1
1
Граф коммитов

988 Коммитов

Автор SHA1 Сообщение Дата
Fabiano Fidêncio
1102ea4c55 cleanup: use ssh_ prefix in the kex (non-static) functions
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
c487f5db5b cleanup: use ssh_ prefix in the dh (non-static) functions
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
501faacf8e cleanup: use ssh_ prefix in the channels (non-static) functions
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
adc8c20ac1 cleanup: use ssh_ prefix in the buffer (non-static) functions
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
63e52afd5b cleanup: use ssh_ prefix in the blf (non-static) functions
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
6f60449e18 cleanup: use ssh_ prefix in the bignum (non-static) functions
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
77052d3a1e cleanup: use ssh_ prefix in the agent (non-static) functions
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19 11:31:07 +01:00
Dirk Neukirchen
71ce6592e4 headers: fix missing mode_t (2nd)
Reviewed-By: Aris Adamantiadis <aris@0xbadc0de.be>
2015-11-10 18:38:16 +01:00
Andreas Schneider
21bf499bb4 agent: Fix agent auth on big endian machines
BUG: https://red.libssh.org/issues/204

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-10-20 17:16:38 +02:00
Aris Adamantiadis
84a85803b4 crypto: old-fashioned aes_ctr when evp_aes_ctr is missing 2015-09-25 11:51:45 +02:00
Aris Adamantiadis
d46fe6a51c SSH1: fix duplicate identifier 2015-09-25 08:52:38 +02:00
Aris Adamantiadis
e83b4e8129 libcrypto: clean up EVP functions 2015-09-25 00:05:10 +02:00
Axel Eppe
bdfe6870f6 pki: Add certificate loading functions
- ssh_pki_import_cert_base64()
- ssh_pki_import_cert_file()
- ssh_pki_import_cert_blob()
Those functions are currently simple wrappers around their pubkey counterpart.

- ssh_pki_copy_cert_to_privkey()
This function copies the cert-specific data to a private key.

Signed-off-by: Axel Eppe <aeppe@google.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-07 13:30:14 +02:00
Axel Eppe
6da4e21065 pki: Add rsa, dss certificate key type definitions
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types.
- Add a cert_type member in the ssh_key struct.

Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-07 13:29:23 +02:00
Andreas Schneider
3b0b1c3ee3 pki: Use the standard logging function
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-07 10:57:34 +02:00
Michael Wilder
e6f93c887b crypto: Add OpenSSL EVP functions for FIPS compatibility
Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
2015-09-07 07:45:01 +02:00
Tilo Eckert
71d86be42e define our own platform-independent S_IF macros
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-07-30 10:47:34 +02:00
Fabiano Fidêncio
2bf6e66ffe client: handle agent forward open requests with callbacks
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Aris Adamantiadis <aris@badcode.be>
2015-07-07 13:24:55 +02:00
Andreas Schneider
387fd2cf53 include: Add stdarg.h so we can check for va_copy macro
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-30 09:58:47 +02:00
Peter Volpe
7aeba71a92 agent: Add ssh_set_agent_socket
Allow callers to specify their own socket
for an ssh agent.

Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-29 09:47:02 +02:00
Douglas Heriot
a65af1b3b8 cmake: Do not use CMAKE_(SOURCE|BINARY)_DIR 2015-06-24 18:17:05 +02:00
Andreas Schneider
30a7229fc5 include: Add support for older MSVC versions
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-24 16:23:13 +02:00
Andreas Schneider
3f4b5436e5 Bump version to 0.7.0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06 11:01:33 +02:00
Andreas Schneider
ad09009201 include: Fix variadic macro issues with MSVC
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05 18:45:47 +02:00
Andreas Schneider
3f04367fb8 bind: Correctly close sockets and invalidate them.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-10 13:32:09 +02:00
Andreas Schneider
c699b9ca94 external: Use standard int types
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-10 13:02:56 +02:00
Andreas Schneider
53586ed4ba include: Do not make x11 variables const
We allocate them and also free them after the callback has been
executed.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-02 16:19:45 +02:00
Andreas Schneider
dbe7df7571 cmake: Detect __func__ and __FUNCTION__ during configure step
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-02 13:41:02 +02:00
Andreas Schneider
a3357b8920 include: We should use __func__ which is C99
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-02 10:58:36 +02:00
Aris Adamantiadis
940cb233ce buffer: buffer_pack & unpack on non-gnu compilers 2015-02-08 18:49:32 +01:00
Andreas Schneider
de10a7754b buffer: buffer: Improve argument checking of in ssh_buffer_pack()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-02-02 17:32:31 +01:00
Andreas Schneider
afc9988c93 buffer: Improve argument checking in ssh_buffer_pack()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-02-02 17:32:18 +01:00
Aris Adamantiadis
423fa6818b ed25519: ADd OpenSSH encrypted container import
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02 14:45:52 +01:00
Aris Adamantiadis
61e2c8f0f7 external: Add OpenSSH bcrypt and blowfish implementation
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02 14:45:52 +01:00
Aris Adamantiadis
c02b260e7e server: Add support for ed25519 keys in the server.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02 14:45:52 +01:00
Aris Adamantiadis
46bc11f977 ed25519: Add support to export OpenSSH container keys
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02 14:45:52 +01:00
Aris Adamantiadis
3ec3a926e5 ed25519: Add support o import OpenSSH container keys
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02 14:45:52 +01:00
Aris Adamantiadis
2f7886837f pki.h: Replace tabs with spaces
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02 14:45:52 +01:00
Léo Peltier
8db4520d89 cmake: Add libsshpp.hpp to the distributed headers list.
BUG: https://red.libssh.org/issues/163

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-20 19:32:48 +01:00
Jon Simons
6895d0b727 session: add getter for kexalgo
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05 10:48:07 +01:00
Jon Simons
4745d652b5 pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaks
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.

BUG: https://red.libssh.org/issues/175

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05 10:42:32 +01:00
Aris
93c7b81b4e ed25519: Generate, sign and verify keys.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-09-07 22:07:34 +02:00
Aris Adamantiadis
93e82fa0c0 crypto: Add ed25519 implementation from OpenSSH.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-09-07 21:35:20 +02:00
Aris Adamantiadis
86ae6b2251 buffer: Add a secure buffer mechanism to avoid memory spills
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-09-07 10:36:32 +02:00
Aris Adamantiadis
228dc08038 bignums: detach bignum-related functions from dh.c.
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-06 10:07:36 +02:00
Aris Adamantiadis
33cd594f1f crypto: fix secure burning, structure members naming
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-06 10:05:19 +02:00
Aris Adamantiadis
3b4b0f01ec buffer: add a hidden canary to detect format errors
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-06 09:58:52 +02:00
Aris Adamantiadis
c341da03d3 buffers: adapt sftp.c to ssh_buffer_(un)pack()
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-06 09:51:00 +02:00
Aris Adamantiadis
835e34d1eb Buffer: add ssh_buffer_(un)pack()
That function permits chaining of buffer values to minimize buffer handling
in packet sending code.

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-08-06 09:04:34 +02:00
Andreas Schneider
c2ee63431b pki: Add missing semi-colon. 2014-05-07 09:30:29 +02:00
Andreas Schneider
11cfb2903e pki: Make pki_key_ecdsa_nid_to_name() a shared function. 2014-04-23 11:12:08 +02:00
Dirkjan Bussink
6c74d6f891 Add options support for setting and getting HMAC algorithms
BUG: https://red.libssh.org/issues/91

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22 10:57:18 +02:00
Dirkjan Bussink
262c82ac06 Add negotiation for SHA2 HMAC algorithms
BUG: https://red.libssh.org/issues/91

