Updated changelog. Updated manylinux wheel embedded libssh2 version.

ParallelSSH · pkittenis · Mar 11, 2019 · Mar 6, 2019 · Mar 6, 2019 · Mar 6, 2019
commit fdee21e0f2cfbf7bfea54c00fd0f40fc173a8d68
@@ -10,6 +10,9 @@ Changes
 * Session object de-allocation no longer calls session disconnect.
 * Channel object de-allocation no longer calls channel close.
 * Rebuilt sources with Cython ``0.29.6``.
+* Updated Linux and Windows binary wheels to OpenSSL 1.1.
+* Updated embedded ``libssh2`` to latest master.
+* Added ``Ed25519`` publickey support via ``libssh2`` and OpenSSL upgrades.
 
 Packaging
 ----------

@@ -26,7 +26,7 @@ RUN cd ${OPENSSL}.tar.gz/${OPENSSL} && \
 
 # Libssh2
 RUN mkdir -p build_libssh2 && cd build_libssh2 && \
-    cmake ../libssh2.tar.gz -DBUILD_SHARED_LIBS=ON -DENABLE_ZLIB_COMPRESSION=ON \
+    cmake ../libssh2.tar.gz/libssh2-master -DBUILD_SHARED_LIBS=ON -DENABLE_ZLIB_COMPRESSION=ON \
     -DENABLE_CRYPT_NONE=ON -DENABLE_MAC_NONE=ON -DCMAKE_INSTALL_PREFIX=/usr && \
     cmake --build . --config Release --target install
 

@@ -30,17 +30,13 @@ def main():
     if not os.path.isfile(args.privatekey):
         print("No such private key %s" % (args.privatekey,))
         sys.exit(1)
-    publickey = "%s.pub" % (args.privatekey,)
-    if not os.path.isfile(publickey):
-        print("Expected public key at %s, found none" % (publickey,))
-        sys.exit(1)
 
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     sock.connect((args.host, args.port))
     s = Session()
     s.handshake(sock)
     s.userauth_publickey_fromfile(
-        args.user, publickey, args.privatekey, args.passphrase)
+        args.user, args.privatekey, passphrase=args.passphrase)
     chan = s.open_session()
     chan.execute(args.cmd)
     size, data = chan.read()

@@ -11,12 +11,12 @@ libssh2_hostkey_hash(LIBSSH2_SESSION *session, int hash_type);
 \fIsession\fP - Session instance as returned by 
 .BR libssh2_session_init_ex(3)
 
-\fIhash_type\fP - One of: \fBLIBSSH2_HOSTKEY_HASH_MD5\fP or 
-\fBLIBSSH2_HOSTKEY_HASH_SHA1\fP.
+\fIhash_type\fP - One of: \fBLIBSSH2_HOSTKEY_HASH_MD5\fP, 
+\fBLIBSSH2_HOSTKEY_HASH_SHA1\fP or \fBLIBSSH2_HOSTKEY_HASH_SHA256\fP.
 
 Returns the computed digest of the remote system's hostkey. The length of 
 the returned string is hash_type specific (e.g. 16 bytes for MD5, 
-20 bytes for SHA1).
+20 bytes for SHA1, 32 bytes for SHA256).
 .SH RETURN VALUE
 Computed hostkey hash value, or NULL if the information is not available
 (either the session has not yet been started up, or the requested hash

@@ -223,9 +223,11 @@ int main(int argc, char *argv[])
 
   shutdown:
 
-    libssh2_agent_disconnect(agent);
-    libssh2_agent_free(agent);
-
+    if (agent) {
+        libssh2_agent_disconnect(agent);
+        libssh2_agent_free(agent);
+    }
+
     if(session) {
         libssh2_session_disconnect(session,
                                    "Normal Shutdown, Thank you for playing");

@@ -79,6 +79,9 @@ typedef struct _LIBSSH2_SFTP_STATVFS        LIBSSH2_SFTP_STATVFS;
 #define LIBSSH2_SFTP_READLINK           1
 #define LIBSSH2_SFTP_REALPATH           2
 
+/* Flags for sftp_mkdir() */
+#define LIBSSH2_SFTP_DEFAULT_MODE      -1
+
 /* SFTP attribute flag bits */
 #define LIBSSH2_SFTP_ATTR_SIZE              0x00000001
 #define LIBSSH2_SFTP_ATTR_UIDGID            0x00000002

