aboutsummaryrefslogtreecommitdiff
path: root/include/libssh
AgeCommit message (Collapse)AuthorFilesLines
2018-06-29Rest in Peace SSHv1Andreas Schneider14-158/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-29kex: Enable chacha20-poly1304 KEX with mbedtlsAndreas Schneider1-2/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28libgcrypt: make it compatible with chacha20Aris Adamantiadis1-0/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28chacha: packet decryptionAris Adamantiadis2-2/+7
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28chacha: packet encryptionAris Adamantiadis3-1/+9
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28cmake: detect "bounded" compiler attributeAris Adamantiadis2-4/+16
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28external: Add ChaCha and Poly1305 implementations from OpenSSHAris Adamantiadis2-0/+50
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28Remove vim modelines from all filesAndreas Schneider6-6/+0
If you want modelines use my vim plugin: https://github.com/cryptomilk/git-modeline.vim git config --add vim.modeline "ts=4 sw=4 et" Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27include: Fix reference to ssh_session_update_known_hostsAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-21include: Declare ge25519_base as externAndreas Schneider1-1/+1
Thanks to Tilo Eckart. The global variable "ge25519_base" is referenced in the module "src/external/ed25519.c" and initialized in "src/external/ge25519.c". The lack of the extern keyword in the header results in different instances being compiled into both translation units with some compilers. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04buffer: Add ssh_buffer_allocate() functionAris Adamantiadis1-0/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04libsshpp: Use new known hosts functionsAndreas Schneider1-3/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04kwonhosts: Add functions to check if servers public key is knownAndreas Schneider1-1/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04knownhosts: Add ssh_session_update_known_hosts()Andreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04knownhosts: Add ssh_session_export_known_hosts_entry()Andreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04knownhosts: Add ssh_session_has_known_hosts_entry()Andreas Schneider1-0/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04misc: Add ssh_list_count()Andreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04knownhosts: Introduce new known hosts managing functionsAndreas Schneider1-0/+23
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-10channels: add ssh_channel_request_send_break to support RFC 4335Axel Eppe1-0/+1
Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21Add a NODELAY optionAlberto Aguirre2-1/+3
Add a new option SSH_OPTIONS_NODELAY to enable or disable the Nagle Algorithm (TCP_NODELAY) on the session socket. Improved performance can be achieved for some applications like sftp servers by enabling SSH_OPTIONS_NODELAY as typically, the next request won't arrive until the server replies, which are typically small writes. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21crypto: Change the type of server_pubkey to ssh_keyAndreas Schneider2-3/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-02priv: Implement explicit_bzero as a function if not availableAndreas Schneider1-15/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Alberto Aguirre <albaguirre@gmail.com>
2018-02-22priv: Fix explicit_bzero macro if we pass a functionAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-22sftp: Remove stray semi-colon in sftp.h headerAlberto Aguirre1-1/+1
The stray semi-colon in sftp.h is flagged when using -pedantic which affects clients that include the header and use -pedantic and -Werror on their codebase. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider1-21/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-29libssh: Bump the version to 0.7.90Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28add mbedtls crypto supportJuraj Vijtiuk7-0/+136
Summary: This patch adds support for mbedTLS as a crypto backend for libssh. mbedTLS is an SSL/TLS library that has been designed to mainly be used in embedded systems. It is loosely coupled and has a low memory footprint. mbedTLS also provides a cryptography library (libmbedcrypto) that can be used without the TLS modules. The patch is unfortunately quite big, since several new files had to be added. DSA is disabled at compile time, since mbedTLS doesn't support DSA Patch review and feedback would be appreciated, and if any issues or suggestions appear, I'm willing to work on them. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: * The patch has been tested with a Debug and MinSizeRel build, with libssh unit tests, client tests and the pkd tests. * All the tests have been run with valgrind's memcheck, drd and helgrind tools. * The examples/samplessh client works when built with the patch. Reviewers: asn, aris Subscribers: simonsj Differential Revision: https://bugs.libssh.org/D1
