1
1
Fork 0

updated docs for 1.10.0 release

This commit is contained in:
Will Cosgrove 2021-05-12 11:09:59 -07:00 committed by Daniel Stenberg
parent a88a727c2a
commit 635caa9078
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
5 changed files with 126 additions and 108 deletions

View File

@ -2,7 +2,7 @@
* Copyright (c) 2005,2006 Mikhail Gusarov <dottedmag@dottedmag.net>
* Copyright (c) 2006-2007 The Written Word, Inc.
* Copyright (c) 2007 Eli Fant <elifantu@mail.ru>
* Copyright (c) 2009-2019 Daniel Stenberg
* Copyright (c) 2009-2021 Daniel Stenberg
* Copyright (C) 2008, 2009 Simon Josefsson
* Copyright (c) 2000 Markus Friedl
* Copyright (c) 2015 Microsoft Corp.

View File

@ -1,44 +1,62 @@
libssh2 1.9.0
libssh2 1.10
This release includes the following enhancements and bugfixes:
o adds ECDSA keys and host key support when using OpenSSL
o adds ED25519 key and host key support when using OpenSSL 1.1.1
o adds OpenSSH style key file reading
o adds AES CTR mode support when using WinCNG
o adds PEM passphrase protected file support for Libgcrypt and WinCNG
o adds SHA256 hostkey fingerprint
o adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
o adds explicit zeroing of sensitive data in memory
o adds additional bounds checks to network buffer reads
o adds the ability to use the server default permissions when creating sftp directories
o adds support for building with OpenSSL no engine flag
o adds support for building with LibreSSL
o increased sftp packet size to 256k
o fixed oversized packet handling in sftp
o fixed building with OpenSSL 1.1
o fixed a possible crash if sftp stat gets an unexpected response
o fixed incorrect parsing of the KEX preference string value
o fixed conditional RSA and AES-CTR support
o fixed a small memory leak during the key exchange process
o fixed a possible memory leak of the ssh banner string
o fixed various small memory leaks in the backends
o fixed possible out of bounds read when parsing public keys from the server
o fixed possible out of bounds read when parsing invalid PEM files
o no longer null terminates the scp remote exec command
o now handle errors when diffie hellman key pair generation fails
o fixed compiling on Windows with the flag STDCALL=ON
o improved building instructions
o adds agent forwarding support
o adds OpenSSH Agent support on Windows
o adds ECDSA key support using the Mbed TLS backend
o adds ECDSA cert authentication
o adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512,
diffie-hellman-group18-sha512 key exchanges
o adds support for PKIX key reading when using ed25519 with OpenSSL
o adds support for EWOULDBLOCK on VMS systems
o adds support for building with OpenSSL 3
o adds support for using FIPS mode in OpenSSL
o adds debug symbols when building with MSVC
o adds support for building on the 3DS
o adds unicode build support on Windows
o restores os400 building
o increases min, max and opt Diffie Hellman group values
o improves portiablity of the make file
o improves timeout behavior with 2FA keyboard auth
o various improvements to the Wincng backend
o fixes reading parital packet replies when using an agent
o fixes Diffie Hellman key exchange on Windows 1903+ builds
o fixes building tests with older versions of OpenSSL
o fixes possible multiple definition warnings
o fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
o fixes potential use after free if libssh2_init() is called twice
o improved linking when using Mbed TLS
o fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
o fixes crash when loading public keys with no id
o fixes possible out of bounds read when exchanging keys
o fixes possible out of bounds read when reading packets
o fixes possible out of bounds read when opening an X11 connection
o fixes possible out of bounds read when ecdh host keys
o fixes possible hang when trying to read a disconnected socket
o fixes a crash when using the delayed compression option
o fixes read error with large known host entries
o fixes various warnings
o fixes various small memory leaks
o improved error handling, various detailed errors will now be reported
o builds are now using OSS-Fuzz
o builds now use autoreconf instead of a custom build script
o cmake now respects install directory
o improved CI backend
o updated HACKING-CRYPTO documentation
o use markdown file extensions
o improved unit tests
This release would not have looked like this without help, code, reports and
advice from friends like these:
Peter Surge, Will Cosgrove, Daniel Stenberg, Alex Arslan, Alex Crichton,
Thomas Bleeker, Keno Fischer, Marc Hörsken, Marcel Raad, Viktor Szakats,
Kamil Dudka, Panos, Etienne Samson, Tseng Jun, Brendan Shanks, doublex,
Erik B, Jakob Egger, Thomas Lochmatter, alex-weaver, Adrian Moran, Zenju,
gartens, Matthew D. Fuller, Ryan Kelley, Zhen-Huan HWANG, Orivej Desh,
Alexander Curtiss
(29 contributors)
katzer, Orgad Shaneh, mark-i-m, Zenju, axjowa, Thilo Schulz,
Etienne Samson, hlefebvre, seba30, Panos, jethrogb, Fabrice Fontaine,
Will Cosgrove, Daniel Stenberg, Michael Buckley, Wallace Souza Silva,
Romain-Geissler-1A, meierha, Tseng Jun, Thomas Klausner, Brendan Shanks,
Harry Sintonen, monnerat, Koutheir Attouchi, Marc Hörsken, yann-morin-1998,
Wez Furlong, TDi-jonesds, David Benjamin, Max Dymond, Igor Klevanets,
Viktor Szakats, Laurent Stacul, Mstrodl, Gabriel Smith, MarcT512,
Paul Capron, teottin, Tor Erik Ottinsen, Brian Inglis
(40 contributors)

