That way, we will not fail later on key exchange phase when something
unknown is negotiated.
Fixes T37
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
This sets the bind private key directly from an ssh_key struct instead
of reading a file.
Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This has been made opaque and it needs to be a pointer.
This is for OpenSSL 1.1.0 support.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This works similarly to ssh_write_knownhost(), but allows the caller
to get a line with the known_hosts line.
BUG: https://red.libssh.org/issues/207
Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* include/libssh/crypto.h (struct ssh_crypto_struct): Provide a
suitable 'ecdh_privkey'.
* include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using
libgcrypt.
(ecdh_build_k): New prototype.
* src/CMakeLists.txt (libssh_SRCS): Add backend-specific files.
* src/ecdh.c: Move backend-specific parts to...
* src/ecdh_crypto.c: ... this file.
* src/ecdh_gcrypt.c: New file.
* src/wrapper.c (crypto_free): Free 'ecdh_privkey'.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* include/libssh/libgcrypt.h (EVPCTX): Fix type.
(NID_gcrypt_nistp{256,384,521}): New constants.
* src/libgcrypt.c (nid_to_md_algo): New function mapping curves to
digest algorithms.
(evp{,_init,_update,_final}): New functions.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In Cockpit we've seen this memory leak:
at 0x4C2A9C7: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5B76B03: ssh_userauth_agent (auth.c:778)
by 0x40DD5A: cockpit_ssh_authenticate (cockpitsshtransport.c:327)
BUG: https://red.libssh.org/issues/208
Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Note that removing ssh_buffer_get_begin() doesn't break API
compatibility, as this functions has never been exposed (it only
has the LIBSSH_API prefix).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
- ssh_pki_import_cert_base64()
- ssh_pki_import_cert_file()
- ssh_pki_import_cert_blob()
Those functions are currently simple wrappers around their pubkey counterpart.
- ssh_pki_copy_cert_to_privkey()
This function copies the cert-specific data to a private key.
Signed-off-by: Axel Eppe <aeppe@google.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types.
- Add a cert_type member in the ssh_key struct.
Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Allow callers to specify their own socket
for an ssh agent.
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.
BUG: https://red.libssh.org/issues/175
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
That function permits chaining of buffer values to minimize buffer handling
in packet sending code.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to honor the 'first_kex_packet_follow' field when processing
KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now
libssh would assume that this field is always unset (zero). But
some clients may set this (dropbear at or beyond version 2013.57),
and it needs to be included when computing the session ID.
Also include logic for handling wrongly-guessed key exchange algorithms.
Save whether a client's guess is wrong in a new field in the session
struct: when set, the next KEX_DHINIT message to be processed will be
ignored per RFC 4253, 7.1.
While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to
use softabs with a 4 space indent level throughout, and also convert
various error-checking to store intermediate values into an explicit
'rc'.
Patch adjusted from original to ensure that client tests remain passing
(ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit'
only for the 'server_kex' case.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to honor the 'first_kex_packet_follow' field when processing
KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now
libssh would assume that this field is always unset (zero). But
some clients may set this (dropbear at or beyond version 2013.57),
and it needs to be included when computing the session ID.
Also include logic for handling wrongly-guessed key exchange algorithms.
Save whether a client's guess is wrong in a new field in the session
struct: when set, the next KEX_DHINIT message to be processed will be
ignored per RFC 4253, 7.1.
While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to
use softabs with a 4 space indent level throughout, and also convert
various error-checking to store intermediate values into an explicit
'rc'.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a
new 'ssh_pki_key_ecdsa_name' API. This gives more information than the
'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys.
The motivation is that this info is useful to have in a server context.
The torture_pki unit test is updated to include the new API, and a few
more passes are added to additionally test 384 and 521-bit keys.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
ssh_channel_read is a wrapper for ssh_channel_read_timeout with timeout
-1 (infinite) so we call that directly.
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Defining a non inlined class function in a header will cause multiple
definitions when header is included in more that one file since for each
file function will get defined.
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
This works same way as ssh_forward_accept() but can return a destination
port of the channel (useful if SSH connection forwarding several TCP/IP
ports).
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Not 100% satisfied of this patch, but the way libgcrypt handles
threading in 1.6 is not compatible with custom handlers. The
new code basicaly uses pthreads in every case. This will probably
not work on windows.
For integration with an external mainloop, we need to know how to
replicate libssh's internal poll() calls. We originally through
ssh_get_status() was that API, but it's not really - those flags only
get updated from the *result* of a poll(), where what we really need
is to know how libssh would *start* a poll().
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
A few callback descriptions refer to a non-existent value SSH_AUTH_OK,
which should be SSH_AUTH_SUCCESS. This commit fixes these.
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