@@ -143,7 +143,7 @@ _libssh2_ecdsa_verify(libssh2_ecdsa_ctx * ctx,
                       const unsigned char *m, size_t m_len);
 
 int
-_libssh2_ecdsa_create_key(_libssh2_ec_key **out_private_key,
+_libssh2_ecdsa_create_key(LIBSSH2_SESSION *session, _libssh2_ec_key **out_private_key,
                           unsigned char **out_public_key_octal,
                           size_t *out_public_key_octal_len, libssh2_curve_type curve_type);
 
@@ -172,8 +172,8 @@ _libssh2_ecdsa_curve_type_from_name(const char *name, libssh2_curve_type *out_ty
 #if LIBSSH2_ED25519
 
 int
-_libssh2_curve25519_new(libssh2_ed25519_ctx **ctx, uint8_t **out_public_key,
-                        uint8_t **out_private_key);
+_libssh2_curve25519_new(LIBSSH2_SESSION *session, libssh2_ed25519_ctx **ctx, 
+                        uint8_t **out_public_key, uint8_t **out_private_key);
 
 int
 _libssh2_curve25519_gen_k(_libssh2_bn **k, uint8_t private_key[LIBSSH2_ED25519_KEY_LEN],
@@ -184,9 +184,15 @@ _libssh2_ed25519_verify(libssh2_ed25519_ctx *ctx, const uint8_t *s,
                         size_t s_len, const uint8_t *m, size_t m_len);
 
 int
-_libssh2_ed25519_new_private(libssh2_ed25519_ctx **ec_ctx,
+_libssh2_ed25519_new_private(libssh2_ed25519_ctx **ed_ctx,
                             LIBSSH2_SESSION *session,
                             const char *filename, const uint8_t *passphrase);
+
+int
+_libssh2_ed25519_new_public(libssh2_ed25519_ctx **ed_ctx,
+                            LIBSSH2_SESSION *session,
+                            const char *raw_pub_key, const uint8_t key_len);
+
 int
 _libssh2_ed25519_sign(libssh2_ed25519_ctx *ctx, LIBSSH2_SESSION *session,
                       uint8_t **out_sig, size_t *out_sig_len,

@@ -795,9 +795,8 @@ hostkey_method_ssh_ed25519_init(LIBSSH2_SESSION * session,
                                 size_t hostkey_data_len,
                                 void **abstract)
 {
-    const unsigned char *s;
+    const char *s;
     unsigned long len, key_len;
-    EVP_PKEY *public_key = NULL;
     libssh2_ed25519_ctx *ctx = NULL;
 
     if(*abstract) {
@@ -823,17 +822,10 @@ hostkey_method_ssh_ed25519_init(LIBSSH2_SESSION * session,
     key_len = _libssh2_ntohu32(s);
     s += 4;
 
-    public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, (const unsigned char*)s, key_len);
-    if(public_key == NULL) {
-        return _libssh2_error(session, LIBSSH2_ERROR_PROTO, "could not create ED25519 public key");
-    }
-
-    ctx = LIBSSH2_CALLOC(session, sizeof(libssh2_ed25519_ctx));
-    if(ctx == NULL) {
-        return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, "could not alloc public/private key");
+    if(_libssh2_ed25519_new_public(&ctx, session, s, key_len) != 0) {
+        return -1;
     }
 
-    ctx->public_key = public_key;
     *abstract = ctx;
 
     return 0;

@@ -2421,8 +2421,8 @@ kex_method_ecdh_key_exchange
             goto ecdh_clean_exit;
         }
 
-        rc = _libssh2_ecdsa_create_key(&key_state->private_key, &key_state->public_key_oct,
-                                       &key_state->public_key_oct_len, type);
+        rc = _libssh2_ecdsa_create_key(session, &key_state->private_key, 
+                                       &key_state->public_key_oct, &key_state->public_key_oct_len, type);
 
         if(rc != 0) {
             ret = _libssh2_error(session, rc,
@@ -2489,7 +2489,7 @@ kex_method_ecdh_key_exchange
 ecdh_clean_exit:
 
     if(key_state->public_key_oct) {
-        free(key_state->public_key_oct);
+        LIBSSH2_FREE(session, key_state->public_key_oct);
         key_state->public_key_oct = NULL;
     }
 
@@ -2988,7 +2988,7 @@ kex_method_curve25519_key_exchange
             goto clean_exit;
         }
 
