aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssh')
-rw-r--r--lib/ssh/doc/src/notes.xml67
-rw-r--r--lib/ssh/src/ssh.appup.src14
-rw-r--r--lib/ssh/src/ssh.erl2
-rw-r--r--lib/ssh/src/ssh_bits.erl27
-rw-r--r--lib/ssh/src/ssh_connection_handler.erl3
-rw-r--r--lib/ssh/src/ssh_math.erl96
-rw-r--r--lib/ssh/src/ssh_transport.erl41
-rw-r--r--lib/ssh/src/ssh_xfer.erl2
-rw-r--r--lib/ssh/vsn.mk2
9 files changed, 98 insertions, 156 deletions
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index f65b66a7c5..299dd5058a 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -29,6 +29,58 @@
<file>notes.xml</file>
</header>
+<section><title>Ssh 2.1.7</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ ssh:daemon will get feeded with an argument even if it is
+ not a valid expression.</p>
+ <p>
+ Own Id: OTP-10975</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Properly ignore everything in lib/ssh/doc/html/. Thanks
+ to Anthony Ramine.</p>
+ <p>
+ Own Id: OTP-10983</p>
+ </item>
+ <item>
+ <p>
+ Integrate elliptic curve contribution from Andreas
+ Schultz </p>
+ <p>
+ In order to be able to support elliptic curve cipher
+ suites in SSL/TLS, additions to handle elliptic curve
+ infrastructure has been added to public_key and crypto.</p>
+ <p>
+ This also has resulted in a rewrite of the crypto API to
+ gain consistency and remove unnecessary overhead. All OTP
+ applications using crypto has been updated to use the new
+ API.</p>
+ <p>
+ Impact: Elliptic curve cryptography (ECC) offers
+ equivalent security with smaller key sizes than other
+ public key algorithms. Smaller key sizes result in
+ savings for power, memory, bandwidth, and computational
+ cost that make ECC especially attractive for constrained
+ environments.</p>
+ <p>
+ Own Id: OTP-11009</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
<section><title>Ssh 2.1.6</title>
<section><title>Fixed Bugs and Malfunctions</title>
@@ -143,8 +195,6 @@
</item>
</list>
</section>
-
-
<section><title>Improvements and New Features</title>
<list>
<item>
@@ -199,7 +249,20 @@
</section>
</section>
+<section><title>Ssh 2.1.2.1</title>
+<section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Removed error report in ssh_connection_handler triggered
+ by badmatch failure.</p>
+ <p>
+ Own Id: OTP-11188</p>
+ </item>
+ </list>
+ </section>
+</section>
<section><title>Ssh 2.1.2</title>
<section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src
index b25e0c9e37..32f7cc470b 100644
--- a/lib/ssh/src/ssh.appup.src
+++ b/lib/ssh/src/ssh.appup.src
@@ -19,22 +19,12 @@
{"%VSN%",
[
- {<<"2.1.4">>, [{load_module, ssh_sftp, soft_purge, soft_purge, []},
- {load_module, ssh_connection_handler, soft_purge, soft_purge, []}]},
- {<<"2.1.3">>, [{restart_application, ssh}]},
- {<<"2.1.2">>, [{restart_application, ssh}]},
- {<<"2.1.1">>, [{restart_application, ssh}]},
- {<<"2.1">>, [{restart_application, ssh}]},
+ {<<"2.1\\.*">>, [{restart_application, ssh}]},
{<<"2.0\\.*">>, [{restart_application, ssh}]},
{<<"1\\.*">>, [{restart_application, ssh}]}
],
[
- {<<"2.1.4">>, [{load_module, ssh_sftp, soft_purge, soft_purge, []},
- {load_module, ssh_connection_handler, soft_purge, soft_purge, []}]},
- {<<"2.1.3">>, [{restart_application, ssh}]},
- {<<"2.1.2">>, [{restart_application, ssh}]},
- {<<"2.1.1">>, [{restart_application, ssh}]},
- {<<"2.1">>,[{restart_application, ssh}]},
+ {<<"2.1\\.*">>,[{restart_application, ssh}]},
{<<"2.0\\.*">>, [{restart_application, ssh}]},
{<<"1\\.*">>, [{restart_application, ssh}]}
]
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 3a7aa79d16..7d5478c3f6 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -41,11 +41,13 @@
%%--------------------------------------------------------------------
start() ->
application:start(crypto),
+ application:start(asn1),
application:start(public_key),
application:start(ssh).
start(Type) ->
application:start(crypto, Type),
+ application:start(asn1),
application:start(public_key, Type),
application:start(ssh, Type).
diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl
index 5841f06d70..fc6efc817f 100644
--- a/lib/ssh/src/ssh_bits.erl
+++ b/lib/ssh/src/ssh_bits.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -33,7 +33,6 @@
%% integer utils
-export([isize/1]).
