github-starred/ultimatepp
2
0
Fork 0
mirror of https://github.com/ultimatepp/ultimatepp.git synced 2026-05-15 14:16:07 -06:00
Code Issues 33 Projects Packages Wiki Activity Actions

Merge branch 'master' of https://github.com/ultimatepp/ultimatepp

Browse source
This commit is contained in:
Mirek Fidler 2022-09-14 17:27:40 +02:00
commit 2784431294
29 changed files with 1337 additions and 469 deletions
Download patch file Download diff file Expand all files Collapse all files

2
uppsrc/Core/SSH/Copying
View file

@ -1,6 +1,6 @@
SSH package for Ultimate++
Copyright (c) 2016, 2021, İsmail Yılmaz
Copyright (c) 2016, 2022, İsmail Yılmaz
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted

50
uppsrc/Core/SSH/ReadMe
View file

@ -1,50 +0,0 @@
SSH package for U++
--------------------
SSH package is a flexible, easy-to-use, yet powerful libssh2 wrapper for Ultimate++.
It supports both console and GUI-based applications on POSIX-compliant operating systems and
MS Windows (tm).
Classes:
--------------------
- Base (core) class -> Ssh
- Ssh session -----> SshSession
- Sftp subsystem -----> SFtp
- SFtp Stream interface -----> SFtpStream
- File system transparency -----> SFtpFileSystemInfo
- Ssh channel -----> SshChannel
- Scp channel -----> Scp
- Exec channel -----> SshExec
- Real-time interactive shell -----> SshShell
- X11 forwarding -----> SshShell (as operation mode)
- Tcp/IP and port forwarding -----> SshTunnel
- Known hosts manager -> SshHosts
Features and Highlights:
--------------------
- Ssh-derived classes have pick semantics, based on RAII principle, support RTTI, and allow
polymorphism (i.e. different classes can be stored in the same array, etc.) through a common
interface.
- Uses U++'s memory manager (Native manager (malloc) is also a compile-time option)
- Uses OpenSSL by default.
- Supports multithreading.
- Supports 3rd-party network proxies.
- Supports known hosts verification mechanism.
- Supports password, public key, host-based, and keyboard-interactive authentication methods.
- Supports ssh-agents.
- Supports real-time interactive command line (shell) interface with both console and GUI integration
(SshShell works on both Windows and Posix-compliant OSes)
- Supports X11 forwarding.
(A single SShShell instance is capable of handling multiple X11 requests simultaneously.)
- Supports Tcp/IP and port forwarding.
- Supports stream operations on SFTP objects.
- Supports access to sftp folder hiearcy in a file-system-agnostic (transparent) way.
- Supports detailed (full) debug logging.
Reference examples:
-------------------
- SshBasics: Demonstrates basic capabilities of SSH package.
- SFtpFileSel: Demonstrates FileSel integration of SFtp class, using FileSystemInfo interface.
- SFtpBrowser: Demonstrates a basic sftp browser with GUI.

80
uppsrc/Core/SSH/ReadMe.md Normal file
View file

@ -0,0 +1,80 @@
# SSH package for U++
SSH package is a flexible, easy-to-use, yet powerful [libssh2](https://www.libssh2.org/) wrapper for Ultimate++.
It supports both console and GUI-based applications on POSIX-compliant operating systems and
MS Windows (tm).
## Classes:
```
- Base (core) class -> Ssh
- Ssh session -----> SshSession
- Sftp subsystem -----> SFtp
- SFtp Stream interface -----> SFtpStream
- File system transparency -----> SFtpFileSystemInfo
- Ssh channel -----> SshChannel
- Scp channel -----> Scp
- Exec channel -----> SshExec
- Real-time interactive shell -----> SshShell
- X11 forwarding -----> SshShell (as operation mode)
- Tcp/IP and port forwarding -----> SshTunnel
- Known hosts manager -> SshHosts
```
## Features and Highlights:
- Ssh-derived classes have pick semantics, based on RAII principle, support RTTI, and allow
polymorphism (i.e. different classes can be stored in the same array, etc.) through a common
interface.
- Uses U++'s memory manager (Native manager (malloc) is also a compile-time option)
- Uses OpenSSL by default.
- Supports multithreading.
- Supports 3rd-party network proxies.
- Supports known hosts verification mechanism.
- Supports password, public key, host-based, and keyboard-interactive authentication methods.
- Supports ssh-agents.
- Supports real-time interactive command line (shell) interface with both console and GUI integration
(SshShell works on both Windows and Posix-compliant OSes)
- Supports X11 forwarding.
(A single SShShell instance is capable of handling multiple X11 requests simultaneously.)
- Supports Tcp/IP and port forwarding.
- Supports stream operations on SFTP objects.
- Supports access to sftp folder hiearcy in a file-system-agnostic (transparent) way.
- Supports detailed (full) debug logging.
## Reference examples:
+ *SshBasics*: Demonstrates basic capabilities of SSH package.
+ *SFtpFileSel*: Demonstrates FileSel integration of SFtp class, using FileSystemInfo interface.
+ *SFtpBrowser*: Demonstrates a basic sftp browser with GUI.
## License
```
Copyright (c) 2019-2022, İsmail Yılmaz
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

2
uppsrc/Core/SSH/SSH.upp
View file

@ -48,7 +48,7 @@ file
Docs readonly separator,
src.tpp,
Info readonly separator,
ReadMe,
ReadMe.md,
Copying,
Todo,
Issues;

1
uppsrc/Core/SSH/libssh2/ChangeLog Normal file
View file

@ -0,0 +1 @@
see NEWS

4
uppsrc/Core/SSH/libssh2/Copying
View file

@ -2,8 +2,10 @@
* Copyright (c) 2005,2006 Mikhail Gusarov <dottedmag@dottedmag.net>
* Copyright (c) 2006-2007 The Written Word, Inc.
* Copyright (c) 2007 Eli Fant <elifantu@mail.ru>
* Copyright (c) 2009-2019 Daniel Stenberg
* Copyright (c) 2009-2021 Daniel Stenberg
* Copyright (C) 2008, 2009 Simon Josefsson
* Copyright (c) 2000 Markus Friedl
* Copyright (c) 2015 Microsoft Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms,

604
uppsrc/Core/SSH/libssh2/NEWS
View file

@ -1,6 +1,448 @@
Changelog for the libssh2 project. Generated with git2news.pl
GitHub (11 Nov 2020)
Daniel Stenberg (29 Aug 2021)
- [Will Cosgrove brought this change]
updated docs for 1.10.0 release
Marc Hörsken (30 May 2021)
- [Laurent Stacul brought this change]
[tests] Try several times to connect the ssh server
Sometimes, as the OCI container is run in detached mode, it is possible
the actual server is not ready yet to handle SSH traffic. The goal of
this PR is to try several times (max 3). The mechanism is the same as
for the connection to the docker machine.
- [Laurent Stacul brought this change]
Remove openssh_server container on test exit
- [Laurent Stacul brought this change]
Allow the tests to run inside a container
The current tests suite starts SSH server as OCI container. This commit
add the possibility to run the tests in a container provided that:
* the docker client is installed builder container
* the host docker daemon unix socket has been mounted in the builder
container (with, if needed, the DOCKER_HOST environment variable
accordingly set, and the permission to write on this socket)
* the builder container is run on the default bridge network, or the
host network. This PR does not handle the case where the builder
container is on another network.
Marc Hoersken (28 May 2021)
- CI/appveyor: run SSH server for tests on GitHub Actions (#607)
No longer rely on DigitalOcean to host the Docker container.
Unfortunately we require a small dispatcher script that has
access to a GitHub access token with scope repo in order to
trigger the daemon workflow on GitHub Actions also for PRs.
This script is hosted by myself for the time being until GitHub
provides a tighter scope to trigger the workflow_dispatch event.
GitHub (26 May 2021)
- [Will Cosgrove brought this change]
openssl.c: guards around calling FIPS_mode() #596 (#603)
Notes:
FIPS_mode() is not implemented in LibreSSL and this API is removed in OpenSSL 3.0 and was introduced in 0.9.7. Added guards around making this call.
Credit:
Will Cosgrove
- [Will Cosgrove brought this change]
configure.ac: don't undefine scoped variable (#594)
* configure.ac: don't undefine scoped variable
To get this script to run with Autoconf 2.71 on macOS I had to remove the undefine of the backend for loop variable. It seems scoped to the for loop and also isn't referenced later in the script so it seems OK to remove it.
* configure.ac: remove cygwin specific CFLAGS #598
Notes:
Remove cygwin specific Win32 CFLAGS and treat the build like a posix build
Credit:
Will Cosgrove, Brian Inglis
- [Laurent Stacul brought this change]
tests: Makefile.am: Add missing tests client keys in distribution tarball (#604)
Notes:
Added missing test keys.