-        rc = _libssh2_curve25519_new(NULL, &key_state->curve25519_public_key,
+        rc = _libssh2_curve25519_new(session, NULL, &key_state->curve25519_public_key,
                                      &key_state->curve25519_private_key);
 
         if( rc != 0 )

@@ -688,7 +688,7 @@ _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
 void
 _libssh2_dh_dtor(_libssh2_dh_ctx *dhctx)
 {
-    mbedtls_mpi_free(*dhctx);
+    _libssh2_mbedtls_bignum_free(*dhctx);
     *dhctx = NULL;
 }
 

@@ -687,7 +687,11 @@ void _libssh2_aes_ctr_increment(unsigned char *ctr,
     }
 }
 
+#ifdef WIN32
+static void * (__cdecl * const volatile memset_libssh)(void *, int, size_t) = memset;
+#else
 static void * (* const volatile memset_libssh)(void *, int, size_t) = memset;
+#endif
 
 void _libssh2_explicit_zero(void *buf, size_t size)
 {
@@ -718,7 +722,7 @@ void _libssh2_string_buf_free(LIBSSH2_SESSION *session, struct string_buf *buf)
         return;
 
     if(buf->data != NULL)
-        free(buf->data);
+        LIBSSH2_FREE(session, buf->data);
 
     LIBSSH2_FREE(session, buf);
     buf = NULL;

@@ -638,14 +638,16 @@ static EVP_CIPHER * aes_256_ctr_cipher = NULL;
 
 void _libssh2_openssl_crypto_init(void)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+    !defined(LIBRESSL_VERSION_NUMBER)
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_load_builtin_engines();
     ENGINE_register_all_complete();
 #endif
 #else
     OpenSSL_add_all_algorithms();
     OpenSSL_add_all_ciphers();
+    OpenSSL_add_all_digests();
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_load_builtin_engines();
     ENGINE_register_all_complete();
@@ -1454,8 +1456,8 @@ _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx,
 #if LIBSSH2_ED25519
 
 int
-_libssh2_curve25519_new(libssh2_x25519_ctx **out_ctx, unsigned char **out_public_key,
-                        unsigned char **out_private_key)
+_libssh2_curve25519_new(LIBSSH2_SESSION *session, libssh2_x25519_ctx **out_ctx, 
+                        unsigned char **out_public_key, unsigned char **out_private_key)
 {
     EVP_PKEY *key = NULL;
     EVP_PKEY_CTX *pctx = NULL;
@@ -1500,15 +1502,15 @@ _libssh2_curve25519_new(libssh2_x25519_ctx **out_ctx, unsigned char **out_public
         goto cleanExit;
 
     if(out_private_key != NULL) {
-        *out_private_key = malloc(LIBSSH2_ED25519_KEY_LEN);
+        *out_private_key = LIBSSH2_ALLOC(session, LIBSSH2_ED25519_KEY_LEN);
         if(*out_private_key == NULL)
             goto cleanExit;
 
         memcpy(*out_private_key, priv, LIBSSH2_ED25519_KEY_LEN);
     }
 
     if(out_public_key != NULL) {
-        *out_public_key = malloc(LIBSSH2_ED25519_KEY_LEN);
+        *out_public_key = LIBSSH2_ALLOC(session, LIBSSH2_ED25519_KEY_LEN);
         if(*out_public_key == NULL)
             goto cleanExit;
 
@@ -1589,7 +1591,7 @@ gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION *session,
         goto clean_exit;
     }
 
-    ctx = LIBSSH2_CALLOC(session, sizeof(libssh2_ed25519_ctx));
+    ctx = _libssh2_ed25519_new_ctx();
     if (ctx == NULL) {
         _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                        "Unable to allocate memory for ed25519 key");
@@ -1773,6 +1775,37 @@ _libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx ** ed_ctx,
                                             filedata, filedata_len, passphrase);
 }
 
