PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity

Upgrade libssh2 to 1.11.0

Browse Source
This commit is contained in:
dmiller
2024-02-28 17:39:06 +00:00
parent f64e2fab07
commit 1fc984bc73
114 changed files with 24809 additions and 19351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
libssh2/src/pem.c
View File

@@ -100,20 +100,27 @@ static const char *crypt_annotation = "Proc-Type: 4,ENCRYPTED";
static unsigned char hex_decode(char digit)
{
return (digit >= 'A') ? 0xA + (digit - 'A') : (digit - '0');
return (unsigned char)
((digit >= 'A') ? (0xA + (digit - 'A')) : (digit - '0'));
}
/* Hack to fix builds with crypto backends with MD5 support disabled.
FIXME: Honor our LIBSSH2_MD5 macro for MD5-dependent logic. */
#ifdef OPENSSL_NO_MD5
#define MD5_DIGEST_LENGTH 16
#endif
int
_libssh2_pem_parse(LIBSSH2_SESSION * session,
const char *headerbegin,
const char *headerend,
const unsigned char *passphrase,
FILE * fp, unsigned char **data, unsigned int *datalen)
FILE * fp, unsigned char **data, size_t *datalen)
{
char line[LINE_SIZE];
unsigned char iv[LINE_SIZE];
char *b64data = NULL;
unsigned int b64datalen = 0;
size_t b64datalen = 0;
int ret;
const LIBSSH2_CRYPT_METHOD *method = NULL;
@@ -141,7 +148,8 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session,
}
all_methods = libssh2_crypt_methods();
while((cur_method = *all_methods++)) {
/* !checksrc! disable EQUALSNULL 1 */
while((cur_method = *all_methods++) != NULL) {
if(*cur_method->pem_annotation &&
memcmp(line, cur_method->pem_annotation,
strlen(cur_method->pem_annotation)) == 0) {
@@ -152,12 +160,12 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session,
}
/* None of the available crypt methods were able to decrypt the key */
if(method == NULL)
if(!method)
return -1;
/* Decode IV from hex */
for(i = 0; i < method->iv_len; ++i) {
iv[i] = hex_decode(iv[2*i]) << 4;
iv[i] = (unsigned char)(hex_decode(iv[2*i]) << 4);
iv[i] |= hex_decode(iv[2*i + 1]);
}
@@ -198,7 +206,7 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session,
return -1;
}
if(libssh2_base64_decode(session, (char **) data, datalen,
if(_libssh2_base64_decode(session, (char **) data, datalen,
b64data, b64datalen)) {
ret = -1;
goto out;
@@ -258,7 +266,11 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session,
while(len_decrypted <= (int)*datalen - blocksize) {
if(method->crypt(session, *data + len_decrypted, blocksize,
&abstract)) {
&abstract,
len_decrypted == 0 ? FIRST_BLOCK :
((len_decrypted == (int)*datalen - blocksize) ?
LAST_BLOCK : MIDDLE_BLOCK)
)) {
ret = LIBSSH2_ERROR_DECRYPT;
_libssh2_explicit_zero((char *)secret, sizeof(secret));
method->dtor(session, &abstract);
@@ -281,7 +293,7 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session,
}
ret = 0;
out:
out:
if(b64data) {
_libssh2_explicit_zero(b64data, b64datalen);
LIBSSH2_FREE(session, b64data);
@@ -294,11 +306,11 @@ _libssh2_pem_parse_memory(LIBSSH2_SESSION * session,
const char *headerbegin,
const char *headerend,
const char *filedata, size_t filedata_len,
unsigned char **data, unsigned int *datalen)
unsigned char **data, size_t *datalen)
{
char line[LINE_SIZE];
char *b64data = NULL;
unsigned int b64datalen = 0;
size_t b64datalen = 0;
size_t off = 0;
int ret;
@@ -343,14 +355,14 @@ _libssh2_pem_parse_memory(LIBSSH2_SESSION * session,
return -1;
}
if(libssh2_base64_decode(session, (char **) data, datalen,
if(_libssh2_base64_decode(session, (char **) data, datalen,
b64data, b64datalen)) {
ret = -1;
goto out;
}
ret = 0;
out:
out:
if(b64data) {
_libssh2_explicit_zero(b64data, b64datalen);
LIBSSH2_FREE(session, b64data);
@@ -382,7 +394,7 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
unsigned char *key_part = NULL;
unsigned char *iv_part = NULL;
unsigned char *f = NULL;
unsigned int f_len = 0;
size_t f_len = 0;
int ret = 0, keylen = 0, ivlen = 0, total_len = 0;
size_t kdf_len = 0, tmp_len = 0, salt_len = 0;
@@ -390,10 +402,10 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
*decrypted_buf = NULL;
/* decode file */