Credit:
Laurent Stacul
- [Laurent Stacul brought this change]
Makefile.am: Add missing test keys in the distribution tarball (#601)
Notes:
Fix tests missing key to build the OCI image
Credit:
Laurent Stacul
Daniel Stenberg (16 May 2021)
- dist: add src/agent.h
Fixes #597
Closes #599
GitHub (12 May 2021)
- [Will Cosgrove brought this change]
packet.c: Reset read timeout after received a packet (#576) (#586)
File:
packet.c
Notes:
Attempt keyboard interactive login (Azure AD 2FA login) and use more than 60 seconds to complete the login, the connection fails.
The _libssh2_packet_require function does almost the same as _libssh2_packet_requirev but this function sets state->start = 0 before returning.
Credit:
teottin, Co-authored-by: Tor Erik Ottinsen <tor.ottinsen@kdi.kongsberg.com>
- [kkoenig brought this change]
Support ECDSA certificate authentication (#570)
Files: hostkey.c, userauth.c, test_public_key_auth_succeeds_with_correct_ecdsa_key.c
Notes:
Support ECDSA certificate authentication
Add a test for:
- Existing ecdsa basic public key authentication
- ecdsa public key authentication with a signed public key
Credit:
kkoenig
- [Gabriel Smith brought this change]
agent.c: Add support for Windows OpenSSH agent (#517)
Files: agent.c, agent.h, agent_win.c
Notes:
* agent: Add support for Windows OpenSSH agent
The implementation was partially taken and modified from that found in
the Portable OpenSSH port to Win32 by the PowerShell team, but mostly
based on the existing Unix OpenSSH agent support.
https://github.com/PowerShell/openssh-portable
Regarding the partial transfer support implementation: partial transfers
are easy to deal with, but you need to track additional state when
non-blocking IO enters the picture. A tracker of how many bytes have
been transfered has been placed in the transfer context struct as that's
where it makes most sense. This tracker isn't placed behind a WIN32
#ifdef as it will probably be useful for other agent implementations.
* agent: win32 openssh: Disable overlapped IO
Non-blocking IO is not currently supported by the surrounding agent
code, despite a lot of the code having everything set up to handle it.
Credit:
Co-authored-by: Gabriel Smith <gabriel.smith@precisionot.com>
- [Zenju brought this change]
Fix detailed _libssh2_error being overwritten (#473)
Files: openssl.c, pem.c, userauth.c
Notes:
* Fix detailed _libssh2_error being overwritten by generic errors
* Unified error handling
Credit:
Zenju
- [Paul Capron brought this change]
Fix _libssh2_random() silently discarding errors (#520)
Notes:
* Make _libssh2_random return code consistent
Previously, _libssh2_random was advertized in HACKING.CRYPTO as
returning `void` (and was implemented that way in os400qc3.c), but that
was in other crypto backends a lie; _libssh2_random is (a macro
expanding) to an int-value expression or function.
Moreover, that returned code was:
— 0 or success, -1 on error for the MbedTLS & WinCNG crypto backends
But also:
— 1 on success, -1 or 0 on error for the OpenSSL backend!
1 on success, error cannot happen for libgcrypt!
This commit makes explicit that _libssh2_random can fail (because most of
the underlying crypto functions can indeed fail!), and it makes its result
code consistent: 0 on success, -1 on error.
This is related to issue #519 https://github.com/libssh2/libssh2/issues/519
It fixes the first half of it.
* Don't silent errors of _libssh2_random
Make sure to check the returned code of _libssh2_random(), and
propagates any failure.
A new LIBSSH_ERROR_RANDGEN constant is added to libssh2.h
None of the existing error constants seemed fit.
This commit is related to d74285b68450c0e9ea6d5f8070450837fb1e74a7
and to https://github.com/libssh2/libssh2/issues/519 (see the issue
for more info.) It closes #519.
Credit:
Paul Capron
- [Gabriel Smith brought this change]
ci: Remove caching of docker image layers (#589)
Notes:
continued ci reliability work.
Credit:
Gabriel Smith
- [Gabriel Smith brought this change]
ci: Speed up docker builds for tests (#587)
Notes:
The OpenSSH server docker image used for tests is pre-built to prevent
wasting time building it during a test, and unneeded rebuilds are
prevented by caching the image layers.
Credit:
Gabriel Smith
- [Will Cosgrove brought this change]
userauth.c: don't error if using keys without RSA (#555)
file: userauth.c
notes: libssh2 now supports many other key types besides RSA, if the library is built without RSA support and a user attempts RSA auth it shouldn't be an automatic error
credit:
Will Cosgrove
- [Marc brought this change]
openssl.c: Avoid OpenSSL latent error in FIPS mode (#528)
File:
openssl.c
Notes:
Avoid initing MD5 digest, which is not permitted in OpenSSL FIPS certified cryptography mode.
Credit:
Marc
- [Laurent Stacul brought this change]
openssl.c: Fix EVP_Cipher interface change in openssl 3 #463
File:
openssl.c
Notes:
Fixes building with OpenSSL 3, #463.
The change is described there:
https://github.com/openssl/openssl/commit/f7397f0d58ce7ddf4c5366cd1846f16b341fbe43
Credit:
Laurent Stacul, reported by Sergei
- [Gabriel Smith brought this change]
openssh_fixture.c: Fix potential overwrite of buffer when reading stdout of command (#580)
File:
openssh_fixture.c
Notes:
If reading the full output from the executed command took multiple
passes (such as when reading multiple lines) the old code would read
into the buffer starting at the some position (the start) every time.
The old code only works if fgets updated p or had an offset parameter,
both of which are not true.
Credit:
Gabriel Smith
- [Gabriel Smith brought this change]
ci: explicitly state the default branch (#585)
Notes:
It looks like the $default-branch macro only works in templates, not
workflows. This is not explicitly stated anywhere except the linked PR
comment.
https://github.com/actions/starter-workflows/pull/590#issuecomment-672360634
credit:
Gabriel Smith
- [Gabriel Smith brought this change]
ci: Swap from Travis to Github Actions (#581)
Files: ci files
Notes:
Move Linux CI using Github Actions
Credit:
Gabriel Smith, Marc Hörsken
- [Mary brought this change]
libssh2_priv.h: add iovec on 3ds (#575)
file: libssh2_priv.h
note: include iovec for 3DS
credit: Mary Mstrodl
- [Laurent Stacul brought this change]
Tests: Fix unused variables warning (#561)
file: test_public_key_auth_succeeds_with_correct_ed25519_key_from_mem.c
notes: fixed unused vars
credit:
Laurent Stacul
- [Viktor Szakats brought this change]
bcrypt_pbkdf.c: fix clang10 false positive warning (#563)
File: bcrypt_pbkdf.c
Notes:
blf_enc() takes a number of 64-bit blocks to encrypt, but using
sizeof(uint64_t) in the calculation triggers a warning with
clang 10 because the actual data type is uint32_t. Pass
BCRYPT_BLOCKS / 2 for the number of blocks like libc bcrypt(3)
does.
Ref: https://github.com/openbsd/src/commit/04a2240bd8f465bcae6b595d912af3e2965856de
Fixes #562
Credit:
Viktor Szakats
- [Will Cosgrove brought this change]
transport.c: release payload on error (#554)
file: transport.c
notes: If the payload is invalid and there is an early return, we could leak the payload
credit:
Will Cosgrove
- [Will Cosgrove brought this change]
ssh2_client_fuzzer.cc: fixed building
The GitHub web editor did some funky things
- [Will Cosgrove brought this change]
ssh_client_fuzzer.cc: set blocking mode on (#553)
file: ssh_client_fuzzer.cc
notes: the session needs blocking mode turned on to avoid EAGAIN being returned from libssh2_session_handshake()
credit:
Will Cosgrove, reviewed by Michael Buckley
- [Etienne Samson brought this change]
Add a LINT option to CMake (#372)
* ci: make style-checking available locally
* cmake: add a linting target
* tests: check test suite syntax with checksrc.pl
- [Will Cosgrove brought this change]
kex.c: kex_agree_instr() improve string reading (#552)
* kex.c: kex_agree_instr() improve string reading
file: kex.c
notes: if haystack isn't null terminated we should use memchr() not strchar(). We should also make sure we don't walk off the end of the buffer.
credit:
Will Cosgrove, reviewed by Michael Buckley
- [Will Cosgrove brought this change]
kex.c: use string_buf in ecdh_sha2_nistp (#551)
* kex.c: use string_buf in ecdh_sha2_nistp
file: kex.c
notes:
use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
- [Will Cosgrove brought this change]
kex.c: move EC macro outside of if check #549 (#550)
File: kex.c
Notes:
Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code.
Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up.
Credit:
Stefan-Ghinea
- [Tim Gates brought this change]
kex.c: fix simple typo, niumber -> number (#545)
File: kex.c
Notes:
There is a small typo in src/kex.c.
