSG_RESULT(okay)
else
ok=no
AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
fi
fi
fi
fi
if test $ok = yes; then
LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
ifelse([$2], , :, [$2])
else
LIBGCRYPT_CFLAGS=""
LIBGCRYPT_LIBS=""
ifelse([$3], , :, [$3])
fi
AC_SUBST(LIBGCRYPT_CFLAGS)
AC_SUBST(LIBGCRYPT_LIBS)
])

9
src/.cvsignore
View File

@@ -1,3 +1,5 @@
.deps
.libs
*.lib
*.pdb
*.dll
@@ -7,3 +9,10 @@
Debug
Release
*.exp
Makefile
Makefile.in
*.lo
libssh2.la
libssh2_config.h
libssh2_config.h.in
stamp-h1

52
src/Makefile.am Normal file
View File

@@ -0,0 +1,52 @@
AUTOMAKE_OPTIONS = foreign nostdinc
libssh2_la_SOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c \
misc.c packet.c publickey.c scp.c session.c sftp.c userauth.c \
libssh2_priv.h openssl.h libgcrypt.h pem.c
if LIBGCRYPT
libssh2_la_SOURCES += libgcrypt.c
else
libssh2_la_SOURCES += openssl.c
endif
EXTRA_DIST = libssh2_config.h.in
lib_LTLIBRARIES = libssh2.la
# srcdir/include for the shipped headers
# builddir/src for the generated config header when building out of the source
# tree
INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/src
VERSION=-version-info 0:0:0
# This flag accepts an argument of the form current[:revision[:age]]. So,
# passing -version-info 3:12:1 sets current to 3, revision to 12, and age to
# 1.
#
# If either revision or age are omitted, they default to 0. Also note that age
# must be less than or equal to the current interface number.
#
# Here are a set of rules to help you update your library version information:
#
# 1.Start with version information of 0:0:0 for each libtool library.
#
# 2.Update the version information only immediately before a public release of
# your software. More frequent updates are unnecessary, and only guarantee
# that the current interface number gets larger faster.
#
# 3.If the library source code has changed at all since the last update, then
# increment revision (c:r+1:a)
#
# 4.If any interfaces have been added, removed, or changed since the last
# update, increment current, and set revision to 0. (c+1:r=0:a)
#
# 5.If any interfaces have been added since the last public release, then
# increment age. (c:r:a+1)
#
# 6.If any interfaces have been removed since the last public release, then
# set age to 0. (c:r:a=0)
#
libssh2_la_LDFLAGS = $(VERSION)

68
src/Makefile.in
View File

@@ -1,68 +0,0 @@
OBJECTS = channel.o comp.o crypt.o hostkey.o kex.o mac.o misc.o packet.o publickey.o scp.o session.o sftp.o userauth.o
top_srcdir = @top_srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @exec_prefix@/lib
incldir = @prefix@/include
CC = @CC@
LDCC = @LDCC@
CFLAGS = -c @CFLAGS@ -Wall -I../include/ -fPIC
LDFLAGS = @LDFLAGS@
SHLIB_LDFLAGS = @SHLIB_LDFLAGS@
LIBS = @LIBS@
INSTALL = @INSTALL@
channel.o: channel.c
$(CC) -o channel.o channel.c $(CFLAGS) $(LIBS)
comp.o: comp.c
$(CC) -o comp.o comp.c $(CFLAGS) $(LIBS)
crypt.o: crypt.c
$(CC) -o crypt.o crypt.c $(CFLAGS) $(LIBS)
hostkey.o: hostkey.c
$(CC) -o hostkey.o hostkey.c $(CFLAGS) $(LIBS)
kex.o: kex.c
$(CC) -o kex.o kex.c $(CFLAGS) $(LIBS)
mac.o: mac.c
$(CC) -o mac.o mac.c $(CFLAGS) $(LIBS)
misc.o: misc.c
$(CC) -o misc.o misc.c $(CFLAGS) $(LIBS)
packet.o: packet.c
$(CC) -o packet.o packet.c $(CFLAGS) $(LIBS)
publickey.o: publickey.c
$(CC) -o publickey.o publickey.c $(CFLAGS) $(LIBS)
scp.o: scp.c
$(CC) -o scp.o scp.c $(CFLAGS) $(LIBS)
session.o: session.c
$(CC) -o session.o session.c $(CFLAGS) $(LIBS)
sftp.o: sftp.c
$(CC) -o sftp.o sftp.c $(CFLAGS) $(LIBS)
userauth.o: userauth.c
$(CC) -o userauth.o userauth.c $(CFLAGS) $(LIBS)
all: libssh2.@SHLIB_SUFFIX_NAME@
libssh2.@SHLIB_SUFFIX_NAME@: $(OBJECTS)
$(LDCC) -o libssh2.@SHLIB_SUFFIX_NAME@ $(SHLIB_LDFLAGS) $(OBJECTS) $(LIBS) $(LDFLAGS)
libssh2.a: $(OBJECTS)
rm -f libssh2.a
ar q libssh2.a $(OBJECTS)
@RANLIB@ libssh2.a
install: all
$(INSTALL) libssh2.@SHLIB_SUFFIX_NAME@ $(DESTDIR)$(libdir)
clean:
rm -f *~ libssh2.a libssh2.@SHLIB_SUFFIX_NAME@ *.o

25
src/channel.c
View File

@@ -36,7 +36,6 @@
*/
#include "libssh2_priv.h"
#include <openssl/rand.h>
#ifndef WIN32
#include <unistd.h>
#endif
@@ -105,8 +104,8 @@ LIBSSH2_CHANNEL *libssh2_channel_locate(LIBSSH2_SESSION *session, unsigned long
/* {{{ libssh2_channel_open_session
* Establish a generic session channel
*/
LIBSSH2_API LIBSSH2_CHANNEL *libssh2_channel_open_ex(LIBSSH2_SESSION *session, const char *channel_type, int channel_type_len, int window_size, int packet_size,
const char *message, int message_len)
LIBSSH2_API LIBSSH2_CHANNEL *libssh2_channel_open_ex(LIBSSH2_SESSION *session, const char *channel_type, unsigned int channel_type_len, unsigned int window_size,
unsigned int packet_size, const char *message, unsigned int message_len)
{
unsigned char reply_codes[3] = { SSH_MSG_CHANNEL_OPEN_CONFIRMATION, SSH_MSG_CHANNEL_OPEN_FAILURE, 0 };
LIBSSH2_CHANNEL *channel = NULL;
@@ -257,7 +256,11 @@ LIBSSH2_API LIBSSH2_CHANNEL *libssh2_channel_direct_tcpip_ex(LIBSSH2_SESSION *se
memcpy(s, shost, shost_len); s += shost_len;
libssh2_htonu32(s, sport); s += 4;
channel = libssh2_channel_open_ex(session, "direct-tcpip", sizeof("direct-tcpip") - 1, LIBSSH2_CHANNEL_WINDOW_DEFAULT, LIBSSH2_CHANNEL_PACKET_DEFAULT, message, message_len);
channel = libssh2_channel_open_ex(session, "direct-tcpip",
sizeof("direct-tcpip") - 1,
LIBSSH2_CHANNEL_WINDOW_DEFAULT,
LIBSSH2_CHANNEL_PACKET_DEFAULT,
(char *)message, message_len);
LIBSSH2_FREE(session, message);
return channel;
@@ -463,7 +466,7 @@ LIBSSH2_API LIBSSH2_CHANNEL *libssh2_channel_forward_accept(LIBSSH2_LISTENER *li
/* {{{ libssh2_channel_setenv_ex
* Set an environment variable prior to requesting a shell/program/subsystem
*/
LIBSSH2_API int libssh2_channel_setenv_ex(LIBSSH2_CHANNEL *channel, char *varname, int varname_len, char *value, int value_len)
LIBSSH2_API int libssh2_channel_setenv_ex(LIBSSH2_CHANNEL *channel, char *varname, unsigned int varname_len, char *value, unsigned int value_len)
{
LIBSSH2_SESSION *session = channel->session;
unsigned char *s, *packet, *data, reply_codes[3] = { SSH_MSG_CHANNEL_SUCCESS, SSH_MSG_CHANNEL_FAILURE, 0 }, local_channel[4];
@@ -520,8 +523,8 @@ LIBSSH2_API int libssh2_channel_setenv_ex(LIBSSH2_CHANNEL *channel, char *varnam
/* {{{ libssh2_channel_request_pty_ex
* Duh... Request a PTY
*/
LIBSSH2_API int libssh2_channel_request_pty_ex(LIBSSH2_CHANNEL *channel, char *term, int term_len,
char *modes, int modes_len,
LIBSSH2_API int libssh2_channel_request_pty_ex(LIBSSH2_CHANNEL *channel, char *term, unsigned int term_len,
char *modes, unsigned int modes_len,
int width, int height,
int width_px, int height_px)
{
@@ -631,11 +634,11 @@ LIBSSH2_API int libssh2_channel_x11_req_ex(LIBSSH2_CHANNEL *channel, int single_
memcpy(s, auth_cookie, cookie_len);
} else {
int i;
char buffer[LIBSSH2_X11_RANDOM_COOKIE_LEN / 2];
unsigned char buffer[LIBSSH2_X11_RANDOM_COOKIE_LEN / 2];
RAND_bytes(buffer, LIBSSH2_X11_RANDOM_COOKIE_LEN / 2);
libssh2_random(buffer, LIBSSH2_X11_RANDOM_COOKIE_LEN / 2);
for (i = 0; i < (LIBSSH2_X11_RANDOM_COOKIE_LEN / 2); i++) {
snprintf(s + (i * 2), 2, "%02X", buffer[i]);
snprintf((char *)s + (i * 2), 2, "%02X", buffer[i]);
}
}
s += cookie_len;
@@ -669,7 +672,7 @@ LIBSSH2_API int libssh2_channel_x11_req_ex(LIBSSH2_CHANNEL *channel, int single_
/* {{{ libssh2_channel_process_startup
* Primitive for libssh2_channel_(shell|exec|subsystem)
*/
LIBSSH2_API int libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel, const char *request, int request_len, const char *message, int message_len)
LIBSSH2_API int libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel, const char *request, unsigned int request_len, const char *message, unsigned int message_len)
{
LIBSSH2_SESSION *session = channel->session;
unsigned char *s, *packet, *data, reply_codes[3] = { SSH_MSG_CHANNEL_SUCCESS, SSH_MSG_CHANNEL_FAILURE, 0 }, local_channel[4];

61
src/comp.c
View File

@@ -45,10 +45,20 @@
/* {{{ libssh2_comp_method_none_comp
* Minimalist compression: Absolutely none
*/
static int libssh2_comp_method_none_comp(LIBSSH2_SESSION *session, int compress,
unsigned char **dest, unsigned long *dest_len, unsigned long payload_limit, int *free_dest,
const unsigned char *src, unsigned long src_len, void **abstract)
static int libssh2_comp_method_none_comp(LIBSSH2_SESSION *session,
int compress,
unsigned char **dest,
unsigned long *dest_len,
unsigned long payload_limit,
int *free_dest,
const unsigned char *src,
unsigned long src_len,
void **abstract)
{
(void)session;
(void)compress;
(void)payload_limit;
(void)abstract;
*dest = (unsigned char *)src;
*dest_len = src_len;
@@ -59,7 +69,7 @@ static int libssh2_comp_method_none_comp(LIBSSH2_SESSION *session, int compress,
/* }}} */
static LIBSSH2_COMP_METHOD libssh2_comp_method_none = {
"none",
(char *)"none",
NULL,
libssh2_comp_method_none_comp,
NULL
@@ -129,12 +139,19 @@ static int libssh2_comp_method_zlib_init(LIBSSH2_SESSION *session, int compress,
/* {{{ libssh2_comp_method_zlib_comp
* zlib, a compression standard for all occasions
*/
static int libssh2_comp_method_zlib_comp(LIBSSH2_SESSION *session, int compress,
unsigned char **dest, unsigned long *dest_len, unsigned long payload_limit, int *free_dest,
const unsigned char *src, unsigned long src_len, void **abstract)
static int libssh2_comp_method_zlib_comp(LIBSSH2_SESSION *session,
int compress,
unsigned char **dest,
unsigned long *dest_len,
unsigned long payload_limit,
int *free_dest,
const unsigned char *src,
unsigned long src_len,
void **abstract)
{
z_stream *strm = *abstract;
/* A short-term alloc of a full data chunk is better than a series of reallocs */
/* A short-term alloc of a full data chunk is better than a series of
reallocs */
char *out;
int out_maxlen = compress ? (src_len + 4) : (2 * src_len);
int limiter = 0;
@@ -144,13 +161,14 @@ static int libssh2_comp_method_zlib_comp(LIBSSH2_SESSION *session, int compress,
out_maxlen = 25;
}
if (out_maxlen > payload_limit) {
if (out_maxlen > (int)payload_limit) {
out_maxlen = payload_limit;
}
strm->next_in = (char *)src;
strm->next_in = (unsigned char *)src;
strm->avail_in = src_len;
out = strm->next_out = LIBSSH2_ALLOC(session, out_maxlen);
strm->next_out = (unsigned char *)LIBSSH2_ALLOC(session, out_maxlen);
out = (char *)strm->next_out;
strm->avail_out = out_maxlen;
if (!strm->next_out) {
libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate compression/decompression buffer", 0);
@@ -174,18 +192,20 @@ static int libssh2_comp_method_zlib_comp(LIBSSH2_SESSION *session, int compress,
out_maxlen += compress ? (strm->avail_in + 4) : (2 * strm->avail_in);
if ((out_maxlen > payload_limit) && !compress && limiter++) {
libssh2_error(session, LIBSSH2_ERROR_ZLIB, "Excessive growth in decompression phase", 0);
if ((out_maxlen > (int)payload_limit) &&
!compress && limiter++) {
libssh2_error(session, LIBSSH2_ERROR_ZLIB,
"Excessive growth in decompression phase", 0);
LIBSSH2_FREE(session, out);
return -1;
}
out = LIBSSH2_REALLOC(session, out, out_maxlen);
out = LIBSSH2_REALLOC(session, out, out_maxlen);
if (!out) {
libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to expand compress/decompression buffer", 0);
return -1;
}
strm->next_out = out + out_ofs;
strm->next_out = (unsigned char *)out + out_ofs;
strm->avail_out += compress ? (strm->avail_in + 4) : (2 * strm->avail_in);
} else while (!strm->avail_out) {
/* Done with input, might be a byte or two in internal buffer during compress
@@ -193,13 +213,13 @@ static int libssh2_comp_method_zlib_comp(LIBSSH2_SESSION *session, int compress,
*/
int grow_size = compress ? 8 : 1024;
if (out_maxlen >= payload_limit) {
if (out_maxlen >= (int)payload_limit) {
libssh2_error(session, LIBSSH2_ERROR_ZLIB, "Excessive growth in decompression phase", 0);
LIBSSH2_FREE(session, out);
return -1;
}
if (grow_size > (payload_limit - out_maxlen)) {
if (grow_size > (int)(payload_limit - out_maxlen)) {
grow_size = payload_limit - out_maxlen;
}
@@ -211,7 +231,8 @@ static int libssh2_comp_method_zlib_comp(LIBSSH2_SESSION *session, int compress,
libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to expand final compress/decompress buffer", 0);
return -1;
}
strm->next_out = out + out_maxlen - grow_size;
strm->next_out = (unsigned char *)out + out_maxlen -
grow_size;
if (compress) {
status = deflate(strm, Z_PARTIAL_FLUSH);
@@ -226,7 +247,7 @@ static int libssh2_comp_method_zlib_comp(LIBSSH2_SESSION *session, int compress,
}
}
*dest = out;
*dest = (unsigned char *)out;
*dest_len = out_maxlen - strm->avail_out;
*free_dest = 1;
@@ -260,7 +281,7 @@ static int libssh2_comp_method_zlib_dtor(LIBSSH2_SESSION *session, int compress,
/* }}} */
static LIBSSH2_COMP_METHOD libssh2_comp_method_zlib = {
"zlib",
(char *)"zlib",
libssh2_comp_method_zlib_init,
libssh2_comp_method_zlib_comp,
libssh2_comp_method_zlib_dtor,

