aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)AuthorFilesLines
2018-03-02priv: Implement explicit_bzero as a function if not availableAndreas Schneider1-15/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Alberto Aguirre <albaguirre@gmail.com>
2018-02-22priv: Fix explicit_bzero macro if we pass a functionAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-22sftp: Remove stray semi-colon in sftp.h headerAlberto Aguirre1-1/+1
The stray semi-colon in sftp.h is flagged when using -pedantic which affects clients that include the header and use -pedantic and -Werror on their codebase. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider1-21/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-29libssh: Bump the version to 0.7.90Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28add mbedtls crypto supportJuraj Vijtiuk7-0/+136
Summary: This patch adds support for mbedTLS as a crypto backend for libssh. mbedTLS is an SSL/TLS library that has been designed to mainly be used in embedded systems. It is loosely coupled and has a low memory footprint. mbedTLS also provides a cryptography library (libmbedcrypto) that can be used without the TLS modules. The patch is unfortunately quite big, since several new files had to be added. DSA is disabled at compile time, since mbedTLS doesn't support DSA Patch review and feedback would be appreciated, and if any issues or suggestions appear, I'm willing to work on them. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: * The patch has been tested with a Debug and MinSizeRel build, with libssh unit tests, client tests and the pkd tests. * All the tests have been run with valgrind's memcheck, drd and helgrind tools. * The examples/samplessh client works when built with the patch. Reviewers: asn, aris Subscribers: simonsj Differential Revision: https://bugs.libssh.org/D1
2017-12-15Add new optionsAris Adamantiadis2-0/+14
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29server: expose 'ssh_server_init_kex' APIJon Simons1-0/+18
Expose an API 'ssh_server_init_kex' which allows one to change the set of key exchange, hostkey, ciphers, MACs, and compression algorithms currently configured for the ssh_session at hand, after having started the 'ssh_handle_key_exchange' process. One can use this API from the already-existing 'connect_status_function' callback to dynamically modify the set of algorithms used after having received the client banner, but before sending out the initial KEXINIT message. For example, one might want to prevent advertising the curve25519 key exchange algorithm for older OpenSSH clients due to interop bugs. Fixes T25 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-28Fix config.h includesAndreas Schneider1-1/+2
We need stdlib.h and string.h in priv.h for free() and memset(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11sftp-server: Fix LIBSSH_APIDavidWed1-10/+10
Fixes T44 Signed-off-by: DavidWedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-25packet: Fix fallthrough compiler warningsAndreas Schneider1-0/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24ecdh: enable ecdh_sha2_nistp{384,521} kex methodsJon Simons1-0/+4
Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Reviewed By: asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
2017-08-24ecdh: enable ecdh_sha2_nistp{384,521} kex methodsJon Simons1-0/+4
Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
2017-08-24options: Use ssh_key_type_e in ssh_options_set_algo()Andreas Schneider1-1/+3
Review with 'git show -b' Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24kex: Use ssh_kex_types_e in ssh_verify_existing_algo()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24ssh_options_set_algo: ensure we only set known algorithms internallyNikos Mavrogiannopoulos1-0/+1
That way, we will not fail later on key exchange phase when something unknown is negotiated. Fixes T37 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-24priv: Add macro for MAXAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-04-13buffer: Create ssh_buffer_validate_length()Andreas Schneider1-0/+2
This functions allows if a given length can be obtained from the buffer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-04-13Revert "buffer: Create ssh_buffer_validate_length()"Andreas Schneider1-2/+0
This reverts commit 34bdc1ca7871e8e9258077411edd516c8de55299.