Should read `number` rather than `niumber`.
Credit:
Tim Gates
- [Tseng Jun brought this change]
session.c: Correct a typo which may lead to stack overflow (#533)
@ -3200,7 +3642,7 @@ Alexander Lamaison (13 Mar 2015)
- Without zlib
Conflicts:
README
README
- Man man syntax tests fail gracefully if man version is not suitable.
@ -3275,18 +3717,18 @@ Guenter Knauf (8 Jan 2015)
Marc Hoersken (29 Dec 2014)
- knownhost.c: fix use of uninitialized argument variable wrote
Detected by clang scan in line 1195, column 18.
Detected by clang scan in line 1195, column 18.
- examples/x11.c: fix result of operation is garbage or undefined
Fix use of uninitialized structure w_size_bck.
Detected by clang scan in line 386, column 28.
Detected by clang scan in line 386, column 28.
- examples/x11.c: remove dead assigments of some return values
Detected by clang scan in line 212, column 9.
Detected by clang scan in line 222, column 13.
Detected by clang scan in line 410, column 13.
Detected by clang scan in line 410, column 13.
- examples/x11.c: fix possible memory leak if read fails
@ -6387,155 +6829,3 @@ Peter Stuge (17 Jun 2010)
Daniel Stenberg (16 Jun 2010)
- libssh2_session_callback_set: extended the man page
- [John brought this change]
LIBSSH2_DEBUG: macro uses incorrect function variable
The LIBSSH2_DEBUG macro, defined in libssh2_priv.h, incorrectly uses the
function variable ssh_msg_disconnect when it should use ssh_msg_debug.
This shows that the LIBSSH2_CALLBACK_DEBUG callback never has worked...
- warning: fix a compiler warning 'pointer differs in signedness'
As reported in bug #177
- portability: introduce LIBSSH2_INT64_T_FORMAT for 64bit printf()s
As pointed out in bug #177, some of the Windows compilers use
%I64 to output 64 bit variables with the printf family.
- debug: avoid sending NULL to sprintf %s
Via the _libssh2_debug() macro/function. Pointed out by john in bug report
- sftp docs: show macro on macro page, only function on function page
The individual man pages for macros now show the full convenience
macro as defined, and then the man page for the actual function
only shows the function.
- code police: make the code use less than 80 columns
- libssh2_channel_write_ex: remove macros, added wording on buffer size
- libssh2_sftp_write: document buffer size and changed some ordering
- libssh2_channel_write_stderr: show how the macro is defined
- libssh2_channel_write: show how the macro is defined
- SFTP: limit write() to not produce overly large packets
sftp_write() now limits how much data it gets at a time even more
than before. Since this function creates a complete outgoing
packet based on what gets passed to it, it is crucial that it
doesn't create too large packets.
With this method, there's also no longer any problem to use very
large buffers in your application and feed that to libssh2. I've
done numerous tests now with uploading data over SFTP using 100K
buffers and I've had no problems with that.
- scp_write_nonblock: add transfer time info
Using the same timing logic and output format as
sftp_write_nonblock allows us to very easily run benchmarks on
SCP vs SFTP uploads using libssh2.
- sftp_write_nonblock: select() on socket, use *BIG* buffer, time transfer
The select() is just to make it nicer so that it doesn't
crazy-loop on EAGAIN. The buffer size thing is mostly to verify
that this really work as supposed.
Transfer timing is just a minor thing, but it can just as well be
there and help us time and work on performance easier using out
of the box examples.
- agent: use _libssh2_error() when returning errors
As pointed out in bug report #173, this module basically never
used _libssh2_error() which made it work inconstently with other
parts of the libssh2 code base. This is my first take at making
this code more in line with the rest.
- inputchecks: make lots of API functions check for NULL pointers
If an application accidentally provides a NULL handle pointer to
the channel or sftp public functions, they now return an error
instead of segfaulting.
- libssh2_channel_eof: clarify that it returns negative on errors
- SFTP: keep the sftp error code as 32 bit
'last_errno' holds to the error code from the SFTP protocol and
since that is 32 bits on the wire there's no point in using a
long for this internally which is larger on some platforms.
- agent: make the code better deal with unexpected code flows
agent->ops gets initialized by the libssh2_agent_connect() call
but we need to make sure that we don't segfault even if a bad
sequence of function calls is used.
Alexander Lamaison (10 Jun 2010)
- Better handling of invalid key files.
Passing an invalid public key to libssh2_userauth_publickey_fromfile_ex
triggered an assertion. Replaced this with a runtime check that rejects
obviously invalid key data.
Daniel Stenberg (10 Jun 2010)
- version: we start working on 1.2.7 now
Version 1.2.6 (10 Jun 2010)
Daniel Stenberg (10 Jun 2010)
- NEWS: add the 1.2.6 release details
- RELEASE-NOTES: 1.2.6 details added
Guenter Knauf (10 Jun 2010)
- fixed libssh2.dsw to use the generated libssh2.dsp; removed old *.dsp files.
- moved MSVC strdup define to libssh2_config.h which we include already.
- added missing source files to src/NMakefile.
Daniel Stenberg (8 Jun 2010)
- libssh2_poll: refer to poll(3) and select(3) instead
- example: fix strdup() for MSVC compiles
MSVC has a _strdup() that we better use. This was reported in bug
- SFTP: fail init SFTP if session isn't authenticated
Alexander Lamaison filed bug #172
(http://trac.libssh2.org/ticket/172), and pointed out that SFTP
init would do bad if the session isn't yet authenticated at the
time of the call, so we now check for this situation and returns
an error if detected. Calling sftp_init() at this point is bad
usage to start with.
- direct_tcpip: bring back inclusion of libssh2_config.h
In order to increase portability of this example, I'm bringing
the inclusion of libssh2_config.h back, and I also added an
require that header for this example to compile.
I also made all code lines fit within 80 columns.
Guenter Knauf (3 Jun 2010)
- cast away a warning.
- moved CRT_SECURE_NO_DEPRECATE define up so its defined before the winsock headers are included.
- fixed platform detection for MingW32 test makefile.
- MingW32 has gettimeofday() implemented, so proper ifdef this function here.
- removed MSVC ifdef since seems we can use __int64 still with latest headers.