--export([irandom/1, irandom/3]).
-export([random/1]).
-export([xor_bits/2, fill_bits/2]).
-export([i2bin/2, bin2i/1]).
@@ -387,31 +386,7 @@ xor_bits(XBits, YBits) ->
<<Y:Sz, _/binary>> = YBits,
<<(X bxor Y):Sz>>.
-%%
-%% irandom(N)
-%%
-%% Generate a N bits size random number
-%% note that the top most bit is always set
-%% to guarantee that the number is N bits
-%%
-irandom(Bits) ->
- irandom(Bits, 1, 0).
-
-%%
-%% irandom(N, Top, Bottom)
-%%
-%% Generate a N bits size random number
-%% Where Top = 0 - do not set top bit
-%% = 1 - set the most significant bit
-%% = 2 - set two most significant bits
-%% Bot = 0 - do not set the least signifcant bit
-%% Bot = 1 - set the least signifcant bit (i.e always odd)
-%%
-irandom(Bits, Top, Bottom) when is_integer(Top),
- 0 =< Top, Top =< 2 ->
- crypto:erlint(crypto:strong_rand_mpint(Bits, Top - 1, Bottom)).
-%%
%% random/1
%% Generate N random bytes
%%
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 1c4477aeb3..df6175e27c 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -451,11 +451,12 @@ userauth(#ssh_msg_userauth_failure{authentications = Methodes},
case ssh_auth:userauth_request_msg(Ssh1) of
{disconnect, DisconnectMsg, {Msg, Ssh}} ->
send_msg(Msg, State),
- handle_disconnect(DisconnectMsg, State#state{ssh_params = Ssh});
+ handle_disconnect(DisconnectMsg, State#state{ssh_params = Ssh});
{Msg, Ssh} ->
send_msg(Msg, State),
{next_state, userauth, next_packet(State#state{ssh_params = Ssh})}
end;
+
%% The prefered authentication method failed try next method
userauth(#ssh_msg_userauth_failure{},
#state{ssh_params = #ssh{role = client} = Ssh0} = State) ->
diff --git a/lib/ssh/src/ssh_math.erl b/lib/ssh/src/ssh_math.erl
index 4aa385b18d..569c1cb58d 100644
--- a/lib/ssh/src/ssh_math.erl
+++ b/lib/ssh/src/ssh_math.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -23,109 +23,19 @@
-module(ssh_math).
--export([ilog2/1, ipow/3, invert/2, ipow2/3]).
+-export([ipow/3]).
-
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%
%% INTEGER utils
%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% number of bits (used) in a integer = isize(N) = |log2(N)|+1
-ilog2(N) ->
- ssh_bits:isize(N) - 1.
-
-
%% calculate A^B mod M
ipow(A, B, M) when M > 0, B >= 0 ->
- crypto:mod_exp(A, B, M).
-
-ipow2(A, B, M) when M > 0, B >= 0 ->
- if A == 1 ->
- 1;
- true ->
- ipow2(A, B, M, 1)
- end.
-
-ipow2(A, 1, M, Prod) ->
- (A*Prod) rem M;
-ipow2(_A, 0, _M, Prod) ->
- Prod;
-ipow2(A, B, M, Prod) ->
- B1 = B bsr 1,
- A1 = (A*A) rem M,
- if B - B1 == B1 ->
- ipow2(A1, B1, M, Prod);
- true ->
- ipow2(A1, B1, M, (A*Prod) rem M)
- end.
-
-%% %%
-%% %% Normal gcd
-%% %%
-%% gcd(R, Q) when abs(Q) < abs(R) -> gcd1(Q,R);
-%% gcd(R, Q) -> gcd1(R,Q).
-
-%% gcd1(0, Q) -> Q;
-%% gcd1(R, Q) ->
-%% gcd1(Q rem R, R).
