ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
3 645 коммитов 3 Ветки 1 Тег
Граф коммитов

1352 Коммитов

Автор SHA1 Сообщение Дата
Alfredo Mazzinghi
9dc650b7fb server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to server 
This sets the bind private key directly from an ssh_key struct instead
of reading a file.

Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-11 10:00:13 +02:00
Max Bachmann
3ec8babfaf messages: Utilize the message queue for SSH_REQUEST_GLOBAL. 
Signed-off-by: Max Bachmann <mabahltm@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-11 09:55:22 +02:00
Andreas Schneider
73e8277072 libcrypto-compat: Check if EVP_CIPHER_CTX_new is needed 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-23 16:59:28 +01:00
Andreas Schneider
166b9f7709 buffer: Use calloc to allocate a zero'ed buffer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-06 09:42:49 +01:00
Andreas Schneider
de369b46b1 pki: Use byte mode for fopen() 
BUG: https://red.libssh.org/issues/251

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-03 13:18:16 +01:00
Justus Winter
043560d7dd pki_gcrypt: Fix freeing of ECDSA signatures. 
* src/pki.c (ssh_signature_free): Fix test for ECC using gcrypt.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-09 18:20:40 +01:00
Justus Winter
4b33c6bb97 pki_gcrypt: Fix memory leak. 
* src/pki_gcrypt.c (pki_key_ecdsa_to_nid): Release 'sexp'.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-09 18:20:19 +01:00
Andreas Schneider
2f6a866373 cmake: Only build libcrypto and libcrypto-compat when needed 
This also fixes the gcrypt build.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-08 10:31:20 +01:00
Andreas Schneider
3daf1760a1 cmake: Use configure check for CRYPTO_ctr128_encrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Andreas Schneider
2dff359a33 threads: Use new API call for OpenSSL CRYPTO THREADID 
BUG: https://red.libssh.org/issues/222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Jakub Jelen
3341f49a49 pki_crypto: Use getters and setters for opaque keys and signatures 
This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Jakub Jelen
5d2e9ee66e libcrypto: Use a pointer for EVP_CIPHER_CTX 
This has been made opaque and it needs to be a pointer.

This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Jakub Jelen
607c671f67 libcrypto: Use a pointer for EVP_MD_CTX 
This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:41 +01:00
Jakub Jelen
cf1e808e2f libcrypto: Use newer API for HMAC 
This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:45:07 +01:00
Jakub Jelen
b6cfde8987 libcrypto: Introduce a libcrypto compat file 
This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:42:06 +01:00
Jakub Jelen
d73f665edd libcrypto: Remove AES_ctr128_encrypt() 
This is for OpenSSL 1.1.0.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:42:06 +01:00
Andreas Schneider
52efbc3a23 misc: Use simpler macros for htonll and ntohll 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 09:39:19 +01:00
Andreas Schneider
cff7882391 log: Add missing config.h include 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 12:39:45 +01:00
Andreas Schneider
5d1a8cd88b cmake: Check for io.h on Windows 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:57:52 +01:00
Andreas Schneider
528b9c5323 cmake: Correctly check for sys/[u]time.h 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:52:12 +01:00
Andreas Schneider
293ab4bd40 doc: Improve documentation for ssh_set_auth_methods() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:29:02 +01:00
Andreas Schneider
a45db022e9 bcrypt: Fix type of shalen 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:18:55 +01:00
Andreas Schneider
02be4802d5 pki_ed25519: Do paranoia checks before we allocate memory 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:15:23 +01:00
Andreas Schneider
5437deed1b callbacks: Add support for MSVC 
__typeof__ is GCC specific

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-05 20:00:02 +01:00
Andreas Schneider
422271bd40 connector: Fix build with Visual Studio 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-05 18:03:34 +01:00
Andreas Schneider
801bc29494 options: Fix log level documentation 
BUG: https://red.libssh.org/issues/210

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-05 17:15:31 +01:00
Stef Walter
857ce2376e known_hosts: Add ssh_dump_knownhost() function 
This works similarly to ssh_write_knownhost(), but allows the caller
to get a line with the known_hosts line.