if(libssh2_base64_decode(session, (char **)&f, &f_len,
b64data, b64datalen)) {
ret = -1;
goto out;
if(_libssh2_base64_decode(session, (char **)&f, &f_len,
b64data, b64datalen)) {
ret = -1;
goto out;
}
/* Parse the file */
@@ -425,7 +437,7 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
if(_libssh2_get_string(&decoded, &kdfname, &tmp_len) ||
tmp_len == 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"kdfname is missing");
"kdfname is missing");
goto out;
}
@@ -440,7 +452,7 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
kdf_buf.len = kdf_len;
}
if((passphrase == NULL || strlen((const char *)passphrase) == 0) &&
if((!passphrase || strlen((const char *)passphrase) == 0) &&
strcmp((const char *)ciphername, "none") != 0) {
/* passphrase required */
ret = LIBSSH2_ERROR_KEYFILE_AUTH_FAILED;
@@ -456,8 +468,8 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
if(!strcmp((const char *)kdfname, "none") &&
strcmp((const char *)ciphername, "none") != 0) {
ret =_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"invalid format");
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"invalid format");
goto out;
}
@@ -478,7 +490,7 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
if(_libssh2_get_string(&decoded, &buf, &tmp_len) || tmp_len == 0) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Private key data not found");
"Private key data not found");
goto out;
}
@@ -490,7 +502,8 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
const LIBSSH2_CRYPT_METHOD **all_methods, *cur_method;
all_methods = libssh2_crypt_methods();
while((cur_method = *all_methods++)) {
/* !checksrc! disable EQUALSNULL 1 */
while((cur_method = *all_methods++) != NULL) {
if(*cur_method->name &&
memcmp(ciphername, cur_method->name,
strlen(cur_method->name)) == 0) {
@@ -500,9 +513,9 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
/* None of the available crypt methods were able to decrypt the key */
if(method == NULL) {
if(!method) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"No supported cipher found");
"No supported cipher found");
goto out;
}
}
@@ -517,16 +530,15 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
total_len = keylen + ivlen;
key = LIBSSH2_CALLOC(session, total_len);
if(key == NULL) {
if(!key) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Could not alloc key");
"Could not alloc key");
goto out;
}
if(strcmp((const char *)kdfname, "bcrypt") == 0 &&
passphrase != NULL) {
if(strcmp((const char *)kdfname, "bcrypt") == 0 && passphrase) {
if((_libssh2_get_string(&kdf_buf, &salt, &salt_len)) ||
(_libssh2_get_u32(&kdf_buf, &rounds) != 0) ) {
(_libssh2_get_u32(&kdf_buf, &rounds) != 0)) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"kdf contains unexpected values");
LIBSSH2_FREE(session, key);
@@ -545,7 +557,7 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
}
else {
ret = _libssh2_error(session, LIBSSH2_ERROR_KEYFILE_AUTH_FAILED,
"bcrypted without passphrase");
"bcrypted without passphrase");
LIBSSH2_FREE(session, key);
goto out;
}
@@ -554,14 +566,14 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
blocksize = method->blocksize;
key_part = LIBSSH2_CALLOC(session, keylen);
if(key_part == NULL) {
if(!key_part) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Could not alloc key part");
goto out;
}
iv_part = LIBSSH2_CALLOC(session, ivlen);
if(iv_part == NULL) {
if(!iv_part) {
ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Could not alloc iv part");
goto out;
@@ -572,7 +584,7 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
/* Initialize the decryption */
if(method->init(session, method, iv_part, &free_iv, key_part,
&free_secret, 0, &abstract)) {
&free_secret, 0, &abstract)) {
ret = LIBSSH2_ERROR_DECRYPT;
goto out;
}
@@ -587,7 +599,11 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
while((size_t)len_decrypted <= decrypted.len - blocksize) {
if(method->crypt(session, decrypted.data + len_decrypted,
blocksize,
&abstract)) {
&abstract,
len_decrypted == 0 ? FIRST_BLOCK : (
((size_t)len_decrypted == decrypted.len - blocksize) ?
