@electerm/ssh2 1.10.0 → 1.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/client.js +11 -1
- package/lib/protocol/Protocol.js +9 -1
- package/lib/protocol/crypto/src/binding.cc +26 -18
- package/lib/protocol/kex.js +1 -1
- package/package.json +4 -3
package/lib/client.js
CHANGED
|
@@ -402,7 +402,17 @@ class Client extends EventEmitter {
|
|
|
402
402
|
});
|
|
403
403
|
} else if (curAuth.type === 'publickey') {
|
|
404
404
|
proto.authPK(curAuth.username, curAuth.key, (buf, cb) => {
|
|
405
|
-
|
|
405
|
+
let signatureAlgo;
|
|
406
|
+
if (curAuth.key.type === 'ssh-rsa') {
|
|
407
|
+
if (this._protocol._remoteHostKeyAlgorithms
|
|
408
|
+
.includes('rsa-sha2-512')) {
|
|
409
|
+
signatureAlgo = 'sha512';
|
|
410
|
+
} else if (this._protocol._remoteHostKeyAlgorithms
|
|
411
|
+
.includes('rsa-sha2-256')) {
|
|
412
|
+
signatureAlgo = 'sha256';
|
|
413
|
+
}
|
|
414
|
+
}
|
|
415
|
+
const signature = curAuth.key.sign(buf, signatureAlgo);
|
|
406
416
|
if (signature instanceof Error) {
|
|
407
417
|
signature.message =
|
|
408
418
|
`Error signing data with key: ${signature.message}`;
|
package/lib/protocol/Protocol.js
CHANGED
|
@@ -616,7 +616,15 @@ class Protocol {
|
|
|
616
616
|
if (pubKey instanceof Error)
|
|
617
617
|
throw new Error('Invalid key');
|
|
618
618
|
|
|
619
|
-
|
|
619
|
+
let keyType = pubKey.type;
|
|
620
|
+
if (keyType === 'ssh-rsa') {
|
|
621
|
+
for (const algo of ['rsa-sha2-512', 'rsa-sha2-256']) {
|
|
622
|
+
if (this._remoteHostKeyAlgorithms.includes(algo)) {
|
|
623
|
+
keyType = algo;
|
|
624
|
+
break;
|
|
625
|
+
}
|
|
626
|
+
}
|
|
627
|
+
}
|
|
620
628
|
pubKey = pubKey.getPublicSSH();
|
|
621
629
|
|
|
622
630
|
const userLen = Buffer.byteLength(username);
|
|
@@ -10,9 +10,9 @@
|
|
|
10
10
|
#include <string.h>
|
|
11
11
|
#include <assert.h>
|
|
12
12
|
|
|
13
|
+
DISABLE_WCAST_FUNCTION_TYPE
|
|
13
14
|
#include <node.h>
|
|
14
15
|
#include <node_buffer.h>
|
|
15
|
-
DISABLE_WCAST_FUNCTION_TYPE
|
|
16
16
|
#include <nan.h>
|
|
17
17
|
DISABLE_WCAST_FUNCTION_TYPE_END
|
|
18
18
|
|
|
@@ -2221,37 +2221,45 @@ NAN_MODULE_INIT(init) {
|
|
|
2221
2221
|
#else
|
|
2222
2222
|
# define load_sym(name) dlsym(RTLD_DEFAULT, name)
|
|
2223
2223
|
#endif
|
|
2224
|
-
ctx_iv_len = reinterpret_cast<ctx_iv_len_func>(
|
|
2225
|
-
load_sym("EVP_CIPHER_CTX_get_iv_length")
|
|
2226
|
-
);
|
|
2227
2224
|
if (!ctx_iv_len) {
|
|
2228
2225
|
ctx_iv_len = reinterpret_cast<ctx_iv_len_func>(
|
|
2229
|
-
load_sym("
|
|
2226
|
+
load_sym("EVP_CIPHER_CTX_get_iv_length")
|
|
2230
2227
|
);
|
|
2228
|
+
if (!ctx_iv_len) {
|
|
2229
|
+
ctx_iv_len = reinterpret_cast<ctx_iv_len_func>(
|
|
2230
|
+
load_sym("EVP_CIPHER_CTX_iv_length")
|
|
2231
|
+
);
|
|
2232
|
+
}
|
|
2231
2233
|
}
|
|
2232
|
-
ctx_key_len = reinterpret_cast<ctx_key_len_func>(
|
|
2233
|
-
load_sym("EVP_CIPHER_CTX_get_key_length")
|
|
2234
|
-
);
|
|
2235
2234