191
src/crypt.c
View File

@@ -36,9 +36,8 @@
*/
#include "libssh2_priv.h"
#include <openssl/evp.h>
#ifdef LIBSSH2_CRYPT_NONE
#if LIBSSH2_CRYPT_NONE
/* {{{ libssh2_crypt_none_crypt
* Minimalist cipher: VERY secure *wink*
*/
@@ -59,29 +58,67 @@ static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_none = {
libssh2_crypt_none_crypt,
NULL
};
#endif
#endif /* LIBSSH2_CRYPT_NONE */
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
"3des-cbc",
8, /* blocksize */
8, /* initial value length */
24, /* secret length */
LIBSSH2_CRYPT_METHOD_FLAG_EVP,
NULL,
(void*)EVP_des_ede3_cbc,
NULL,
struct crypt_ctx {
int encrypt;
_libssh2_cipher_type(algo);
_libssh2_cipher_ctx h;
};
#if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)
static int init (LIBSSH2_SESSION *session,
LIBSSH2_CRYPT_METHOD *method,
unsigned char *iv, int *free_iv,
unsigned char *secret, int *free_secret,
int encrypt, void **abstract)
{
struct crypt_ctx *ctx = LIBSSH2_ALLOC(session,
sizeof(struct crypt_ctx));
if (!ctx) {
return -1;
}
ctx->encrypt = encrypt;
ctx->algo = method->algo;
if (_libssh2_cipher_init (&ctx->h, ctx->algo, iv, secret, encrypt))
{
LIBSSH2_FREE (session, ctx);
return -1;
}
*abstract = ctx;
*free_iv = 1;
*free_secret = 1;
return 0;
}
static int crypt(LIBSSH2_SESSION *session, unsigned char *block, void **abstract)
{
struct crypt_ctx *cctx = *(struct crypt_ctx **)abstract;
return _libssh2_cipher_crypt(&cctx->h, cctx->algo,
cctx->encrypt, block);
}
static int dtor(LIBSSH2_SESSION *session, void **abstract)
{
struct crypt_ctx **cctx = (struct crypt_ctx **)abstract;
if (cctx && *cctx) {
_libssh2_cipher_dtor(&(*cctx)->h);
LIBSSH2_FREE(session, *cctx);
*abstract = NULL;
}
return 0;
}
#if LIBSSH2_AES
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = {
"aes128-cbc",
16, /* blocksize */
16, /* initial value length */
16, /* secret length -- 16*8 == 128bit */
LIBSSH2_CRYPT_METHOD_FLAG_EVP,
NULL,
(void*)EVP_aes_128_cbc,
NULL,
0, /* flags */
&init,
&crypt,
&dtor,
_libssh2_cipher_aes128
};
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = {
@@ -89,10 +126,11 @@ static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = {
16, /* blocksize */
16, /* initial value length */
24, /* secret length -- 24*8 == 192bit */
LIBSSH2_CRYPT_METHOD_FLAG_EVP,
NULL,
(void*)EVP_aes_192_cbc,
NULL,
0, /* flags */
&init,
&crypt,
&dtor,
_libssh2_cipher_aes192
};
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_cbc = {
@@ -100,10 +138,11 @@ static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_cbc = {
16, /* blocksize */
16, /* initial value length */
32, /* secret length -- 32*8 == 256bit */
LIBSSH2_CRYPT_METHOD_FLAG_EVP,
NULL,
(void*)EVP_aes_256_cbc,
NULL,
0, /* flags */
&init,
&crypt,
&dtor,
_libssh2_cipher_aes256
};
/* rijndael-cbc@lysator.liu.se == aes256-cbc */
@@ -112,73 +151,91 @@ static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_rijndael_cbc_lysator_liu_se = {
16, /* blocksize */
16, /* initial value length */
32, /* secret length -- 32*8 == 256bit */
LIBSSH2_CRYPT_METHOD_FLAG_EVP,
NULL,
(void*)EVP_aes_256_cbc,
NULL,
0, /* flags */
&init,
&crypt,
&dtor,
_libssh2_cipher_aes256
};
#endif /* OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)*/
#endif /* LIBSSH2_AES */
#ifndef OPENSSL_NO_BLOWFISH
#if LIBSSH2_BLOWFISH
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_blowfish_cbc = {
"blowfish-cbc",
8, /* blocksize */
8, /* initial value length */
16, /* secret length */
LIBSSH2_CRYPT_METHOD_FLAG_EVP,
NULL,
(void*)EVP_bf_cbc,
NULL,
0, /* flags */
&init,
&crypt,
&dtor,
_libssh2_cipher_blowfish
};
#endif /* ! OPENSSL_NO_BLOWFISH */
#endif /* LIBSSH2_BLOWFISH */
#ifndef OPENSSL_NO_CAST
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_cast128_cbc = {
"cast128-cbc",
8, /* blocksize */
8, /* initial value length */
16, /* secret length */
LIBSSH2_CRYPT_METHOD_FLAG_EVP,
NULL,
(void*)EVP_cast5_cbc,
NULL,
};
#endif /* ! OPENSSL_NO_CAST */
#ifndef OPENSSL_NO_RC4
#if LIBSSH2_RC4
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_arcfour = {
"arcfour",
8, /* blocksize */
8, /* initial value length */
16, /* secret length */
LIBSSH2_CRYPT_METHOD_FLAG_EVP,
NULL,
(void*)EVP_rc4,
NULL,
0, /* flags */
&init,
&crypt,
&dtor,
_libssh2_cipher_arcfour
};
#endif /* ! OPENSSL_NO_RC4 */
#endif /* LIBSSH2_RC4 */
#if LIBSSH2_CAST
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_cast128_cbc = {
"cast128-cbc",
8, /* blocksize */
8, /* initial value length */
16, /* secret length */
0, /* flags */
&init,
&crypt,
&dtor,
_libssh2_cipher_cast5
};
#endif /* LIBSSH2_CAST */
#if LIBSSH2_3DES
static LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
"3des-cbc",
8, /* blocksize */
8, /* initial value length */
24, /* secret length */
0, /* flags */
&init,
&crypt,
&dtor,
_libssh2_cipher_3des
};
#endif
static LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
#if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)
#if LIBSSH2_AES
&libssh2_crypt_method_aes256_cbc,
&libssh2_crypt_method_rijndael_cbc_lysator_liu_se, /* == aes256-cbc */
&libssh2_crypt_method_aes192_cbc,
&libssh2_crypt_method_aes128_cbc,
#endif /* OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES) */
#ifndef OPENSSL_NO_BLOWFISH
#endif /* LIBSSH2_AES */
#if LIBSSH2_BLOWFISH
&libssh2_crypt_method_blowfish_cbc,
#endif /* ! OPENSSL_NO_BLOWFISH */
#ifndef OPENSSL_NO_RC4
#endif /* LIBSSH2_BLOWFISH */
#if LIBSSH2_RC4
&libssh2_crypt_method_arcfour,
#endif /* ! OPENSSL_NO_RC4 */
#ifndef OPENSSL_NO_CAST
#endif /* LIBSSH2_RC4 */
#if LIBSSH2_CAST
&libssh2_crypt_method_cast128_cbc,
#endif /* ! OPENSSL_NO_CAST */
#ifndef OPENSSL_NO_DES
#endif /* LIBSSH2_CAST */
#if LIBSSH2_3DES
&libssh2_crypt_method_3des_cbc,
#endif /* ! OPENSSL_NO_DES */
#ifdef LIBSSH2_CRYPT_NONE
&libssh2_crypt_method_none,
#endif /* LIBSSH2_DES */
#if LIBSSH2_CRYPT_NONE
&libssh2_crypt_method_none,
#endif
NULL
};

334
src/hostkey.c
View File

@@ -36,16 +36,13 @@
*/
#include "libssh2_priv.h"
#include <openssl/bn.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
/* Needed for struct iovec on some platforms */
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
#endif
#ifndef OPENSSL_NO_RSA
#if LIBSSH2_RSA
/* ***********
* ssh-rsa *
*********** */
@@ -55,33 +52,42 @@ static int libssh2_hostkey_method_ssh_rsa_dtor(LIBSSH2_SESSION *session, void **
/* {{{ libssh2_hostkey_method_ssh_rsa_init
* Initialize the server hostkey working area with e/n pair
*/
static int libssh2_hostkey_method_ssh_rsa_init(LIBSSH2_SESSION *session, unsigned char *hostkey_data, unsigned long hostkey_data_len, void **abstract)
static int
libssh2_hostkey_method_ssh_rsa_init(LIBSSH2_SESSION *session,
unsigned char *hostkey_data,
unsigned long hostkey_data_len,
void **abstract)
{
RSA *rsactx;
libssh2_rsa_ctx *rsactx;
unsigned char *s, *e, *n;
unsigned long len, e_len, n_len;
(void)hostkey_data_len;
if (*abstract) {
libssh2_hostkey_method_ssh_rsa_dtor(session, abstract);
*abstract = NULL;
}
s = hostkey_data;
len = libssh2_ntohu32(s); s += 4;
if (len != 7 || strncmp(s, "ssh-rsa", 7) != 0) {
return -1;
} s += 7;
len = libssh2_ntohu32(s);
s += 4;
if (len != 7 || strncmp((char *)s, "ssh-rsa", 7) != 0) {
return -1;
}
s += 7;
e_len = libssh2_ntohu32(s);
s += 4;
e_len = libssh2_ntohu32(s); s += 4;
e = s; s += e_len;
n_len = libssh2_ntohu32(s); s += 4;
n = s; s += n_len;
rsactx = RSA_new();
rsactx->e = BN_new();
BN_bin2bn(e, e_len, rsactx->e);
rsactx->n = BN_new();
BN_bin2bn(n, n_len, rsactx->n);
if (_libssh2_rsa_new (&rsactx, e, e_len, n, n_len, NULL, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0))
return -1;
*abstract = rsactx;
@@ -89,30 +95,15 @@ static int libssh2_hostkey_method_ssh_rsa_init(LIBSSH2_SESSION *session, unsigne
}
/* }}} */
/* {{{ libssh2_hostkey_method_ssh_rsa_passphrase_cb
* TODO: Optionally call a passphrase callback specified by the calling program
*/
static int libssh2_hostkey_method_ssh_rsadsa_passphrase_cb(char *buf, int size, int rwflag, char *passphrase)
{
int passphrase_len = strlen(passphrase);
if (passphrase_len > (size - 1)) {
passphrase_len = size - 1;
}
memcpy(buf, passphrase, passphrase_len);
buf[passphrase_len] = '\0';
return passphrase_len;
}
/* }}} */
/* {{{ libssh2_hostkey_method_ssh_rsa_initPEM
* Load a Private Key from a PEM file
*/
static int libssh2_hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION *session, unsigned const char *privkeyfile, unsigned const char *passphrase, void **abstract)
static int libssh2_hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION *session,
const char *privkeyfile, unsigned const char *passphrase, void **abstract)
{
RSA *rsactx;
libssh2_rsa_ctx *rsactx;
FILE *fp;
int ret;
if (*abstract) {
libssh2_hostkey_method_ssh_rsa_dtor(session, abstract);
@@ -124,19 +115,11 @@ static int libssh2_hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION *session, unsi
return -1;
}
if (!EVP_get_cipherbyname("des")) {
/* If this cipher isn't loaded it's a pretty good indication that none are.
* I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
* Someone buy me an OpenSSL manual and I'll read up on it.
*/
OpenSSL_add_all_ciphers();
}
rsactx = PEM_read_RSAPrivateKey(fp, NULL, (void*)libssh2_hostkey_method_ssh_rsadsa_passphrase_cb, (void*)passphrase);
if (!rsactx) {
fclose(fp);
ret = _libssh2_rsa_new_private (&rsactx, session, fp, passphrase);
fclose(fp);
if (ret) {
return -1;
}
fclose(fp);
*abstract = rsactx;
@@ -147,56 +130,19 @@ static int libssh2_hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION *session, unsi
/* {{{ libssh2_hostkey_method_ssh_rsa_sign
* Verify signature created by remote
*/
static int libssh2_hostkey_method_ssh_rsa_sig_verify(LIBSSH2_SESSION *session, const unsigned char *sig, unsigned long sig_len,
const unsigned char *m, unsigned long m_len, void **abstract)
static int libssh2_hostkey_method_ssh_rsa_sig_verify(LIBSSH2_SESSION *session,
const unsigned char *sig,
unsigned long sig_len,
const unsigned char *m,
unsigned long m_len,
void **abstract)
{
RSA *rsactx = (RSA*)(*abstract);
unsigned char hash[SHA_DIGEST_LENGTH];
int ret;
libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx*)(*abstract);
(void)session;
/* Skip past keyname_len(4) + keyname(7){"ssh-rsa"} + signature_len(4) */
sig += 15; sig_len -= 15;
SHA1(m, m_len, hash);
ret = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH, (char *)sig, sig_len, rsactx);
return (ret == 1) ? 0 : -1;
}
/* }}} */
/* {{{ libssh2_hostkey_method_ssh_rsa_sign
* Sign data to send to remote
*/
static int libssh2_hostkey_method_ssh_rsa_sign(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len,
const unsigned char *buf, unsigned long buf_len, void **abstract)
{
RSA *rsactx = (RSA*)(*abstract);
int ret;
unsigned char hash[SHA_DIGEST_LENGTH];
SHA_CTX ctx;
char *sig;
int sig_len;
sig_len = RSA_size(rsactx);
sig = LIBSSH2_ALLOC(session, sig_len);
if (!sig) {
return -1;
}
SHA1_Init(&ctx);
SHA1_Update(&ctx, buf, buf_len);
SHA1_Final(hash, &ctx);
ret = RSA_sign(NID_sha1, hash, SHA_DIGEST_LENGTH, sig, &sig_len, rsactx);
if (!ret) {
LIBSSH2_FREE(session, sig);
return -1;
}
*signature = sig;
*signature_len = sig_len;
return 0;
return _libssh2_rsa_sha1_verify (rsactx, sig, sig_len, m, m_len);
}
/* }}} */
@@ -206,36 +152,24 @@ static int libssh2_hostkey_method_ssh_rsa_sign(LIBSSH2_SESSION *session, unsigne
static int libssh2_hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len,
unsigned long veccount, const struct iovec datavec[], void **abstract)
{
RSA *rsactx = (RSA*)(*abstract);
int ret, i;
libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx*)(*abstract);
int ret;
unsigned int i;
unsigned char hash[SHA_DIGEST_LENGTH];
SHA_CTX ctx;
char *sig;
int sig_len;
libssh2_sha1_ctx ctx;
sig_len = RSA_size(rsactx);
sig = LIBSSH2_ALLOC(session, sig_len);
if (!sig) {
return -1;
}
SHA1_Init(&ctx);
libssh2_sha1_init(&ctx);
for(i = 0; i < veccount; i++) {
SHA1_Update(&ctx, datavec[i].iov_base, datavec[i].iov_len);
libssh2_sha1_update(ctx, datavec[i].iov_base, datavec[i].iov_len);
}
SHA1_Final(hash, &ctx);
libssh2_sha1_final(ctx, hash);
ret = RSA_sign(NID_sha1, hash, SHA_DIGEST_LENGTH, sig, &sig_len, rsactx);
if (!ret) {
LIBSSH2_FREE(session, sig);
ret = _libssh2_rsa_sha1_sign(session, rsactx, hash, SHA_DIGEST_LENGTH,
signature, signature_len);
if (ret) {
return -1;
}
*signature = sig;
*signature_len = sig_len;
return 0;
}
/* }}} */
@@ -243,11 +177,13 @@ static int libssh2_hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION *session, unsign
/* {{{ libssh2_hostkey_method_ssh_rsa_dtor
* Shutdown the hostkey
*/
static int libssh2_hostkey_method_ssh_rsa_dtor(LIBSSH2_SESSION *session, void **abstract)
static int libssh2_hostkey_method_ssh_rsa_dtor(LIBSSH2_SESSION *session,
void **abstract)
{
RSA *rsactx = (RSA*)(*abstract);
libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx*)(*abstract);
(void)session;
RSA_free(rsactx);
_libssh2_rsa_free(rsactx);
*abstract = NULL;
@@ -261,14 +197,13 @@ static LIBSSH2_HOSTKEY_METHOD libssh2_hostkey_method_ssh_rsa = {
libssh2_hostkey_method_ssh_rsa_init,
libssh2_hostkey_method_ssh_rsa_initPEM,
libssh2_hostkey_method_ssh_rsa_sig_verify,
libssh2_hostkey_method_ssh_rsa_sign,
libssh2_hostkey_method_ssh_rsa_signv,
NULL, /* encrypt */
libssh2_hostkey_method_ssh_rsa_dtor,
};
#endif /* ! OPENSSL_NO_RSA */
#endif /* LIBSSH2_RSA */
#ifndef OPENSSL_NO_DSA
#if LIBSSH2_DSA
/* ***********
* ssh-dss *
*********** */
@@ -278,11 +213,16 @@ static int libssh2_hostkey_method_ssh_dss_dtor(LIBSSH2_SESSION *session, void **
/* {{{ libssh2_hostkey_method_ssh_dss_init
* Initialize the server hostkey working area with p/q/g/y set
*/
static int libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session, unsigned char *hostkey_data, unsigned long hostkey_data_len, void **abstract)
static int
libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session,
unsigned char *hostkey_data,
unsigned long hostkey_data_len,
void **abstract)
{
DSA *dsactx;
libssh2_dsa_ctx *dsactx;
unsigned char *p, *q, *g, *y, *s;
unsigned long p_len, q_len, g_len, y_len, len;
(void)hostkey_data_len;
if (*abstract) {
libssh2_hostkey_method_ssh_dss_dtor(session, abstract);
@@ -291,7 +231,7 @@ static int libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session, unsigne
s = hostkey_data;
len = libssh2_ntohu32(s); s += 4;
if (len != 7 || strncmp(s, "ssh-dss", 7) != 0) {
if (len != 7 || strncmp((char *)s, "ssh-dss", 7) != 0) {
return -1;
} s += 7;
@@ -304,15 +244,8 @@ static int libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session, unsigne
y_len = libssh2_ntohu32(s); s += 4;
y = s; s += y_len;
dsactx = DSA_new();
dsactx->p = BN_new();
BN_bin2bn(p, p_len, dsactx->p);
dsactx->q = BN_new();
BN_bin2bn(q, q_len, dsactx->q);
dsactx->g = BN_new();
BN_bin2bn(g, g_len, dsactx->g);
dsactx->pub_key = BN_new();
BN_bin2bn(y, y_len, dsactx->pub_key);
_libssh2_dsa_new(&dsactx, p, p_len, q, q_len, g, g_len,
y, y_len, NULL, 0);
*abstract = dsactx;
@@ -323,10 +256,14 @@ static int libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session, unsigne
/* {{{ libssh2_hostkey_method_ssh_dss_initPEM
* Load a Private Key from a PEM file
*/
static int libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION *session, unsigned const char *privkeyfile, unsigned const char *passphrase, void **abstract)
static int libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION *session,
const char *privkeyfile,
unsigned const char *passphrase,
void **abstract)
{
DSA *dsactx;
libssh2_dsa_ctx *dsactx;
FILE *fp;
int ret;
if (*abstract) {
libssh2_hostkey_method_ssh_dss_dtor(session, abstract);
@@ -338,19 +275,11 @@ static int libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION *session, unsi
return -1;
}
if (!EVP_get_cipherbyname("des")) {
/* If this cipher isn't loaded it's a pretty good indication that none are.
* I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
* Someone buy me an OpenSSL manual and I'll read up on it.
*/
OpenSSL_add_all_ciphers();
}
dsactx = PEM_read_DSAPrivateKey(fp, NULL, (void*)libssh2_hostkey_method_ssh_rsadsa_passphrase_cb, (void*)passphrase);
if (!dsactx) {
fclose(fp);
ret = _libssh2_dsa_new_private (&dsactx, session, fp, passphrase);
fclose(fp);
if (ret) {
return -1;
}
fclose(fp);
*abstract = dsactx;
@@ -364,10 +293,7 @@ static int libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION *session, unsi
static int libssh2_hostkey_method_ssh_dss_sig_verify(LIBSSH2_SESSION *session, const unsigned char *sig, unsigned long sig_len,
const unsigned char *m, unsigned long m_len, void **abstract)
{
DSA *dsactx = (DSA*)(*abstract);
unsigned char hash[SHA_DIGEST_LENGTH];
DSA_SIG dsasig;
int ret;
libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx*)(*abstract);
/* Skip past keyname_len(4) + keyname(7){"ssh-dss"} + signature_len(4) */
sig += 15; sig_len -= 15;
@@ -375,66 +301,20 @@ static int libssh2_hostkey_method_ssh_dss_sig_verify(LIBSSH2_SESSION *session, c
libssh2_error(session, LIBSSH2_ERROR_PROTO, "Invalid DSS signature length", 0);
return -1;
}
dsasig.r = BN_new();
BN_bin2bn(sig, 20, dsasig.r);
dsasig.s = BN_new();
BN_bin2bn(sig + 20, 20, dsasig.s);
SHA1(m, m_len, hash);
ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
return (ret == 1) ? 0 : -1;
}
/* }}} */
/* {{{ libssh2_hostkey_method_ssh_dss_sign
* Sign data to send to remote
*/
static int libssh2_hostkey_method_ssh_dss_sign(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len,
const unsigned char *buf, unsigned long buf_len, void **abstract)
{
DSA *dsactx = (DSA*)(*abstract);
DSA_SIG *sig;
unsigned char hash[SHA_DIGEST_LENGTH];
SHA_CTX ctx;
*signature = LIBSSH2_ALLOC(session, 2 * SHA_DIGEST_LENGTH);
*signature_len = 2 * SHA_DIGEST_LENGTH;
if (!(*signature)) {
return -1;
}
SHA1_Init(&ctx);
SHA1_Update(&ctx, buf, buf_len);
SHA1_Final(hash, &ctx);
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
if (!sig) {
LIBSSH2_FREE(session, *signature);
return -1;
}
BN_bn2bin(sig->r, *signature);
BN_bn2bin(sig->s, *signature + SHA_DIGEST_LENGTH);
DSA_SIG_free(sig);
return 0;
return _libssh2_dsa_sha1_verify(dsactx, sig, m, m_len);
}
/* }}} */
/* {{{ libssh2_hostkey_method_ssh_dss_signv
* Construct a signature from an array of vectors
*/
static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len,
static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len,
unsigned long veccount, const struct iovec datavec[], void **abstract)
{
DSA *dsactx = (DSA*)(*abstract);
DSA_SIG *sig;
libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx*)(*abstract);
unsigned char hash[SHA_DIGEST_LENGTH];
SHA_CTX ctx;
int r_len, s_len, rs_pad, i;
libssh2_sha1_ctx ctx;
unsigned int i;
*signature = LIBSSH2_ALLOC(session, 2 * SHA_DIGEST_LENGTH);
*signature_len = 2 * SHA_DIGEST_LENGTH;
@@ -444,32 +324,19 @@ static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsign
return -1;
}
SHA1_Init(&ctx);
libssh2_sha1_init(&ctx);
for(i = 0; i < veccount; i++) {
SHA1_Update(&ctx, datavec[i].iov_base, datavec[i].iov_len);
libssh2_sha1_update(ctx, datavec[i].iov_base, datavec[i].iov_len);
}
SHA1_Final(hash, &ctx);
libssh2_sha1_final(ctx, hash);
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
if (!sig) {
if (_libssh2_dsa_sha1_sign(dsactx, hash, SHA_DIGEST_LENGTH,
*signature))
{
LIBSSH2_FREE(session, *signature);
return -1;
}
r_len = BN_num_bytes(sig->r);
s_len = BN_num_bytes(sig->s);
rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len);
if (rs_pad < 0) {
DSA_SIG_free(sig);
LIBSSH2_FREE(session, *signature);
return -1;
}
BN_bn2bin(sig->r, *signature + rs_pad);
BN_bn2bin(sig->s, *signature + rs_pad + r_len);
DSA_SIG_free(sig);
return 0;
}
/* }}} */
@@ -477,11 +344,13 @@ static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsign
/* {{{ libssh2_hostkey_method_ssh_dss_dtor
* Shutdown the hostkey method
*/
static int libssh2_hostkey_method_ssh_dss_dtor(LIBSSH2_SESSION *session, void **abstract)
static int libssh2_hostkey_method_ssh_dss_dtor(LIBSSH2_SESSION *session,
void **abstract)
{
DSA *dsactx = (DSA*)(*abstract);
libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx*)(*abstract);
(void)session;
DSA_free(dsactx);
_libssh2_dsa_free(dsactx);
*abstract = NULL;
@@ -495,20 +364,19 @@ static LIBSSH2_HOSTKEY_METHOD libssh2_hostkey_method_ssh_dss = {
libssh2_hostkey_method_ssh_dss_init,
libssh2_hostkey_method_ssh_dss_initPEM,
libssh2_hostkey_method_ssh_dss_sig_verify,
libssh2_hostkey_method_ssh_dss_sign,
libssh2_hostkey_method_ssh_dss_signv,
NULL, /* encrypt */
libssh2_hostkey_method_ssh_dss_dtor,
};
#endif /* ! OPENSSL_NO_DSA */
#endif /* LIBSSH2_DSA */
static LIBSSH2_HOSTKEY_METHOD *_libssh2_hostkey_methods[] = {
#ifndef OPENSSL_NO_RSA
#if LIBSSH2_RSA
&libssh2_hostkey_method_ssh_rsa,
#endif /* ! OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
#endif /* LIBSSH2_RSA */
#if LIBSSH2_DSA
&libssh2_hostkey_method_ssh_dss,
#endif /* ! OPENSSL_NO_DSA */
#endif /* LIBSSH2_DSA */
NULL
};
@@ -526,16 +394,14 @@ LIBSSH2_HOSTKEY_METHOD **libssh2_hostkey_methods(void)
LIBSSH2_API const char *libssh2_hostkey_hash(LIBSSH2_SESSION *session, int hash_type)
{
switch (hash_type) {
#ifndef OPENSSL_NO_MD5
#if LIBSSH2_MD5
case LIBSSH2_HOSTKEY_HASH_MD5:
return session->server_hostkey_md5;
return (char *)session->server_hostkey_md5;
break;
#endif /* ! OPENSSL_NO_MD5 */
#ifndef OPENSSL_NO_SHA
#endif /* LIBSSH2_MD5 */
case LIBSSH2_HOSTKEY_HASH_SHA1:
return session->server_hostkey_sha1;
return (char *)session->server_hostkey_sha1;
break;
#endif /* ! OPENSSL_NO_SHA */
default:
return NULL;
}