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22 10:57:00 +02:00
Dirkjan Bussink
164b8e99cc Add logic to support SHA2 HMAC algorithms
BUG: https://red.libssh.org/issues/91

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22 10:56:46 +02:00
Dirkjan Bussink
4a08902664 Add SHA2 algorithms for HMAC
BUG: https://red.libssh.org/issues/91

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22 10:55:59 +02:00
Jon Simons
eb86fd8cdf kex: server fix for first_kex_packet_follows
Ensure to honor the 'first_kex_packet_follow' field when processing
KEXINIT messages in the 'ssh_packet_kexinit' callback.  Until now
libssh would assume that this field is always unset (zero).  But
some clients may set this (dropbear at or beyond version 2013.57),
and it needs to be included when computing the session ID.

Also include logic for handling wrongly-guessed key exchange algorithms.
Save whether a client's guess is wrong in a new field in the session
struct: when set, the next KEX_DHINIT message to be processed will be
ignored per RFC 4253, 7.1.

While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to
use softabs with a 4 space indent level throughout, and also convert
various error-checking to store intermediate values into an explicit
'rc'.

Patch adjusted from original to ensure that client tests remain passing
(ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit'
only for the 'server_kex' case.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22 09:26:59 +02:00
Andreas Schneider
e2805abbf7 Revert "kex: server fix for first_kex_packet_follows"
The patch breaks the client with ECDSA.

This reverts commit 5865b9436f.
2014-04-15 09:49:25 +02:00
Jon Simons
5865b9436f kex: server fix for first_kex_packet_follows
Ensure to honor the 'first_kex_packet_follow' field when processing
KEXINIT messages in the 'ssh_packet_kexinit' callback.  Until now
libssh would assume that this field is always unset (zero).  But
some clients may set this (dropbear at or beyond version 2013.57),
and it needs to be included when computing the session ID.

Also include logic for handling wrongly-guessed key exchange algorithms.
Save whether a client's guess is wrong in a new field in the session
struct: when set, the next KEX_DHINIT message to be processed will be
ignored per RFC 4253, 7.1.

While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to
use softabs with a 4 space indent level throughout, and also convert
various error-checking to store intermediate values into an explicit
'rc'.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-10 08:54:10 +02:00
Andreas Schneider
ad1313c2e5 Revert "direct-tcpip and forwarded-tcpip callbacks"
This reverts commit efe785e711.

We need a Signed-off version. I didn't have the Certificate of Origin
yet.
2014-04-09 12:49:06 +02:00
Loïc Michaux
efe785e711 direct-tcpip and forwarded-tcpip callbacks 2014-04-09 11:13:57 +02:00
Jon Simons
48aca98cd5 pki crypto: expose new ssh_pki_key_ecdsa_name API
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a
new 'ssh_pki_key_ecdsa_name' API.  This gives more information than the
'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys.
The motivation is that this info is useful to have in a server context.

The torture_pki unit test is updated to include the new API, and a few
more passes are added to additionally test 384 and 521-bit keys.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-09 11:01:11 +02:00
Petar Koretic
89e154f78c libsshpp: include required <string> header for std::string
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-09 10:59:59 +02:00
Alan Dunn
47bd0b6d1f doc: Improve and consolidate ssh_bind_options_set docs
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27 10:49:08 +01:00
Petar Koretic
8e2590b535 libssh: libhpp: overload read function to support timeout parameter
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27 10:48:13 +01:00
Petar Koretic
c51f42a566 libssh: libhpp: avoid unnecessary call to ssh_channel_read
ssh_channel_read is a wrapper for ssh_channel_read_timeout with timeout
-1 (infinite) so we call that directly.

Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27 10:46:21 +01:00
Petar Koretic
00d4fbe753 libssh: libhpp: fix multiple definitions for acceptForward function
Defining a non inlined class function in a header will cause multiple
definitions when header is included in more that one file since for each
file function will get defined.

Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27 10:45:54 +01:00
Alan Dunn
2a1089d607 options: Allow use of host ECDSA key
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27 10:05:23 +01:00
Aris Adamantiadis
e99246246b security: fix for vulnerability CVE-2014-0017
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
2014-03-04 09:55:28 +01:00
Audrius Butkevicius
a277dd9277 Add session/channel byte/packet counters
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@elastichosts.com>
2014-02-12 18:21:16 +01:00
Jon Simons
93370d61ba session: add getters for session cipher names
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-06 10:21:07 +01:00
Aris Adamantiadis
fdc660f313 knownhosts: detect variations of ecdsa 2014-02-04 22:28:30 +01:00
Jon Simons
f7b61bf557 doc: correct ssh_channel_read_timeout units
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02 22:19:46 +01:00
Audrius Butkevicius
adf4d4f147 doc: Document expected return value of channel data callback
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02 22:19:46 +01:00
Joseph Southwell
6bbdaceaca src: Define MAX_BUF_SIZE globally and use it.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02 22:19:46 +01:00
Aris Adamantiadis
31fb4e1e69 build: remove OSX deprecated warnings for openssl 2014-02-02 21:41:32 +01:00
Aris Adamantiadis
671f1979a6 server: allow custom server banners (bug #83) 2014-02-01 18:00:01 +01:00
Aris Adamantiadis
c433ac02bd known_hosts: add ssh_knownhosts_algorithms()
Goal of that function is to test the preferred key exchange methods
based on what's available in the known_hosts file
2014-02-01 16:42:29 +01:00
Andreas Schneider
cb9786b3ae src: Rename buffer_add_data() to ssh_buffer_add_data(). 2014-01-19 20:55:55 +01:00
Andreas Schneider
9c4144689d src: Rename buffer_init to ssh_buffer_init(). 2014-01-19 20:43:29 +01:00
Andreas Schneider
a7157b7907 include: Mark functions as deprecated! 2014-01-16 15:27:23 +01:00
Andreas Schneider
5229253f86 channel: Fix the name scheme of the forward functions. 2014-01-16 09:13:06 +01:00
Oleksandr Shneyder
a1c4fc07d4 channel: Add ssh_channel_accept_forward().
This works same way as ssh_forward_accept() but can return a destination
port of the channel (useful if SSH connection forwarding several TCP/IP
ports).

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-16 09:12:03 +01:00
Aris Adamantiadis
57ef959aa3 threads: support libgcrypt 1.6 hack
Not 100% satisfied of this patch, but the way libgcrypt handles
threading in 1.6 is not compatible with custom handlers. The
new code basicaly uses pthreads in every case. This will probably
not work on windows.
2014-01-08 18:57:31 +01:00
Andreas Schneider
b617d7fa29 include: Remove warning cause VSC doesn't know about it. 2014-01-08 10:55:20 +01:00
Andreas Schneider
4b3363ecf2 include: Fix building if we do not have asm volatile. 2014-01-08 10:52:29 +01:00
Jon Simons
a1f0b2acfc session: Add ssh_get_clientbanner(). 2013-12-07 16:24:33 +01:00
Andreas Schneider
d65777b570 channels: Add a ssh_channel_read_timeout function. 2013-12-04 20:34:13 +01:00
Andreas Schneider
136efd6ed5 pki: Add ssh_pki_import_privkey_file(). 2013-11-27 22:54:13 +01:00
Andreas Schneider
68c3c26029 pki_gcrypt: Add pki_private_key_to_pem() stub. 2013-11-27 22:54:13 +01:00
Andreas Schneider
7ecdc3e0d5 ecdh: Check if we have ECC support. 2013-11-27 17:38:21 +01:00
Nicolas Viennot
7b63fe2f22 server: Add a ssh_send_keepalive() function.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-24 23:21:04 +01:00
Simo Sorce
811c645f2a options: Add SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS option.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-15 16:10:29 -05:00
Andreas Schneider
095a01b70c options: Add SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY option. 2013-11-15 15:50:09 +01:00
Andreas Schneider
41d99d32e8 gssapi: Add suppport to set GSSAPI server identity. 2013-11-15 15:50:09 +01:00
Colin Walters
4cc7f4ad03 Add ssh_get_poll_flags()
For integration with an external mainloop, we need to know how to
replicate libssh's internal poll() calls.  We originally through
ssh_get_status() was that API, but it's not really - those flags only
get updated from the *result* of a poll(), where what we really need
is to know how libssh would *start* a poll().