2017-12-15Add new optionsAris Adamantiadis2-0/+14
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29server: expose 'ssh_server_init_kex' APIJon Simons1-0/+18
Expose an API 'ssh_server_init_kex' which allows one to change the set of key exchange, hostkey, ciphers, MACs, and compression algorithms currently configured for the ssh_session at hand, after having started the 'ssh_handle_key_exchange' process. One can use this API from the already-existing 'connect_status_function' callback to dynamically modify the set of algorithms used after having received the client banner, but before sending out the initial KEXINIT message. For example, one might want to prevent advertising the curve25519 key exchange algorithm for older OpenSSH clients due to interop bugs. Fixes T25 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-28Fix config.h includesAndreas Schneider1-1/+2
We need stdlib.h and string.h in priv.h for free() and memset(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11sftp-server: Fix LIBSSH_APIDavidWed1-10/+10
Fixes T44 Signed-off-by: DavidWedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-25packet: Fix fallthrough compiler warningsAndreas Schneider1-0/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24ecdh: enable ecdh_sha2_nistp{384,521} kex methodsJon Simons1-0/+4
Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Reviewed By: asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
2017-08-24ecdh: enable ecdh_sha2_nistp{384,521} kex methodsJon Simons1-0/+4
Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
2017-08-24options: Use ssh_key_type_e in ssh_options_set_algo()Andreas Schneider1-1/+3
Review with 'git show -b' Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24kex: Use ssh_kex_types_e in ssh_verify_existing_algo()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24ssh_options_set_algo: ensure we only set known algorithms internallyNikos Mavrogiannopoulos1-0/+1
That way, we will not fail later on key exchange phase when something unknown is negotiated. Fixes T37 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-24priv: Add macro for MAXAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-04-13buffer: Create ssh_buffer_validate_length()Andreas Schneider1-0/+2
This functions allows if a given length can be obtained from the buffer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-04-13Revert "buffer: Create ssh_buffer_validate_length()"Andreas Schneider1-2/+0
This reverts commit 34bdc1ca7871e8e9258077411edd516c8de55299.
2017-04-13buffer: Create ssh_buffer_validate_length()Andreas Schneider1-0/+2
This functions allows if a given length can be obtained from the buffer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-04-11server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to serverAlfredo Mazzinghi1-1/+2
This sets the bind private key directly from an ssh_key struct instead of reading a file. Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07libcrypto: Use a pointer for EVP_CIPHER_CTXJakub Jelen1-1/+1
This has been made opaque and it needs to be a pointer. This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07misc: Use simpler macros for htonll and ntohllAndreas Schneider2-9/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-06cmake: Correctly check for sys/[u]time.hAndreas Schneider1-4/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-06doc: Improve documentation for ssh_set_auth_methods()Andreas Schneider1-0/+17
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-05callbacks: Add support for MSVCAndreas Schneider1-5/+3
__typeof__ is GCC specific Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-05known_hosts: Add ssh_dump_knownhost() functionStef Walter1-0/+1
This works similarly to ssh_write_knownhost(), but allows the caller to get a line with the known_hosts line. BUG: https://red.libssh.org/issues/207 Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03bignum: Use const in ssh_print_bignum()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03ecdh: Implement ECDH using libgcryptJustus Winter2-1/+13
* include/libssh/crypto.h (struct ssh_crypto_struct): Provide a suitable 'ecdh_privkey'. * include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using libgcrypt. (ecdh_build_k): New prototype. * src/CMakeLists.txt (libssh_SRCS): Add backend-specific files. * src/ecdh.c: Move backend-specific parts to... * src/ecdh_crypto.c: ... this file. * src/ecdh_gcrypt.c: New file. * src/wrapper.c (crypto_free): Free 'ecdh_privkey'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>