94
uppsrc/Core/SSH/libssh2/RELEASE-NOTES
View file

@ -1,44 +1,62 @@
libssh2 1.9.0
libssh2 1.10
This release includes the following enhancements and bugfixes:
o adds ECDSA keys and host key support when using OpenSSL
o adds ED25519 key and host key support when using OpenSSL 1.1.1
o adds OpenSSH style key file reading
o adds AES CTR mode support when using WinCNG
o adds PEM passphrase protected file support for Libgcrypt and WinCNG
o adds SHA256 hostkey fingerprint
o adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
o adds explicit zeroing of sensitive data in memory
o adds additional bounds checks to network buffer reads
o adds the ability to use the server default permissions when creating sftp directories
o adds support for building with OpenSSL no engine flag
o adds support for building with LibreSSL
o increased sftp packet size to 256k
o fixed oversized packet handling in sftp
o fixed building with OpenSSL 1.1
o fixed a possible crash if sftp stat gets an unexpected response
o fixed incorrect parsing of the KEX preference string value
o fixed conditional RSA and AES-CTR support
o fixed a small memory leak during the key exchange process
o fixed a possible memory leak of the ssh banner string
o fixed various small memory leaks in the backends
o fixed possible out of bounds read when parsing public keys from the server
o fixed possible out of bounds read when parsing invalid PEM files
o no longer null terminates the scp remote exec command
o now handle errors when diffie hellman key pair generation fails
o fixed compiling on Windows with the flag STDCALL=ON
o improved building instructions
o adds agent forwarding support
o adds OpenSSH Agent support on Windows
o adds ECDSA key support using the Mbed TLS backend
o adds ECDSA cert authentication
o adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512,
diffie-hellman-group18-sha512 key exchanges
o adds support for PKIX key reading when using ed25519 with OpenSSL
o adds support for EWOULDBLOCK on VMS systems
o adds support for building with OpenSSL 3
o adds support for using FIPS mode in OpenSSL
o adds debug symbols when building with MSVC
o adds support for building on the 3DS
o adds unicode build support on Windows
o restores os400 building
o increases min, max and opt Diffie Hellman group values
o improves portiablity of the make file
o improves timeout behavior with 2FA keyboard auth
o various improvements to the Wincng backend
o fixes reading parital packet replies when using an agent
o fixes Diffie Hellman key exchange on Windows 1903+ builds
o fixes building tests with older versions of OpenSSL
o fixes possible multiple definition warnings
o fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
o fixes potential use after free if libssh2_init() is called twice
o improved linking when using Mbed TLS
o fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
o fixes crash when loading public keys with no id
o fixes possible out of bounds read when exchanging keys
o fixes possible out of bounds read when reading packets
o fixes possible out of bounds read when opening an X11 connection
o fixes possible out of bounds read when ecdh host keys
o fixes possible hang when trying to read a disconnected socket
o fixes a crash when using the delayed compression option
o fixes read error with large known host entries
o fixes various warnings
o fixes various small memory leaks
o improved error handling, various detailed errors will now be reported
o builds are now using OSS-Fuzz
o builds now use autoreconf instead of a custom build script
o cmake now respects install directory
o improved CI backend
o updated HACKING-CRYPTO documentation
o use markdown file extensions
o improved unit tests
This release would not have looked like this without help, code, reports and
advice from friends like these:
Peter Surge, Will Cosgrove, Daniel Stenberg, Alex Arslan, Alex Crichton,
Thomas Bleeker, Keno Fischer, Marc Hörsken, Marcel Raad, Viktor Szakats,
Kamil Dudka, Panos, Etienne Samson, Tseng Jun, Brendan Shanks, doublex,
Erik B, Jakob Egger, Thomas Lochmatter, alex-weaver, Adrian Moran, Zenju,
gartens, Matthew D. Fuller, Ryan Kelley, Zhen-Huan HWANG, Orivej Desh,
Alexander Curtiss
(29 contributors)
katzer, Orgad Shaneh, mark-i-m, Zenju, axjowa, Thilo Schulz,
Etienne Samson, hlefebvre, seba30, Panos, jethrogb, Fabrice Fontaine,
Will Cosgrove, Daniel Stenberg, Michael Buckley, Wallace Souza Silva,
Romain-Geissler-1A, meierha, Tseng Jun, Thomas Klausner, Brendan Shanks,
Harry Sintonen, monnerat, Koutheir Attouchi, Marc Hörsken, yann-morin-1998,
Wez Furlong, TDi-jonesds, David Benjamin, Max Dymond, Igor Klevanets,
Viktor Szakats, Laurent Stacul, Mstrodl, Gabriel Smith, MarcT512,
Paul Capron, teottin, Tor Erik Ottinsen, Brian Inglis
(40 contributors)

65
uppsrc/Core/SSH/libssh2/agent.c
View file

@ -38,6 +38,7 @@
*/
#include "libssh2_priv.h"
#include "agent.h"
#include "misc.h"
#include <errno.h>
#ifdef HAVE_SYS_UN_H
@ -50,6 +51,9 @@
#endif
#include "userauth.h"
#include "session.h"
#ifdef WIN32
#include <stdlib.h>
#endif
/* Requests from client to agent for protocol 1 key operations */
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
@ -90,58 +94,6 @@
#define SSH_AGENT_CONSTRAIN_LIFETIME 1
#define SSH_AGENT_CONSTRAIN_CONFIRM 2
/* non-blocking mode on agent connection is not yet implemented, but
for future use. */
typedef enum {
agent_NB_state_init = 0,
agent_NB_state_request_created,
agent_NB_state_request_length_sent,
agent_NB_state_request_sent,
agent_NB_state_response_length_received,
agent_NB_state_response_received
} agent_nonblocking_states;
typedef struct agent_transaction_ctx {
unsigned char *request;
size_t request_len;
unsigned char *response;
size_t response_len;
agent_nonblocking_states state;
} *agent_transaction_ctx_t;
typedef int (*agent_connect_func)(LIBSSH2_AGENT *agent);
typedef int (*agent_transact_func)(LIBSSH2_AGENT *agent,
agent_transaction_ctx_t transctx);
typedef int (*agent_disconnect_func)(LIBSSH2_AGENT *agent);
struct agent_publickey {
struct list_node node;
/* this is the struct we expose externally */
struct libssh2_agent_publickey external;
};
struct agent_ops {
agent_connect_func connect;
agent_transact_func transact;
agent_disconnect_func disconnect;
};
struct _LIBSSH2_AGENT
{
LIBSSH2_SESSION *session; /* the session this "belongs to" */
libssh2_socket_t fd;
struct agent_ops *ops;
struct agent_transaction_ctx transctx;
struct agent_publickey *identity;
struct list_head head; /* list of public keys */
char *identity_agent_path; /* Path to a custom identity agent socket */
};
#ifdef PF_UNIX
static int
agent_connect_unix(LIBSSH2_AGENT *agent)
@ -404,6 +356,7 @@ static struct {
} supported_backends[] = {
#ifdef WIN32
{"Pageant", &agent_ops_pageant},
{"OpenSSH", &agent_ops_openssh},
#endif /* WIN32 */
#ifdef PF_UNIX
{"Unix", &agent_ops_unix},
@ -441,6 +394,7 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
_libssh2_store_u32(&s, 0);
transctx->request_len = s - transctx->request;
transctx->send_recv_total = 0;
transctx->state = agent_NB_state_request_created;
}
@ -541,6 +495,7 @@ agent_list_identities(LIBSSH2_AGENT *agent)
if(transctx->state == agent_NB_state_init) {
transctx->request = &c;
transctx->request_len = 1;
transctx->send_recv_total = 0;
transctx->state = agent_NB_state_request_created;
}
@ -717,6 +672,12 @@ libssh2_agent_init(LIBSSH2_SESSION *session)
agent->identity_agent_path = NULL;
_libssh2_list_init(&agent->head);
#ifdef WIN32
agent->pipe = INVALID_HANDLE_VALUE;
memset(&agent->overlapped, 0, sizeof(OVERLAPPED));
agent->pending_io = FALSE;
#endif
return agent;
}

112
uppsrc/Core/SSH/libssh2/agent.h Normal file
View file

@ -0,0 +1,112 @@
#ifndef __LIBSSH2_AGENT_H
#define __LIBSSH2_AGENT_H
/*
* Copyright (c) 2009 by Daiki Ueno
* Copyright (C) 2010-2014 by Daniel Stenberg
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include "libssh2_priv.h"
#include "misc.h"
#include "session.h"
#ifdef WIN32
#include <stdlib.h>
#endif
/* non-blocking mode on agent connection is not yet implemented, but
for future use. */
typedef enum {
agent_NB_state_init = 0,
agent_NB_state_request_created,
agent_NB_state_request_length_sent,
agent_NB_state_request_sent,
agent_NB_state_response_length_received,
agent_NB_state_response_received
} agent_nonblocking_states;
typedef struct agent_transaction_ctx {
unsigned char *request;
size_t request_len;
unsigned char *response;
size_t response_len;
agent_nonblocking_states state;
size_t send_recv_total;
} *agent_transaction_ctx_t;
typedef int (*agent_connect_func)(LIBSSH2_AGENT *agent);
typedef int (*agent_transact_func)(LIBSSH2_AGENT *agent,
agent_transaction_ctx_t transctx);
typedef int (*agent_disconnect_func)(LIBSSH2_AGENT *agent);
struct agent_publickey {
struct list_node node;
/* this is the struct we expose externally */
struct libssh2_agent_publickey external;
};
struct agent_ops {
agent_connect_func connect;
agent_transact_func transact;
agent_disconnect_func disconnect;
};
struct _LIBSSH2_AGENT
{
LIBSSH2_SESSION *session; /* the session this "belongs to" */
libssh2_socket_t fd;
struct agent_ops *ops;
struct agent_transaction_ctx transctx;
struct agent_publickey *identity;
struct list_head head; /* list of public keys */
char *identity_agent_path; /* Path to a custom identity agent socket */
#ifdef WIN32
OVERLAPPED overlapped;
HANDLE pipe;
BOOL pending_io;
#endif
};
#ifdef WIN32
extern struct agent_ops agent_ops_openssh;
#endif
#endif /* __LIBSSH2_AGENT_H */

361
uppsrc/Core/SSH/libssh2/agent_win.c Normal file
View file

@ -0,0 +1,361 @@
/*
* Copyright (c) 2009 by Daiki Ueno
* Copyright (C) 2010-2014 by Daniel Stenberg
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include "libssh2_priv.h"
#include "agent.h"
#include "misc.h"
#include <errno.h>
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#else
/* Use the existence of sys/un.h as a test if Unix domain socket is
supported. winsock*.h define PF_UNIX/AF_UNIX but do not actually
support them. */
#undef PF_UNIX
#endif
#include "userauth.h"
#include "session.h"
#ifdef WIN32
#include <stdlib.h>
#endif
#ifdef WIN32
/* Code to talk to OpenSSH was taken and modified from the Win32 port of
* Portable OpenSSH by the PowerShell team. Commit
* 8ab565c53f3619d6a1f5ac229e212cad8a52852c of
* https://github.com/PowerShell/openssh-portable.git was used as the base,
* specificaly the following files:
*
* - contrib\win32\win32compat\fileio.c
* - Structure of agent_connect_openssh from ssh_get_authentication_socket
* - Structure of agent_transact_openssh from ssh_request_reply
* - contrib\win32\win32compat\wmain_common.c
* - Windows equivalent functions for common Unix functions, inlined into
* this implementation
* - fileio_connect replacing connect
* - fileio_read replacing read
* - fileio_write replacing write
* - fileio_close replacing close
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Functions for connecting the local authentication agent.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*
* SSH2 implementation,
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Copyright (c) 2015 Microsoft Corp.