View File

@ -1,4 +1,4 @@
Definitions needed to implement a specific crypto library
Definitions needed to implement a specific crypto library
This document offers some hints about implementing a new crypto library
interface.
@ -67,14 +67,14 @@ Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
void libssh2_hmac_update(libssh2_hmac_ctx ctx,
const unsigned char *data,
int datalen);
const unsigned char *data,
int datalen);
Continue computation of an HMAC on datalen bytes at data using context ctx.
Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
void libssh2_hmac_final(libssh2_hmac_ctx ctx,
unsigned char output[]);
unsigned char output[]);
Get the computed HMAC from context ctx into the output buffer. The
minimum data buffer size depends on the HMAC hash algorithm.
Note: if the ctx parameter is modified by the underlying code,
@ -100,8 +100,8 @@ Initializes the SHA-1 computation context at x.
Returns 1 for success and 0 for failure
void libssh2_sha1_update(libssh2_sha1_ctx ctx,
const unsigned char *data,
size_t len);
const unsigned char *data,
size_t len);
Continue computation of SHA-1 on len bytes at data using context ctx.
Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
@ -115,8 +115,8 @@ Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
void libssh2_hmac_sha1_init(libssh2_hmac_ctx *ctx,
const void *key,
int keylen);
const void *key,
int keylen);
Setup the HMAC computation context ctx for an HMAC-SHA-1 computation using the
keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
@ -134,14 +134,14 @@ Initializes the SHA-256 computation context at x.
Returns 1 for success and 0 for failure
void libssh2_sha256_update(libssh2_sha256_ctx ctx,
const unsigned char *data,
size_t len);
const unsigned char *data,
size_t len);
Continue computation of SHA-256 on len bytes at data using context ctx.
Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
void libssh2_sha256_final(libssh2_sha256_ctx ctx,
unsigned char output[SHA256_DIGEST_LENGTH]);
unsigned char output[SHA256_DIGEST_LENGTH]);
Gets the computed SHA-256 signature from context ctx into the output buffer.
Release the context.
Note: if the ctx parameter is modified by the underlying code,
@ -160,8 +160,8 @@ LIBSSH2_HMAC_SHA256
If defined as 0, the rest of this section can be omitted.
void libssh2_hmac_sha256_init(libssh2_hmac_ctx *ctx,
const void *key,
int keylen);
const void *key,
int keylen);
Setup the HMAC computation context ctx for an HMAC-256 computation using the
keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
@ -179,14 +179,14 @@ Initializes the SHA-384 computation context at x.
Returns 1 for success and 0 for failure
void libssh2_sha384_update(libssh2_sha384_ctx ctx,
const unsigned char *data,
size_t len);
const unsigned char *data,
size_t len);
Continue computation of SHA-384 on len bytes at data using context ctx.
Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
void libssh2_sha384_final(libssh2_sha384_ctx ctx,
unsigned char output[SHA384_DIGEST_LENGTH]);
unsigned char output[SHA384_DIGEST_LENGTH]);
Gets the computed SHA-384 signature from context ctx into the output buffer.
Release the context.
Note: if the ctx parameter is modified by the underlying code,
@ -213,14 +213,14 @@ Initializes the SHA-512 computation context at x.
Returns 1 for success and 0 for failure
void libssh2_sha512_update(libssh2_sha512_ctx ctx,
const unsigned char *data,
size_t len);
const unsigned char *data,
size_t len);
Continue computation of SHA-512 on len bytes at data using context ctx.
Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
void libssh2_sha512_final(libssh2_sha512_ctx ctx,
unsigned char output[SHA512_DIGEST_LENGTH]);
