aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)AuthorFilesLines
2020-03-23doc: Add SSH auth callback to libssh_auth doc groupAndreas Schneider1-1/+9
Fixes T217 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12include: Remove PRIdS definitionsAndreas Schneider1-6/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-11pki: add support for sk-ecdsa and sk-ed25519Sebastian Kinne2-0/+10
This adds server-side support for the newly introduced OpenSSH keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com (including their corresponding certificates), which are backed by U2F/FIDO2 tokens. Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc Signed-off-by: Sebastian Kinne <skinne@google.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-01-23chacha: Create common file to avoid code duplicationJakub Jelen3-4/+55
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23misc: Make the src pointer const in ssh_strreplace()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-23legacy,keys: Fix the macro conditionsJakub Jelen1-6/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20src: Implements PKCS11 URI supportSahana Prasad2-1/+14
Imports private and public keys from the engine via PKCS11 URIs. Uses the imported keys to authenticate to the ssh server. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20src: Helper funtions to detect PKCS #11 URIsSahana Prasad1-0/+5
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20misc: Add ssh_strreplace()Andreas Schneider1-0/+1
Pair-Programmed-With: Sahana Prasad <sahana@redhat.com> Signed-Off-by: Sahana Prasad <sahana@redhat.com> Signed-Off-By: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-20misc: Add ssh_tmpname()Andreas Schneider1-0/+1
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-11include: Rename __unused__ to __attr_unused__Andreas Schneider1-6/+6
This avoids a collision with valgrind.h Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09misc: Add a function to encode newlinesAnderson Toshiyuki Sasaki1-0/+1
Given a string, the added function encodes existing newline characters ('\n') as the string "\\n" and puts into a given output buffer. The output buffer must have at least 2 times the length of the input string plus 1 for the terminating '\0'. In the worst case, each character can be replaced by 2 characters. Fixes T189 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09socket: Pass port as uint16_t to ssh_socket_connect()Andreas Schneider1-1/+4
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09bignum: Fix integer types for ssh_make_bignum_string()Andreas Schneider1-3/+3
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09base64: Fix size types of bin_to_base64()Andreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09include: Mark SSH_AUTH flags as unsignedAndreas Schneider1-7/+7
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09agent: Return uint32_t for ssh_agent_get_ident_count()Andreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09sftp: Fix integer types in sftp_write() and sftp_packet_write()Andreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09sftp: Remove internal function from sftp.hAndreas Schneider2-7/+32
Those are not marked as LIBSSH_API so not part of the public API and the symbols aren't exported! Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09fe25519: Fix integer types of fe25519_iszero()Andreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09include: Fix integer type of dh_pn and dh_pmaxAndreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09channels: Fix integer and bool argument of channel_default_bufferize()Andreas Schneider1-2/+3
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09CVE-2019-14889: misc: Add function to quote file namesAnderson Toshiyuki Sasaki1-0/+8
The added function quote file names strings to be used in a shell. Special cases are treated for the charactes '\'' and '!'. Fixes T181 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-18Use only one variable denoting the size of methods arraysJakub Jelen2-2/+3
Previously, there was non-consistent usage of constans SSH_KEX_METHODS, KEX_METHODS_SIZE and of magic number 10 to reference the arrays used for algorithm negotiation by peers. This commit settles down to the single constant and its usage throughout the whole codebase. Fixes T195 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-18session: Use ssh_packet_state_e instead of intAnderson Toshiyuki Sasaki1-1/+1
Use the enum type instead of int in the ssh_session_struct Fixes T194 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-18messages: Use ssh_publickey_state_e instead of charAnderson Toshiyuki Sasaki1-1/+1
Use the enum type instead of char in the ssh_auth_request struct Fixes T194 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-07server: Use really the negotiated signature typeJakub Jelen4-10/+15
Generally, when the extension negotiation is enabled and client supports SHA2 algorithms for RSA, they are supposed to be prioritized against the old SHA1. If it is not (ssh-rsa is listed in front of rsa-sha2-* hostkey algorithms during negotiation), the server wrongly tries to provide the new typo of signature, ignoring the negotiated algirithm This commit propagates the digest algorithm from negotiation to the actual signature functions, which were previously responsible for decision about the hash algorithm based just on the negotiated extensions. Fixes T191 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-01callbacks: Improve documentation about callbacks handlingJakub Jelen1-1/+11