* All rights reserved
*
* Microsoft openssh win32 port
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define WIN32_OPENSSH_AGENT_SOCK "\\\\.\\pipe\\openssh-ssh-agent"
static int
agent_connect_openssh(LIBSSH2_AGENT *agent)
{
int ret = LIBSSH2_ERROR_NONE;
const char *path;
HANDLE pipe = INVALID_HANDLE_VALUE;
HANDLE event = NULL;
path = agent->identity_agent_path;
if(!path) {
path = getenv("SSH_AUTH_SOCK");
if(!path)
path = WIN32_OPENSSH_AGENT_SOCK;
}
for(;;) {
pipe = CreateFileA(
path,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
/* Non-blocking mode for agent connections is not implemented at
* the point this was implemented. The code for Win32 OpenSSH
* should support non-blocking IO, but the code calling it doesn't
* support it as of yet.
* When non-blocking IO is implemented for the surrounding code,
* uncomment the following line to enable support within the Win32
* OpenSSH code.
*/
/* FILE_FLAG_OVERLAPPED | */
SECURITY_SQOS_PRESENT |
SECURITY_IDENTIFICATION,
NULL
);
if(pipe != INVALID_HANDLE_VALUE)
break;
if(GetLastError() != ERROR_PIPE_BUSY)
break;
/* Wait up to 1 second for a pipe instance to become available */
if(!WaitNamedPipeA(path, 1000))
break;
}
if(pipe == INVALID_HANDLE_VALUE) {
ret = _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL,
"unable to connect to agent pipe");
goto cleanup;
}
if(SetHandleInformation(pipe, HANDLE_FLAG_INHERIT, 0) == FALSE) {
ret = _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL,
"unable to set handle information of agent pipe");
goto cleanup;
}
event = CreateEventA(NULL, TRUE, FALSE, NULL);
if(event == NULL) {
ret = _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL,
"unable to create async I/O event");
goto cleanup;
}
agent->pipe = pipe;
pipe = INVALID_HANDLE_VALUE;
agent->overlapped.hEvent = event;
event = NULL;
agent->fd = 0; /* Mark as the connection has been established */
cleanup:
if(event != NULL)
CloseHandle(event);
if(pipe != INVALID_HANDLE_VALUE)
CloseHandle(pipe);
return ret;
}
#define RECV_SEND_ALL(func, agent, buffer, length, total) \
DWORD bytes_transfered; \
BOOL ret; \
DWORD err; \
int rc; \
\
while(*total < length) { \
if(!agent->pending_io) \
ret = func(agent->pipe, (char *)buffer + *total, \
(DWORD)(length - *total), &bytes_transfered, \
&agent->overlapped); \
else \
ret = GetOverlappedResult(agent->pipe, &agent->overlapped, \
&bytes_transfered, FALSE); \
\
*total += bytes_transfered; \
if(!ret) { \
err = GetLastError(); \
if((!agent->pending_io && ERROR_IO_PENDING == err) \
|| (agent->pending_io && ERROR_IO_INCOMPLETE == err)) { \
agent->pending_io = TRUE; \
return LIBSSH2_ERROR_EAGAIN; \
} \
\
return LIBSSH2_ERROR_SOCKET_NONE; \
} \
agent->pending_io = FALSE; \
} \
\
rc = (int)*total; \
*total = 0; \
return rc;
static int
win32_openssh_send_all(LIBSSH2_AGENT *agent, void *buffer, size_t length,
size_t *send_recv_total)
{
RECV_SEND_ALL(WriteFile, agent, buffer, length, send_recv_total)
}
static int
win32_openssh_recv_all(LIBSSH2_AGENT *agent, void *buffer, size_t length,
size_t *send_recv_total)
{
RECV_SEND_ALL(ReadFile, agent, buffer, length, send_recv_total)
}
#undef RECV_SEND_ALL
static int
agent_transact_openssh(LIBSSH2_AGENT *agent, agent_transaction_ctx_t transctx)
{
unsigned char buf[4];
int rc;
/* Send the length of the request */
if(transctx->state == agent_NB_state_request_created) {
_libssh2_htonu32(buf, (uint32_t)transctx->request_len);
rc = win32_openssh_send_all(agent, buf, sizeof buf,
&transctx->send_recv_total);
if(rc == LIBSSH2_ERROR_EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
else if(rc < 0)
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_SEND,
"agent send failed");
transctx->state = agent_NB_state_request_length_sent;
}
/* Send the request body */
if(transctx->state == agent_NB_state_request_length_sent) {
rc = win32_openssh_send_all(agent, transctx->request,
transctx->request_len,
&transctx->send_recv_total);
if(rc == LIBSSH2_ERROR_EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
else if(rc < 0)
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_SEND,
"agent send failed");
transctx->state = agent_NB_state_request_sent;
}
/* Receive the length of the body */
if(transctx->state == agent_NB_state_request_sent) {
rc = win32_openssh_recv_all(agent, buf, sizeof buf,
&transctx->send_recv_total);
if(rc == LIBSSH2_ERROR_EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
else if(rc < 0)
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_RECV,
"agent recv failed");
transctx->response_len = _libssh2_ntohu32(buf);
transctx->response = LIBSSH2_ALLOC(agent->session,
transctx->response_len);
if(!transctx->response)
return LIBSSH2_ERROR_ALLOC;
transctx->state = agent_NB_state_response_length_received;
}
/* Receive the response body */
if(transctx->state == agent_NB_state_response_length_received) {
rc = win32_openssh_recv_all(agent, transctx->response,
transctx->response_len,
&transctx->send_recv_total);
if(rc == LIBSSH2_ERROR_EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
else if(rc < 0)
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_RECV,
"agent recv failed");
transctx->state = agent_NB_state_response_received;
}
return LIBSSH2_ERROR_NONE;
}
static int
agent_disconnect_openssh(LIBSSH2_AGENT *agent)
{
if(!CancelIo(agent->pipe))
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_DISCONNECT,
"failed to cancel pending IO of agent pipe");
if(!CloseHandle(agent->overlapped.hEvent))
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_DISCONNECT,
"failed to close handle to async I/O event");
agent->overlapped.hEvent = NULL;
/* let queued APCs (if any) drain */
SleepEx(0, TRUE);
if(!CloseHandle(agent->pipe))
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_DISCONNECT,
"failed to close handle to agent pipe");
agent->pipe = INVALID_HANDLE_VALUE;
agent->fd = LIBSSH2_INVALID_SOCKET;
return LIBSSH2_ERROR_NONE;
}
struct agent_ops agent_ops_openssh = {
agent_connect_openssh,
agent_transact_openssh,
agent_disconnect_openssh
};
#endif /* WIN32 */

2
uppsrc/Core/SSH/libssh2/bcrypt_pbkdf.c
View file

@ -81,7 +81,7 @@ bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
&j);
for(i = 0; i < 64; i++)
blf_enc(&state, cdata, sizeof(cdata) / (sizeof(uint64_t)));
blf_enc(&state, cdata, BCRYPT_BLOCKS / 2);
/* copy out */
for(i = 0; i < BCRYPT_BLOCKS; i++) {

6
uppsrc/Core/SSH/libssh2/channel.c
View file

@ -1338,7 +1338,11 @@ channel_x11_req(LIBSSH2_CHANNEL *channel, int single_connection,
border */
unsigned char buffer[(LIBSSH2_X11_RANDOM_COOKIE_LEN / 2) + 1];
_libssh2_random(buffer, LIBSSH2_X11_RANDOM_COOKIE_LEN / 2);
if(_libssh2_random(buffer, LIBSSH2_X11_RANDOM_COOKIE_LEN / 2)) {
return _libssh2_error(session, LIBSSH2_ERROR_RANDGEN,
"Unable to get random bytes "
"for x11-req cookie");
}
for(i = 0; i < (LIBSSH2_X11_RANDOM_COOKIE_LEN / 2); i++) {
snprintf((char *)&s[i*2], 3, "%02X", buffer[i]);
}

39
uppsrc/Core/SSH/libssh2/hostkey.c
View file

@ -783,6 +783,42 @@ static const LIBSSH2_HOSTKEY_METHOD hostkey_method_ecdsa_ssh_nistp521 = {
hostkey_method_ssh_ecdsa_dtor,
};
static const LIBSSH2_HOSTKEY_METHOD hostkey_method_ecdsa_ssh_nistp256_cert = {
"ecdsa-sha2-nistp256-cert-v01@openssh.com",
SHA256_DIGEST_LENGTH,
NULL,
hostkey_method_ssh_ecdsa_initPEM,
hostkey_method_ssh_ecdsa_initPEMFromMemory,
NULL,
hostkey_method_ssh_ecdsa_signv,
NULL, /* encrypt */
hostkey_method_ssh_ecdsa_dtor,
};
static const LIBSSH2_HOSTKEY_METHOD hostkey_method_ecdsa_ssh_nistp384_cert = {
"ecdsa-sha2-nistp384-cert-v01@openssh.com",
SHA384_DIGEST_LENGTH,
NULL,
hostkey_method_ssh_ecdsa_initPEM,
hostkey_method_ssh_ecdsa_initPEMFromMemory,