unsigned char output[SHA512_DIGEST_LENGTH]);
Gets the computed SHA-512 signature from context ctx into the output buffer.
Release the context.
Note: if the ctx parameter is modified by the underlying code,
@ -239,8 +239,8 @@ LIBSSH2_HMAC_SHA512
If defined as 0, the rest of this section can be omitted.
void libssh2_hmac_sha512_init(libssh2_hmac_ctx *ctx,
const void *key,
int keylen);
const void *key,
int keylen);
Setup the HMAC computation context ctx for an HMAC-512 computation using the
keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
@ -260,23 +260,23 @@ Initializes the MD5 computation context at x.
Returns 1 for success and 0 for failure
void libssh2_md5_update(libssh2_md5_ctx ctx,
const unsigned char *data,
size_t len);
const unsigned char *data,
size_t len);
Continues computation of MD5 on len bytes at data using context ctx.
Returns 1 for success and 0 for failure.
Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
void libssh2_md5_final(libssh2_md5_ctx ctx,
unsigned char output[MD5_DIGEST_LENGTH]);
unsigned char output[MD5_DIGEST_LENGTH]);
Gets the computed MD5 signature from context ctx into the output buffer.
Release the context.
Note: if the ctx parameter is modified by the underlying code,
this procedure must be implemented as a macro to map ctx --> &ctx.
void libssh2_hmac_md5_init(libssh2_hmac_ctx *ctx,
const void *key,
int keylen);
const void *key,
int keylen);
Setup the HMAC computation context ctx for an HMAC-MD5 computation using the
keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
@ -286,8 +286,8 @@ LIBSSH2_HMAC_RIPEMD
If defined as 0, the rest of this section can be omitted.
void libssh2_hmac_ripemd160_init(libssh2_hmac_ctx *ctx,
const void *key,
int keylen);
const void *key,
int keylen);
Setup the HMAC computation context ctx for an HMAC-RIPEMD-160 computation using
the keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
Returns 1 for success and 0 for failure.
@ -476,7 +476,7 @@ Sets the value of bn to val.
Returns 1 on success, 0 otherwise.
_libssh2_bn * _libssh2_bn_from_bin(_libssh2_bn *bn, int len,
const unsigned char *val);
const unsigned char *val);
Converts the positive integer in big-endian form of length len at val
into a _libssh2_bn and place it in bn. If bn is NULL, a new _libssh2_bn is
created.
@ -569,14 +569,14 @@ int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
unsigned long e2len,
const unsigned char *coeffdata, unsigned long coefflen);
Creates a new context for RSA computations from key source values:
pdata, plen Prime number p. Only used if private key known (ddata).
qdata, qlen Prime number q. Only used if private key known (ddata).
ndata, nlen Modulus n.
edata, elen Exponent e.
ddata, dlen e^-1 % phi(n) = private key. May be NULL if unknown.
e1data, e1len dp = d % (p-1). Only used if private key known (dtata).
e2data, e2len dq = d % (q-1). Only used if private key known (dtata).
coeffdata, coefflen q^-1 % p. Only used if private key known.
pdata, plen Prime number p. Only used if private key known (ddata).
qdata, qlen Prime number q. Only used if private key known (ddata).
ndata, nlen Modulus n.
edata, elen Exponent e.
ddata, dlen e^-1 % phi(n) = private key. May be NULL if unknown.
e1data, e1len dp = d % (p-1). Only used if private key known (dtata).
e2data, e2len dq = d % (q-1). Only used if private key known (dtata).
coeffdata, coefflen q^-1 % p. Only used if private key known.
Returns 0 if OK.
This procedure is already prototyped in crypto.h.
Note: the current generic code only calls this function with e and n (public
@ -595,7 +595,7 @@ This procedure is already prototyped in crypto.h.