-
-
-%% %%
-%% %% Least common multiple of (R,Q)
-%% %%
-%% lcm(0, _Q) -> 0;
-%% lcm(_R, 0) -> 0;
-%% lcm(R, Q) ->
-%% (Q div gcd(R, Q)) * R.
-
-%% %%
-%% %% Extended gcd gcd(R,Q) -> {G, {A,B}} such that G == R*A + Q*B
-%% %%
-%% %% Here we could have use for a bif divrem(Q, R) -> {Quote, Remainder}
-%% %%
-%% egcd(R,Q) when abs(Q) < abs(R) -> egcd1(Q,R,1,0,0,1);
-%% egcd(R,Q) -> egcd1(R,Q,0,1,1,0).
-
-%% egcd1(0,Q,_,_,Q1,Q2) -> {Q, {Q2,Q1}};
-%% egcd1(R,Q,R1,R2,Q1,Q2) ->
-%% D = Q div R,
-%% egcd1(Q rem R, R, Q1-D*R1, Q2-D*R2, R1, R2).
-
-%%
-%% Invert an element X mod P
-%% Calculated as {1, {A,B}} = egcd(X,P),
-%% 1 == P*A + X*B == X*B (mod P) i.e B is the inverse element
-%%
-%% X > 0, P > 0, X < P (P should be prime)
-%%
-invert(X,P) when X > 0, P > 0, X < P ->
- I = inv(X,P,1,0),
- if
- I < 0 -> P + I;
- true -> I
- end.
-
-inv(0,_,_,Q) -> Q;
-inv(X,P,R1,Q1) ->
- D = P div X,
- inv(P rem X, X, Q1 - D*R1, R1).
-
+ crypto:bytes_to_integer(crypto:mod_pow(A, B, M)).
-%% %%
-%% %% Integer square root
-%% %%
-%% isqrt(0) -> 0;
-%% isqrt(1) -> 1;
-%% isqrt(X) when X >= 0 ->
-%% R = X div 2,
-%% isqrt(X div R, R, X).
-%% isqrt(Q,R,X) when Q < R ->
-%% R1 = (R+Q) div 2,
-%% isqrt(X div R1, R1, X);
-%% isqrt(_, R, _) -> R.
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 98d59d01de..beaffdc025 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -792,14 +792,14 @@ encrypt(#ssh{encrypt = none} = Ssh, Data) ->
encrypt(#ssh{encrypt = '3des-cbc',
encrypt_keys = {K1,K2,K3},
encrypt_ctx = IV0} = Ssh, Data) ->
- Enc = crypto:des3_cbc_encrypt(K1,K2,K3,IV0,Data),
- IV = crypto:des_cbc_ivec(Enc),
+ Enc = crypto:block_encrypt(des3_cbc, [K1,K2,K3], IV0, Data),
+ IV = crypto:next_iv(des3_cbc, Enc),
{Ssh#ssh{encrypt_ctx = IV}, Enc};
encrypt(#ssh{encrypt = 'aes128-cbc',
encrypt_keys = K,
encrypt_ctx = IV0} = Ssh, Data) ->
- Enc = crypto:aes_cbc_128_encrypt(K,IV0,Data),
- IV = crypto:aes_cbc_ivec(Enc),
+ Enc = crypto:block_encrypt(aes_cbc128, K,IV0,Data),
+ IV = crypto:next_iv(aes_cbc, Enc),
{Ssh#ssh{encrypt_ctx = IV}, Enc}.
@@ -846,13 +846,13 @@ decrypt(#ssh{decrypt = none} = Ssh, Data) ->
decrypt(#ssh{decrypt = '3des-cbc', decrypt_keys = Keys,
decrypt_ctx = IV0} = Ssh, Data) ->
{K1, K2, K3} = Keys,
- Dec = crypto:des3_cbc_decrypt(K1,K2,K3,IV0,Data),
- IV = crypto:des_cbc_ivec(Data),
+ Dec = crypto:block_decrypt(des3_cbc, [K1,K2,K3], IV0, Data),
+ IV = crypto:next_iv(des3_cbc, Data),
{Ssh#ssh{decrypt_ctx = IV}, Dec};
decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key,
decrypt_ctx = IV0} = Ssh, Data) ->
- Dec = crypto:aes_cbc_128_decrypt(Key,IV0,Data),
- IV = crypto:aes_cbc_ivec(Data),
+ Dec = crypto:block_decrypt(aes_cbc128, Key,IV0,Data),
+ IV = crypto:next_iv(aes_cbc, Data),
{Ssh#ssh{decrypt_ctx = IV}, Dec}.