NULL,
hostkey_method_ssh_ecdsa_signv,
NULL, /* encrypt */
hostkey_method_ssh_ecdsa_dtor,
};
static const LIBSSH2_HOSTKEY_METHOD hostkey_method_ecdsa_ssh_nistp521_cert = {
"ecdsa-sha2-nistp521-cert-v01@openssh.com",
SHA512_DIGEST_LENGTH,
NULL,
hostkey_method_ssh_ecdsa_initPEM,
hostkey_method_ssh_ecdsa_initPEMFromMemory,
NULL,
hostkey_method_ssh_ecdsa_signv,
NULL, /* encrypt */
hostkey_method_ssh_ecdsa_dtor,
};
#endif /* LIBSSH2_ECDSA */
#if LIBSSH2_ED25519
@ -999,6 +1035,9 @@ static const LIBSSH2_HOSTKEY_METHOD *hostkey_methods[] = {
&hostkey_method_ecdsa_ssh_nistp256,
&hostkey_method_ecdsa_ssh_nistp384,
&hostkey_method_ecdsa_ssh_nistp521,
&hostkey_method_ecdsa_ssh_nistp256_cert,
&hostkey_method_ecdsa_ssh_nistp384_cert,
&hostkey_method_ecdsa_ssh_nistp521_cert,
#endif
#if LIBSSH2_ED25519
&hostkey_method_ssh_ed25519,

149
uppsrc/Core/SSH/libssh2/kex.c
View file

@ -1579,39 +1579,6 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
}
#if LIBSSH2_ECDSA
/* kex_session_ecdh_curve_type
* returns the EC curve type by name used in key exchange
*/
static int
kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
{
int ret = 0;
libssh2_curve_type type;
if(name == NULL)
return -1;
if(strcmp(name, "ecdh-sha2-nistp256") == 0)
type = LIBSSH2_EC_CURVE_NISTP256;
else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
type = LIBSSH2_EC_CURVE_NISTP384;
else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
type = LIBSSH2_EC_CURVE_NISTP521;
else {
ret = -1;
}
if(ret == 0 && out_type) {
*out_type = type;
}
return ret;
}
/* LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY
*
* Macro that create and verifies EC SHA hash with a given digest bytes
@ -1721,6 +1688,39 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
} \
#if LIBSSH2_ECDSA
/* kex_session_ecdh_curve_type
* returns the EC curve type by name used in key exchange
*/
static int
kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
{
int ret = 0;
libssh2_curve_type type;
if(name == NULL)
return -1;
if(strcmp(name, "ecdh-sha2-nistp256") == 0)
type = LIBSSH2_EC_CURVE_NISTP256;
else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
type = LIBSSH2_EC_CURVE_NISTP384;
else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
type = LIBSSH2_EC_CURVE_NISTP521;
else {
ret = -1;
}
if(ret == 0 && out_type) {
*out_type = type;
}
return ret;
}
/* ecdh_sha2_nistp
* Elliptic Curve Diffie Hellman Key Exchange
*/
@ -1752,26 +1752,24 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
/* parse INIT reply data */
/* host key K_S */
unsigned char *s = data + 1; /* Advance past packet type */
unsigned char *server_public_key;
size_t server_public_key_len;
size_t host_sig_len;
struct string_buf buf;
session->server_hostkey_len =
_libssh2_ntohu32((const unsigned char *)s);
s += 4;
buf.data = data;
buf.len = data_len;
buf.dataptr = buf.data;
buf.dataptr++; /* Advance past packet type */
session->server_hostkey = LIBSSH2_ALLOC(session,
session->server_hostkey_len);
if(!session->server_hostkey) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for a copy "
"of the host key");
if(_libssh2_copy_string(session, &buf, &(session->server_hostkey),
&server_public_key_len)) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for a copy "
"of the host key");
goto clean_exit;
}
memcpy(session->server_hostkey, s, session->server_hostkey_len);
s += session->server_hostkey_len;
session->server_hostkey_len = (uint32_t)server_public_key_len;
#if LIBSSH2_MD5
{
@ -1870,19 +1868,20 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
}
/* server public key Q_S */
server_public_key_len = _libssh2_ntohu32((const unsigned char *)s);
s += 4;
server_public_key = s;
s += server_public_key_len;
if(_libssh2_get_string(&buf, &server_public_key,
&server_public_key_len)) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Unexpected key length");
goto clean_exit;
}
/* server signature */
host_sig_len = _libssh2_ntohu32((const unsigned char *)s);
s += 4;
exchange_state->h_sig = s;
exchange_state->h_sig_len = host_sig_len;
s += host_sig_len;
if(_libssh2_get_string(&buf, &exchange_state->h_sig,
&(exchange_state->h_sig_len))) {
ret = _libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_INIT,
"Unexpected ecdh server sig length");
goto clean_exit;
}
/* Compute the shared secret K */
rc = _libssh2_ecdh_gen_k(&exchange_state->k, private_key,
@ -3177,7 +3176,11 @@ static int kexinit(LIBSSH2_SESSION * session)
*(s++) = SSH_MSG_KEXINIT;
_libssh2_random(s, 16);
if(_libssh2_random(s, 16)) {
return _libssh2_error(session, LIBSSH2_ERROR_RANDGEN,
"Unable to get random bytes "
"for KEXINIT cookie");
}
s += 16;
/* Ennumerating through these lists twice is probably (certainly?)
@ -3287,24 +3290,40 @@ kex_agree_instr(unsigned char *haystack, unsigned long haystack_len,
const unsigned char *needle, unsigned long needle_len)
{
unsigned char *s;
unsigned char *end_haystack;
unsigned long left;
/* Haystack too short to bother trying */
if(haystack_len < needle_len) {
if(haystack == NULL || needle == NULL) {
return NULL;
}
/* Haystack too short to bother trying */
if(haystack_len < needle_len || needle_len == 0) {
return NULL;
}
s = haystack;
end_haystack = &haystack[haystack_len];
left = end_haystack - s;
/* Needle at start of haystack */
if((strncmp((char *) haystack, (char *) needle, needle_len) == 0) &&
(needle_len == haystack_len || haystack[needle_len] == ',')) {
return haystack;
}
s = haystack;
/* Search until we run out of comas or we run out of haystack,
whichever comes first */
while((s = (unsigned char *) strchr((char *) s, ','))
&& ((haystack_len - (s - haystack)) > needle_len)) {
s++;
while((s = (unsigned char *) memchr((char *) s, ',', left))) {
/* Advance buffer past coma if we can */
left = end_haystack - s;
if((left >= 1) && (left <= haystack_len) && (left > needle_len)) {
s++;
}
else {
return NULL;
}
/* Needle at X position */
if((strncmp((char *) s, (char *) needle, needle_len) == 0) &&
(((s - haystack) + needle_len) == haystack_len
@ -4069,7 +4088,7 @@ LIBSSH2_API int libssh2_session_supported_algs(LIBSSH2_SESSION* session,
supported algorithms (needed to allocate the proper size of array) and
the second time to actually copy the pointers. Typically this function
will not be called often (typically at the beginning of a session) and
the number of algorithms (i.e. niumber of iterations in one loop) will
the number of algorithms (i.e. number of iterations in one loop) will
not be high (typically it will not exceed 20) for quite a long time.
So double looping really shouldn't be an issue and it is definitely a

2
uppsrc/Core/SSH/libssh2/libgcrypt.h
View file

@ -68,7 +68,7 @@
#define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1)
#define _libssh2_random(buf, len) \
(gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 1)
(gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 0)
#define libssh2_prepare_iovec(vec, len) /* Empty. */

9
uppsrc/Core/SSH/libssh2/libssh2.h
View file

@ -46,12 +46,12 @@
to make the BANNER define (used by src/session.c) be a valid SSH
banner. Release versions have no appended strings and may of course not
have dashes either. */
#define LIBSSH2_VERSION "1.9.0-20201117"
#define LIBSSH2_VERSION "1.10.0"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBSSH2_VERSION_MAJOR 1
#define LIBSSH2_VERSION_MINOR 9
#define LIBSSH2_VERSION_MINOR 10
#define LIBSSH2_VERSION_PATCH 0
/* This is the numeric version of the libssh2 version number, meant for easier
@ -69,7 +69,7 @@
and it is always a greater number in a more recent release. It makes
comparisons with greater than and less than work.