286
src/kex.c
View File

@@ -36,61 +36,57 @@
*/
#include "libssh2_priv.h"
#include <openssl/bn.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
/* TODO: Switch this to an inline and handle alloc() failures */
/* Helper macro called from libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange */
#define LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(value, reqlen, version) \
{ \
SHA_CTX hash; \
libssh2_sha1_ctx hash; \
unsigned long len = 0; \
if (!(value)) { \
value = LIBSSH2_ALLOC(session, reqlen + SHA_DIGEST_LENGTH); \
} \
while (len < reqlen) { \
SHA1_Init(&hash); \
SHA1_Update(&hash, k_value, k_value_len); \
SHA1_Update(&hash, h_sig_comp, SHA_DIGEST_LENGTH); \
if (len > 0) { \
SHA1_Update(&hash, value, len); \
} else { \
SHA1_Update(&hash, (version), 1); \
SHA1_Update(&hash, session->session_id, session->session_id_len); \
} \
SHA1_Final((value) + len, &hash); \
len += SHA_DIGEST_LENGTH; \
} \
} \
while (len < reqlen) { \
libssh2_sha1_init(&hash); \
libssh2_sha1_update(hash, k_value, k_value_len); \
libssh2_sha1_update(hash, h_sig_comp, SHA_DIGEST_LENGTH); \
if (len > 0) { \
libssh2_sha1_update(hash, value, len); \
} else { \
libssh2_sha1_update(hash, (version), 1); \
libssh2_sha1_update(hash, session->session_id, session->session_id_len); \
} \
libssh2_sha1_final(hash, (value) + len); \
len += SHA_DIGEST_LENGTH; \
} \
}
/* {{{ libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange
* Diffie Hellman Key Exchange, Group Agnostic
*/
static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session, BIGNUM *g, BIGNUM *p, int group_order,
static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session, _libssh2_bn *g, _libssh2_bn *p, int group_order,
unsigned char packet_type_init, unsigned char packet_type_reply,
unsigned char *midhash, unsigned long midhash_len)
{
unsigned char *e_packet = NULL, *s_packet = NULL, *tmp, h_sig_comp[SHA_DIGEST_LENGTH], c;
unsigned long e_packet_len, s_packet_len, tmp_len;
int ret = 0;
BN_CTX *ctx = BN_CTX_new();
BIGNUM *x = BN_new(); /* Random from client */
BIGNUM *e = BN_new(); /* g^x mod p */
BIGNUM *f = BN_new(); /* g^(Random from server) mod p */
BIGNUM *k = BN_new(); /* The shared secret: f^x mod p */
_libssh2_bn_ctx *ctx = _libssh2_bn_ctx_new();
_libssh2_bn *x = _libssh2_bn_init(); /* Random from client */
_libssh2_bn *e = _libssh2_bn_init(); /* g^x mod p */
_libssh2_bn *f = _libssh2_bn_init(); /* g^(Random from server) mod p */
_libssh2_bn *k = _libssh2_bn_init(); /* The shared secret: f^x mod p */
unsigned char *s, *f_value, *k_value = NULL, *h_sig;
unsigned long f_value_len, k_value_len, h_sig_len;
SHA_CTX exchange_hash;
libssh2_sha1_ctx exchange_hash;
/* Generate x and e */
BN_rand(x, group_order, 0, -1);
BN_mod_exp(e, g, x, p, ctx);
_libssh2_bn_rand(x, group_order, 0, -1);
_libssh2_bn_mod_exp(e, g, x, p, ctx);
/* Send KEX init */
e_packet_len = BN_num_bytes(e) + 6; /* packet_type(1) + String Length(4) + leading 0(1) */
if (BN_num_bits(e) % 8) {
e_packet_len = _libssh2_bn_bytes(e) + 6; /* packet_type(1) + String Length(4) + leading 0(1) */
if (_libssh2_bn_bits(e) % 8) {
/* Leading 00 not needed */
e_packet_len--;
}
@@ -102,11 +98,11 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
}
e_packet[0] = packet_type_init;
libssh2_htonu32(e_packet + 1, e_packet_len - 5);
if (BN_num_bits(e) % 8) {
BN_bn2bin(e, e_packet + 5);
if (_libssh2_bn_bits(e) % 8) {
_libssh2_bn_to_bin(e, e_packet + 5);
} else {
e_packet[5] = 0;
BN_bn2bin(e, e_packet + 6);
_libssh2_bn_to_bin(e, e_packet + 6);
}
#ifdef LIBSSH2_DEBUG_KEX
@@ -158,13 +154,13 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
memcpy(session->server_hostkey, s, session->server_hostkey_len);
s += session->server_hostkey_len;
#ifndef OPENSSL_NO_MD5
#if LIBSSH2_MD5
{
MD5_CTX fingerprint_ctx;
libssh2_md5_ctx fingerprint_ctx;
MD5_Init(&fingerprint_ctx);
MD5_Update(&fingerprint_ctx, session->server_hostkey, session->server_hostkey_len);
MD5_Final(session->server_hostkey_md5, &fingerprint_ctx);
libssh2_md5_init(&fingerprint_ctx);
libssh2_md5_update(fingerprint_ctx, session->server_hostkey, session->server_hostkey_len);
libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5);
}
#ifdef LIBSSH2_DEBUG_KEX
{
@@ -177,15 +173,14 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
_libssh2_debug(session, LIBSSH2_DBG_KEX, "Server's MD5 Fingerprint: %s", fingerprint);
}
#endif /* LIBSSH2_DEBUG_KEX */
#endif /* ! OPENSSL_NO_MD5 */
#endif /* ! LIBSSH2_MD5 */
#ifndef OPENSSL_NO_SHA
{
SHA_CTX fingerprint_ctx;
libssh2_sha1_ctx fingerprint_ctx;
SHA1_Init(&fingerprint_ctx);
SHA1_Update(&fingerprint_ctx, session->server_hostkey, session->server_hostkey_len);
SHA1_Final(session->server_hostkey_sha1, &fingerprint_ctx);
libssh2_sha1_init(&fingerprint_ctx);
libssh2_sha1_update (fingerprint_ctx, session->server_hostkey, session->server_hostkey_len);
libssh2_sha1_final(fingerprint_ctx, session->server_hostkey_sha1);
}
#ifdef LIBSSH2_DEBUG_KEX
{
@@ -198,7 +193,6 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
_libssh2_debug(session, LIBSSH2_DBG_KEX, "Server's SHA1 Fingerprint: %s", fingerprint);
}
#endif /* LIBSSH2_DEBUG_KEX */
#endif /* ! OPENSSL_NO_SHA */
if (session->hostkey->init(session, session->server_hostkey, session->server_hostkey_len, &session->server_hostkey_abstract)) {
libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_INIT, "Unable to initialize hostkey importer", 0);
@@ -208,15 +202,15 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
f_value_len = libssh2_ntohu32(s); s += 4;
f_value = s; s += f_value_len;
BN_bin2bn(f_value, f_value_len, f);
_libssh2_bn_from_bin(f, f_value_len, f_value);
h_sig_len = libssh2_ntohu32(s); s += 4;
h_sig = s;
/* Compute the shared secret */
BN_mod_exp(k, f, x, p, ctx);
k_value_len = BN_num_bytes(k) + 5;
if (BN_num_bits(k) % 8) {
_libssh2_bn_mod_exp(k, f, x, p, ctx);
k_value_len = _libssh2_bn_bytes(k) + 5;
if (_libssh2_bn_bits(k) % 8) {
/* don't need leading 00 */
k_value_len--;
}
@@ -227,39 +221,43 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
goto clean_exit;
}
libssh2_htonu32(k_value, k_value_len - 4);
if (BN_num_bits(k) % 8) {
BN_bn2bin(k, k_value + 4);
if (_libssh2_bn_bits(k) % 8) {
_libssh2_bn_to_bin(k, k_value + 4);
} else {
k_value[4] = 0;
BN_bn2bin(k, k_value + 5);
_libssh2_bn_to_bin(k, k_value + 5);
}
SHA1_Init(&exchange_hash);
libssh2_sha1_init(&exchange_hash);
if (session->local.banner) {
libssh2_htonu32(h_sig_comp, strlen(session->local.banner) - 2);
SHA1_Update(&exchange_hash, h_sig_comp, 4);
SHA1_Update(&exchange_hash, session->local.banner, strlen(session->local.banner) - 2);
libssh2_htonu32(h_sig_comp,
strlen((char *)session->local.banner) - 2);
libssh2_sha1_update(exchange_hash, h_sig_comp, 4);
libssh2_sha1_update(exchange_hash, (char *)session->local.banner,
strlen((char *)session->local.banner) - 2);
} else {
libssh2_htonu32(h_sig_comp, sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
SHA1_Update(&exchange_hash, h_sig_comp, 4);
SHA1_Update(&exchange_hash, LIBSSH2_SSH_DEFAULT_BANNER, sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
libssh2_sha1_update(exchange_hash, h_sig_comp, 4);
libssh2_sha1_update(exchange_hash, LIBSSH2_SSH_DEFAULT_BANNER,
sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
}
libssh2_htonu32(h_sig_comp, strlen(session->remote.banner));
SHA1_Update(&exchange_hash, h_sig_comp, 4);
SHA1_Update(&exchange_hash, session->remote.banner, strlen(session->remote.banner));
libssh2_htonu32(h_sig_comp, strlen((char *)session->remote.banner));
libssh2_sha1_update(exchange_hash, h_sig_comp, 4);
libssh2_sha1_update(exchange_hash, session->remote.banner,
strlen((char *)session->remote.banner));
libssh2_htonu32(h_sig_comp, session->local.kexinit_len);
SHA1_Update(&exchange_hash, h_sig_comp, 4);
SHA1_Update(&exchange_hash, session->local.kexinit, session->local.kexinit_len);
libssh2_sha1_update(exchange_hash, h_sig_comp, 4);
libssh2_sha1_update(exchange_hash, session->local.kexinit, session->local.kexinit_len);
libssh2_htonu32(h_sig_comp, session->remote.kexinit_len);
SHA1_Update(&exchange_hash, h_sig_comp, 4);
SHA1_Update(&exchange_hash, session->remote.kexinit, session->remote.kexinit_len);
libssh2_sha1_update(exchange_hash, h_sig_comp, 4);
libssh2_sha1_update(exchange_hash, session->remote.kexinit, session->remote.kexinit_len);
libssh2_htonu32(h_sig_comp, session->server_hostkey_len);
SHA1_Update(&exchange_hash, h_sig_comp, 4);
SHA1_Update(&exchange_hash, session->server_hostkey, session->server_hostkey_len);
libssh2_sha1_update(exchange_hash, h_sig_comp, 4);
libssh2_sha1_update(exchange_hash, session->server_hostkey, session->server_hostkey_len);
if (packet_type_init == SSH_MSG_KEX_DH_GEX_INIT) {
/* diffie-hellman-group-exchange hashes additional fields */
@@ -267,26 +265,26 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
libssh2_htonu32(h_sig_comp, LIBSSH2_DH_GEX_MINGROUP);
libssh2_htonu32(h_sig_comp + 4, LIBSSH2_DH_GEX_OPTGROUP);
libssh2_htonu32(h_sig_comp + 8, LIBSSH2_DH_GEX_MAXGROUP);
SHA1_Update(&exchange_hash, h_sig_comp, 12);
libssh2_sha1_update(exchange_hash, h_sig_comp, 12);
#else
libssh2_htonu32(h_sig_comp, LIBSSH2_DH_GEX_OPTGROUP);
SHA1_Update(&exchange_hash, h_sig_comp, 4);
libssh2_sha1_update(exchange_hash, h_sig_comp, 4);
#endif
}
if (midhash) {
SHA1_Update(&exchange_hash, midhash, midhash_len);
libssh2_sha1_update(exchange_hash, midhash, midhash_len);
}
SHA1_Update(&exchange_hash, e_packet + 1, e_packet_len - 1);
libssh2_sha1_update(exchange_hash, e_packet + 1, e_packet_len - 1);
libssh2_htonu32(h_sig_comp, f_value_len);
SHA1_Update(&exchange_hash, h_sig_comp, 4);
SHA1_Update(&exchange_hash, f_value, f_value_len);
libssh2_sha1_update(exchange_hash, h_sig_comp, 4);
libssh2_sha1_update(exchange_hash, f_value, f_value_len);
SHA1_Update(&exchange_hash, k_value, k_value_len);
libssh2_sha1_update(exchange_hash, k_value, k_value_len);
SHA1_Final(h_sig_comp, &exchange_hash);
libssh2_sha1_final(exchange_hash, h_sig_comp);
if (session->hostkey->sig_verify(session, h_sig, h_sig_len, h_sig_comp, 20, &session->server_hostkey_abstract)) {
libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_SIGN, "Unable to verify hostkey signature", 0);
@@ -331,45 +329,23 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
#endif
}
/* Calculate IV/Secret/Key for each direction */
if (session->local.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
if (session->local.crypt_abstract) {
EVP_CIPHER_CTX_cleanup(session->local.crypt_abstract);
LIBSSH2_FREE(session, session->local.crypt_abstract);
session->local.crypt_abstract = NULL;
}
} else {
if (session->local.crypt->dtor) {
/* Cleanup any existing cipher */
session->local.crypt->dtor(session, &session->local.crypt_abstract);
}
/* Cleanup any existing cipher */
if (session->local.crypt->dtor) {
session->local.crypt->dtor(session, &session->local.crypt_abstract);
}
if (session->local.crypt->init || (session->local.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP)) {
/* Calculate IV/Secret/Key for each direction */
if (session->local.crypt->init) {
unsigned char *iv = NULL, *secret = NULL;
int free_iv = 0, free_secret = 0;
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(iv, session->local.crypt->iv_len, "A");
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret, session->local.crypt->secret_len, "C");
if (session->local.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
EVP_CIPHER *(*get_cipher)(void) = (void*)session->local.crypt->crypt;
EVP_CIPHER *cipher = get_cipher();
EVP_CIPHER_CTX *ctx;
ctx = LIBSSH2_ALLOC(session, sizeof(EVP_CIPHER_CTX));
if (!ctx) {
LIBSSH2_FREE(session, iv);
LIBSSH2_FREE(session, secret);
ret = -1;
goto clean_exit;
}
EVP_CIPHER_CTX_init(ctx);
EVP_CipherInit(ctx, cipher, secret, iv, 1);
session->local.crypt_abstract = ctx;
free_iv = 1;
free_secret = 1;
} else {
session->local.crypt->init(session, iv, &free_iv, secret, &free_secret, 1, &session->local.crypt_abstract);
if (session->local.crypt->init(session, session->local.crypt, iv, &free_iv, secret, &free_secret, 1, &session->local.crypt_abstract)) {
LIBSSH2_FREE(session, iv);
LIBSSH2_FREE(session, secret);
ret = -1;
goto clean_exit;
}
if (free_iv) {
@@ -386,44 +362,22 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
_libssh2_debug(session, LIBSSH2_DBG_KEX, "Client to Server IV and Key calculated");
#endif
if (session->remote.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
if (session->remote.crypt_abstract) {
EVP_CIPHER_CTX_cleanup(session->remote.crypt_abstract);
LIBSSH2_FREE(session, session->remote.crypt_abstract);
session->remote.crypt_abstract = NULL;
}
} else {
if (session->remote.crypt->dtor) {
/* Cleanup any existing cipher */
session->remote.crypt->dtor(session, &session->remote.crypt_abstract);
}
if (session->remote.crypt->dtor) {
/* Cleanup any existing cipher */
session->remote.crypt->dtor(session, &session->remote.crypt_abstract);
}
if (session->remote.crypt->init || (session->remote.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP)) {
if (session->remote.crypt->init) {
unsigned char *iv = NULL, *secret = NULL;
int free_iv = 0, free_secret = 0;
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(iv, session->remote.crypt->iv_len, "B");
LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret, session->remote.crypt->secret_len, "D");
if (session->remote.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
EVP_CIPHER *(*get_cipher)(void) = (void*)session->remote.crypt->crypt;
EVP_CIPHER *cipher = get_cipher();
EVP_CIPHER_CTX *ctx;
ctx = LIBSSH2_ALLOC(session, sizeof(EVP_CIPHER_CTX));
if (!ctx) {
LIBSSH2_FREE(session, iv);
LIBSSH2_FREE(session, secret);
ret = -1;
goto clean_exit;
}
EVP_CIPHER_CTX_init(ctx);
EVP_CipherInit(ctx, cipher, secret, iv, 0);
session->remote.crypt_abstract = ctx;
free_iv = 1;
free_secret = 1;
} else {
session->remote.crypt->init(session, iv, &free_iv, secret, &free_secret, 0, &session->remote.crypt_abstract);
if (session->remote.crypt->init(session, session->remote.crypt, iv, &free_iv, secret, &free_secret, 0, &session->remote.crypt_abstract)) {
LIBSSH2_FREE(session, iv);
LIBSSH2_FREE(session, secret);
ret = -1;
goto clean_exit;
}
if (free_iv) {
@@ -481,11 +435,11 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
#endif
clean_exit:
BN_clear_free(x);
BN_clear_free(e);
BN_clear_free(f);
BN_clear_free(k);
BN_CTX_free(ctx);
_libssh2_bn_free(x);
_libssh2_bn_free(e);
_libssh2_bn_free(f);
_libssh2_bn_free(k);
_libssh2_bn_ctx_free(ctx);
if (e_packet) {
LIBSSH2_FREE(session, e_packet);
@@ -531,21 +485,21 @@ static int libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SE
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
/* g == 2 */
BIGNUM *p = BN_new(); /* SSH2 defined value (p_value) */
BIGNUM *g = BN_new(); /* SSH2 defined value (2) */
_libssh2_bn *p = _libssh2_bn_init(); /* SSH2 defined value (p_value) */
_libssh2_bn *g = _libssh2_bn_init(); /* SSH2 defined value (2) */
int ret;
/* Initialize P and G */
BN_set_word(g, 2);
BN_bin2bn(p_value, 128, p);
_libssh2_bn_set_word(g, 2);
_libssh2_bn_from_bin(p, 128, p_value);
#ifdef LIBSSH2_DEBUG_KEX
_libssh2_debug(session, LIBSSH2_DBG_KEX, "Initiating Diffie-Hellman Group1 Key Exchange");
#endif
ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, 128, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0);
BN_clear_free(p);
BN_clear_free(g);
_libssh2_bn_free(p);
_libssh2_bn_free(g);
return ret;
}
@@ -590,21 +544,21 @@ static int libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_S
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
/* g == 2 */
BIGNUM *p = BN_new(); /* SSH2 defined value (p_value) */
BIGNUM *g = BN_new(); /* SSH2 defined value (2) */
_libssh2_bn *p = _libssh2_bn_init(); /* SSH2 defined value (p_value) */
_libssh2_bn *g = _libssh2_bn_init(); /* SSH2 defined value (2) */
int ret;
/* Initialize P and G */
BN_set_word(g, 2);
BN_bin2bn(p_value, 256, p);
_libssh2_bn_set_word(g, 2);
_libssh2_bn_from_bin(p, 256, p_value);
#ifdef LIBSSH2_DEBUG_KEX
_libssh2_debug(session, LIBSSH2_DBG_KEX, "Initiating Diffie-Hellman Group14 Key Exchange");
#endif
ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, 256, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0);
BN_clear_free(p);
BN_clear_free(g);
_libssh2_bn_free(p);
_libssh2_bn_free(g);
return ret;
}
@@ -618,8 +572,8 @@ static int libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange(LI
{
unsigned char request[13], *s, *data;
unsigned long data_len, p_len, g_len, request_len;
BIGNUM *p = BN_new();
BIGNUM *g = BN_new();
_libssh2_bn *p = _libssh2_bn_init ();
_libssh2_bn *g = _libssh2_bn_init ();
int ret;
/* Ask for a P and G pair */
@@ -655,18 +609,18 @@ static int libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange(LI
s = data + 1;
p_len = libssh2_ntohu32(s); s += 4;
BN_bin2bn(s, p_len, p); s += p_len;
_libssh2_bn_from_bin(p, p_len, s); s += p_len;
g_len = libssh2_ntohu32(s); s += 4;
BN_bin2bn(s, g_len, g); s += g_len;
_libssh2_bn_from_bin(g, g_len, s); s += g_len;
ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, p_len, SSH_MSG_KEX_DH_GEX_INIT, SSH_MSG_KEX_DH_GEX_REPLY, data + 1, data_len - 1);
LIBSSH2_FREE(session, data);
dh_gex_clean_exit:
BN_clear_free(g);
BN_clear_free(p);
_libssh2_bn_free(g);
_libssh2_bn_free(p);
return ret;
}
@@ -799,7 +753,7 @@ static int libssh2_kexinit(LIBSSH2_SESSION *session)
*(s++) = SSH_MSG_KEXINIT;
RAND_bytes(s, 16);
libssh2_random(s, 16);
s += 16;
/* Ennumerating through these lists twice is probably (certainly?) inefficient from a CPU standpoint, but it saves multiple malloc/realloc calls */
@@ -1043,7 +997,10 @@ static int libssh2_kex_agree_kex_hostkey(LIBSSH2_SESSION *session, unsigned char
/* {{{ libssh2_kex_agree_crypt
* Agree on a cipher algo
*/
static int libssh2_kex_agree_crypt(LIBSSH2_SESSION *session, libssh2_endpoint_data *endpoint, unsigned char *crypt, unsigned long crypt_len)
static int libssh2_kex_agree_crypt(LIBSSH2_SESSION *session,
libssh2_endpoint_data *endpoint,
unsigned char *crypt,
unsigned long crypt_len)
{
LIBSSH2_CRYPT_METHOD **cryptp = libssh2_crypt_methods();
unsigned char *s;
@@ -1056,7 +1013,8 @@ static int libssh2_kex_agree_crypt(LIBSSH2_SESSION *session, libssh2_endpoint_da
int method_len = (p ? (p - s) : strlen(s));
if (libssh2_kex_agree_instr(crypt, crypt_len, s, method_len)) {
LIBSSH2_CRYPT_METHOD *method = (LIBSSH2_CRYPT_METHOD*)libssh2_get_method_by_name(s, method_len, (LIBSSH2_COMMON_METHOD**)cryptp);
LIBSSH2_CRYPT_METHOD *method =
(LIBSSH2_CRYPT_METHOD*)libssh2_get_method_by_name(s, method_len, (LIBSSH2_COMMON_METHOD**)cryptp);
if (!method) {
/* Invalid method -- Should never be reached */