int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
const char *data,
size_t data_len,
size_t data_len,
unsigned const char *passphrase);
Gets an RSA private key from data into a new RSA context.
Must call _libssh2_init_if_needed().
@ -612,9 +612,9 @@ Return 0 if OK, else -1.
This procedure is already prototyped in crypto.h.
int _libssh2_rsa_sha1_signv(LIBSSH2_SESSION *session,
unsigned char **sig, size_t *siglen,
int count, const struct iovec vector[],
libssh2_rsa_ctx *ctx);
unsigned char **sig, size_t *siglen,
int count, const struct iovec vector[],
libssh2_rsa_ctx *ctx);
RSA signs the SHA-1 hash computed over the count data chunks in vector.
Signature is stored at (sig, siglen).
Signature buffer must be allocated from the given session.
@ -658,11 +658,11 @@ int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
unsigned long ylen,
const unsigned char *x, unsigned long x_len);
Creates a new context for DSA computations from source key values:
pdata, plen Prime number p. Only used if private key known (ddata).
qdata, qlen Prime number q. Only used if private key known (ddata).
gdata, glen G number.
ydata, ylen Public key.
xdata, xlen Private key. Only taken if xlen non-zero.
pdata, plen Prime number p. Only used if private key known (ddata).
qdata, qlen Prime number q. Only used if private key known (ddata).
gdata, glen G number.
ydata, ylen Public key.
xdata, xlen Private key. Only taken if xlen non-zero.
Returns 0 if OK.
This procedure is already prototyped in crypto.h.
@ -678,7 +678,7 @@ This procedure is already prototyped in crypto.h.
int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx **dsa,
LIBSSH2_SESSION *session,
const char *data,
size_t data_len,
size_t data_len,
unsigned const char *passphrase);
Gets a DSA private key from the data_len-bytes data into a new DSA context.
Must call _libssh2_init_if_needed().
@ -721,9 +721,9 @@ Type of an elliptic curve key.
libssh2_curve_type
An enum type defining curve types. Current supported identifiers are:
LIBSSH2_EC_CURVE_NISTP256
LIBSSH2_EC_CURVE_NISTP384
LIBSSH2_EC_CURVE_NISTP521
LIBSSH2_EC_CURVE_NISTP256
LIBSSH2_EC_CURVE_NISTP384
LIBSSH2_EC_CURVE_NISTP521
int _libssh2_ecdsa_create_key(_libssh2_ec_key **out_private_key,
unsigned char **out_public_key_octal,
@ -746,10 +746,10 @@ Return 0 if OK, else -1.
This procedure is already prototyped in crypto.h.
int _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx,
LIBSSH2_SESSION * session,
const char *filedata,
size_t filedata_len,
unsigned const char *passphrase);
LIBSSH2_SESSION * session,
const char *filedata,
size_t filedata_len,
unsigned const char *passphrase);
Builds an ECDSA private key from PEM data at filedata of length filedata_len
into a new ECDSA context stored at ec_ctx.
Must call _libssh2_init_if_needed().
@ -844,7 +844,7 @@ This procedure is already prototyped in crypto.h.
int _libssh2_ed25519_new_public(libssh2_ed25519_ctx **ed_ctx,
LIBSSH2_SESSION *session,
const unsigned char *raw_pub_key,
const uint8_t key_len);
const uint8_t key_len);
Stores at ed_ctx a new ED25519 key context for raw public key (raw_pub_key,
key_len).
Return 0 if OK, else -1.
@ -879,7 +879,7 @@ This procedure is already prototyped in crypto.h.
int _libssh2_curve25519_gen_k(_libssh2_bn **k,
uint8_t private_key[LIBSSH2_ED25519_KEY_LEN],
uint8_t srvr_public_key[LIBSSH2_ED25519_KEY_LEN]);
Computes a shared ED25519 secret key from the given raw server public key and
Computes a shared ED25519 secret key from the given raw server public key and
raw client public key and stores it as a big number in *k. Big number should
have been initialized before calling this function.
Returns 0 if OK, else -1.

