Aris Adamantiadis
e99246246b
security: fix for vulnerability CVE-2014-0017
...
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
2014-03-04 09:55:28 +01:00
Audrius Butkevicius
a277dd9277
Add session/channel byte/packet counters
...
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@elastichosts.com>
2014-02-12 18:21:16 +01:00
Jon Simons
93370d61ba
session: add getters for session cipher names
...
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-06 10:21:07 +01:00
Aris Adamantiadis
fdc660f313
knownhosts: detect variations of ecdsa
2014-02-04 22:28:30 +01:00
Jon Simons
f7b61bf557
doc: correct ssh_channel_read_timeout units
...
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02 22:19:46 +01:00
Audrius Butkevicius
adf4d4f147
doc: Document expected return value of channel data callback
...
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02 22:19:46 +01:00
Joseph Southwell
6bbdaceaca
src: Define MAX_BUF_SIZE globally and use it.
...
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02 22:19:46 +01:00
Aris Adamantiadis
31fb4e1e69
build: remove OSX deprecated warnings for openssl
2014-02-02 21:41:32 +01:00
Aris Adamantiadis
671f1979a6
server: allow custom server banners (bug #83 )
2014-02-01 18:00:01 +01:00
Aris Adamantiadis
c433ac02bd
known_hosts: add ssh_knownhosts_algorithms()
...
Goal of that function is to test the preferred key exchange methods
based on what's available in the known_hosts file
2014-02-01 16:42:29 +01:00
Andreas Schneider
cb9786b3ae
src: Rename buffer_add_data() to ssh_buffer_add_data().
2014-01-19 20:55:55 +01:00
Andreas Schneider
9c4144689d
src: Rename buffer_init to ssh_buffer_init().
2014-01-19 20:43:29 +01:00
Andreas Schneider
a7157b7907
include: Mark functions as deprecated!
2014-01-16 15:27:23 +01:00
Andreas Schneider
5229253f86
channel: Fix the name scheme of the forward functions.
2014-01-16 09:13:06 +01:00
Oleksandr Shneyder
a1c4fc07d4
channel: Add ssh_channel_accept_forward().
...
This works same way as ssh_forward_accept() but can return a destination
port of the channel (useful if SSH connection forwarding several TCP/IP
ports).
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-16 09:12:03 +01:00
Aris Adamantiadis
57ef959aa3
threads: support libgcrypt 1.6 hack
...
Not 100% satisfied of this patch, but the way libgcrypt handles
threading in 1.6 is not compatible with custom handlers. The
new code basicaly uses pthreads in every case. This will probably
not work on windows.
2014-01-08 18:57:31 +01:00
Andreas Schneider
b617d7fa29
include: Remove warning cause VSC doesn't know about it.
2014-01-08 10:55:20 +01:00
Andreas Schneider
4b3363ecf2
include: Fix building if we do not have asm volatile.
2014-01-08 10:52:29 +01:00
Jon Simons
a1f0b2acfc
session: Add ssh_get_clientbanner().
2013-12-07 16:24:33 +01:00
Andreas Schneider
d65777b570
channels: Add a ssh_channel_read_timeout function.
2013-12-04 20:34:13 +01:00
Andreas Schneider
136efd6ed5
pki: Add ssh_pki_import_privkey_file().
2013-11-27 22:54:13 +01:00
Andreas Schneider
68c3c26029
pki_gcrypt: Add pki_private_key_to_pem() stub.
2013-11-27 22:54:13 +01:00
Andreas Schneider
7ecdc3e0d5
ecdh: Check if we have ECC support.
2013-11-27 17:38:21 +01:00
Nicolas Viennot
7b63fe2f22
server: Add a ssh_send_keepalive() function.
...
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-24 23:21:04 +01:00
Simo Sorce
811c645f2a
options: Add SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS option.
...
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-15 16:10:29 -05:00
Andreas Schneider
095a01b70c
options: Add SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY option.