*/
#define LIBSSH2_VERSION_NUM 0x010900
#define LIBSSH2_VERSION_NUM 0x010a00
/*
* This is the date and time when the full source package was created. The
@ -80,7 +80,7 @@
*
* "Mon Feb 12 11:35:33 UTC 2007"
*/
#define LIBSSH2_TIMESTAMP "Tue Nov 17 05:06:30 UTC 2020"
#define LIBSSH2_TIMESTAMP "Sun 29 Aug 2021 08:37:50 PM UTC"
#ifndef RC_INVOKED
@ -505,6 +505,7 @@ typedef struct _LIBSSH2_POLLFD {
#define LIBSSH2_ERROR_KNOWN_HOSTS -46
#define LIBSSH2_ERROR_CHANNEL_WINDOW_FULL -47
#define LIBSSH2_ERROR_KEYFILE_AUTH_FAILED -48
#define LIBSSH2_ERROR_RANDGEN -49
/* this is a define to provide the old (<= 1.2.7) name */
#define LIBSSH2_ERROR_BANNER_NONE LIBSSH2_ERROR_BANNER_RECV

6
uppsrc/Core/SSH/libssh2/libssh2_config.h
View file

@ -31,7 +31,7 @@
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
@ -42,9 +42,9 @@
#define PACKAGE "Upp::SSH"
#define PACKAGE_BUGREPORT "https://github.com/ultimatepp/ultimatepp/issues"
#define PACKAGE_NAME "Ultimate++ SSH package"
#define PACKAGE_STRING "Ultimate++ SSH package, a libssh2 wrapper, (ver. 2021.1)"
#define PACKAGE_STRING "Ultimate++ SSH package, a libssh2 wrapper, (ver. 2022.2)"
#define PACKAGE_URL "https://github.com/ultimatepp/ultimatepp"
#define PACKAGE_VERSION "2021.1"
#define PACKAGE_VERSION "2022.2 (libssh2 v.1.10.0)"
/* Headers */
#define HAVE_INTTYPES_H

24
uppsrc/Core/SSH/libssh2/libssh2_config.h.in
View file

@ -3,19 +3,13 @@
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c' support on those systems.
*/
#undef CRAY_STACKSEG_END
/* Define to 1 if using `alloca.c'. */
/* Define to 1 if using 'alloca.c'. */
#undef C_ALLOCA
/* Define to 1 if you have `alloca', as a function or macro. */
/* Define to 1 if you have 'alloca', as a function or macro. */
#undef HAVE_ALLOCA
/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
*/
/* Define to 1 if <alloca.h> works. */
#undef HAVE_ALLOCA_H
/* Define to 1 if you have the <arpa/inet.h> header file. */
@ -76,9 +70,6 @@
/* Define to 1 if the compiler supports the 'long long' data type. */
#undef HAVE_LONGLONG
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the `memset_s' function. */
#undef HAVE_MEMSET_S
@ -222,7 +213,9 @@
STACK_DIRECTION = 0 => direction of growth unknown */
#undef STACK_DIRECTION
/* Define to 1 if you have the ANSI C header files. */
/* Define to 1 if all of the C90 standard headers exist (not just the ones
required in a freestanding environment). This macro is provided for
backward compatibility; new code need not use it. */
#undef STDC_HEADERS
/* Version number of package */
@ -240,11 +233,6 @@
# endif
#endif
/* Enable large inode numbers on Mac OS X 10.5. */
#ifndef _DARWIN_USE_64_BIT_INODE
# define _DARWIN_USE_64_BIT_INODE 1
#endif
/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS

9
uppsrc/Core/SSH/libssh2/libssh2_priv.h
View file

@ -109,14 +109,19 @@
#define inline __inline
#endif
/* Provide iovec / writev on WIN32 platform. */
#ifdef WIN32
/* 3DS doesn't seem to have iovec */
#if defined(WIN32) || defined(_3DS)
struct iovec {
size_t iov_len;
void *iov_base;
};
#endif
/* Provide iovec / writev on WIN32 platform. */
#ifdef WIN32
static inline int writev(int sock, struct iovec *iov, int nvecs)
{
DWORD ret;

90
uppsrc/Core/SSH/libssh2/openssl.c
View file

@ -427,10 +427,19 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
#else
ret = EVP_Cipher(ctx, buf, block, blocksize);
#endif
#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
if(ret != -1) {
#else
if(ret == 1) {
#endif
memcpy(block, buf, blocksize);
}
#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
return ret != -1 ? 0 : 1;
#else
return ret == 1 ? 0 : 1;
#endif
}
#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
@ -1681,6 +1690,8 @@ gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION *session,
method_buf = LIBSSH2_ALLOC(session, 11); /* ssh-ed25519. */
if(method_buf == NULL) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for ED25519 key");
goto clean_exit;
}
@ -1689,6 +1700,8 @@ gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION *session,
key_len = LIBSSH2_ED25519_KEY_LEN + 19;
key = LIBSSH2_CALLOC(session, key_len);
if(key == NULL) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for ED25519 key");
goto clean_exit;
}
@ -2212,6 +2225,19 @@ _libssh2_sha512(const unsigned char *message, unsigned long len,
int
_libssh2_md5_init(libssh2_md5_ctx *ctx)
{
/* MD5 digest is not supported in OpenSSL FIPS mode
* Trying to init it will result in a latent OpenSSL error:
* "digital envelope routines:FIPS_DIGESTINIT:disabled for fips"
* So, just return 0 in FIPS mode
*/
#if OPENSSL_VERSION_NUMBER >= 0x000907000L && \
defined(OPENSSL_VERSION_MAJOR) && \
OPENSSL_VERSION_MAJOR < 3 && \
!defined(LIBRESSL_VERSION_NUMBER)
if(FIPS_mode() != 0)
return 0;
#endif
#ifdef HAVE_OPAQUE_STRUCTS
*ctx = EVP_MD_CTX_new();
@ -2402,6 +2428,7 @@ gen_publickey_from_ecdsa_openssh_priv_data(LIBSSH2_SESSION *session,
if((rc = _libssh2_ecdsa_curve_name_with_octal_new(&ec_key, point_buf,
pointlen, curve_type)) != 0) {
rc = -1;
_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"ECDSA could not create key");
goto fail;
@ -2410,6 +2437,8 @@ gen_publickey_from_ecdsa_openssh_priv_data(LIBSSH2_SESSION *session,
bn_exponent = BN_new();
if(bn_exponent == NULL) {
rc = -1;
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for private key data");
goto fail;
}
@ -2436,15 +2465,10 @@ gen_publickey_from_ecdsa_openssh_priv_data(LIBSSH2_SESSION *session,
return rc;
fail:
if(ec_key != NULL)
EC_KEY_free(ec_key);
return _libssh2_error(session,
LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for private key data");
return rc;
}
static int
@ -3037,17 +3061,13 @@ _libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION *session,
if(key_ctx != NULL)
*key_ctx = NULL;
if(session == NULL) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Session is required");
return -1;
}
if(session == NULL)
return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Session is required");
if(key_type != NULL && (strlen(key_type) > 11 || strlen(key_type) < 7)) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"type is invalid");
return -1;
}
if(key_type != NULL && (strlen(key_type) > 11 || strlen(key_type) < 7))
return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"type is invalid");
_libssh2_init_if_needed();
@ -3055,20 +3075,18 @@ _libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION *session,
privatekeydata,
privatekeydata_len, &decrypted);
if(rc) {
if(rc)
return rc;
}
/* We have a new key file, now try and parse it using supported types */
rc = _libssh2_get_string(decrypted, &buf, NULL);
if(rc != 0 || buf == NULL) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Public key type in decrypted key data not found");
return -1;
}
if(rc != 0 || buf == NULL)
return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Public key type in decrypted "
"key data not found");
rc = -1;
rc = LIBSSH2_ERROR_FILE;
#if LIBSSH2_ED25519
if(strcmp("ssh-ed25519", (const char *)buf) == 0) {
@ -3122,6 +3140,11 @@ _libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION *session,
}
#endif
if(rc == LIBSSH2_ERROR_FILE)
rc = _libssh2_error(session, LIBSSH2_ERROR_FILE,
"Unable to extract public key from private key file: "
"invalid/unrecognized private key file format");
if(decrypted)
_libssh2_string_buf_free(session, decrypted);
@ -3161,10 +3184,10 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
"Computing public key from private key.");
bp = BIO_new_mem_buf((char *)privatekeydata, privatekeydata_len);
if(!bp) {
return -1;
}
if(!bp)
return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory when"
"computing public key");
BIO_reset(bp);
pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void *)passphrase);