Fixes T103 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-24pki: Remove unused function pki_signature_verify()Anderson Toshiyuki Sasaki2-6/+1
This removes unused function pki_signature_verify() from pki_{crypto, mbedcrypto, gcrypt}. The function was also removed from include/libssh/pki_priv.h. The function ssh_pki_signature_verify() was changed to receive a const unsigned char *input. All tests calling pki_signature_verify() were changed to call ssh_pki_signature_verify() instead. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_crypto: Use OpenSSL for Ed25519 signaturesAnderson Toshiyuki Sasaki1-0/+15
Use OpenSSL to generate and verify Ed25519 signatures, if supported. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki: Move common Ed25519 functions to pki_ed25519_common.cAnderson Toshiyuki Sasaki1-2/+2
This is a preparation to use the Ed25519 implementation from OpenSSL. The function pki_ed25519_sig_to_blob() was renamed to pki_ed25519_signature_to_blob() and pki_ed25519_sig_from_blob() was renamed to pki_signature_from_ed25519_blob() to follow the naming for other algorithms. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-16sftp: Improve the documentation of sftp_init() and sftp_new()Jakub Jelen1-2/+10
Fixes: T137 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-08-08dh: Add ssh_dh_debug_crypto()Andreas Schneider1-0/+2
We should call it where we have access to the crypto structure. Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-08-07bignum: Pass const to ssh_print_bignum()Andreas Schneider3-3/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-08-06misc: Introduce internal function ssh_mkdirs()Anderson Toshiyuki Sasaki1-0/+3
If the given path includes missing directories, ssh_mkdirs() tries to create them recursively. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-06misc: Introduce internal function ssh_dir_writeable()Anderson Toshiyuki Sasaki1-0/+1
The introduced internal function checks if the provided path is for an existing directory which is accessible for writing. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30misc: Introduce ssh_log_hexdump()Anderson Toshiyuki Sasaki1-0/+1
The introduced internal function is intended to be a replacement for the deprecated function ssh_print_hexa(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-08include: Add define for SSH_CONNECTOR_STDINOUTAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04libcrypto: fix compilation with LibreSSLStefan Strogin1-0/+4
LibreSSL does not support FIPS mode, check for FIPS_mode() in ConfigureChecks.cmake. Signed-off-by: Stefan Strogin <steils@gentoo.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04cmake: Use GNUInstallDirs for installationAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04knownhosts: Introduced ssh_known_hosts_get_algorithms_names()Anderson Toshiyuki Sasaki1-0/+1
The added internal function obtain a newly allocated string containing a list of the signature types that can be generated by the keys present in the known_hosts files, separated by commas. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04token: Added function to remove duplicatesAnderson Toshiyuki Sasaki1-1/+5
Added a function to remove duplicates from lists. This function is used in a new provided function to append lists removing duplicates. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-27connect: Removed unused codeAnderson Toshiyuki Sasaki1-2/+0
The internal function ssh_connect_host() is not used. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-14include: Make sure ssh_session_get_known_hosts_entry is added to the APIAndreas Schneider1-3/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-14callbacks: Add ssh_threads_get_default() to the callbacks.hDavid Wedderwille1-2/+13
Fixes: T154 Signed-off-by: David Wedderwille <davidwe@posteo.de> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-14ed25519: Replace unsigned long long with uint64_tAnderson Toshiyuki Sasaki1-4/+4
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-14priv.h: Add macro definitions for PRIx32 and PRIx64Anderson Toshiyuki Sasaki1-0/+12
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13channels: Make ssh_message_channel_request_open_reply_accept_channel publicDavid Wedderwille2-1/+1
This also adds documentation for it. Fixes T144 Signed-off-by: David Wedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-12bignum: Define bignum_dup(bignum orig, bignum *dest)Anderson Toshiyuki Sasaki3-0/+23
The macro is defined for each crypto back end. If (*dest) is NULL, a new bignum is allocated. Otherwise the value of orig is copied to (*dest). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-12kex, pki, server, options: Filter algorithms in FIPS modeAnderson Toshiyuki Sasaki1-0/+2
When in FIPS mode, filter the algorithms to enable only the allowed ones. If any algorithm is explicitly set through options or configuration file, they are kept. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>