PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-16 04:39:03 +00:00
Code Issues Projects Releases Wiki Activity

Upgrade libssh2 to 1.11.0

Browse Source
This commit is contained in:
dmiller
2024-02-28 17:39:06 +00:00
parent f64e2fab07
commit 1fc984bc73
114 changed files with 24809 additions and 19351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
libssh2/src/mac.c
View File

@@ -38,15 +38,26 @@
#include "libssh2_priv.h"
#include "mac.h"
#ifdef LIBSSH2_MAC_NONE
#if defined(LIBSSH2DEBUG) && defined(LIBSSH2_MAC_NONE_INSECURE)
/* mac_none_MAC
* Minimalist MAC: No MAC
*
* Minimalist MAC: No MAC. DO NOT USE.
*
* The SSH2 Transport allows implementations to forego a message
* authentication code. While this is less of a security risk than using
* a "none" cipher, it is still not recommended as disabling MAC hashes
* removes a layer of security.
*
* Enabling this option will allow for "none" as a negotiable method,
* however it still requires that the method be advertised by the remote
* end and that no more-preferable methods are available.
*
*/
static int
mac_none_MAC(LIBSSH2_SESSION * session, unsigned char *buf,
uint32_t seqno, const unsigned char *packet,
uint32_t packet_len, const unsigned char *addtl,
uint32_t addtl_len, void **abstract)
size_t packet_len, const unsigned char *addtl,
size_t addtl_len, void **abstract)
{
return 0;
}
@@ -60,9 +71,10 @@ static LIBSSH2_MAC_METHOD mac_method_none = {
0,
NULL,
mac_none_MAC,
NULL
NULL,
0
};
#endif /* LIBSSH2_MAC_NONE */
#endif /* defined(LIBSSH2DEBUG) && defined(LIBSSH2_MAC_NONE_INSECURE) */
/* mac_method_common_init
* Initialize simple mac methods
@@ -73,7 +85,7 @@ mac_method_common_init(LIBSSH2_SESSION * session, unsigned char *key,
{
*abstract = key;
*free_key = 0;
(void) session;
(void)session;
return 0;
}
@@ -102,15 +114,15 @@ mac_method_common_dtor(LIBSSH2_SESSION * session, void **abstract)
*/
static int
mac_method_hmac_sha2_512_hash(LIBSSH2_SESSION * session,
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
uint32_t packet_len,
const unsigned char *addtl,
uint32_t addtl_len, void **abstract)
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
size_t packet_len,
const unsigned char *addtl,
size_t addtl_len, void **abstract)
{
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void) session;
(void)session;
_libssh2_htonu32(seqno_buf, seqno);
@@ -127,8 +139,6 @@ mac_method_hmac_sha2_512_hash(LIBSSH2_SESSION * session,
return 0;
}
static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_512 = {
"hmac-sha2-512",
64,
@@ -136,7 +146,19 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_512 = {
mac_method_common_init,
mac_method_hmac_sha2_512_hash,
mac_method_common_dtor,
0
};
static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_512_etm = {
"hmac-sha2-512-etm@openssh.com",
64,
64,
mac_method_common_init,
mac_method_hmac_sha2_512_hash,
mac_method_common_dtor,
1
};
#endif
@@ -147,15 +169,15 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_512 = {
*/
static int
mac_method_hmac_sha2_256_hash(LIBSSH2_SESSION * session,
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
uint32_t packet_len,
const unsigned char *addtl,
uint32_t addtl_len, void **abstract)
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
size_t packet_len,
const unsigned char *addtl,
size_t addtl_len, void **abstract)
{
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void) session;
(void)session;
_libssh2_htonu32(seqno_buf, seqno);
@@ -181,7 +203,19 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_256 = {
mac_method_common_init,
mac_method_hmac_sha2_256_hash,
mac_method_common_dtor,
0
};
static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_256_etm = {
"hmac-sha2-256-etm@openssh.com",
32,
32,
mac_method_common_init,
mac_method_hmac_sha2_256_hash,
mac_method_common_dtor,
1
};
#endif
@@ -194,13 +228,13 @@ static int
mac_method_hmac_sha1_hash(LIBSSH2_SESSION * session,
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
uint32_t packet_len,
size_t packet_len,
const unsigned char *addtl,
uint32_t addtl_len, void **abstract)
size_t addtl_len, void **abstract)
{
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void) session;
(void)session;
_libssh2_htonu32(seqno_buf, seqno);
@@ -226,6 +260,17 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_sha1 = {
mac_method_common_init,
mac_method_hmac_sha1_hash,