2013-11-15 15:50:09 +01:00
Andreas Schneider
41d99d32e8
gssapi: Add suppport to set GSSAPI server identity.
2013-11-15 15:50:09 +01:00
Colin Walters
4cc7f4ad03
Add ssh_get_poll_flags()
...
For integration with an external mainloop, we need to know how to
replicate libssh's internal poll() calls. We originally through
ssh_get_status() was that API, but it's not really - those flags only
get updated from the *result* of a poll(), where what we really need
is to know how libssh would *start* a poll().
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-09 12:26:19 +01:00
Andreas Schneider
06cd9bc4dc
dh: Add new ssh_get_publickey_hash() function.
2013-11-06 17:10:35 +01:00
Aris Adamantiadis
cb165df64e
remove warnings on OSX (workaround)
2013-11-04 10:47:22 +01:00
Aris Adamantiadis
c5ef5ed18f
curve25519: include reference implementation
2013-11-03 14:58:10 +01:00
Aris Adamantiadis
04cb94a2dd
socket: Fix check for pending data.
...
BUG: https://red.libssh.org/issues/119
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-03 12:46:27 +01:00
Andreas Schneider
d2dea8dc2e
priv: Fix brackets of burn macros.
2013-11-03 10:24:47 +01:00
Alan Dunn
ee95c05c08
SSH_AUTH_OK -> SSH_AUTH_SUCCESS in comments
...
A few callback descriptions refer to a non-existent value SSH_AUTH_OK,
which should be SSH_AUTH_SUCCESS. This commit fixes these.
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-10-31 08:18:55 +01:00
Andreas Schneider
cfea381307
cmake: Check for isblank().
2013-10-30 17:30:07 +01:00
Andreas Schneider
5baa6aed6b
include: Fix build on platforms without ECC.
2013-10-21 07:15:59 +02:00
Andreas Schneider
5201c5850e
wrapper: Fix compilation with gcrypt.
2013-10-19 10:39:00 +02:00
Andreas Schneider
ac4c5699b1
pki: Add the type as a char pointer.
2013-10-18 23:22:24 +02:00
Andreas Schneider
15e31eb464
wrapper: Add more evp functions.
2013-10-18 23:22:24 +02:00
Aris Adamantiadis
4cb6afcbd4
kex: implement curve25519-sha256@libssh.org
2013-09-27 15:32:44 +02:00
Andreas Schneider
5e2fbbc202
callbacks: Improve the documentation of ssh_threads_set_callbacks().
...
BUG: https://red.libssh.org/issues/123
2013-09-16 10:54:30 +02:00
Andreas Schneider
8e703b9974
callbacks: Improve the documentation of ssh_threads_get_noop().
...
BUG: https://red.libssh.org/issues/123
2013-09-16 10:50:25 +02:00
Andreas Schneider
20658abc78
session: Remove obsolete status variables.
...
BUG: https://red.libssh.org/issues/121
2013-09-16 10:38:14 +02:00
Andreas Schneider
7a64dd1b9a
channel: Make channel_write_common() static.
2013-08-13 08:17:15 +02:00
Andreas Schneider
7f2049b0d5
include: Add a MIN macro.
2013-08-13 08:15:16 +02:00
Andreas Schneider
7375de0b05
include: Fix a build warning in MinGW.
2013-07-27 10:55:53 +02:00
Andreas Schneider
1829e9981b
cmake: Check for HAVE_GCC_VOLATILE_MEMORY_PROTECTION.
...
This ensures that the memset call is not optimized out by the compiler
(works works with gcc and clang).
2013-07-23 10:44:39 +02:00
Andreas Schneider
8ff6a7a850
cmake: Check for _strtoui64() on Windows.
2013-07-22 13:01:36 +02:00
Andreas Schneider
5e7b15e2c1
pki: Fix declaration of ssh_pki_convert functions.
2013-07-22 10:20:14 +02:00
Andreas Schneider
20312e23b7
log: Make _ssh_log() public.
2013-07-21 11:53:55 +02:00