View File

@ -1,7 +1,7 @@
# $Id: Makefile.am,v 1.37 2009/03/26 15:41:15 bagder Exp $
EXTRA_DIST = template.3 BINDINGS INSTALL_AUTOTOOLS INSTALL_CMAKE.md HACKING TODO \
AUTHORS CMakeLists.txt HACKING.CRYPTO SECURITY.md
AUTHORS CMakeLists.txt HACKING-CRYPTO SECURITY.md
dist_man_MANS = \
libssh2_agent_connect.3 \

View File

@ -29,7 +29,7 @@ $ man2help -a [-.docs]AUTHORS.; libssh2.hlp -b 2
$ man2help -a [-.docs]BINDINGS.; libssh2.hlp -b 2
$ man2help -a [-.docs]HACKING.; libssh2.hlp -b 2
$ if f$search("[]HACKING_CRYPTO.") .nes. "" then delete []HACKING_CRYPTO.;*
$ copy [-.docs]HACKING.CRYPTO; []HACKING_CRYPTO.
$ copy [-.docs]HACKING-CRYPTO; []HACKING_CRYPTO.
$ man2help -a []HACKING_CRYPTO.; libssh2.hlp -b 2
$ man2help -a [-.docs]TODO.; libssh2.hlp -b 2
$!
@ -56,18 +56,18 @@ $!
$ thisdir = f$environment( "procedure" )
$ thisdir = f$parse(thisdir,,,"device") + f$parse(thisdir,,,"directory")
$ set default 'thisdir'
$!
$!
$ say = "write sys$output"
$!
$ pipe search [-.include]*.h libssh2_version_major/nohead | (read sys$input l ; l = f$element(2," ",f$edit(l,"trim,compress")) ; -
$ pipe search [-.include]*.h libssh2_version_major/nohead | (read sys$input l ; l = f$element(2," ",f$edit(l,"trim,compress")) ; -
define/job majorv &l )
$ pipe search [-.include]*.h libssh2_version_minor/nohead | (read sys$input l ; l = f$element(2," ",f$edit(l,"trim,compress")) ; -
$ pipe search [-.include]*.h libssh2_version_minor/nohead | (read sys$input l ; l = f$element(2," ",f$edit(l,"trim,compress")) ; -
define/job minorv &l )
$ pipe search [-.include]*.h libssh2_version_patch/nohead | (read sys$input l ; l = f$element(2," ",f$edit(l,"trim,compress")) ; -
$ pipe search [-.include]*.h libssh2_version_patch/nohead | (read sys$input l ; l = f$element(2," ",f$edit(l,"trim,compress")) ; -
define/job patchv &l )
$!
$ majorv = f$trnlnm("majorv")
$ minorv = f$integer(f$trnlnm("minorv"))
$ minorv = f$integer(f$trnlnm("minorv"))
$ patchv = f$integer( f$trnlnm("patchv"))
$!
$ helpversion = "This help library is based on build version ''majorv'.''minorv'.''patchv' of libssh2."
@ -81,15 +81,15 @@ $ then
$ cc man2help
$ link man2help
$ endif
$!
$ man2help := $'thisdir'man2help.exe
$!
$ if f$search("libssh2.hlp") .nes. ""
$ then
$ man2help := $'thisdir'man2help.exe
$!
$ if f$search("libssh2.hlp") .nes. ""
$ then
$ delete libssh2.hlp;*
$ endif
$ if f$search("libssh2.hlb") .nes. ""
$ then
$ if f$search("libssh2.hlb") .nes. ""
$ then
$ delete libssh2.hlb;*
$ endif
$return