2017-04-13buffer: Create ssh_buffer_validate_length()Andreas Schneider1-0/+2
This functions allows if a given length can be obtained from the buffer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-04-11server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to serverAlfredo Mazzinghi1-1/+2
This sets the bind private key directly from an ssh_key struct instead of reading a file. Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07libcrypto: Use a pointer for EVP_CIPHER_CTXJakub Jelen1-1/+1
This has been made opaque and it needs to be a pointer. This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07misc: Use simpler macros for htonll and ntohllAndreas Schneider2-9/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-06cmake: Correctly check for sys/[u]time.hAndreas Schneider1-4/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-06doc: Improve documentation for ssh_set_auth_methods()Andreas Schneider1-0/+17
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-05callbacks: Add support for MSVCAndreas Schneider1-5/+3
__typeof__ is GCC specific Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-05known_hosts: Add ssh_dump_knownhost() functionStef Walter1-0/+1
This works similarly to ssh_write_knownhost(), but allows the caller to get a line with the known_hosts line. BUG: https://red.libssh.org/issues/207 Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03bignum: Use const in ssh_print_bignum()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03ecdh: Implement ECDH using libgcryptJustus Winter2-1/+13
* include/libssh/crypto.h (struct ssh_crypto_struct): Provide a suitable 'ecdh_privkey'. * include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using libgcrypt. (ecdh_build_k): New prototype. * src/CMakeLists.txt (libssh_SRCS): Add backend-specific files. * src/ecdh.c: Move backend-specific parts to... * src/ecdh_crypto.c: ... this file. * src/ecdh_gcrypt.c: New file. * src/wrapper.c (crypto_free): Free 'ecdh_privkey'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03pki_gcrypt: Handle ECDSA keys and signaturesJustus Winter1-2/+2
* ConfigureChecks.cmake: Set 'HAVE_ECC' and 'HAVE_GCRYPT_ECC' if applicable. * include/libssh/pki.h (struct ssh_key_struct): Fix type of field 'ecdsa'. (struct ssh_signature_struct): Likewise for 'ecdsa_sig'. * src/pki.c (ssh_pki_key_ecdsa_name): Relax guard now that the used function is also provided by the gcrypt backend. (ssh_signature_free): Free ecdsa signature. * src/pki_gcrypt.c (ECDSA_HEADER_{BEGIN,END}): New macros. (privatekey_string_to_buffer): Handle ECDSA keys. (pki_key_ecdsa_to_nid): New function. (pki_key_ecdsa_nid_to_gcrypt_name): Likewise. (pki_key_ecdsa_nid_to_name): Likewise. (pki_key_ecdsa_nid_to_char): Likewise. (pki_key_ecdsa_nid_from_name): Implement. (asn1_oi_to_nid): New function. (b64decode_ecdsa_privatekey): Likewise. (pki_private_key_from_base64): Handle ECDSA keys. (pki_pubkey_build_ecdsa): Implement. (pki_key_dup): Handle ECDSA keys. (pki_key_generate): Likewise. (pki_key_generate_ecdsa): Implement. (pki_key_compare): Handle ECDSA keys. (pki_publickey_to_blob): Likewise. (pki_signature_from_blob): Likewise. (pki_signature_verify): Likewise. (pki_do_sign): Likewise. (pki_do_sign_sessionid): Likewise. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03libgcrypt: Implement the 'evp' interfaceJustus Winter1-1/+6
* include/libssh/libgcrypt.h (EVPCTX): Fix type. (NID_gcrypt_nistp{256,384,521}): New constants. * src/libgcrypt.c (nid_to_md_algo): New function mapping curves to digest algorithms. (evp{,_init,_update,_final}): New functions. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-06sftp: Add sftp_fsync() functionAndreas Schneider1-0/+16
BUG: https://red.libssh.org/issues/141 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-03priv: Fix client banner specification for libsshAndreas Schneider1-2/+2
BUG: https://red.libssh.org/issues/231 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02connector: Implement ssh_connector_except()Aris Adamantiadis2-0/+28
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02channels: Move ssh_channel_write_stderr out of server-onlyAris Adamantiadis2-3/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02callbacks: Implement list of callbacks for channelsAris Adamantiadis2-1/+38
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02callback: Add macro to iterate callbacksAris Adamantiadis1-0/+37
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02callbacks: Add macro for callbacks execute listAris Adamantiadis1-0/+28
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02packets: Handle flow control callbacksAris Adamantiadis1-0/+20
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02events: Add functions for poll objectsAris Adamantiadis1-0/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02auth: Cleanup memory leak when using SSH agentStef Walter1-0/+2
In Cockpit we've seen this memory leak: at 0x4C2A9C7: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x5B76B03: ssh_userauth_agent (auth.c:778) by 0x40DD5A: cockpit_ssh_authenticate (cockpitsshtransport.c:327) BUG: https://red.libssh.org/issues/208 Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02libgcrypt: Add helper to extract MPIs into ssh_stringsJustus Winter1-0/+10
* include/libssh/libgcrypt.h (ssh_sexp_extract_mpi): New prototype. * src/libgcrypt.c (ssh_sexp_extract_mpi): New function. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02dh: Rename ssh_get_publickey() to ssh_get_server_publickey()Andreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-03-14server: handle keepalive@openssh.com global requestsAris Adamantiadis1-0/+1
2016-01-19buffer: expose ssh_buffer_get()Fabiano Fidêncio2-3/+1
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: expose ssh_buffer_{add,get}_data()Fabiano Fidêncio2-2/+2
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: expose ssh_buffer_reinit()Fabiano Fidêncio2-1/+1
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19libssh.h: move LIBSSH_API buffer' functions to libssh.hFabiano Fidêncio2-4/+4
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: remove ssh_buffer_get_begin()Fabiano Fidêncio1-1/+0
Note that removing ssh_buffer_get_begin() doesn't break API compatibility, as this functions has never been exposed (it only has the LIBSSH_API prefix). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: remove ssh_buffer_get_rest_len()Fabiano Fidêncio1-3/+2
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>