+int
+_libssh2_ed25519_new_public(libssh2_ed25519_ctx ** ed_ctx,
+                            LIBSSH2_SESSION * session,
+                            const char *raw_pub_key, const uint8_t key_len)
+{
+    libssh2_ed25519_ctx *ctx = NULL;
+    EVP_PKEY *public_key = NULL;
+
+    if(ed_ctx == NULL)
+        return -1;
+
+    public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, (const unsigned char*)raw_pub_key, key_len);
+    if(public_key == NULL) {
+        return _libssh2_error(session, LIBSSH2_ERROR_PROTO, "could not create ED25519 public key");
+    }
+
+    ctx = _libssh2_ed25519_new_ctx();
+    if(ctx == NULL) {
+        return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, "could not alloc public/private key");
+    }
+
+    ctx->public_key = public_key;
+
+    if(ed_ctx != NULL)
+        *ed_ctx = ctx;
+    else if(ctx != NULL)
+        _libssh2_ed25519_free(ctx);
+
+    return 0;
+}
+
 #endif /* LIBSSH2_ED25519 */
 
 int
@@ -2445,7 +2478,7 @@ _libssh2_ecdsa_new_private(libssh2_ecdsa_ctx ** ec_ctx,
  */
 
 int
-_libssh2_ecdsa_create_key(_libssh2_ec_key **out_private_key,
+_libssh2_ecdsa_create_key(LIBSSH2_SESSION *session, _libssh2_ec_key **out_private_key,
                           unsigned char **out_public_key_octal,
                           size_t *out_public_key_octal_len, libssh2_curve_type curve_type)
 {
@@ -2485,7 +2518,7 @@ _libssh2_ecdsa_create_key(_libssh2_ec_key **out_private_key,
         *out_private_key = private_key;
 
     if(out_public_key_octal) {
-        *out_public_key_octal = malloc(octal_len);
+        *out_public_key_octal = LIBSSH2_ALLOC(session, octal_len);
         if(*out_public_key_octal == NULL) {
             ret = -1;
             goto clean_exit;

@@ -325,6 +325,7 @@ typedef struct {
 #define libssh2_ed25519_ctx libssh2_curve25519_keys
 #define libssh2_x25519_ctx libssh2_curve25519_keys
 
+#define _libssh2_ed25519_new_ctx() calloc(1, sizeof(libssh2_ed25519_ctx))
 #define _libssh2_ed25519_free(ctx) do { \
  if(ctx) { \
   if(ctx->public_key) EVP_PKEY_free(ctx->public_key); \

@@ -91,7 +91,7 @@
 
 /* This is the maximum packet length to accept, as larger than this indicate
    some kind of server problem. */
-#define LIBSSH2_SFTP_PACKET_MAXLEN  80000
+#define LIBSSH2_SFTP_PACKET_MAXLEN  (256 * 1024)
 
 static int sftp_packet_ask(LIBSSH2_SFTP *sftp, unsigned char packet_type,
                            uint32_t request_id, unsigned char **data,
@@ -3009,16 +3009,23 @@ static int sftp_mkdir(LIBSSH2_SFTP *sftp, const char *path,
     LIBSSH2_CHANNEL *channel = sftp->channel;
     LIBSSH2_SESSION *session = channel->session;
     LIBSSH2_SFTP_ATTRIBUTES attrs = {
-        LIBSSH2_SFTP_ATTR_PERMISSIONS, 0, 0, 0, 0, 0, 0
+        0, 0, 0, 0, 0, 0, 0
     };
     size_t data_len;
     int retcode;
-    /* 13 = packet_len(4) + packet_type(1) + request_id(4) + path_len(4) */
-    ssize_t packet_len = path_len + 13 +
-        sftp_attrsize(LIBSSH2_SFTP_ATTR_PERMISSIONS);
+    ssize_t packet_len;
     unsigned char *packet, *s, *data;
     int rc;
 
+    if(mode != LIBSSH2_SFTP_DEFAULT_MODE) {
+        /* Filetype in SFTP 3 and earlier */
+        attrs.flags = LIBSSH2_SFTP_ATTR_PERMISSIONS;
+        attrs.permissions = mode | LIBSSH2_SFTP_ATTR_PFILETYPE_DIR;
+    }
+
+    /* 13 = packet_len(4) + packet_type(1) + request_id(4) + path_len(4) */
+    packet_len = path_len + 13 + sftp_attrsize(attrs.flags);
+
     if(sftp->mkdir_state == libssh2_NB_state_idle) {
         _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
                        "Creating directory %s with mode 0%lo", path, mode);
@@ -3028,8 +3035,6 @@ static int sftp_mkdir(LIBSSH2_SFTP *sftp, const char *path,
                                   "Unable to allocate memory for FXP_MKDIR "
                                   "packet");
         }
-        /* Filetype in SFTP 3 and earlier */
-        attrs.permissions = mode | LIBSSH2_SFTP_ATTR_PFILETYPE_DIR;
 
         _libssh2_store_u32(&s, packet_len - 4);
         *(s++) = SSH_FXP_MKDIR;