path: root/include/libssh/kex.h
AgeCommit message (Collapse)AuthorFilesLines
2019-06-12kex, pki, server, options: Filter algorithms in FIPS modeAnderson Toshiyuki Sasaki1-0/+2
When in FIPS mode, filter the algorithms to enable only the allowed ones. If any algorithm is explicitly set through options or configuration file, they are kept. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24dh: move unrelated functions out of dh.cAris Adamantiadis1-0/+5
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Implement rekeying based on the recommendation from RFC'sJakub Jelen1-0/+2
The default rekeying recommendations are specified in RFC4344 Section 3 (First and Second Rekeying Recommendations). Additionally, the rekeying can be specified in configuration file/options allowing us to turn the rekeying off, base it on time or make it more strict. The code is highly inspired by the OpenSSH rekeying code. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-19tests: Verify the hostkey ordering for negotiation is correctJakub Jelen1-0/+1
Previously, not all of the host keys algorithms were used for algorithm negotiation. This verifies the algorithms list is sane and ordered with the key types from known hosts in the first place. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31pki: Allow filtering accepted public key types based on the configurationJakub Jelen1-0/+1
This effectively allows to disable using the SHA2 extension, disable other old public key mechanisms out of the box (hello DSA) or force the new SHA2-based key algorithm types if needed. This exposes the default_methods array from kex.c. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-3/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2017-08-24kex: Use ssh_kex_types_e in ssh_verify_existing_algo()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24ssh_options_set_algo: ensure we only set known algorithms internallyNikos Mavrogiannopoulos1-0/+1
That way, we will not fail later on key exchange phase when something unknown is negotiated. Fixes T37 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org>
2016-01-19cleanup: use ssh_ prefix in the kex (non-static) functionsFabiano FidĂȘncio1-3/+3
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-14src: Migrate to SSH_LOG.Andreas Schneider1-1/+1
2013-01-23include: Fix the LGPL header.Andreas Schneider1-12/+11
This has been reported by rpmlint: libssh-devel.x86_64: W: incorrect-fsf-address libssh.h
2012-10-12kex: Use getter functions to access kex arrays.Andreas Schneider1-3/+2
This should fix the build on OpenIndiana.
2011-11-10kex: Fix some build warnings.Andreas Schneider1-0/+2
2011-09-18priv: Move kex functions to kex header.Andreas Schneider1-2/+12
2011-09-18kex: split key selection and sendingAris Adamantiadis1-0/+7
2010-01-24Made parts of SSH asynchronous (inc kex1)Aris Adamantiadis1-0/+3
2009-12-12packet SSH_KEXINIT received and parsedAris Adamantiadis1-0/+30
Resolved some bugs in the callback mechanism as well