567
src/libgcrypt.c Normal file
View File

@@ -0,0 +1,567 @@
/* Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved.
* Author: Simon Josefsson
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include "libssh2_priv.h"
#include <string.h>
int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata,
unsigned long elen,
const unsigned char *ndata,
unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen)
{
int rc;
(void)e1data;
(void)e1len;
(void)e2data;
(void)e2len;
if (ddata) {
rc = gcry_sexp_build
(rsa, NULL,
"(private-key(rsa(n%b)(e%b)(d%b)(q%b)(p%b)(u%b)))",
nlen, ndata, elen, edata, dlen, ddata, plen, pdata,
qlen, qdata, coefflen, coeffdata);
} else {
rc = gcry_sexp_build (rsa, NULL, "(public-key(rsa(n%b)(e%b)))",
nlen, ndata, elen, edata);
}
if (rc)
{
*rsa = NULL;
return -1;
}
return 0;
}
int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
const unsigned char *sig,
unsigned long sig_len,
const unsigned char *m,
unsigned long m_len)
{
unsigned char hash[SHA_DIGEST_LENGTH];
gcry_sexp_t s_sig, s_hash;
int rc = -1;
libssh2_sha1(m, m_len, hash);
rc = gcry_sexp_build (&s_hash, NULL,
"(data (flags pkcs1) (hash sha1 %b))",
SHA_DIGEST_LENGTH, hash);
if (rc != 0) {
return -1;
}
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s %b)))",
sig_len, sig);
if (rc != 0) {
gcry_sexp_release (s_hash);
return -1;
}
rc = gcry_pk_verify (s_sig, s_hash, rsa);
gcry_sexp_release (s_sig);
gcry_sexp_release (s_hash);
return (rc == 0) ? 0 : -1;
}
int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
const unsigned char *p,
unsigned long p_len,
const unsigned char *q,
unsigned long q_len,
const unsigned char *g,
unsigned long g_len,
const unsigned char *y,
unsigned long y_len,
const unsigned char *x,
unsigned long x_len)
{
int rc;
if (x_len) {
rc = gcry_sexp_build
(dsactx, NULL,
"(private-key(dsa(p%b)(q%b)(g%b)(y%b)(x%b)))",
p_len, p, q_len, q, g_len, g, y_len, y, x_len, x);
} else {
rc = gcry_sexp_build (dsactx, NULL,
"(public-key(dsa(p%b)(q%b)(g%b)(y%b)))",
p_len, p, q_len, q, g_len, g, y_len, y);
}
if (rc) {
*dsactx = NULL;
return -1;
}
return 0;
}
int _libssh2_rsa_new_private (libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase)
{
char *data, *save_data;
unsigned int datalen;
int ret;
char *n, *e, *d, *p, *q, *e1, *e2, *coeff;
unsigned int nlen, elen, dlen, plen, qlen, e1len, e2len, coefflen;
(void)passphrase;
ret = _libssh2_pem_parse (session,
"-----BEGIN RSA PRIVATE KEY-----",
"-----END RSA PRIVATE KEY-----",
fp, &data, &datalen);
if (ret) {
return -1;
}
save_data = data;
if (_libssh2_pem_decode_sequence (&data, &datalen)) {
ret = -1;
goto fail;
}
/* First read Version field (should be 0). */
ret = _libssh2_pem_decode_integer (&data, &datalen, &n, &nlen);
if (ret != 0 || (nlen != 1 && *n != '\0')) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &n, &nlen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &e, &elen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &d, &dlen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &q, &qlen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &e1, &e1len);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &e2, &e2len);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &coeff, &coefflen);
if (ret != 0) {
ret = -1;
goto fail;
}
if (_libssh2_rsa_new (rsa, e, elen, n, nlen, d, dlen, p, plen,
q, qlen, e1, e1len, e2, e2len,
coeff, coefflen)) {
ret = -1;
goto fail;
}
ret = 0;
fail:
LIBSSH2_FREE (session, save_data);
return ret;
}
int _libssh2_dsa_new_private (libssh2_dsa_ctx **dsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase)
{
char *data, *save_data;
unsigned int datalen;
int ret;
char *p, *q, *g, *y, *x;
unsigned int plen, qlen, glen, ylen, xlen;
(void)passphrase;
ret = _libssh2_pem_parse (session,
"-----BEGIN DSA PRIVATE KEY-----",
"-----END DSA PRIVATE KEY-----",
fp, &data, &datalen);
if (ret) {
return -1;
}
save_data = data;
if (_libssh2_pem_decode_sequence (&data, &datalen)) {
ret = -1;
goto fail;
}
/* First read Version field (should be 0). */
ret = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
if (ret != 0 || (plen != 1 && *p != '\0')) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &q, &qlen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &g, &glen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &y, &ylen);
if (ret != 0) {
ret = -1;
goto fail;
}
ret = _libssh2_pem_decode_integer (&data, &datalen, &x, &xlen);
if (ret != 0) {
ret = -1;
goto fail;
}
if (datalen != 0) {
ret = -1;
goto fail;
}
if (_libssh2_dsa_new (dsa, p, plen, q, qlen,
g, glen, y, ylen, x, xlen)) {
ret = -1;
goto fail;
}
ret = 0;
fail:
LIBSSH2_FREE (session, save_data);
return ret;
}
int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_dsa_ctx *rsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char **signature,
unsigned long *signature_len)
{
gcry_sexp_t sig_sexp;
gcry_sexp_t data;
int rc;
const char *tmp;
size_t size;
if (hash_len != SHA_DIGEST_LENGTH) {
return -1;
}
if (gcry_sexp_build (&data, NULL,
"(data (flags pkcs1) (hash sha1 %b))",
hash_len, hash)) {
return -1;
}
rc = gcry_pk_sign (&sig_sexp, data, rsactx);
gcry_sexp_release (data);
if (rc != 0) {
return -1;
}
data = gcry_sexp_find_token(sig_sexp, "s", 0);
if (!data) {
return -1;
}
tmp = gcry_sexp_nth_data(data, 1, &size);
if (!tmp) {
return -1;
}
if (tmp[0] == '\0') {
tmp++;
size--;
}
*signature = LIBSSH2_ALLOC(session, size);
memcpy (*signature, tmp, size);
*signature_len = size;
return rc;
}
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char *sig)
{
unsigned char zhash[SHA_DIGEST_LENGTH+1];
gcry_sexp_t sig_sexp;
gcry_sexp_t data;
int ret;
const char *tmp;
size_t size;
if (hash_len != SHA_DIGEST_LENGTH) {
return -1;
}
memcpy (zhash + 1, hash, hash_len);
zhash[0] = 0;
if (gcry_sexp_build (&data, NULL, "(data (value %b))",
hash_len + 1, zhash)) {
return -1;
}
ret = gcry_pk_sign (&sig_sexp, data, dsactx);
gcry_sexp_release (data);
if (ret != 0) {
return -1;
}
/* Extract R. */
data = gcry_sexp_find_token(sig_sexp, "r", 0);
if (!data) {
ret = -1;
goto out;
}
tmp = gcry_sexp_nth_data(data, 1, &size);
if (!tmp) {
ret = -1;
goto out;
}
if (tmp[0] == '\0') {
tmp++;
size--;
}
if (size != 20) {
ret = -1;
goto out;
}
memcpy (sig, tmp, 20);
gcry_sexp_release (data);
/* Extract S. */
data = gcry_sexp_find_token(sig_sexp, "s",0);
if (!data) {
ret = -1;
goto out;
}
tmp = gcry_sexp_nth_data(data, 1, &size);
if (!tmp) {
ret = -1;
goto out;
}
if (tmp[0] == '\0') {
tmp++;
size--;
}
if (size != 20) {
ret = -1;
goto out;
}
memcpy (sig + 20, tmp, 20);
ret = 0;
out:
if (sig_sexp) {
gcry_sexp_release (sig_sexp);
}
if (data) {
gcry_sexp_release (data);
}
return ret;
}
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
const unsigned char *sig,
const unsigned char *m,
unsigned long m_len)
{
unsigned char hash[SHA_DIGEST_LENGTH+1];
gcry_sexp_t s_sig, s_hash;
int rc = -1;
libssh2_sha1(m, m_len, hash+1);
hash[0] = 0;
if (gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
SHA_DIGEST_LENGTH+1, hash)) {
return -1;
}
if (gcry_sexp_build (&s_sig, NULL, "(sig-val(dsa(r %b)(s %b)))",
20, sig, 20, sig + 20)) {
gcry_sexp_release (s_hash);
return -1;
}
rc = gcry_pk_verify (s_sig, s_hash, dsactx);
gcry_sexp_release (s_sig);
gcry_sexp_release (s_hash);
return (rc == 0) ? 0 : -1;
}
int _libssh2_cipher_init (_libssh2_cipher_ctx *h,
_libssh2_cipher_type(algo),
unsigned char *iv,
unsigned char *secret,
int encrypt)
{
int mode = 0, ret;
int keylen = gcry_cipher_get_algo_keylen (algo);
(void)encrypt;
if (algo != GCRY_CIPHER_ARCFOUR) {
mode = GCRY_CIPHER_MODE_CBC;
}
ret = gcry_cipher_open (h, algo, mode, 0);
if (ret) {
return -1;
}
ret = gcry_cipher_setkey (*h, secret, keylen);
if (ret) {
gcry_cipher_close (*h);
return -1;
}
if (algo != GCRY_CIPHER_ARCFOUR) {
int blklen = gcry_cipher_get_algo_blklen (algo);
ret = gcry_cipher_setiv (*h, iv, blklen);
if (ret) {
gcry_cipher_close (*h);
return -1;
}
}
return 0;
}
int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(algo),
int encrypt,
unsigned char *block)
{
size_t blklen = gcry_cipher_get_algo_blklen (algo);
int ret;
if (blklen == 1) {
/* Hack for arcfour. */
blklen = 8;
}
if (encrypt) {
ret = gcry_cipher_encrypt (*ctx, block, blklen,
block, blklen);
} else {
ret = gcry_cipher_decrypt (*ctx, block, blklen,
block, blklen);
}
return ret;
}