LAST_BLOCK : MIDDLE_BLOCK)
)) {
ret = LIBSSH2_ERROR_DECRYPT;
method->dtor(session, &abstract);
goto out;
@@ -606,13 +622,13 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
if(_libssh2_get_u32(&decrypted, &check1) != 0 ||
_libssh2_get_u32(&decrypted, &check2) != 0 ||
check1 != check2) {
_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Private key unpack failed (correct password?)");
ret = LIBSSH2_ERROR_KEYFILE_AUTH_FAILED;
goto out;
_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Private key unpack failed (correct password?)");
ret = LIBSSH2_ERROR_KEYFILE_AUTH_FAILED;
goto out;
}
if(decrypted_buf != NULL) {
if(decrypted_buf) {
/* copy data to out-going buffer */
struct string_buf *out_buf = _libssh2_string_buf_new(session);
if(!out_buf) {
@@ -623,7 +639,7 @@ _libssh2_openssh_pem_parse_data(LIBSSH2_SESSION * session,
}
out_buf->data = LIBSSH2_CALLOC(session, decrypted.len);
if(out_buf->data == NULL) {
if(!out_buf->data) {
ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for "
"decrypted struct");
@@ -668,7 +684,7 @@ _libssh2_openssh_pem_parse(LIBSSH2_SESSION * session,
{
char line[LINE_SIZE];
char *b64data = NULL;
unsigned int b64datalen = 0;
size_t b64datalen = 0;
int ret = 0;
/* read file */
@@ -719,7 +735,7 @@ _libssh2_openssh_pem_parse(LIBSSH2_SESSION * session,
ret = _libssh2_openssh_pem_parse_data(session,
passphrase,
(const char *)b64data,
(size_t)b64datalen,
b64datalen,
decrypted_buf);
if(b64data) {
@@ -740,11 +756,11 @@ _libssh2_openssh_pem_parse_memory(LIBSSH2_SESSION * session,
{
char line[LINE_SIZE];
char *b64data = NULL;
unsigned int b64datalen = 0;
size_t b64datalen = 0;
size_t off = 0;
int ret;
if(filedata == NULL || filedata_len <= 0)
if(!filedata || filedata_len <= 0)
return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Error parsing PEM: filedata missing");
@@ -754,7 +770,8 @@ _libssh2_openssh_pem_parse_memory(LIBSSH2_SESSION * session,
if(off >= filedata_len)
return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Error parsing PEM: offset out of bounds");
"Error parsing PEM: "
"OpenSSH header not found");
if(readline_memory(line, LINE_SIZE, filedata, filedata_len, &off)) {
return -1;
@@ -765,7 +782,7 @@ _libssh2_openssh_pem_parse_memory(LIBSSH2_SESSION * session,
*line = '\0';
do {
if (*line) {
if(*line) {
char *tmp;
size_t linelen;
@@ -814,7 +831,7 @@ out:
static int
read_asn1_length(const unsigned char *data,
unsigned int datalen, unsigned int *len)
size_t datalen, size_t *len)
{
unsigned int lenlen;
int nextpos;
@@ -848,9 +865,9 @@ read_asn1_length(const unsigned char *data,
}
int
_libssh2_pem_decode_sequence(unsigned char **data, unsigned int *datalen)
_libssh2_pem_decode_sequence(unsigned char **data, size_t *datalen)
{
unsigned int len;
size_t len;
int lenlen;
if(*datalen < 1) {
@@ -876,10 +893,10 @@ _libssh2_pem_decode_sequence(unsigned char **data, unsigned int *datalen)
}
int
_libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen,
_libssh2_pem_decode_integer(unsigned char **data, size_t *datalen,
unsigned char **i, unsigned int *ilen)
{
unsigned int len;
size_t len;
int lenlen;
if(*datalen < 1) {
@@ -902,7 +919,7 @@ _libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen,
*datalen -= lenlen;
*i = *data;
*ilen = len;
*ilen = (unsigned int)len;
*data += len;
*datalen -= len;