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-09 12:26:19 +01:00
Andreas Schneider
06cd9bc4dc dh: Add new ssh_get_publickey_hash() function. 2013-11-06 17:10:35 +01:00
Aris Adamantiadis
cb165df64e remove warnings on OSX (workaround) 2013-11-04 10:47:22 +01:00
Aris Adamantiadis
c5ef5ed18f curve25519: include reference implementation 2013-11-03 14:58:10 +01:00
Aris Adamantiadis
04cb94a2dd socket: Fix check for pending data.
BUG: https://red.libssh.org/issues/119

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-03 12:46:27 +01:00
Andreas Schneider
d2dea8dc2e priv: Fix brackets of burn macros. 2013-11-03 10:24:47 +01:00
Alan Dunn
ee95c05c08 SSH_AUTH_OK -> SSH_AUTH_SUCCESS in comments
A few callback descriptions refer to a non-existent value SSH_AUTH_OK,
which should be SSH_AUTH_SUCCESS.  This commit fixes these.

Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-10-31 08:18:55 +01:00
Andreas Schneider
cfea381307 cmake: Check for isblank(). 2013-10-30 17:30:07 +01:00
Andreas Schneider
5baa6aed6b include: Fix build on platforms without ECC. 2013-10-21 07:15:59 +02:00
Andreas Schneider
5201c5850e wrapper: Fix compilation with gcrypt. 2013-10-19 10:39:00 +02:00
Andreas Schneider
ac4c5699b1 pki: Add the type as a char pointer. 2013-10-18 23:22:24 +02:00
Andreas Schneider
15e31eb464 wrapper: Add more evp functions. 2013-10-18 23:22:24 +02:00
Aris Adamantiadis
4cb6afcbd4 kex: implement curve25519-sha256@libssh.org 2013-09-27 15:32:44 +02:00
Andreas Schneider
5e2fbbc202 callbacks: Improve the documentation of ssh_threads_set_callbacks().
BUG: https://red.libssh.org/issues/123
2013-09-16 10:54:30 +02:00
Andreas Schneider
8e703b9974 callbacks: Improve the documentation of ssh_threads_get_noop().
BUG: https://red.libssh.org/issues/123
2013-09-16 10:50:25 +02:00
Andreas Schneider
20658abc78 session: Remove obsolete status variables.
BUG: https://red.libssh.org/issues/121
2013-09-16 10:38:14 +02:00
Andreas Schneider
7a64dd1b9a channel: Make channel_write_common() static. 2013-08-13 08:17:15 +02:00
Andreas Schneider
7f2049b0d5 include: Add a MIN macro. 2013-08-13 08:15:16 +02:00
Andreas Schneider
7375de0b05 include: Fix a build warning in MinGW. 2013-07-27 10:55:53 +02:00
Andreas Schneider
1829e9981b cmake: Check for HAVE_GCC_VOLATILE_MEMORY_PROTECTION.
This ensures that the memset call is not optimized out by the compiler
(works works with gcc and clang).
2013-07-23 10:44:39 +02:00
Andreas Schneider
8ff6a7a850 cmake: Check for _strtoui64() on Windows. 2013-07-22 13:01:36 +02:00
Andreas Schneider
5e7b15e2c1 pki: Fix declaration of ssh_pki_convert functions. 2013-07-22 10:20:14 +02:00
Andreas Schneider
20312e23b7 log: Make _ssh_log() public. 2013-07-21 11:53:55 +02:00
Andreas Schneider
c64ec43eef src: Remove enter_function() and leave_function(). 2013-07-14 13:31:24 +02:00
Andreas Schneider
c28efb8cbc include: Mark ssh_log as depcrecated. 2013-07-14 12:44:32 +02:00
Andreas Schneider
ebdd0c6ac1 src: Migrate to SSH_LOG. 2013-07-14 12:44:26 +02:00
Andreas Schneider
dcd94de076 error: Use new logging function. 2013-07-14 12:37:12 +02:00
Andreas Schneider
2c91efcc68 log: Implment new logging functions. 2013-07-14 12:36:59 +02:00
Andreas Schneider
73309f19e5 cmake: Check if we have Thread Local Storage support. 2013-07-14 12:36:35 +02:00
Aris Adamantiadis
ad92740dc3 server: Fix compilation without WITH_SERVER 2013-07-14 09:30:59 +02:00
Aris Adamantiadis
2ab7f2be75 server: add pubkey auth callback