|
if (!ctx_key_len) {
|
|
2236
2235
|
ctx_key_len = reinterpret_cast<ctx_key_len_func>(
|
|
2237
|
-
load_sym("
|
|
2236
|
+
load_sym("EVP_CIPHER_CTX_get_key_length")
|
|
2238
2237
|
);
|
|
2238
|
+
if (!ctx_key_len) {
|
|
2239
|
+
ctx_key_len = reinterpret_cast<ctx_key_len_func>(
|
|
2240
|
+
load_sym("EVP_CIPHER_CTX_key_length")
|
|
2241
|
+
);
|
|
2242
|
+
}
|
|
2239
2243
|
}
|
|
2240
|
-
cipher_flags = reinterpret_cast<cipher_flags_func>(
|
|
2241
|
-
load_sym("EVP_CIPHER_get_flags")
|
|
2242
|
-
);
|
|
2243
2244
|
if (!cipher_flags) {
|
|
2244
2245
|
cipher_flags = reinterpret_cast<cipher_flags_func>(
|
|
2245
|
-
load_sym("
|
|
2246
|
+
load_sym("EVP_CIPHER_get_flags")
|
|
2246
2247
|
);
|
|
2248
|
+
if (!cipher_flags) {
|
|
2249
|
+
cipher_flags = reinterpret_cast<cipher_flags_func>(
|
|
2250
|
+
load_sym("EVP_CIPHER_flags")
|
|
2251
|
+
);
|
|
2252
|
+
}
|
|
2247
2253
|
}
|
|
2248
|
-
ctx_get_block_size = reinterpret_cast<ctx_get_block_size_func>(
|
|
2249
|
-
load_sym("EVP_CIPHER_CTX_get_block_size")
|
|
2250
|
-
);
|
|
2251
2254
|
if (!ctx_get_block_size) {
|
|
2252
2255
|
ctx_get_block_size = reinterpret_cast<ctx_get_block_size_func>(
|
|
2253
|
-
load_sym("
|
|
2256
|
+
load_sym("EVP_CIPHER_CTX_get_block_size")
|
|
2254
2257
|
);
|
|
2258
|
+
if (!ctx_get_block_size) {
|
|
2259
|
+
ctx_get_block_size = reinterpret_cast<ctx_get_block_size_func>(
|
|
2260
|
+
load_sym("EVP_CIPHER_CTX_block_size")
|
|
2261
|
+
);
|
|
2262
|
+
}
|
|
2255
2263
|
}
|
|
2256
2264
|
|
|
2257
2265
|
ChaChaPolyCipher::Init(target);
|
|
@@ -2264,5 +2272,5 @@ NAN_MODULE_INIT(init) {
|
|
|
2264
2272
|
}
|
|
2265
2273
|
|
|
2266
2274
|
DISABLE_WCAST_FUNCTION_TYPE
|
|
2267
|
-
|
|
2275
|
+
NAN_MODULE_WORKER_ENABLED(sshcrypto, init)
|
|
2268
2276
|
DISABLE_WCAST_FUNCTION_TYPE_END
|
package/lib/protocol/kex.js
CHANGED
|
@@ -196,7 +196,7 @@ function handleKexInit(self, payload) {
|
|
|
196
196
|
|
|
197
197
|
const local = self._offer;
|
|
198
198
|
const remote = init;
|
|
199
|
-
|
|
199
|
+
self._remoteHostKeyAlgorithms = remote.serverHostKey;
|
|
200
200
|
let localKex = local.lists.kex.array;
|
|
201
201
|
if (self._compatFlags & COMPAT.BAD_DHGEX) {
|
|
202
202
|
let found = false;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@electerm/ssh2",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.11.2",
|
|
4
4
|
"author": "Brian White <mscdex@mscdex.net>",
|
|
5
5
|
"description": "SSH2 client and server modules written in pure JavaScript for node.js",
|
|
6
6
|
"main": "./lib/index.js",
|
|
@@ -12,8 +12,9 @@
|
|
|
12
12
|
"bcrypt-pbkdf": "^1.0.2"
|
|
13
13
|
},
|
|
14
14
|
"devDependencies": {
|
|
15
|
-
"@mscdex/eslint-config": "^1.
|
|
16
|
-
"eslint": "^7.0.0"
|
|
15
|
+
"@mscdex/eslint-config": "^1.1.0",
|
|
16
|
+
"eslint": "^7.0.0",
|
|
17
|
+
"nan": "^2.16.0"
|
|
17
18
|
},
|
|
18
19
|
"scripts": {
|
|
19
20
|
"install": "node install.js",
|