195
src/libgcrypt.h Normal file
View File

@@ -0,0 +1,195 @@
/* Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved.
* Author: Simon Josefsson
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include <gcrypt.h>
#define LIBSSH2_MD5 1
#define LIBSSH2_HMAC_RIPEMD 1
#define LIBSSH2_AES 1
#define LIBSSH2_BLOWFISH 1
#define LIBSSH2_RC4 1
#define LIBSSH2_CAST 1
#define LIBSSH2_3DES 1
#define LIBSSH2_RSA 1
#define LIBSSH2_DSA 1
#define MD5_DIGEST_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define libssh2_random(buf, len) \
(gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 1)
#define libssh2_sha1_ctx gcry_md_hd_t
#define libssh2_sha1_init(ctx) gcry_md_open (ctx, GCRY_MD_SHA1, 0);
#define libssh2_sha1_update(ctx, data, len) gcry_md_write (ctx, data, len)
#define libssh2_sha1_final(ctx, out) \
memcpy (out, gcry_md_read (ctx, 0), 20), gcry_md_close (ctx)
#define libssh2_sha1(message, len, out) \
gcry_md_hash_buffer (GCRY_MD_SHA1, out, message, len)
#define libssh2_md5_ctx gcry_md_hd_t
#define libssh2_md5_init(ctx) gcry_md_open (ctx, GCRY_MD_MD5, 0);
#define libssh2_md5_update(ctx, data, len) gcry_md_write (ctx, data, len)
#define libssh2_md5_final(ctx, out) \
memcpy (out, gcry_md_read (ctx, 0), 20), gcry_md_close (ctx)
#define libssh2_md5(message, len, out) \
gcry_md_hash_buffer (GCRY_MD_MD5, out, message, len)
#define libssh2_hmac_ctx gcry_md_hd_t
#define libssh2_hmac_sha1_init(ctx, key, keylen) \
gcry_md_open (ctx, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC), \
gcry_md_setkey (*ctx, key, keylen)
#define libssh2_hmac_md5_init(ctx, key, keylen) \
gcry_md_open (ctx, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC), \
gcry_md_setkey (*ctx, key, keylen)
#define libssh2_hmac_ripemd160_init(ctx, key, keylen) \
gcry_md_open (ctx, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC), \
gcry_md_setkey (*ctx, key, keylen)
#define libssh2_hmac_update(ctx, data, datalen) \
gcry_md_write (ctx, data, datalen)
#define libssh2_hmac_final(ctx, data) \
memcpy (data, gcry_md_read (ctx, 0), \
gcry_md_get_algo_dlen (gcry_md_get_algo (ctx)))
#define libssh2_hmac_cleanup(ctx) gcry_md_close (*ctx);
#define libssh2_crypto_init() gcry_control (GCRYCTL_DISABLE_SECMEM)
#define libssh2_rsa_ctx struct gcry_sexp
int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata,
unsigned long elen,
const unsigned char *ndata,
unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen);
int _libssh2_rsa_new_private (libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase);
int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
const unsigned char *sig,
unsigned long sig_len,
const unsigned char *m,
unsigned long m_len);
int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char **signature,
unsigned long *signature_len);
#define _libssh2_rsa_free(rsactx) gcry_sexp_release (rsactx)
#define libssh2_dsa_ctx struct gcry_sexp
int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *gdata,
unsigned long glen,
const unsigned char *ydata,
unsigned long ylen,
const unsigned char *x,
unsigned long x_len);
int _libssh2_dsa_new_private (libssh2_dsa_ctx **dsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase);
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsa,
const unsigned char *sig,
const unsigned char *m,
unsigned long m_len);
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char *sig);
#define _libssh2_dsa_free(dsactx) gcry_sexp_release (dsactx)
#define _libssh2_cipher_type(name) int name
#define _libssh2_cipher_ctx gcry_cipher_hd_t
#define _libssh2_cipher_aes256 GCRY_CIPHER_AES256
#define _libssh2_cipher_aes192 GCRY_CIPHER_AES192
#define _libssh2_cipher_aes128 GCRY_CIPHER_AES128
#define _libssh2_cipher_blowfish GCRY_CIPHER_BLOWFISH
#define _libssh2_cipher_arcfour GCRY_CIPHER_ARCFOUR
#define _libssh2_cipher_cast5 GCRY_CIPHER_CAST5
#define _libssh2_cipher_3des GCRY_CIPHER_3DES
int _libssh2_cipher_init (_libssh2_cipher_ctx *h,
_libssh2_cipher_type(algo),
unsigned char *iv,
unsigned char *secret,
int encrypt);
int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(algo),
int encrypt,
unsigned char *block);
#define _libssh2_cipher_dtor(ctx) gcry_cipher_close(*(ctx))
#define _libssh2_bn struct gcry_mpi
#define _libssh2_bn_ctx int
#define _libssh2_bn_ctx_new() 0
#define _libssh2_bn_ctx_free(bnctx) 0
#define _libssh2_bn_init() gcry_mpi_new(0)
#define _libssh2_bn_rand(bn, bits, top, bottom) gcry_mpi_randomize (bn, bits, GCRY_WEAK_RANDOM)
#define _libssh2_bn_mod_exp(r, a, p, m, ctx) gcry_mpi_powm (r, a, p, m)
#define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val)
#define _libssh2_bn_from_bin(bn, len, val) gcry_mpi_scan(&((bn)), GCRYMPI_FMT_USG, val, len, NULL)
#define _libssh2_bn_to_bin(bn, val) gcry_mpi_print (GCRYMPI_FMT_USG, val, _libssh2_bn_bytes(bn), NULL, bn)
#define _libssh2_bn_bytes(bn) (gcry_mpi_get_nbits (bn) / 8 + ((gcry_mpi_get_nbits (bn) % 8 == 0) ? 0 : 1))
#define _libssh2_bn_bits(bn) gcry_mpi_get_nbits (bn)
#define _libssh2_bn_free(bn) gcry_mpi_release(bn)

56
include/libssh2_priv.h → src/libssh2_priv.h
View File

@@ -1,4 +1,4 @@
/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
/* Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms,
@@ -42,19 +42,16 @@
#include "libssh2_config.h"
#include "libssh2.h"
#include <stdio.h>
#ifndef WIN32
#include <sys/socket.h>
#endif
#include <openssl/evp.h>
#ifndef OPENSSL_NO_SHA
#include <openssl/sha.h>
#endif
#ifndef OPENSSL_NO_MD5
#include <openssl/md5.h>
#endif
#ifdef __hpux
# define inline
#ifdef LIBSSH2_LIBGCRYPT
#include "libgcrypt.h"
#else
#include "openssl.h"
#endif
#define LIBSSH2_ALLOC(session, count) session->alloc((count), &(session)->abstract)
@@ -213,12 +210,10 @@ struct _LIBSSH2_SESSION {
*/
unsigned char *server_hostkey;
unsigned long server_hostkey_len;
#ifndef OPENSSL_NO_MD5
#if LIBSSH2_MD5
unsigned char server_hostkey_md5[MD5_DIGEST_LENGTH];
#endif /* ! OPENSSL_NO_MD5 */
#ifndef OPENSSL_NO_SHA
#endif /* ! LIBSSH2_MD5 */
unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH];
#endif
/* (remote as source of data -- packet_read ) */
libssh2_endpoint_data remote;
@@ -265,7 +260,7 @@ struct _LIBSSH2_SESSION {
/* libssh2 extensible ssh api, ultimately I'd like to allow loading additional methods via .so/.dll */
struct _LIBSSH2_KEX_METHOD {
char *name;
const char *name;
/* Key exchange, populates session->* and returns 0 on success, non-0 on error */
int (*exchange_keys)(LIBSSH2_SESSION *session);
@@ -274,26 +269,19 @@ struct _LIBSSH2_KEX_METHOD {
};
struct _LIBSSH2_HOSTKEY_METHOD {
char *name;
const char *name;
unsigned long hash_len;
int (*init)(LIBSSH2_SESSION *session, unsigned char *hostkey_data, unsigned long hostkey_data_len, void **abstract);
int (*initPEM)(LIBSSH2_SESSION *session, unsigned const char *privkeyfile, unsigned const char *passphrase, void **abstract);
int (*initPEM)(LIBSSH2_SESSION *session, const char *privkeyfile, unsigned const char *passphrase, void **abstract);
int (*sig_verify)(LIBSSH2_SESSION *session, const unsigned char *sig, unsigned long sig_len, const unsigned char *m, unsigned long m_len, void **abstract);
int (*sign)(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len, const unsigned char *data, unsigned long data_len, void **abstract);
int (*signv)(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len, unsigned long veccount, const struct iovec datavec[], void **abstract);
int (*encrypt)(LIBSSH2_SESSION *session, unsigned char **dst, unsigned long *dst_len, const unsigned char *src, unsigned long src_len, void **abstract);
int (*dtor)(LIBSSH2_SESSION *session, void **abstract);
};
/* When FLAG_EVP is set, crypt contains a pointer to an EVP_CIPHER generator and init and dtor are ignored
* Yes, I know it's a hack.
*/
#define LIBSSH2_CRYPT_METHOD_FLAG_EVP 0x0001
struct _LIBSSH2_CRYPT_METHOD {
char *name;
const char *name;
int blocksize;
@@ -303,13 +291,15 @@ struct _LIBSSH2_CRYPT_METHOD {
long flags;
int (*init)(LIBSSH2_SESSION *session, unsigned char *iv, int *free_iv, unsigned char *secret, int *free_secret, int encrypt, void **abstract);
int (*init)(LIBSSH2_SESSION *session, LIBSSH2_CRYPT_METHOD *method, unsigned char *iv, int *free_iv, unsigned char *secret, int *free_secret, int encrypt, void **abstract);
int (*crypt)(LIBSSH2_SESSION *session, unsigned char *block, void **abstract);
int (*dtor)(LIBSSH2_SESSION *session, void **abstract);
_libssh2_cipher_type(algo);
};
struct _LIBSSH2_COMP_METHOD {
char *name;
const char *name;
int (*init)(LIBSSH2_SESSION *session, int compress, void **abstract);
int (*comp)(LIBSSH2_SESSION *session, int compress, unsigned char **dest, unsigned long *dest_len, unsigned long payload_limit, int *free_dest,
@@ -318,7 +308,7 @@ struct _LIBSSH2_COMP_METHOD {
};
struct _LIBSSH2_MAC_METHOD {
char *name;
const char *name;
/* The length of a given MAC packet */
int mac_len;
@@ -478,4 +468,14 @@ LIBSSH2_MAC_METHOD **libssh2_mac_methods(void);
/* Language API doesn't exist yet. Just act like we've agreed on a language */
#define libssh2_kex_agree_lang(session, endpoint, str, str_len) 0
/* pem.c */
int _libssh2_pem_parse (LIBSSH2_SESSION *session,
const char *headerbegin,
const char *headerend,
FILE *fp,
char **data, unsigned int *datalen);
int _libssh2_pem_decode_sequence (unsigned char **data, unsigned int *datalen);
int _libssh2_pem_decode_integer (unsigned char **data, unsigned int *datalen,
unsigned char **i, unsigned int *ilen);
#endif /* LIBSSH2_H */

65
src/mac.c
View File

@@ -1,4 +1,4 @@
/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
/* Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms,
@@ -36,7 +36,6 @@
*/
#include "libssh2_priv.h"
#include <openssl/hmac.h>
#ifdef LIBSSH2_MAC_NONE
/* {{{ libssh2_mac_none_MAC
@@ -68,6 +67,7 @@ static int libssh2_mac_method_common_init(LIBSSH2_SESSION *session, unsigned cha
{
*abstract = key;
*free_key = 0;
(void)session;
return 0;
}
@@ -94,19 +94,20 @@ static int libssh2_mac_method_hmac_sha1_hash(LIBSSH2_SESSION *session, unsigned
const unsigned char *packet, unsigned long packet_len,
const unsigned char *addtl, unsigned long addtl_len, void **abstract)
{
HMAC_CTX ctx;
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void)session;
libssh2_htonu32(seqno_buf, seqno);
HMAC_Init(&ctx, *abstract, 20, EVP_sha1());
HMAC_Update(&ctx, seqno_buf, 4);
HMAC_Update(&ctx, packet, packet_len);
libssh2_hmac_sha1_init(&ctx, *abstract, 20);
libssh2_hmac_update(ctx, seqno_buf, 4);
libssh2_hmac_update(ctx, packet, packet_len);
if (addtl && addtl_len) {
HMAC_Update(&ctx, addtl, addtl_len);
libssh2_hmac_update(ctx, addtl, addtl_len);
}
HMAC_Final(&ctx, buf, NULL);
HMAC_cleanup(&ctx);
libssh2_hmac_final(ctx, buf);
libssh2_hmac_cleanup(&ctx);
return 0;
}
@@ -128,10 +129,10 @@ static int libssh2_mac_method_hmac_sha1_96_hash(LIBSSH2_SESSION *session, unsign
const unsigned char *packet, unsigned long packet_len,
const unsigned char *addtl, unsigned long addtl_len, void **abstract)
{
char temp[SHA_DIGEST_LENGTH];
unsigned char temp[SHA_DIGEST_LENGTH];
libssh2_mac_method_hmac_sha1_hash(session, temp, seqno, packet, packet_len, addtl, addtl_len, abstract);
memcpy(buf, temp, 96 / 8);
memcpy(buf, (char *)temp, 96 / 8);
return 0;
}
@@ -153,19 +154,20 @@ static int libssh2_mac_method_hmac_md5_hash(LIBSSH2_SESSION *session, unsigned c
const unsigned char *packet, unsigned long packet_len,
const unsigned char *addtl, unsigned long addtl_len, void **abstract)
{
HMAC_CTX ctx;
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void)session;
libssh2_htonu32(seqno_buf, seqno);
HMAC_Init(&ctx, *abstract, 16, EVP_md5());
HMAC_Update(&ctx, seqno_buf, 4);
HMAC_Update(&ctx, packet, packet_len);
libssh2_hmac_md5_init(&ctx, *abstract, 16);
libssh2_hmac_update(ctx, seqno_buf, 4);
libssh2_hmac_update(ctx, packet, packet_len);
if (addtl && addtl_len) {
HMAC_Update(&ctx, addtl, addtl_len);
libssh2_hmac_update(ctx, addtl, addtl_len);
}
HMAC_Final(&ctx, buf, NULL);
HMAC_cleanup(&ctx);
libssh2_hmac_final(ctx, buf);
libssh2_hmac_cleanup(&ctx);
return 0;
}
@@ -187,10 +189,10 @@ static int libssh2_mac_method_hmac_md5_96_hash(LIBSSH2_SESSION *session, unsigne
const unsigned char *packet, unsigned long packet_len,
const unsigned char *addtl, unsigned long addtl_len, void **abstract)
{
char temp[MD5_DIGEST_LENGTH];
unsigned char temp[MD5_DIGEST_LENGTH];
libssh2_mac_method_hmac_md5_hash(session, temp, seqno, packet, packet_len, addtl, addtl_len, abstract);
memcpy(buf, temp, 96 / 8);
memcpy(buf, (char *)temp, 96 / 8);
return 0;
}
@@ -205,7 +207,7 @@ static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_md5_96 = {
libssh2_mac_method_common_dtor,
};
#ifndef OPENSSL_NO_RIPEMD
#if LIBSSH2_HMAC_RIPEMD
/* {{{ libssh2_mac_method_hmac_ripemd160_hash
* Calculate hash using ripemd160 value
*/
@@ -213,19 +215,20 @@ static int libssh2_mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION *session, unsi
const unsigned char *packet, unsigned long packet_len,
const unsigned char *addtl, unsigned long addtl_len, void **abstract)
{
HMAC_CTX ctx;
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void)session;
libssh2_htonu32(seqno_buf, seqno);
HMAC_Init(&ctx, *abstract, 20, EVP_ripemd160());
HMAC_Update(&ctx, seqno_buf, 4);
HMAC_Update(&ctx, packet, packet_len);
libssh2_hmac_ripemd160_init(&ctx, *abstract, 20);
libssh2_hmac_update(ctx, seqno_buf, 4);
libssh2_hmac_update(ctx, packet, packet_len);
if (addtl && addtl_len) {
HMAC_Update(&ctx, addtl, addtl_len);
libssh2_hmac_update(ctx, addtl, addtl_len);
}
HMAC_Final(&ctx, buf, NULL);
HMAC_cleanup(&ctx);
libssh2_hmac_final(ctx, buf);
libssh2_hmac_cleanup(&ctx);
return 0;
}
@@ -248,17 +251,17 @@ static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_ripemd160_openssh_com = {
libssh2_mac_method_hmac_ripemd160_hash,
libssh2_mac_method_common_dtor,
};
#endif /* ! OPENSSL_NO_RIPEMD */
#endif /* LIBSSH2_HMAC_RIPEMD */
static LIBSSH2_MAC_METHOD *_libssh2_mac_methods[] = {
&libssh2_mac_method_hmac_sha1,
&libssh2_mac_method_hmac_sha1_96,
&libssh2_mac_method_hmac_md5,
&libssh2_mac_method_hmac_md5_96,
#ifndef OPENSSL_NO_RIPEMD
#ifdef LIBSSH2_HMAC_RIPEMD
&libssh2_mac_method_hmac_ripemd160,
&libssh2_mac_method_hmac_ripemd160_openssh_com,
#endif /* ! OPENSSL_NO_RIPEMD */
#endif /* LIBSSH2_HMAC_RIPEMD */
#ifdef LIBSSH2_MAC_NONE
&libssh2_mac_method_none,
#endif /* LIBSSH2_MAC_NONE */