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 15:23:33 +02:00
Aris Adamantiadis
0d1ec1fa48 gssapi: Add user parameter to gssapi auth callback
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 15:03:18 +02:00
Aris Adamantiadis
b0ab39a6f1 gssapi: gssapi callbacks serverside
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 15:02:03 +02:00
Aris Adamantiadis
31a129ee9e sftp: more flexibility on channels
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 15:01:17 +02:00
Aris Adamantiadis
7e7910a1ca sftp: added useful server APIs
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 15:00:52 +02:00
Aris Adamantiadis
2a0c1e917f server: callback for channel_request_subsystem
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:59:46 +02:00
Aris Adamantiadis
db20a22e51 server: added 2 missing channel callbacks
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:59:21 +02:00
Aris Adamantiadis
458e4c07c7 server: export ssh_channel_open_x11()
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:58:06 +02:00
Aris Adamantiadis
3e7bd72f76 client: handle x11 channel open requests with callbacks
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:57:13 +02:00
Aris Adamantiadis
f457080d62 server: Implement X11 requests and window-change
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:56:37 +02:00
Aris Adamantiadis
37cce98f7e Doc: fix a few broken parameters
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:56:14 +02:00
Aris Adamantiadis
7e306a9ec6 server: implement server-side of agent forwarding
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:55:58 +02:00
Aris Adamantiadis
81e769ec6a channels: implement callback for agent forwarding request
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:55:47 +02:00
Aris Adamantiadis
e933d1e1b1 callbacks: make the channel accept callback more logical
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:51:00 +02:00
Aris Adamantiadis
e76442b650 ssh-agent: implement the clientside for agent forwarding auth.
This can only be used to authenticate the client, not to allow the
connected server to transfer agent requests

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:51:00 +02:00
Aris Adamantiadis
86ae29b30d gssapi: implement ticket delegation
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:51:00 +02:00
Aris Adamantiadis
65eccf1969 gssapi: retrieve forwarded (delegated) tickets
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:50:56 +02:00
Aris Adamantiadis
7cb6b15aaa auth: implement client-side gssapi
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:41:20 +02:00
Aris Adamantiadis
7fef6e817e auth: implement gssapi-with-mic server side
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:21:36 +02:00
Aris Adamantiadis
3b52e38a33 auth: adapt libssh to gssapi-with-mic server
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:21:36 +02:00
Aris Adamantiadis
950d8e89a9 callbacks: new callbacks for gssapi
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:19:23 +02:00
Aris Adamantiadis
3d7b24c534 gssapi: added SSH constants
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:12:06 +02:00
Aris Adamantiadis
66b37c856c session: Introduce SSH_TIMEOUT_DEFAULT
The default timeout of 30seconds is very nice when connecting to a new SSH
session, however it completely breaks the synchronous blocking API.
Use SSH_TIMEOUT_DEFAULT when in blocking mode so channel reads&write are blocking
as expected