BIO_free(bp);
@ -3179,15 +3202,8 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
privatekeydata,
privatekeydata_len,
(unsigned const char *)passphrase);
if(st != 0) {
return _libssh2_error(session,
LIBSSH2_ERROR_FILE,
"Unable to extract public key "
"from private key file: "
"Wrong passphrase or invalid/unrecognized "
"private key file format");
}
if(st != 0)
return st;
return 0;
}

2
uppsrc/Core/SSH/libssh2/openssl.h
View file

@ -137,7 +137,7 @@
#define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1)
#define _libssh2_random(buf, len) RAND_bytes ((buf), (len))
#define _libssh2_random(buf, len) (RAND_bytes((buf), (len)) == 1 ? 0 : -1)
#define libssh2_prepare_iovec(vec, len) /* Empty. */

4
uppsrc/Core/SSH/libssh2/packet.c
View file

@ -1323,9 +1323,11 @@ _libssh2_packet_requirev(LIBSSH2_SESSION *session,
if(strchr((char *) packet_types, ret)) {
/* Be lazy, let packet_ask pull it out of the brigade */
return _libssh2_packet_askv(session, packet_types, data,
int ret = _libssh2_packet_askv(session, packet_types, data,
data_len, match_ofs, match_buf,
match_len);
state->start = 0;
return ret;
}
}

31
uppsrc/Core/SSH/libssh2/pem.c
View file

@ -176,6 +176,8 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session,
linelen = strlen(line);
tmp = LIBSSH2_REALLOC(session, b64data, b64datalen + linelen);
if(!tmp) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for PEM parsing");
ret = -1;
goto out;
}
@ -319,6 +321,8 @@ _libssh2_pem_parse_memory(LIBSSH2_SESSION * session,
linelen = strlen(line);
tmp = LIBSSH2_REALLOC(session, b64data, b64datalen + linelen);
if(!tmp) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for PEM parsing");
ret = -1;
goto out;
}
@ -690,6 +694,8 @@ _libssh2_openssh_pem_parse(LIBSSH2_SESSION * session,
linelen = strlen(line);
tmp = LIBSSH2_REALLOC(session, b64data, b64datalen + linelen);
if(!tmp) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for PEM parsing");
ret = -1;
goto out;
}
@ -738,17 +744,17 @@ _libssh2_openssh_pem_parse_memory(LIBSSH2_SESSION * session,
size_t off = 0;
int ret;
if(filedata == NULL || filedata_len <= 0) {
return -1;
}
if(filedata == NULL || filedata_len <= 0)
return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Error parsing PEM: filedata missing");
do {
*line = '\0';
if(off >= filedata_len) {
return -1;
}
if(off >= filedata_len)
return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Error parsing PEM: offset out of bounds");
if(readline_memory(line, LINE_SIZE, filedata, filedata_len, &off)) {
return -1;
@ -766,7 +772,9 @@ _libssh2_openssh_pem_parse_memory(LIBSSH2_SESSION * session,
linelen = strlen(line);
tmp = LIBSSH2_REALLOC(session, b64data, b64datalen + linelen);
if(!tmp) {
ret = -1;
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for "
"PEM parsing");
goto out;
}
memcpy(tmp + b64datalen, line, linelen);
@ -777,7 +785,8 @@ _libssh2_openssh_pem_parse_memory(LIBSSH2_SESSION * session,
*line = '\0';
if(off >= filedata_len) {
ret = -1;
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Error parsing PEM: offset out of bounds");
goto out;
}
@ -787,9 +796,9 @@ _libssh2_openssh_pem_parse_memory(LIBSSH2_SESSION * session,
}
} while(strcmp(line, OPENSSH_HEADER_END) != 0);
if(!b64data) {
return -1;
}
if(!b64data)
return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Error parsing PEM: base 64 data missing");
ret = _libssh2_openssh_pem_parse_data(session, passphrase, b64data,
b64datalen, decrypted_buf);

9
uppsrc/Core/SSH/libssh2/transport.c
View file

@ -488,6 +488,8 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
p->wptr += blocksize - 5; /* advance write pointer */
}
else {
if(p->payload)
LIBSSH2_FREE(session, p->payload);
return LIBSSH2_ERROR_OUT_OF_BOUNDARY;
}
}
@ -570,6 +572,8 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
memcpy(p->wptr, &p->buf[p->readidx], numbytes);
}
else {
if(p->payload)
LIBSSH2_FREE(session, p->payload);
return LIBSSH2_ERROR_OUT_OF_BOUNDARY;
}
@ -858,7 +862,10 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session,
p->outbuf[4] = (unsigned char)padding_length;
/* fill the padding area with random junk */
_libssh2_random(p->outbuf + 5 + data_len, padding_length);
if(_libssh2_random(p->outbuf + 5 + data_len, padding_length)) {
return _libssh2_error(session, LIBSSH2_ERROR_RANDGEN,
"Unable to get random bytes for packet padding");
}
if(encrypted) {
size_t i;

44
uppsrc/Core/SSH/libssh2/userauth.c
View file

@ -828,11 +828,6 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
{
int rc;
#if !LIBSSH2_RSA
return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
"RSA is not supported by crypto backend");
#endif
if(session->userauth_host_state == libssh2_NB_state_idle) {
const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
unsigned char *pubkeydata = NULL;
@ -1075,7 +1070,21 @@ libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session,
return rc;
}
static int plain_method_len(const char *method, size_t method_len)
{
if(!strncmp("ecdsa-sha2-nistp256-cert-v01@openssh.com",
method,
method_len) ||
!strncmp("ecdsa-sha2-nistp384-cert-v01@openssh.com",
method,
method_len) ||
!strncmp("ecdsa-sha2-nistp521-cert-v01@openssh.com",
method,
method_len)) {
return 19;
}
return method_len;
}
int
_libssh2_userauth_publickey(LIBSSH2_SESSION *session,
@ -1340,6 +1349,10 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
s = session->userauth_pblc_packet + session->userauth_pblc_packet_len;
session->userauth_pblc_b = NULL;
session->userauth_pblc_method_len =
plain_method_len((const char *)session->userauth_pblc_method,
session->userauth_pblc_method_len);
_libssh2_store_u32(&s,
4 + session->userauth_pblc_method_len + 4 +
sig_len);
@ -1438,11 +1451,6 @@ userauth_publickey_frommemory(LIBSSH2_SESSION *session,
void *abstract = &privkey_file;
int rc;
#if !LIBSSH2_RSA
return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
"RSA is not supported by crypto backend");
#endif
privkey_file.filename = privatekeydata;
privkey_file.passphrase = passphrase;
@ -1457,15 +1465,14 @@ userauth_publickey_frommemory(LIBSSH2_SESSION *session,
}
else if(privatekeydata_len && privatekeydata) {
/* Compute public key from private key. */
if(_libssh2_pub_priv_keyfilememory(session,
rc = _libssh2_pub_priv_keyfilememory(session,
&session->userauth_pblc_method,
&session->userauth_pblc_method_len,
&pubkeydata, &pubkeydata_len,
privatekeydata, privatekeydata_len,
passphrase))
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
"Unable to extract public key "
"from private key.");
passphrase);
if(rc)
return rc;
}
else {
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
@ -1500,11 +1507,6 @@ userauth_publickey_fromfile(LIBSSH2_SESSION *session,
void *abstract = &privkey_file;
int rc;
#if !LIBSSH2_RSA
return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
"RSA is not supported by crypto backend");
#endif
privkey_file.filename = privatekey;
privkey_file.passphrase = passphrase;

1
uppsrc/Core/SSH/libssh2upp.c
View file

@ -2,6 +2,7 @@
#define _UPP_SSH_libssh2upp_h_
#include "libssh2/agent.c"
#include "libssh2/agent_win.c"
#include "libssh2/bcrypt_pbkdf.c"
#include "libssh2/blowfish.c"
#include "libssh2/channel.c"

1
uppsrc/CtrlLib/CtrlLib.usc
View file

@ -324,6 +324,7 @@ ctrl LabelBox {
>Base;
Text SetLabel ? "Box label" ;
Font SetFont = StdFont();
Paint(w) {
sz = GetSize();

3
uppsrc/ide/Builders/CppBuilder.cpp
View file

@ -379,8 +379,7 @@ Vector<String> CppBuilder::CustomStep(const String& pf, const String& package_,
if(p.Id("exclude_path")) {
ExtExclude(p, packageFolder, include_path, flags);
}
else {
p.PassId("includes");
if(p.Id("includes")) {
bool apply = CheckImportCondition(p, flags);
Vector<String> e = ReadPatterns(p);
if(apply) {