9
src/misc.c
View File

@@ -126,19 +126,20 @@ static const short libssh2_base64_reverse_table[256] = {
/* {{{ libssh2_base64_decode
* Decode a base64 chunk and store it into a newly alloc'd buffer
*/
LIBSSH2_API int libssh2_base64_decode(LIBSSH2_SESSION *session, char **data, int *datalen,
char *src, int src_len)
LIBSSH2_API int libssh2_base64_decode(LIBSSH2_SESSION *session, char **data, unsigned int *datalen,
char *src, unsigned int src_len)
{
unsigned char *s, *d;
short v;
int i = 0, len = 0;
*data = d = LIBSSH2_ALLOC(session, (3 * src_len / 4) + 1);
*data = LIBSSH2_ALLOC(session, (3 * src_len / 4) + 1);
d = (unsigned char *)*data;
if (!d) {
return -1;
}
for(s = src; ((char*)s) < (src + src_len); s++) {
for(s = (unsigned char *)src; ((char*)s) < (src + src_len); s++) {
if ((v = libssh2_base64_reverse_table[*s]) < 0) continue;
switch (i % 4) {
case 0:

313
src/openssl.c Normal file
View File

@@ -0,0 +1,313 @@
/* Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved.
* Author: Simon Josefsson
* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include "libssh2_priv.h"
#include <string.h>
int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata,
unsigned long elen,
const unsigned char *ndata,
unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen)
{
*rsa = RSA_new();
(*rsa)->e = BN_new();
BN_bin2bn(edata, elen, (*rsa)->e);
(*rsa)->n = BN_new();
BN_bin2bn(ndata, nlen, (*rsa)->n);
if (ddata)
{
(*rsa)->d = BN_new();
BN_bin2bn(ddata, dlen, (*rsa)->d);
(*rsa)->p = BN_new();
BN_bin2bn(pdata, plen, (*rsa)->p);
(*rsa)->q = BN_new();
BN_bin2bn(qdata, qlen, (*rsa)->q);
(*rsa)->dmp1 = BN_new();
BN_bin2bn(e1data, e1len, (*rsa)->dmp1);
(*rsa)->dmq1 = BN_new();
BN_bin2bn(e2data, e2len, (*rsa)->dmq1);
(*rsa)->iqmp = BN_new();
BN_bin2bn(coeffdata, coefflen, (*rsa)->iqmp);
}
return 0;
}
int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsactx,
const unsigned char *sig,
unsigned long sig_len,
const unsigned char *m,
unsigned long m_len)
{
unsigned char hash[SHA_DIGEST_LENGTH];
int ret;
SHA1(m, m_len, hash);
ret = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
(unsigned char *)sig, sig_len, rsactx);
return (ret == 1) ? 0 : -1;
}
int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
const unsigned char *p,
unsigned long p_len,
const unsigned char *q,
unsigned long q_len,
const unsigned char *g,
unsigned long g_len,
const unsigned char *y,
unsigned long y_len,
const unsigned char *x,
unsigned long x_len)
{
*dsactx = DSA_new();
(*dsactx)->p = BN_new();
BN_bin2bn(p, p_len, (*dsactx)->p);
(*dsactx)->q = BN_new();
BN_bin2bn(q, q_len, (*dsactx)->q);
(*dsactx)->g = BN_new();
BN_bin2bn(g, g_len, (*dsactx)->g);
(*dsactx)->pub_key = BN_new();
BN_bin2bn(y, y_len, (*dsactx)->pub_key);
if (x_len) {
(*dsactx)->priv_key = BN_new();
BN_bin2bn(x, x_len, (*dsactx)->priv_key);
}
return 0;
}
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
const unsigned char *sig,
const unsigned char *m,
unsigned long m_len)
{
unsigned char hash[SHA_DIGEST_LENGTH];
DSA_SIG dsasig;
int ret;
dsasig.r = BN_new();
BN_bin2bn(sig, 20, dsasig.r);
dsasig.s = BN_new();
BN_bin2bn(sig + 20, 20, dsasig.s);
libssh2_sha1(m, m_len, hash);
ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
return (ret == 1) ? 0 : -1;
}
int _libssh2_cipher_init (_libssh2_cipher_ctx *h,
_libssh2_cipher_type(algo),
unsigned char *iv,
unsigned char *secret,
int encrypt)
{
EVP_CIPHER_CTX_init(h);
EVP_CipherInit(h, algo(), secret, iv, encrypt);
return 0;
}
int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(algo),
int encrypt,
unsigned char *block)
{
int blocksize = ctx->cipher->block_size;
unsigned char buf[EVP_MAX_BLOCK_LENGTH];
int ret;
(void)algo;
(void)encrypt;
if (blocksize == 1) {
/* Hack for arcfour. */
blocksize = 8;
}
ret = EVP_Cipher(ctx, buf, block, blocksize);
if (ret == 1) {
memcpy(block, buf, blocksize);
}
return ret == 1 ? 0 : 1;
}
/* TODO: Optionally call a passphrase callback specified by the
* calling program
*/
static int
passphrase_cb(char *buf, int size,
int rwflag, char *passphrase)
{
int passphrase_len = strlen(passphrase);
(void)rwflag;
if (passphrase_len > (size - 1)) {
passphrase_len = size - 1;
}
memcpy(buf, passphrase, passphrase_len);
buf[passphrase_len] = '\0';
return passphrase_len;
}
int _libssh2_rsa_new_private (libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase)
{
(void)session;
if (!EVP_get_cipherbyname("des")) {
/* If this cipher isn't loaded it's a pretty good indication that none are.
* I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
* Someone buy me an OpenSSL manual and I'll read up on it.
*/
OpenSSL_add_all_ciphers();
}
*rsa = PEM_read_RSAPrivateKey(fp, NULL, (void*)passphrase_cb,
(void*)passphrase);
if (!*rsa) {
return -1;
}
return 0;
}
int _libssh2_dsa_new_private (libssh2_dsa_ctx **dsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase)
{
(void)session;
if (!EVP_get_cipherbyname("des")) {
/* If this cipher isn't loaded it's a pretty good indication that none are.
* I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
* Someone buy me an OpenSSL manual and I'll read up on it.
*/
OpenSSL_add_all_ciphers();
}
*dsa = PEM_read_DSAPrivateKey(fp, NULL, (void*)passphrase_cb,
(void*)passphrase);
if (!*dsa) {
return -1;
}
return 0;
}
int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char **signature,
unsigned long *signature_len)
{
int ret;
unsigned char *sig;
unsigned int sig_len;
sig_len = RSA_size(rsactx);
sig = LIBSSH2_ALLOC(session, sig_len);
if (!sig) {
return -1;
}
ret = RSA_sign(NID_sha1, hash, hash_len, sig, &sig_len, rsactx);
if (!ret) {
LIBSSH2_FREE(session, sig);
return -1;
}
*signature = sig;
*signature_len = sig_len;
return 0;
}
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char *signature)
{
DSA_SIG *sig;
int r_len, s_len, rs_pad;
(void)hash_len;
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
if (!sig) {
return -1;
}
r_len = BN_num_bytes(sig->r);
s_len = BN_num_bytes(sig->s);
rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len);
if (rs_pad < 0) {
DSA_SIG_free(sig);
return -1;
}
BN_bn2bin(sig->r, signature + rs_pad);
BN_bn2bin(sig->s, signature + rs_pad + r_len);
DSA_SIG_free(sig);
return 0;
}

233
src/openssl.h Normal file
View File

@@ -0,0 +1,233 @@
/* Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved.
* Author: Simon Josefsson
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include <openssl/opensslconf.h>
#include <openssl/sha.h>
#ifndef OPENSSL_NO_MD5
#include <openssl/md5.h>
#endif
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/bn.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#ifdef OPENSSL_NO_RSA
# define LIBSSH2_RSA 0
#else
# define LIBSSH2_RSA 1
#endif
#ifdef OPENSSL_NO_DSA
# define LIBSSH2_DSA 0
#else
# define LIBSSH2_DSA 1
#endif
#ifdef OPENSSL_NO_MD5
# define LIBSSH2_MD5 0
#else
# define LIBSSH2_MD5 1
#endif
#ifdef OPENSSL_NO_RIPEMD
# define LIBSSH2_HMAC_RIPEMD 0
#else
# define LIBSSH2_HMAC_RIPEMD 1
#endif
#if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)
# define LIBSSH2_AES 1
#else
# define LIBSSH2_AES 0
#endif
#ifdef OPENSSL_NO_BLOWFISH
# define LIBSSH2_BLOWFISH 0
#else
# define LIBSSH2_BLOWFISH 1
#endif
#ifdef OPENSSL_NO_RC4
# define LIBSSH2_RC4 0
#else
# define LIBSSH2_RC4 1
#endif
#ifdef OPENSSL_NO_CAST
# define LIBSSH2_CAST 0
#else
# define LIBSSH2_CAST 1
#endif
#ifdef OPENSSL_NO_DES
# define LIBSSH2_3DES 0
#else
# define LIBSSH2_3DES 1
#endif
#define libssh2_random(buf, len) \
RAND_bytes ((buf), (len))
#define libssh2_sha1_ctx SHA_CTX
#define libssh2_sha1_init(ctx) SHA1_Init(ctx)
#define libssh2_sha1_update(ctx, data, len) SHA1_Update(&(ctx), data, len)
#define libssh2_sha1_final(ctx, out) SHA1_Final(out, &(ctx))
#define libssh2_sha1(message, len, out) SHA1(message, len, out)
#define libssh2_md5_ctx MD5_CTX
#define libssh2_md5_init(ctx) MD5_Init(ctx)
#define libssh2_md5_update(ctx, data, len) MD5_Update(&(ctx), data, len)
#define libssh2_md5_final(ctx, out) MD5_Final(out, &(ctx))
#define libssh2_md5(message, len, out) MD5(message, len, out)
#define libssh2_hmac_ctx HMAC_CTX
#define libssh2_hmac_sha1_init(ctx, key, keylen) \
HMAC_Init(ctx, key, keylen, EVP_sha1())
#define libssh2_hmac_md5_init(ctx, key, keylen) \
HMAC_Init(ctx, key, keylen, EVP_md5())
#define libssh2_hmac_ripemd160_init(ctx, key, keylen) \
HMAC_Init(ctx, key, keylen, EVP_ripemd160())
#define libssh2_hmac_update(ctx, data, datalen) \
HMAC_Update(&(ctx), data, datalen)
#define libssh2_hmac_final(ctx, data) HMAC_Final(&(ctx), data, NULL)
#define libssh2_hmac_cleanup(ctx) HMAC_cleanup(ctx)
#define libssh2_crypto_init()
#define libssh2_rsa_ctx RSA
int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata,
unsigned long elen,
const unsigned char *ndata,
unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen);
int _libssh2_rsa_new_private (libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase);
int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
const unsigned char *sig,
unsigned long sig_len,
const unsigned char *m,
unsigned long m_len);
int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char **signature,
unsigned long *signature_len);
#define _libssh2_rsa_free(rsactx) RSA_free(rsactx)
#define libssh2_dsa_ctx DSA
int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *gdata,
unsigned long glen,
const unsigned char *ydata,
unsigned long ylen,
const unsigned char *x,
unsigned long x_len);
int _libssh2_dsa_new_private (libssh2_dsa_ctx **dsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase);
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
const unsigned char *sig,
const unsigned char *m,
unsigned long m_len);
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char *sig);
#define _libssh2_dsa_free(dsactx) DSA_free(dsactx)
#define _libssh2_cipher_type(name) const EVP_CIPHER *(*name)(void)
#define _libssh2_cipher_ctx EVP_CIPHER_CTX
#define _libssh2_cipher_aes256 EVP_aes_256_cbc
#define _libssh2_cipher_aes192 EVP_aes_192_cbc
#define _libssh2_cipher_aes128 EVP_aes_128_cbc
#define _libssh2_cipher_blowfish EVP_bf_cbc
#define _libssh2_cipher_arcfour EVP_rc4
#define _libssh2_cipher_cast5 EVP_cast5_cbc
#define _libssh2_cipher_3des EVP_des_ede3_cbc
int _libssh2_cipher_init (_libssh2_cipher_ctx *h,
_libssh2_cipher_type(algo),
unsigned char *iv,
unsigned char *secret,
int encrypt);
int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(algo),
int encrypt,
unsigned char *block);
#define _libssh2_cipher_dtor(ctx) EVP_CIPHER_CTX_cleanup(ctx)
#define _libssh2_bn BIGNUM
#define _libssh2_bn_ctx BN_CTX
#define _libssh2_bn_ctx_new() BN_CTX_new()
#define _libssh2_bn_ctx_free(bnctx) BN_CTX_free(bnctx)
#define _libssh2_bn_init() BN_new()
#define _libssh2_bn_rand(bn, bits, top, bottom) BN_rand(bn, bits, top, bottom)
#define _libssh2_bn_mod_exp(r, a, p, m, ctx) BN_mod_exp(r, a, p, m, ctx)
#define _libssh2_bn_set_word(bn, val) BN_set_word(bn, val)
#define _libssh2_bn_from_bin(bn, len, val) BN_bin2bn(val, len, bn)
#define _libssh2_bn_to_bin(bn, val) BN_bn2bin(bn, val)
#define _libssh2_bn_bytes(bn) BN_num_bytes(bn)
#define _libssh2_bn_bits(bn) BN_num_bits(bn)
#define _libssh2_bn_free(bn) BN_clear_free(bn)