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:03:42 +02:00
Aris Adamantiadis
6bc64c368d server: added channel callbacks
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:00:18 +02:00
Aris Adamantiadis
ab2e641b4a Defined SSH server callbacks interface
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 13:59:58 +02:00
Andreas Schneider
2b68728552 socket: Check if socket (non)blocking is working. 2013-06-17 13:18:55 +02:00
Andreas Schneider
d83b3d9ebe pki: Limit privkey to 4M for now. 2013-06-17 12:07:32 +02:00
Andreas Schneider
8455d79bb6 priv: Make really sure memset doesn't get optimzed out. 2013-03-13 15:37:51 +01:00
Andreas Schneider
b2f52799c2 include: Fix the LGPL header.
This has been reported by rpmlint:
libssh-devel.x86_64: W: incorrect-fsf-address libssh.h
2013-01-23 00:22:46 +01:00
Aris Adamantiadis
63c3f0e736 Implement key re-exchange 2012-12-23 23:09:50 +01:00
Andreas Schneider
b14df297fa BUG 97: Fix strtoull() detection on serveral platforms. 2012-12-03 14:00:06 +01:00
Andreas Schneider
3896aa43ff BUG 96: Guard ntohll() and htonll prototypes correctly. 2012-12-03 13:44:02 +01:00
Andreas Schneider
da8d44ccba BUG 98: Use __attribute__ ((packed)) only with GCC. 2012-12-03 13:19:29 +01:00
Andreas Schneider
ea0e858de0 priv: Add BURN_BUFFER macro and make sure it isn't optimzed out. 2012-11-23 11:56:21 +01:00
Andreas Schneider
e403596d98 pki: Add a size limit for pubkey files. 2012-11-21 12:44:00 +01:00
Andreas Schneider
95ab34696b kex: Use getter functions to access kex arrays.
This should fix the build on OpenIndiana.
2012-10-12 17:46:37 +02:00
Andreas Schneider
f2c183b413 include: Fix an include recursion.
It includes itself: libssh.h -> legacy.h -> libssh.h.