mac_method_common_dtor,
0
};
static const LIBSSH2_MAC_METHOD mac_method_hmac_sha1_etm = {
"hmac-sha1-etm@openssh.com",
20,
20,
mac_method_common_init,
mac_method_hmac_sha1_hash,
mac_method_common_dtor,
1
};
/* mac_method_hmac_sha1_96_hash
@@ -235,9 +280,9 @@ static int
mac_method_hmac_sha1_96_hash(LIBSSH2_SESSION * session,
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
uint32_t packet_len,
size_t packet_len,
const unsigned char *addtl,
uint32_t addtl_len, void **abstract)
size_t addtl_len, void **abstract)
{
unsigned char temp[SHA_DIGEST_LENGTH];
@@ -257,6 +302,7 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_sha1_96 = {
mac_method_common_init,
mac_method_hmac_sha1_96_hash,
mac_method_common_dtor,
0
};
#if LIBSSH2_MD5
@@ -267,13 +313,13 @@ static int
mac_method_hmac_md5_hash(LIBSSH2_SESSION * session, unsigned char *buf,
uint32_t seqno,
const unsigned char *packet,
uint32_t packet_len,
size_t packet_len,
const unsigned char *addtl,
uint32_t addtl_len, void **abstract)
size_t addtl_len, void **abstract)
{
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void) session;
(void)session;
_libssh2_htonu32(seqno_buf, seqno);
@@ -299,6 +345,7 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_md5 = {
mac_method_common_init,
mac_method_hmac_md5_hash,
mac_method_common_dtor,
0
};
/* mac_method_hmac_md5_96_hash
@@ -308,9 +355,9 @@ static int
mac_method_hmac_md5_96_hash(LIBSSH2_SESSION * session,
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
uint32_t packet_len,
size_t packet_len,
const unsigned char *addtl,
uint32_t addtl_len, void **abstract)
size_t addtl_len, void **abstract)
{
unsigned char temp[MD5_DIGEST_LENGTH];
mac_method_hmac_md5_hash(session, temp, seqno, packet, packet_len,
@@ -328,6 +375,7 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_md5_96 = {
mac_method_common_init,
mac_method_hmac_md5_96_hash,
mac_method_common_dtor,
0
};
#endif /* LIBSSH2_MD5 */
@@ -339,14 +387,14 @@ static int
mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION * session,
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
uint32_t packet_len,
size_t packet_len,
const unsigned char *addtl,
uint32_t addtl_len,
size_t addtl_len,
void **abstract)
{
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void) session;
(void)session;
_libssh2_htonu32(seqno_buf, seqno);
@@ -372,6 +420,7 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_ripemd160 = {
mac_method_common_init,
mac_method_hmac_ripemd160_hash,
mac_method_common_dtor,
0
};
static const LIBSSH2_MAC_METHOD mac_method_hmac_ripemd160_openssh_com = {
@@ -381,17 +430,21 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_ripemd160_openssh_com = {
mac_method_common_init,
mac_method_hmac_ripemd160_hash,
mac_method_common_dtor,
0
};
#endif /* LIBSSH2_HMAC_RIPEMD */
static const LIBSSH2_MAC_METHOD *mac_methods[] = {
#if LIBSSH2_HMAC_SHA256
&mac_method_hmac_sha2_256,
&mac_method_hmac_sha2_256_etm,
#endif
#if LIBSSH2_HMAC_SHA512
&mac_method_hmac_sha2_512,
&mac_method_hmac_sha2_512_etm,
#endif
&mac_method_hmac_sha1,
&mac_method_hmac_sha1_etm,
&mac_method_hmac_sha1_96,
#if LIBSSH2_MD5
&mac_method_hmac_md5,
@@ -401,9 +454,9 @@ static const LIBSSH2_MAC_METHOD *mac_methods[] = {
&mac_method_hmac_ripemd160,
&mac_method_hmac_ripemd160_openssh_com,
#endif /* LIBSSH2_HMAC_RIPEMD */
#ifdef LIBSSH2_MAC_NONE
#if defined(LIBSSH2DEBUG) && defined(LIBSSH2_MAC_NONE_INSECURE)
&mac_method_none,
#endif /* LIBSSH2_MAC_NONE */
#endif
NULL
};
@@ -412,3 +465,33 @@ _libssh2_mac_methods(void)
{
return mac_methods;
}
#if LIBSSH2_AES_GCM
/* Stub for aes256-gcm@openssh.com crypto type, which has an integrated
HMAC method. This must not be added to mac_methods[] since it cannot be
negotiated separately. */
static const LIBSSH2_MAC_METHOD mac_method_hmac_aesgcm = {
"INTEGRATED-AES-GCM", /* made up name for display only */
16,
16,
NULL,
NULL,
NULL,
0
};
#endif /* LIBSSH2_AES_GCM */
/* See if the negotiated crypto method has its own authentication scheme that
* obviates the need for a separate negotiated hmac method */
const LIBSSH2_MAC_METHOD *
_libssh2_mac_override(const LIBSSH2_CRYPT_METHOD *crypt)
{
#if LIBSSH2_AES_GCM
if(!strcmp(crypt->name, "aes256-gcm@openssh.com") ||
!strcmp(crypt->name, "aes128-gcm@openssh.com"))
return &mac_method_hmac_aesgcm;
#else
(void) crypt;
#endif /* LIBSSH2_AES_GCM */
return NULL;
}