@@ -954,22 +954,22 @@ recv_mac_final(SSH) ->
mac(none, _ , _, _) ->
<<>>;
mac('hmac-sha1', Key, SeqNum, Data) ->
- crypto:sha_mac(Key, [<<?UINT32(SeqNum)>>, Data]);
+ crypto:hmac(sha, Key, [<<?UINT32(SeqNum)>>, Data]);
mac('hmac-sha1-96', Key, SeqNum, Data) ->
- crypto:sha_mac_96(Key, [<<?UINT32(SeqNum)>>, Data]);
+ crypto:hmac(sha, Key, [<<?UINT32(SeqNum)>>, Data], mac_digest_size('hmac-sha1-96'));
mac('hmac-md5', Key, SeqNum, Data) ->
- crypto:md5_mac(Key, [<<?UINT32(SeqNum)>>, Data]);
+ crypto:hmac(md5, Key, [<<?UINT32(SeqNum)>>, Data]);
mac('hmac-md5-96', Key, SeqNum, Data) ->
- crypto:md5_mac_96(Key, [<<?UINT32(SeqNum)>>, Data]).
+ crypto:hmac(md5, Key, [<<?UINT32(SeqNum)>>, Data], mac_digest_size('hmac-md5-96')).
%% return N hash bytes (HASH)
hash(SSH, Char, Bits) ->
HASH =
case SSH#ssh.kex of
'diffie-hellman-group1-sha1' ->
- fun(Data) -> crypto:sha(Data) end;
+ fun(Data) -> crypto:hash(sha, Data) end;
'diffie-hellman-group-exchange-sha1' ->
- fun(Data) -> crypto:sha(Data) end;
+ fun(Data) -> crypto:hash(sha, Data) end;
_ ->
exit({bad_algorithm,SSH#ssh.kex})
end,
@@ -998,7 +998,7 @@ kex_h(SSH, K_S, E, F, K) ->
K_S, E,F,K],
[string,string,binary,binary,binary,
mpint,mpint,mpint]),
- crypto:sha(L).
+ crypto:hash(sha,L).
kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) ->
@@ -1019,7 +1019,7 @@ kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) ->
K_S, Min, NBits, Max,
Prime, Gen, E,F,K], Ts)
end,
- crypto:sha(L).
+ crypto:hash(sha,L).
mac_key_size('hmac-sha1') -> 20*8;
mac_key_size('hmac-sha1-96') -> 20*8;
@@ -1045,10 +1045,9 @@ peer_name({Host, _}) ->
dh_group1() ->
{2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}.
-dh_gen_key(G, P, _Bits) ->
- Private = ssh_bits:irandom(ssh_bits:isize(P)-1, 1, 1),
- Public = ssh_math:ipow(G, Private, P),
- {Private,Public}.
+dh_gen_key(G, P, _) ->
+ {Public, Private} = crypto:generate_key(dh, [P, G]),
+ {crypto:bytes_to_integer(Private), crypto:bytes_to_integer(Public)}.
trim_tail(Str) ->
lists:reverse(trim_head(lists:reverse(Str))).
@@ -1058,3 +1057,5 @@ trim_head([$\t|Cs]) -> trim_head(Cs);
trim_head([$\n|Cs]) -> trim_head(Cs);
trim_head([$\r|Cs]) -> trim_head(Cs);
trim_head(Cs) -> Cs.
+
+
diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl
index 93f9e20663..b299868d41 100644
--- a/lib/ssh/src/ssh_xfer.erl
+++ b/lib/ssh/src/ssh_xfer.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk
index d5ca1cb3fe..231779b75a 100644
--- a/lib/ssh/vsn.mk
+++ b/lib/ssh/vsn.mk
@@ -1,5 +1,5 @@
#-*-makefile-*- ; force emacs to enter makefile-mode
-SSH_VSN = 2.1.6
+SSH_VSN = 2.1.7
APP_VSN = "ssh-$(SSH_VSN)"