Found by Coverity.
2012-10-12 08:07:01 +02:00
Dmitriy Kuznetsov
320951f42f kex: Add simple DES support for SSHv1. 2012-09-07 12:19:43 +02:00
Dmitriy Kuznetsov
e689375e45 dh: Add support for diffie-hellman-group14-sha1. 2012-09-04 16:17:46 +02:00
Andreas Schneider
43e3a8e497 socket: Add a SSH_WRITE_PENDING socket status. 2012-07-17 18:05:51 +02:00
Oliver Gasser
ad24427f03 options: Add option to specify host keys string.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2012-07-06 11:04:05 +02:00
Andreas Schneider
1973e833f2 server: Add ecdsa hostkey support. 2012-02-19 18:49:07 +01:00
Andreas Schneider
ee774479de session: Use a struct for all options. 2012-02-05 11:50:49 +01:00
Andreas Schneider
216cb8b1aa crypto: Add evp hashing function. 2012-02-04 23:44:55 +01:00
Andreas Schneider
9070b04184 pki: Add ecdsa support for signature_to_blob. 2012-02-04 18:37:04 +01:00
Andreas Schneider
b309dd8fb7 pki: Add support to generate ecdsa keys. 2012-02-04 18:37:04 +01:00
Andreas Schneider
f35c284761 pki: Add support to import ecdsa pubkeys. 2012-02-04 18:37:04 +01:00
Andreas Schneider
ea74a12b70 pki: Add support to import ecdsa private keys. 2012-02-04 18:37:03 +01:00
Martin Drasar
31727bf33a Ignore and debug messages can be sent using public API
Signed-off-by: Martin Drasar <drasar@ics.muni.cz>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2012-01-05 11:26:53 +01:00
rofl0r
2ffbdb0492 commit a7e14524c4f7903f607cdcd02b83782e89f0a82c 2012-01-02 16:31:37 +01:00
rofl0r
4305da29a1 session: Cleanup timeout functions.
It is possible that we get unrelated packets while waiting for
termination, thus waiting indefinitely. As a workaround we have to
check the user-supplied timeout.
2012-01-02 12:39:43 +01:00
Andreas Schneider
76fad364cd sftp: Add references to sftp_get_error() to docs. 2011-11-17 19:12:31 +01:00
Andreas Schneider
ce0324770d kex: Fix some build warnings. 2011-11-10 14:46:22 +01:00
Andreas Schneider
2c04994443 pki: Add a ssh_key_cmp() function. 2011-10-29 19:58:28 +02:00
Andreas Schneider
e799c0ce7d dh: Add ssh_get_publickey(). 2011-10-29 19:58:28 +02:00
Lee Hambley
e797781bb5 Implement ssh_options_get_port(ssh_session, unsigned int*). 2011-10-28 12:15:12 +02:00
Lee Hambley
6bd95b50f5 Implement ssh_options_get(ssh_session, enum ssh_options_e, char**). 2011-10-28 12:14:34 +02:00
Aris Adamantiadis
551a0c855b server: ssh_bind_accept_fd
This function will not call accept() but use function parameter
instead
2011-10-13 22:23:48 +02:00
Aris Adamantiadis
e38f2f933b pki: ssh_pki_generate
for both gcrypt and openssl
2011-09-24 01:36:58 +02:00
Andreas Schneider
5083742192 packet: Move packet callbacks to packet_cb.c. 2011-09-18 21:37:18 +02:00
Andreas Schneider
7202a26b6c priv: Remove dead prototype. 2011-09-18 21:37:17 +02:00
Andreas Schneider
b785014a15 crypt: Rename to packet_crypt. 2011-09-18 21:37:17 +02:00
Andreas Schneider
acfc8ea83f priv: Remove crypto.h and add correct includes to src files. 2011-09-18 21:37:17 +02:00
Andreas Schneider
c2686b8feb socket: Move socket function to right location. 2011-09-18 21:37:17 +02:00
Andreas Schneider
e7009fe8f3 priv: Create crc32.h.
As crc32 is only needed by SSHv1, build it only with SSHv1.
2011-09-18 21:37:17 +02:00
Andreas Schneider
ffb827b539 priv: Move gcrypt functions to gcrypt header. 2011-09-18 21:37:17 +02:00
Andreas Schneider
33754c391f priv: Start to remove enter_function. 2011-09-18 21:37:17 +02:00
Andreas Schneider
d7fa15df83 priv: Move kex functions to kex header. 2011-09-18 21:37:17 +02:00
Andreas Schneider
519291558d priv: Move options and config prototypes to own header. 2011-09-18 21:37:17 +02:00
Andreas Schneider
abd9856c6a priv: Move defines to the top. 2011-09-18 21:37:17 +02:00
Aris Adamantiadis
09b33b1b6e server: split dh_handsake_server 2011-09-18 20:34:16 +02:00
Aris Adamantiadis
af09313eac crypto: rename crypto_struct -> ssh_cipher_struct 2011-09-18 20:34:16 +02:00
Aris Adamantiadis
ac41a083ef kex: moved KEX structures to ssh_crypto_struct 2011-09-18 20:34:16 +02:00
Aris Adamantiadis
07abc3406d kex: split key selection and sending 2011-09-18 20:34:15 +02:00
Aris Adamantiadis
8f1161f649 scp: introduce a 64bits getter to respect ABI 2011-09-18 20:34:15 +02:00
Andreas Schneider
fa7798833a pki: Use ssh_log_function() for ssh_pki_log(). 2011-09-17 11:09:19 +02:00