179
src/packet.c
View File

@@ -41,8 +41,6 @@
#ifndef WIN32
#include <unistd.h>
#endif
#include <openssl/evp.h>
#include <openssl/rand.h>
/* Needed for struct iovec on some platforms */
#ifdef HAVE_SYS_UIO_H
@@ -62,6 +60,20 @@
# endif
#endif
#include <inttypes.h>
/* RFC4253 section 6.1 Maximum Packet Length says:
*
* "All implementations MUST be able to process packets with
* uncompressed payload length of 32768 bytes or less and
* total packet size of 35000 bytes or less (including length,
* padding length, payload, padding, and MAC.)."
*/
#define MAX_SSH_PACKET_LEN 35000
inline int libssh2_packet_queue_listener(LIBSSH2_SESSION *session, unsigned char *data, unsigned long datalen);
inline int libssh2_packet_x11_open(LIBSSH2_SESSION *session, unsigned char *data, unsigned long datalen);
/* {{{ libssh2_packet_queue_listener
* Queue a connection request for a listener
*/
@@ -69,14 +81,14 @@ inline int libssh2_packet_queue_listener(LIBSSH2_SESSION *session, unsigned char
{
/* Look for a matching listener */
unsigned char *s = data + (sizeof("forwarded-tcpip") - 1) + 5;
/* 17 = packet_type(1) + channel(4) + reason(4) + descr(4) + lang(4) */
unsigned long packet_len = 17 + (sizeof("Forward not requested") - 1);
unsigned char *p, packet[17 + (sizeof("Forward not requested") - 1)];
/* packet_type(1) + channel(4) + reason(4) + descr(4) + lang(4) */
LIBSSH2_LISTENER *l = session->listeners;
char failure_code = 1; /* SSH_OPEN_ADMINISTRATIVELY_PROHIBITED */
unsigned long sender_channel, initial_window_size, packet_size;
uint32_t sender_channel, initial_window_size, packet_size;
unsigned char *host, *shost;
unsigned long port, sport, host_len, shost_len;
uint32_t port, sport, host_len, shost_len;
sender_channel = libssh2_ntohu32(s); s += 4;
@@ -282,10 +294,13 @@ inline int libssh2_packet_x11_open(LIBSSH2_SESSION *session, unsigned char *data
}
channel->next = NULL;
session->channels.tail = channel;
/* Pass control to the callback, they may turn right around and free the channel, or actually use it */
LIBSSH2_X11_OPEN(channel, shost, sport);
/*
* Pass control to the callback, they may turn right around and
* free the channel, or actually use it
*/
LIBSSH2_X11_OPEN(channel, (char *)shost, sport);
return 0;
} else {
failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */
@@ -321,7 +336,7 @@ static int libssh2_packet_add(LIBSSH2_SESSION *session, unsigned char *data, siz
#endif
if (macstate == LIBSSH2_MAC_INVALID) {
if (session->macerror) {
if (LIBSSH2_MACERROR(session, data, datalen) == 0) {
if (LIBSSH2_MACERROR(session, (char *)data, datalen) == 0) {
/* Calling app has given the OK, Process it anyway */
macstate = LIBSSH2_MAC_CONFIRMED;
} else {
@@ -349,7 +364,7 @@ static int libssh2_packet_add(LIBSSH2_SESSION *session, unsigned char *data, siz
reason = libssh2_ntohu32(data + 1);
message_len = libssh2_ntohu32(data + 5);
message = data + 9; /* packet_type(1) + reason(4) + message_len(4) */
message = (char *)data + 9; /* packet_type(1) + reason(4) + message_len(4) */
language_len = libssh2_ntohu32(data + 9 + message_len);
/* This is where we hack on the data a little,
* Use the MSB of language_len to to a terminating NULL (In all liklihood it is already)
@@ -358,7 +373,7 @@ static int libssh2_packet_add(LIBSSH2_SESSION *session, unsigned char *data, siz
* With the lengths passed this isn't *REALLY* necessary, but it's "kind"
*/
message[message_len] = '\0';
language = data + 9 + message_len + 3;
language = (char *)data + 9 + message_len + 3;
if (language_len) {
memcpy(language, language + 1, language_len);
}
@@ -380,9 +395,9 @@ static int libssh2_packet_add(LIBSSH2_SESSION *session, unsigned char *data, siz
memcpy(data + 4, data + 5, datalen - 5);
data[datalen] = '\0';
if (session->ssh_msg_ignore) {
LIBSSH2_IGNORE(session, data + 4, datalen - 5);
LIBSSH2_IGNORE(session, (char *)data + 4, datalen - 5);
}
LIBSSH2_FREE(session, data);
LIBSSH2_FREE(session, (char *)data);
return 0;
break;
case SSH_MSG_DEBUG:
@@ -392,7 +407,7 @@ static int libssh2_packet_add(LIBSSH2_SESSION *session, unsigned char *data, siz
int message_len, language_len;
message_len = libssh2_ntohu32(data + 2);
message = data + 6; /* packet_type(1) + display(1) + message_len(4) */
message = (char *)data + 6; /* packet_type(1) + display(1) + message_len(4) */
language_len = libssh2_ntohu32(data + 6 + message_len);
/* This is where we hack on the data a little,
* Use the MSB of language_len to to a terminating NULL (In all liklihood it is already)
@@ -401,7 +416,7 @@ static int libssh2_packet_add(LIBSSH2_SESSION *session, unsigned char *data, siz
* With the lengths passed this isn't *REALLY* necessary, but it's "kind"
*/
message[message_len] = '\0';
language = data + 6 + message_len + 3;
language = (char *)data + 6 + message_len + 3;
if (language_len) {
memcpy(language, language + 1, language_len);
}
@@ -531,6 +546,7 @@ static int libssh2_packet_add(LIBSSH2_SESSION *session, unsigned char *data, siz
#endif
channel->remote.close = 1;
channel->remote.eof = 1;
/* TODO: Add a callback for this */
LIBSSH2_FREE(session, data);
@@ -612,7 +628,7 @@ static int libssh2_packet_add(LIBSSH2_SESSION *session, unsigned char *data, siz
/* {{{ libssh2_blocking_read
* Force a blocking read, regardless of socket settings
*/
static int libssh2_blocking_read(LIBSSH2_SESSION *session, unsigned char *buf, size_t count)
static ssize_t libssh2_blocking_read(LIBSSH2_SESSION *session, unsigned char *buf, size_t count)
{
size_t bytes_read = 0;
#if !defined(HAVE_POLL) && !defined(HAVE_SELECT)
@@ -728,43 +744,55 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
/* Temporary Buffer
* The largest blocksize (currently) is 32, the largest MAC (currently) is 20
*/
unsigned char block[2 * 32], *payload, *s, tmp[6];
long read_len;
unsigned char block[2 * 32], *payload, *s, *p, tmp[6];
ssize_t read_len;
unsigned long blocksize = session->remote.crypt->blocksize;
unsigned long packet_len, payload_len;
int padding_len;
int macstate;
int free_payload = 1;
/* Safely ignored in CUSTOM cipher mode */
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)session->remote.crypt_abstract;
/* Note: If we add any cipher with a blocksize less than 6 we'll need to get more creative with this
* For now, all blocksize sizes are 8+
*/
if (should_block) {
read_len = libssh2_blocking_read(session, block, blocksize);
if(read_len <= 0)
return read_len;
} else {
ssize_t nread;
read_len = recv(session->socket_fd, block, 1, LIBSSH2_SOCKET_RECV_FLAGS(session));
if (read_len <= 0) {
return 0;
}
read_len += libssh2_blocking_read(session, block + read_len, blocksize - read_len);
nread = libssh2_blocking_read(session, block + read_len, blocksize - read_len);
if(nread <= 0)
return nread;
read_len += nread;
}
if (read_len < blocksize) {
return (session->socket_state == LIBSSH2_SOCKET_DISCONNECTED) ? 0 : -1;
}
if (session->remote.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
EVP_Cipher(ctx, block + blocksize, block, blocksize);
memcpy(block, block + blocksize, blocksize);
} else {
if (session->remote.crypt->crypt(session, block, &session->remote.crypt_abstract)) {
libssh2_error(session, LIBSSH2_ERROR_DECRYPT, "Error decrypting packet preamble", 0);
return -1;
}
if (session->remote.crypt->crypt(session, block, &session->remote.crypt_abstract)) {
libssh2_error(session, LIBSSH2_ERROR_DECRYPT, "Error decrypting packet preamble", 0);
return -1;
}
packet_len = libssh2_ntohu32(block);
/* RFC4253 section 6.1 Maximum Packet Length says:
*
* "All implementations MUST be able to process packets with
* uncompressed payload length of 32768 bytes or less and
* total packet size of 35000 bytes or less (including length,
* padding length, payload, padding, and MAC.)."
*/
if(packet_len > MAX_SSH_PACKET_LEN) {
return -1;
}
padding_len = block[4];
#ifdef LIBSSH2_DEBUG_TRANSPORT
_libssh2_debug(session, LIBSSH2_DBG_TRANS, "Processing packet %lu bytes long (with %lu bytes padding)", packet_len, padding_len);
@@ -785,25 +813,30 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
memcpy(s, block + 5, blocksize - 5);
s += blocksize - 5;
while ((s - payload) < payload_len) {
read_len = libssh2_blocking_read(session, block, blocksize);
if (read_len < blocksize) {
p = s;
while (p - payload < payload_len) {
read_len = payload_len - (p - payload);
if (read_len > 4096) read_len = 4096;
if (libssh2_blocking_read(session, p, read_len) < read_len) {
LIBSSH2_FREE(session, payload);
return -1;
}
if (session->remote.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
EVP_Cipher(ctx, block + blocksize, block, blocksize);
memcpy(s, block + blocksize, blocksize);
} else {
p += read_len;
while (s < p) {
memcpy(block, s, blocksize);
if (session->remote.crypt->crypt(session, block, &session->remote.crypt_abstract)) {
libssh2_error(session, LIBSSH2_ERROR_DECRYPT, "Error decrypting packet preamble", 0);
LIBSSH2_FREE(session, payload);
return -1;
}
memcpy(s, block, blocksize);
}
s += blocksize;
s += blocksize;
}
}
read_len = libssh2_blocking_read(session, block, session->remote.mac->mac_len);
@@ -815,7 +848,7 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
/* Calculate MAC hash */
session->remote.mac->hash(session, block + session->remote.mac->mac_len, session->remote.seqno, tmp, 5, payload, payload_len, &session->remote.mac_abstract);
macstate = (strncmp(block, block + session->remote.mac->mac_len, session->remote.mac->mac_len) == 0) ? LIBSSH2_MAC_CONFIRMED : LIBSSH2_MAC_INVALID;
macstate = (strncmp((char *)block, (char *)block + session->remote.mac->mac_len, session->remote.mac->mac_len) == 0) ? LIBSSH2_MAC_CONFIRMED : LIBSSH2_MAC_INVALID;
session->remote.seqno++;
@@ -868,24 +901,42 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
} else { /* No cipher active */
unsigned char *payload;
unsigned char buf[24];
unsigned long buf_len, payload_len;
unsigned long packet_length;
ssize_t buf_len;
unsigned long payload_len;
uint32_t packet_length;
unsigned long padding_length;
if (should_block) {
buf_len = libssh2_blocking_read(session, buf, 5);
} else {
ssize_t nread;
buf_len = recv(session->socket_fd, buf, 1, LIBSSH2_SOCKET_RECV_FLAGS(session));
if (buf_len <= 0) {
return 0;
return buf_len;
}
buf_len += libssh2_blocking_read(session, buf, 5 - buf_len);
nread = libssh2_blocking_read(session, buf, 5 - buf_len);
if(nread <= 0)
return -1;
buf_len += nread;
}
if (buf_len < 5) {
/* Something bad happened */
return -1;
}
packet_length = libssh2_ntohu32(buf);
/* RFC4253 section 6.1 Maximum Packet Length says:
*
* "All implementations MUST be able to process packets with
* uncompressed payload length of 32768 bytes or less and
* total packet size of 35000 bytes or less (including length,
* padding length, payload, padding, and MAC.)."
*/
if(packet_length > MAX_SSH_PACKET_LEN) {
return -1;
}
padding_length = buf[4];
#ifdef LIBSSH2_DEBUG_TRANSPORT
_libssh2_debug(session, LIBSSH2_DBG_TRANS, "Processing plaintext packet %lu bytes long (with %lu bytes padding)", packet_length, padding_length);
@@ -969,10 +1020,15 @@ int libssh2_packet_ask_ex(LIBSSH2_SESSION *session, unsigned char packet_type, u
/* {{{ libssh2_packet_askv
* Scan for any of a list of packet types in the brigade, optionally poll the socket for a packet first
*/
int libssh2_packet_askv_ex(LIBSSH2_SESSION *session, unsigned char *packet_types, unsigned char **data, unsigned long *data_len,
unsigned long match_ofs, const unsigned char *match_buf, unsigned long match_len, int poll_socket)
int libssh2_packet_askv_ex(LIBSSH2_SESSION *session,
unsigned char *packet_types,
unsigned char **data,
unsigned long *data_len,
unsigned long match_ofs,
const unsigned char *match_buf,
unsigned long match_len, int poll_socket)
{
int i, packet_types_len = strlen(packet_types);
int i, packet_types_len = strlen((char *)packet_types);
for(i = 0; i < packet_types_len; i++) {
if (0 == libssh2_packet_ask_ex(session, packet_types[i], data, data_len, match_ofs, match_buf, match_len, i ? 0 : poll_socket)) {
@@ -1025,7 +1081,7 @@ int libssh2_packet_burn(LIBSSH2_SESSION *session)
{
unsigned char *data;
unsigned long data_len;
char all_packets[255];
unsigned char all_packets[255];
int i;
for(i = 1; i < 256; i++) all_packets[i - 1] = i;
@@ -1081,7 +1137,7 @@ int libssh2_packet_requirev_ex(LIBSSH2_SESSION *session, unsigned char *packet_t
continue;
}
if (strchr(packet_types, ret)) {
if (strchr((char *)packet_types, ret)) {
/* Be lazy, let packet_ask pull it out of the brigade */
return libssh2_packet_askv_ex(session, packet_types, data, data_len, match_ofs, match_buf, match_len, 0);
}
@@ -1152,10 +1208,7 @@ int libssh2_packet_write(LIBSSH2_SESSION *session, unsigned char *data, unsigned
if (session->state & LIBSSH2_STATE_NEWKEYS) {
/* Encryption is in effect */
unsigned char *encbuf, *s;
int ret;
/* Safely ignored in CUSTOM cipher mode */
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)session->local.crypt_abstract;
int ret, size, written = 0;
/* include packet_length(4) itself and room for the hash at the end */
encbuf = LIBSSH2_ALLOC(session, 4 + packet_length + session->local.mac->mac_len);
@@ -1170,7 +1223,7 @@ int libssh2_packet_write(LIBSSH2_SESSION *session, unsigned char *data, unsigned
/* Copy packet to encoding buffer */
memcpy(encbuf, buf, 5);
memcpy(encbuf + 5, data, data_len);
RAND_bytes(encbuf + 5 + data_len, padding_length);
libssh2_random(encbuf + 5 + data_len, padding_length);
if (free_data) {
LIBSSH2_FREE(session, data);
}
@@ -1180,18 +1233,22 @@ int libssh2_packet_write(LIBSSH2_SESSION *session, unsigned char *data, unsigned
/* Encrypt data */
for(s = encbuf; (s - encbuf) < (4 + packet_length) ; s += session->local.crypt->blocksize) {
if (session->local.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
EVP_Cipher(ctx, buf, s, session->local.crypt->blocksize);
memcpy(s, buf, session->local.crypt->blocksize);
} else {
session->local.crypt->crypt(session, s, &session->local.crypt_abstract);
}
session->local.crypt->crypt(session, s, &session->local.crypt_abstract);
}
session->local.seqno++;
/* Send It */
ret = ((4 + packet_length + session->local.mac->mac_len) == send(session->socket_fd, encbuf, 4 + packet_length + session->local.mac->mac_len, LIBSSH2_SOCKET_SEND_FLAGS(session))) ? 0 : -1;
size = 4 + packet_length + session->local.mac->mac_len;
written = 0;
while(written < size) {
ret = send(session->socket_fd, encbuf + written, size - written, LIBSSH2_SOCKET_SEND_FLAGS(session));
if(ret > 0) written += ret;
else break;
}
ret = written == size ? 0 : -1;
/* Cleanup environment */
LIBSSH2_FREE(session, encbuf);

229
src/pem.c Normal file
View File

@@ -0,0 +1,229 @@
/* Copyright (C) 2007 The Written Word, Inc. All rights reserved.
* Author: Simon Josefsson
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include "libssh2_priv.h"
static int readline (char *line, int line_size, FILE *fp)
{
if (!fgets(line, line_size, fp))
{
return -1;
}
if (*line && line[strlen(line) - 1] == '\r')
{
line[strlen(line) - 1] = '\0';
}
if (*line && line[strlen(line) - 1] == '\n')
{
line[strlen(line) - 1] = '\0';
}
return 0;
}
#define LINE_SIZE 128
int _libssh2_pem_parse (LIBSSH2_SESSION *session,
const char *headerbegin,
const char *headerend,
FILE *fp,
char **data, unsigned int *datalen)
{
char line[LINE_SIZE];
char *b64data = NULL;
unsigned int b64datalen = 0;
int ret;
do
{
if (readline(line, LINE_SIZE, fp))
{
return -1;
}
}
while (strcmp (line, headerbegin) != 0);
*line = '\0';
do
{
if (*line)
{
char *tmp;
size_t linelen;
linelen = strlen (line);
tmp = LIBSSH2_REALLOC (session, b64data,
b64datalen + linelen);
if (!tmp)
{
ret = -1;
goto out;
}
memcpy (tmp + b64datalen, line, linelen);
b64data = tmp;
b64datalen += linelen;
}
if (readline(line, LINE_SIZE, fp))
{
ret = -1;
goto out;
}
} while (strcmp (line, headerend) != 0);
if (libssh2_base64_decode(session, data, datalen,
b64data, b64datalen))
{
ret = -1;
goto out;
}
ret = 0;
out:
if (b64data) {
LIBSSH2_FREE (session, b64data);
}
return ret;
}
static int read_asn1_length (const unsigned char *data,
unsigned int datalen,
unsigned int *len)
{
unsigned int lenlen;
int nextpos;
if (datalen < 1)
{
return -1;
}
*len = data[0];
if (*len >= 0x80)
{
lenlen = *len & 0x7F;
*len = data[1];
if (1 + lenlen > datalen)
{
return -1;
}
if (lenlen > 1)
{
*len <<= 8;
*len |= data[2];
}
}
else
{
lenlen = 0;
}
nextpos = 1 + lenlen;
if (lenlen > 2 || 1 + lenlen + *len > datalen)
{
return -1;
}
return nextpos;
}
int _libssh2_pem_decode_sequence (unsigned char **data, unsigned int *datalen)
{
unsigned int len;
int lenlen;
if (*datalen < 1)
{
return -1;
}
if ((*data)[0] != '\x30')
{
return -1;
}
(*data)++;
(*datalen)--;
lenlen = read_asn1_length (*data, *datalen, &len);
if (lenlen < 0 || lenlen + len != *datalen)
{
return -1;
}
*data += lenlen;
*datalen -= lenlen;
return 0;
}
int _libssh2_pem_decode_integer (unsigned char **data, unsigned int *datalen,
unsigned char **i, unsigned int *ilen)
{
unsigned int len;
int lenlen;
if (*datalen < 1)
{
return -1;
}
if ((*data)[0] != '\x02')
{
return -1;
}
(*data)++;
(*datalen)--;
lenlen = read_asn1_length (*data, *datalen, &len);
if (lenlen < 0 || lenlen + len > *datalen)
{
return -1;
}
*data += lenlen;
*datalen -= lenlen;
*i = *data;
*ilen = len;
*data += len;
*datalen -= len;
return 0;
}

30
src/publickey.c
View File

@@ -147,7 +147,7 @@ static int libssh2_publickey_packet_receive(LIBSSH2_PUBLICKEY *pkey, unsigned ch
unsigned long packet_len;
unsigned char *packet;
if (libssh2_channel_read(channel, buffer, 4) != 4) {
if (libssh2_channel_read(channel, (char *)buffer, 4) != 4) {
libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Invalid response from publickey subsystem", 0);
return -1;
}
@@ -159,7 +159,7 @@ static int libssh2_publickey_packet_receive(LIBSSH2_PUBLICKEY *pkey, unsigned ch
return -1;
}
if (libssh2_channel_read(channel, packet, packet_len) != packet_len) {
if (libssh2_channel_read(channel, (char *)packet, packet_len) != packet_len) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, "Timeout waiting for publickey subsystem response packet", 0);
LIBSSH2_FREE(session, packet);
return -1;
@@ -194,7 +194,7 @@ static int libssh2_publickey_response_id(unsigned char **pdata, int data_len)
while (codes->name) {
if (codes->name_len == response_len &&
strncmp(codes->name, data, response_len) == 0) {
strncmp(codes->name, (char *)data, response_len) == 0) {
*pdata = data + response_len;
return codes->code;
}
@@ -212,7 +212,8 @@ static int libssh2_publickey_response_success(LIBSSH2_PUBLICKEY *pkey)
{
LIBSSH2_SESSION *session = pkey->channel->session;
unsigned char *data, *s;
unsigned long data_len, response;
unsigned long data_len;
int response;
while (1) {
if (libssh2_publickey_packet_receive(pkey, &data, &data_len)) {
@@ -322,7 +323,7 @@ LIBSSH2_API LIBSSH2_PUBLICKEY *libssh2_publickey_init(LIBSSH2_SESSION *session)
#ifdef LIBSSH2_DEBUG_PUBLICKEY
_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Sending publickey version packet advertising version %d support", (int)LIBSSH2_PUBLICKEY_VERSION);
#endif
if ((s - buffer) != libssh2_channel_write(channel, buffer, (s - buffer))) {
if ((s - buffer) != libssh2_channel_write(channel, (char*)buffer, (s - buffer))) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send publickey version packet", 0);
goto err_exit;
}
@@ -427,7 +428,7 @@ LIBSSH2_API int libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY *pkey, const unsigned
/* Search for a comment attribute */
if (attrs[i].name_len == (sizeof("comment") - 1) &&
strncmp(attrs[i].name, "comment", sizeof("comment") - 1) == 0) {
comment = attrs[i].value;
comment = (unsigned char *)attrs[i].value;
comment_len = attrs[i].value_len;
break;
}
@@ -482,7 +483,7 @@ LIBSSH2_API int libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY *pkey, const unsigned
#ifdef LIBSSH2_DEBUG_PUBLICKEY
_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Sending publickey \"add\" packet: type=%s blob_len=%ld num_attrs=%ld", name, blob_len, num_attrs);
#endif
if ((s - packet) != libssh2_channel_write(channel, packet, (s - packet))) {
if ((s - packet) != libssh2_channel_write(channel, (char *)packet, (s - packet))) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send publickey add packet", 0);
LIBSSH2_FREE(session, packet);
return -1;
@@ -530,7 +531,7 @@ LIBSSH2_API int libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY *pkey, const unsig
#ifdef LIBSSH2_DEBUG_PUBLICKEY
_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Sending publickey \"remove\" packet: type=%s blob_len=%ld", name, blob_len);
#endif
if ((s - packet) != libssh2_channel_write(channel, packet, (s - packet))) {
if ((s - packet) != libssh2_channel_write(channel, (char *)packet, (s - packet))) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send publickey remove packet", 0);
LIBSSH2_FREE(session, packet);
return -1;
@@ -551,10 +552,11 @@ LIBSSH2_API int libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey, unsigned l
LIBSSH2_SESSION *session = channel->session;
libssh2_publickey_list *list = NULL;
unsigned char *s, buffer[12], *data = NULL;
unsigned long buffer_len = 12, keys = 0, max_keys = 0, data_len, i, response;
/* packet_len(4) +
unsigned long buffer_len = 12, keys = 0, max_keys = 0, data_len, i;
/* packet_len(4) +
list_len(4) +
"list"(4) */
int response;
s = buffer;
libssh2_htonu32(s, buffer_len - 4); s += 4;
@@ -564,7 +566,7 @@ LIBSSH2_API int libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey, unsigned l
#ifdef LIBSSH2_DEBUG_PUBLICKEY
_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Sending publickey \"list\" packet");
#endif
if ((s - buffer) != libssh2_channel_write(channel, buffer, (s - buffer))) {
if ((s - buffer) != libssh2_channel_write(channel, (char *)buffer, (s - buffer))) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send publickey list packet", 0);
return -1;
}
@@ -633,7 +635,7 @@ LIBSSH2_API int libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey, unsigned l
}
list[keys].attrs[0].name = "comment";
list[keys].attrs[0].name_len = sizeof("comment") - 1;
list[keys].attrs[0].value = s;
list[keys].attrs[0].value = (char *)s;
list[keys].attrs[0].value_len = comment_len;
list[keys].attrs[0].mandatory = 0;
@@ -661,9 +663,9 @@ LIBSSH2_API int libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey, unsigned l
}
for(i = 0; i < list[keys].num_attrs; i++) {
list[keys].attrs[i].name_len = libssh2_ntohu32(s); s += 4;
list[keys].attrs[i].name = s; s += list[keys].attrs[i].name_len;
list[keys].attrs[i].name = (char *)s; s += list[keys].attrs[i].name_len;
list[keys].attrs[i].value_len = libssh2_ntohu32(s); s += 4;
list[keys].attrs[i].value = s; s += list[keys].attrs[i].value_len;
list[keys].attrs[i].value = (char *)s; s += list[keys].attrs[i].value_len;
list[keys].attrs[i].mandatory = 0; /* actually an ignored value */
}
} else {