BUG: https://red.libssh.org/issues/207

Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-05 17:12:07 +01:00
Andreas Schneider
2af88a679d bignum: Use const in ssh_print_bignum() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-03 15:22:47 +01:00
Justus Winter
e3a866b8c1 ecdh: Implement ECDH using libgcrypt 
* include/libssh/crypto.h (struct ssh_crypto_struct): Provide a
suitable 'ecdh_privkey'.
* include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using
libgcrypt.
(ecdh_build_k): New prototype.
* src/CMakeLists.txt (libssh_SRCS): Add backend-specific files.
* src/ecdh.c: Move backend-specific parts to...
* src/ecdh_crypto.c: ... this file.
* src/ecdh_gcrypt.c: New file.
* src/wrapper.c (crypto_free): Free 'ecdh_privkey'.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-03 15:20:36 +01:00
Justus Winter
f62cded9f0 pki_gcrypt: Handle ECDSA keys and signatures 
* ConfigureChecks.cmake: Set 'HAVE_ECC' and 'HAVE_GCRYPT_ECC' if
applicable.
* include/libssh/pki.h (struct ssh_key_struct): Fix type of field
'ecdsa'.
(struct ssh_signature_struct): Likewise for 'ecdsa_sig'.
* src/pki.c (ssh_pki_key_ecdsa_name): Relax guard now that the used
function is also provided by the gcrypt backend.
(ssh_signature_free): Free ecdsa signature.
* src/pki_gcrypt.c (ECDSA_HEADER_{BEGIN,END}): New macros.
(privatekey_string_to_buffer): Handle ECDSA keys.
(pki_key_ecdsa_to_nid): New function.
(pki_key_ecdsa_nid_to_gcrypt_name): Likewise.
(pki_key_ecdsa_nid_to_name): Likewise.
(pki_key_ecdsa_nid_to_char): Likewise.
(pki_key_ecdsa_nid_from_name): Implement.
(asn1_oi_to_nid): New function.
(b64decode_ecdsa_privatekey): Likewise.
(pki_private_key_from_base64): Handle ECDSA keys.
(pki_pubkey_build_ecdsa): Implement.
(pki_key_dup): Handle ECDSA keys.
(pki_key_generate): Likewise.
(pki_key_generate_ecdsa): Implement.
(pki_key_compare): Handle ECDSA keys.
(pki_publickey_to_blob): Likewise.
(pki_signature_from_blob): Likewise.
(pki_signature_verify): Likewise.
(pki_do_sign): Likewise.
(pki_do_sign_sessionid): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-03 15:20:30 +01:00
Justus Winter
7e315629b9 libgcrypt: Implement the 'evp' interface 
* include/libssh/libgcrypt.h (EVPCTX): Fix type.
(NID_gcrypt_nistp{256,384,521}): New constants.
* src/libgcrypt.c (nid_to_md_algo): New function mapping curves to
digest algorithms.
(evp{,_init,_update,_final}): New functions.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-03 15:20:26 +01:00
Justus Winter
3c2ea78a09 pki_gcrypt: Add a little more ASN1 infrastructure 
* src/pki_gcrypt.c (ASN1_OCTET_STRING): New macro.
(ASN1_OBJECT_IDENTIFIER): Likewise.
(asn1_check_tag): New function.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-03 15:19:34 +01:00
Justus Winter
85bcfab719 curve25519: Small libgcrypt bignum fix 
* src/curve25519.c (ssh_client_curve25519_init): Make use of the
gcrypt-variant of 'bignum_bin2bn'.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-02 18:53:59 +01:00
Pino Toscano
67ffe26dea Remove extra newlines from log/error messages 
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-22 16:05:32 +02:00
Pino Toscano
bc78383fac sftp: Fix memory leak in sftp_fstat 
When parsing the result of a successful fstat call, make sure to free
the resulting reply message.

Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-10-22 16:03:33 +02:00
Tilo Eckert
4f392ebc7e session: Add missing ifdef that prevented Windows builds 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-08 10:54:36 +02:00
Tilo Eckert
1cc1a352fc sftp: Add support for append in sftp_open() 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
 2016-10-08 10:50:38 +02:00
Tilo Eckert
cfe7065ce1 sftp: Do not always set SSH_FXF_READ 
Comparison ((flags & O_RDONLY) == O_RDONLY) is always true.
Also, O_RDWR, O_WRONLY and O_RDONLY are mutually exclusive => no need to check all of them

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
 2016-10-08 10:45:30 +02:00
Andreas Schneider
f561e6bcb3 sftp: Correctly check for EOF else keep spinning if there is no data 
This fixes an issue introduced with
dbf72ffba2ad5b5694cd55aa1a7ca99053d20386

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-07 13:36:58 +02:00
Andreas Schneider
83421c0e8c gssapi: Use correct return code in ssh_gssapi_auth_mic() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-06 18:36:54 +02:00
Andreas Schneider
095733ed9c gssapi: Print minor stat in error logging function 
This also releases the memory allocated for the messages.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-06 18:22:26 +02:00
Andreas Schneider
155a155d1d sftp: Add sftp_fsync() function 
BUG: https://red.libssh.org/issues/141

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-06 16:26:52 +02:00
Jeremy Cross
dbf72ffba2 sftp: ensure sftp_packet_read recognizes channel EOF to avoid infinite loop 
Signed-off-by: Jeremy Cross <jcross@bomgar.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-09-09 11:39:32 +02:00
Andreas Schneider
47d21b6420 sftpserver: Fix SSH_FXP_FSTAT arguments 
Thanks to Игорь Коваленко <igor.a.kovalenko@gmail.com>

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-10 10:15:05 +02:00
Andreas Schneider
412c501442 sftp: Use calloc() instead of malloc()/memset() 
This is calloc() is faster then calling memset().

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-04 14:56:22 +02:00
Andreas Schneider
5c70dd8b85 config: Fix build warnings 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-04 14:38:48 +02:00
Travers Carter
bc2db86d1c Make "Host" pattern list handling consistent with OpenSSH 
https://red.libssh.org/issues/187

Signed-off-by: Travers Carter <tcarter@noggin.com.au>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-03 17:57:12 +02:00
Andreas Schneider
1da5c94b44 client: If SSHv1 is disabled send the banner immediately 
This saves a round-trip with SSHv2 connecting to the server. See RFC
4253 section 5.2 (New Client, Old Server).

Thanks to Yang Yubo <yang@yangyubo.com> for the suggestion.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-03 09:41:26 +02:00
Andreas Schneider
3d1edffe77 client: Fix ssh_send_banner() to confirm with RFC 4253 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-03 09:41:26 +02:00
Andreas Schneider
cb52ed7b12 client: Fix maximum banner length 
According to RFC 4253 the max banner length is 255.

Thanks to Saju Panikulam <spanikulam@ipswitch.com> for the report.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-03 09:41:26 +02:00