30
src/session.c
View File

@@ -254,6 +254,8 @@ LIBSSH2_API LIBSSH2_SESSION *libssh2_session_init_ex(
_libssh2_debug(session, LIBSSH2_DBG_TRANS, "New session resource allocated");
#endif
libssh2_crypto_init ();
return session;
}
/* }}} */
@@ -410,16 +412,8 @@ LIBSSH2_API void libssh2_session_free(LIBSSH2_SESSION *session)
/* Client to Server */
/* crypt */
if (session->local.crypt) {
if (session->local.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
if (session->local.crypt_abstract) {
EVP_CIPHER_CTX_cleanup(session->local.crypt_abstract);
LIBSSH2_FREE(session, session->local.crypt_abstract);
session->local.crypt_abstract = NULL;
}
} else if (session->local.crypt->dtor) {
session->local.crypt->dtor(session, &session->local.crypt_abstract);
}
if (session->local.crypt && session->local.crypt->dtor) {
session->local.crypt->dtor(session, &session->local.crypt_abstract);
}
/* comp */
if (session->local.comp && session->local.comp->dtor) {
@@ -432,16 +426,8 @@ LIBSSH2_API void libssh2_session_free(LIBSSH2_SESSION *session)
/* Server to Client */
/* crypt */
if (session->remote.crypt) {
if (session->remote.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
if (session->remote.crypt_abstract) {
EVP_CIPHER_CTX_cleanup(session->remote.crypt_abstract);
LIBSSH2_FREE(session, session->remote.crypt_abstract);
session->remote.crypt_abstract = NULL;
}
} else if (session->remote.crypt->dtor) {
session->remote.crypt->dtor(session, &session->remote.crypt_abstract);
}
if (session->remote.crypt && session->remote.crypt->dtor) {
session->remote.crypt->dtor(session, &session->remote.crypt_abstract);
}
/* comp */
if (session->remote.comp && session->remote.comp->dtor) {
@@ -884,7 +870,7 @@ LIBSSH2_API int libssh2_poll(LIBSSH2_POLLFD *fds, unsigned int nfds, long timeou
sysret = poll(sockets, nfds, timeout_remaining);
gettimeofday((struct timeval *)&tv_end, NULL);
timeout_remaining -= (tv_end.tv_sec - tv_begin.tv_sec) * 1000;
timeout_remaining -= ceil((tv_end.tv_usec - tv_begin.tv_usec) / 1000);
timeout_remaining -= (tv_end.tv_usec - tv_begin.tv_usec) / 1000;
}
#else
/* If the platform doesn't support gettimeofday,
@@ -939,7 +925,7 @@ LIBSSH2_API int libssh2_poll(LIBSSH2_POLLFD *fds, unsigned int nfds, long timeou
gettimeofday((struct timeval *)&tv_end, NULL);
timeout_remaining -= (tv_end.tv_sec - tv_begin.tv_sec) * 1000;
timeout_remaining -= ceil((tv_end.tv_usec - tv_begin.tv_usec) / 1000);
timeout_remaining -= (tv_end.tv_usec - tv_begin.tv_usec) / 1000;
}
#else
/* If the platform doesn't support gettimeofday,

26
src/sftp.c
View File

@@ -555,7 +555,7 @@ LIBSSH2_API int libssh2_sftp_shutdown(LIBSSH2_SFTP *sftp) {
/* {{{ libssh2_sftp_open_ex
*
*/
LIBSSH2_API LIBSSH2_SFTP_HANDLE *libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp, char *filename, int filename_len, unsigned long flags, long mode, int open_type)
LIBSSH2_API LIBSSH2_SFTP_HANDLE *libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp, char *filename, unsigned int filename_len, unsigned long flags, long mode, int open_type)
{
LIBSSH2_CHANNEL *channel = sftp->channel;
LIBSSH2_SESSION *session = channel->session;
@@ -740,6 +740,11 @@ LIBSSH2_API int libssh2_sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer,
filename_len = buffer_maxlen;
}
memcpy(buffer, s, filename_len); s += real_filename_len;
/* The filename is not null terminated, make it so if possible */
if (filename_len < buffer_maxlen) {
buffer[filename_len] = '\0';
}
/* Skip longname */
s += 4 + libssh2_ntohu32(s);
@@ -819,6 +824,11 @@ LIBSSH2_API int libssh2_sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer,
}
memcpy(buffer, data + 13, filename_len);
/* The filename is not null terminated, make it so if possible */
if (filename_len < buffer_maxlen) {
buffer[filename_len] = '\0';
}
if (attrs) {
memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES));
libssh2_sftp_bin2attr(attrs, data + 13 + real_filename_len + (4 + libssh2_ntohu32(data + 13 + real_filename_len)));
@@ -1054,7 +1064,7 @@ LIBSSH2_API int libssh2_sftp_close_handle(LIBSSH2_SFTP_HANDLE *handle)
/* {{{ libssh2_sftp_unlink_ex
* Delete a file from the remote server
*/
LIBSSH2_API int libssh2_sftp_unlink_ex(LIBSSH2_SFTP *sftp, char *filename, int filename_len)
LIBSSH2_API int libssh2_sftp_unlink_ex(LIBSSH2_SFTP *sftp, char *filename, unsigned int filename_len)
{
LIBSSH2_CHANNEL *channel = sftp->channel;
LIBSSH2_SESSION *session = channel->session;
@@ -1106,8 +1116,8 @@ LIBSSH2_API int libssh2_sftp_unlink_ex(LIBSSH2_SFTP *sftp, char *filename, int f
/* {{{ libssh2_sftp_rename_ex
* Rename a file on the remote server
*/
LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp, char *source_filename, int source_filename_len,
char *dest_filename, int dest_filename_len,
LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp, char *source_filename, unsigned int source_filename_len,
char *dest_filename, unsigned int dest_filename_len,
long flags)
{
LIBSSH2_CHANNEL *channel = sftp->channel;
@@ -1187,7 +1197,7 @@ LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp, char *source_filenam
/* {{{ libssh2_sftp_mkdir_ex
* Create a directory
*/
LIBSSH2_API int libssh2_sftp_mkdir_ex(LIBSSH2_SFTP *sftp, char *path, int path_len, long mode)
LIBSSH2_API int libssh2_sftp_mkdir_ex(LIBSSH2_SFTP *sftp, char *path, unsigned int path_len, long mode)
{
LIBSSH2_CHANNEL *channel = sftp->channel;
LIBSSH2_SESSION *session = channel->session;
@@ -1244,7 +1254,7 @@ LIBSSH2_API int libssh2_sftp_mkdir_ex(LIBSSH2_SFTP *sftp, char *path, int path_l
/* {{{ libssh2_sftp_rmdir_ex
* Remove a directory
*/
LIBSSH2_API int libssh2_sftp_rmdir_ex(LIBSSH2_SFTP *sftp, char *path, int path_len)
LIBSSH2_API int libssh2_sftp_rmdir_ex(LIBSSH2_SFTP *sftp, char *path, unsigned int path_len)
{
LIBSSH2_CHANNEL *channel = sftp->channel;
LIBSSH2_SESSION *session = channel->session;
@@ -1296,7 +1306,7 @@ LIBSSH2_API int libssh2_sftp_rmdir_ex(LIBSSH2_SFTP *sftp, char *path, int path_l
/* {{{ libssh2_sftp_stat_ex
* Stat a file or symbolic link
*/
LIBSSH2_API int libssh2_sftp_stat_ex(LIBSSH2_SFTP *sftp, char *path, int path_len, int stat_type, LIBSSH2_SFTP_ATTRIBUTES *attrs)
LIBSSH2_API int libssh2_sftp_stat_ex(LIBSSH2_SFTP *sftp, char *path, unsigned int path_len, int stat_type, LIBSSH2_SFTP_ATTRIBUTES *attrs)
{
LIBSSH2_CHANNEL *channel = sftp->channel;
LIBSSH2_SESSION *session = channel->session;
@@ -1372,7 +1382,7 @@ LIBSSH2_API int libssh2_sftp_stat_ex(LIBSSH2_SFTP *sftp, char *path, int path_le
/* {{{ libssh2_sftp_symlink_ex
* Read or set a symlink
*/
LIBSSH2_API int libssh2_sftp_symlink_ex(LIBSSH2_SFTP *sftp, const char *path, int path_len, char *target, int target_len, int link_type)
LIBSSH2_API int libssh2_sftp_symlink_ex(LIBSSH2_SFTP *sftp, const char *path, unsigned int path_len, char *target, unsigned int target_len, int link_type)
{
LIBSSH2_CHANNEL *channel = sftp->channel;
LIBSSH2_SESSION *session = channel->session;

35
src/userauth.c
View File

@@ -37,6 +37,9 @@
#include "libssh2_priv.h"
#include <ctype.h>
#include <stdio.h>
/* Needed for struct iovec on some platforms */
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
@@ -49,7 +52,7 @@
* Not a common configuration for any SSH server though
* username should be NULL, or a null terminated string
*/
LIBSSH2_API char *libssh2_userauth_list(LIBSSH2_SESSION *session, const char *username, int username_len)
LIBSSH2_API char *libssh2_userauth_list(LIBSSH2_SESSION *session, const char *username, unsigned int username_len)
{
unsigned char reply_codes[3] = { SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, 0 };
unsigned long data_len = username_len + 31; /* packet_type(1) + username_len(4) + service_len(4) + service(14)"ssh-connection" +
@@ -116,9 +119,9 @@ LIBSSH2_API int libssh2_userauth_authenticated(LIBSSH2_SESSION *session)
/* {{{ libssh2_userauth_password
* Plain ol' login
*/
LIBSSH2_API int libssh2_userauth_password_ex(LIBSSH2_SESSION *session, const char *username, int username_len,
const char *password, int password_len,
LIBSSH2_PASSWD_CHANGEREQ_FUNC((*passwd_change_cb)))
LIBSSH2_API int libssh2_userauth_password_ex(LIBSSH2_SESSION *session, const char *username, unsigned int username_len,
const char *password, unsigned int password_len,
LIBSSH2_PASSWD_CHANGEREQ_FUNC((*passwd_change_cb)))
{
unsigned char *data, *s, reply_codes[4] = { SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, 0 };
unsigned long data_len = username_len + password_len + 40; /* packet_type(1) + username_len(4) + service_len(4) + service(14)"ssh-connection" +
@@ -239,7 +242,8 @@ static int libssh2_file_read_publickey(LIBSSH2_SESSION *session, unsigned char *
{
FILE *fd;
char *pubkey = NULL, c, *sp1, *sp2, *tmp;
int pubkey_len = 0, tmp_len;
size_t pubkey_len = 0;
unsigned int tmp_len;
#ifdef LIBSSH2_DEBUG_USERAUTH
_libssh2_debug(session, LIBSSH2_DBG_AUTH, "Loading public key file: %s", pubkeyfile);
@@ -251,8 +255,12 @@ static int libssh2_file_read_publickey(LIBSSH2_SESSION *session, unsigned char *
return -1;
}
while (!feof(fd) && (c = fgetc(fd)) != '\r' && c != '\n') pubkey_len++;
if (feof(fd)) {
/* the last character was EOF */
pubkey_len--;
}
rewind(fd);
if (pubkey_len <= 1) {
libssh2_error(session, LIBSSH2_ERROR_FILE, "Invalid data in public key file", 0);
fclose(fd);
@@ -272,7 +280,10 @@ static int libssh2_file_read_publickey(LIBSSH2_SESSION *session, unsigned char *
return -1;
}
fclose(fd);
while (pubkey_len && (pubkey[pubkey_len-1] == '\r' || pubkey[pubkey_len-1] == '\n')) pubkey_len--;
/*
* Remove trailing whitespace
*/
while (pubkey_len && isspace(pubkey[pubkey_len-1])) pubkey_len--;
if (!pubkey_len) {
libssh2_error(session, LIBSSH2_ERROR_FILE, "Missing public key data", 0);
@@ -349,11 +360,11 @@ static int libssh2_file_read_privatekey(LIBSSH2_SESSION *session, LIBSSH2_HOSTKE
/* {{{ libssh2_userauth_hostbased_fromfile_ex
* Authenticate using a keypair found in the named files
*/
LIBSSH2_API int libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session, const char *username, int username_len,
LIBSSH2_API int libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session, const char *username, unsigned int username_len,
const char *publickey, const char *privatekey,
const char *passphrase,
const char *hostname, int hostname_len,
const char *local_username, int local_username_len)
const char *hostname, unsigned int hostname_len,
const char *local_username, unsigned int local_username_len)
{
LIBSSH2_HOSTKEY_METHOD *privkeyobj;
void *abstract;
@@ -480,7 +491,7 @@ LIBSSH2_API int libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session,
/* {{{ libssh2_userauth_publickey_fromfile_ex
* Authenticate using a keypair found in the named files
*/
LIBSSH2_API int libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session, const char *username, int username_len,
LIBSSH2_API int libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session, const char *username, unsigned int username_len,
const char *publickey, const char *privatekey,
const char *passphrase)
{
@@ -656,7 +667,7 @@ LIBSSH2_API int libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session,
/* {{{ libssh2_userauth_keyboard_interactive
* Authenticate using a challenge-response authentication
*/
LIBSSH2_API int libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION *session, const char *username, int username_len,
LIBSSH2_API int libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION *session, const char *username, unsigned int username_len,
LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback)))
{
unsigned char *s, *data; /* packet */

20
ssh2_sample.c
View File

@@ -14,12 +14,15 @@
#include <stdio.h>
#include <ctype.h>
int main(int argc, char *argv[]) {
int main(int argc, char *argv[])
{
int sock, i, auth_pw = 1;
struct sockaddr_in sin;
const char *fingerprint;
LIBSSH2_SESSION *session;
LIBSSH2_CHANNEL *channel;
char *username=(char *)"username";
char *password=(char *)"password";
#ifdef WIN32
WSADATA wsadata;
@@ -61,15 +64,22 @@ int main(int argc, char *argv[]) {
}
printf("\n");
if(argc > 1) {
username = argv[1];
}
if(argc > 2) {
password = argv[2];
}
if (auth_pw) {
/* We could authenticate via password */
if (libssh2_userauth_password(session, "username", "password")) {
if (libssh2_userauth_password(session, username, password)) {
printf("Authentication by password failed.\n");
goto shutdown;
}
} else {
/* Or by public key */
if (libssh2_userauth_publickey_fromfile(session, "username", "/home/username/.ssh/id_rsa.pub", "/home/username/.ssh/id_rsa", "pasphrase")) {
if (libssh2_userauth_publickey_fromfile(session, username, "/home/username/.ssh/id_rsa.pub", "/home/username/.ssh/id_rsa", password)) {
printf("\tAuthentication by public key failed\n");
goto shutdown;
}
@@ -84,12 +94,12 @@ int main(int argc, char *argv[]) {
/* Some environment variables may be set,
* It's up to the server which ones it'll allow though
*/
libssh2_channel_setenv(channel, "FOO", "bar");
libssh2_channel_setenv(channel, (char *)"FOO", (char *)"bar");
/* Request a terminal with 'vanilla' terminal emulation
* See /etc/termcap for more options
*/
if (libssh2_channel_request_pty(channel, "vanilla")) {
if (libssh2_channel_request_pty(channel, (char *)"vanilla")) {
fprintf(stderr, "Failed requesting pty\n");
goto skip_shell;
}

5
tests/.cvsignore Normal file
View File

@@ -0,0 +1,5 @@
.deps
.libs
Makefile
Makefile.in
simple

7
tests/Makefile.am Normal file
View File

@@ -0,0 +1,7 @@
AM_CPPFLAGS = -I$(top_srcdir)/include
AM_LDFLAGS = -no-install
LDADD = ../src/libssh2.la
ctests = simple$(EXEEXT)
TESTS = $(ctests)
check_PROGRAMS = $(ctests)

56
tests/simple.c Normal file
View File

@@ -0,0 +1,56 @@
/* Copyright (C) 2007 The Written Word, Inc. All rights reserved.
* Author: Simon Josefsson
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include <stdio.h>
#include "libssh2.h"
int main(int argc, char *argv[])
{
LIBSSH2_SESSION *session;
session = libssh2_session_init();
if (!session)
{
fprintf (stderr, "libssh2_session_init() failed\n");
return 1;
}
libssh2_session_free(session);
return 0;
}