aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)AuthorFilesLines
2015-04-02cmake: Detect __func__ and __FUNCTION__ during configure stepAndreas Schneider2-3/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-02include: We should use __func__ which is C99Andreas Schneider1-8/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-08buffer: buffer_pack & unpack on non-gnu compilersAris Adamantiadis1-0/+5
2015-02-02buffer: buffer: Improve argument checking of in ssh_buffer_pack()Andreas Schneider1-3/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-02-02buffer: Improve argument checking in ssh_buffer_pack()Andreas Schneider2-3/+36
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
2015-02-02ed25519: ADd OpenSSH encrypted container importAris Adamantiadis1-0/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02external: Add OpenSSH bcrypt and blowfish implementationAris Adamantiadis2-0/+92
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02server: Add support for ed25519 keys in the server.Aris Adamantiadis2-1/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: Add support to export OpenSSH container keysAris Adamantiadis1-0/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: Add support o import OpenSSH container keysAris Adamantiadis1-0/+8
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02pki.h: Replace tabs with spacesAris Adamantiadis1-2/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-01-20cmake: Add libsshpp.hpp to the distributed headers list.Léo Peltier1-0/+1
BUG: https://red.libssh.org/issues/163 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05session: add getter for kexalgoJon Simons1-0/+1
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaksJon Simons1-0/+1
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-09-07ed25519: Generate, sign and verify keys.Aris2-0/+19
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-09-07crypto: Add ed25519 implementation from OpenSSH.Aris Adamantiadis6-1/+267
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-09-07buffer: Add a secure buffer mechanism to avoid memory spillsAris Adamantiadis1-0/+2
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-08-06bignums: detach bignum-related functions from dh.c.Aris Adamantiadis2-4/+32
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-06crypto: fix secure burning, structure members namingAris Adamantiadis1-2/+2
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-06buffer: add a hidden canary to detect format errorsAris Adamantiadis1-2/+7
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-06buffers: adapt sftp.c to ssh_buffer_(un)pack()Aris Adamantiadis1-4/+4
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-08-06Buffer: add ssh_buffer_(un)pack()Aris Adamantiadis1-0/+6
That function permits chaining of buffer values to minimize buffer handling in packet sending code. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-05-07pki: Add missing semi-colon.Andreas Schneider1-1/+1
2014-04-23pki: Make pki_key_ecdsa_nid_to_name() a shared function.Andreas Schneider1-0/+1
2014-04-22Add options support for setting and getting HMAC algorithmsDirkjan Bussink2-0/+5
BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22Add negotiation for SHA2 HMAC algorithmsDirkjan Bussink1-0/+7
BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22Add logic to support SHA2 HMAC algorithmsDirkjan Bussink3-2/+9
BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22Add SHA2 algorithms for HMACDirkjan Bussink3-1/+38
BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22kex: server fix for first_kex_packet_followsJon Simons1-0/+9
Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Patch adjusted from original to ensure that client tests remain passing (ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit' only for the 'server_kex' case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-15Revert "kex: server fix for first_kex_packet_follows"Andreas Schneider1-9/+0
The patch breaks the client with ECDSA. This reverts commit 5865b9436fda96ac9fc7c18e4dffe5fb12dcc515.
2014-04-10kex: server fix for first_kex_packet_followsJon Simons1-0/+9
Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-09Revert "direct-tcpip and forwarded-tcpip callbacks"Andreas Schneider1-32/+2
This reverts commit efe785e711e1fe8c66dc120b741d1e560ef556db. We need a Signed-off version. I didn't have the Certificate of Origin yet.
2014-04-09direct-tcpip and forwarded-tcpip callbacksLoïc Michaux1-2/+32
2014-04-09pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons1-0/+2
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-09libsshpp: include required <string> header for std::stringPetar Koretic1-0/+1
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27doc: Improve and consolidate ssh_bind_options_set docsAlan Dunn1-63/+0
Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27libssh: libhpp: overload read function to support timeout parameterPetar Koretic1-1/+19
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27libssh: libhpp: avoid unnecessary call to ssh_channel_readPetar Koretic1-1/+1
ssh_channel_read is a wrapper for ssh_channel_read_timeout with timeout -1 (infinite) so we call that directly. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27libssh: libhpp: fix multiple definitions for acceptForward functionPetar Koretic1-4/+3
Defining a non inlined class function in a header will cause multiple definitions when header is included in more that one file since for each file function will get defined. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27options: Allow use of host ECDSA keyAlan Dunn1-1/+2
Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-04security: fix for vulnerability CVE-2014-0017Aris Adamantiadis1-0/+1
When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
2014-02-12Add session/channel byte/packet countersAudrius Butkevicius3-0/+16
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@elastichosts.com>
2014-02-06session: add getters for session cipher namesJon Simons1-0/+2
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-04knownhosts: detect variations of ecdsaAris Adamantiadis2-1/+27
2014-02-02doc: correct ssh_channel_read_timeout unitsJon Simons1-1/+1
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02doc: Document expected return value of channel data callbackAudrius Butkevicius1-0/+2
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02src: Define MAX_BUF_SIZE globally and use it.Joseph Southwell1-0/+13
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-02build: remove OSX deprecated warnings for opensslAris Adamantiadis1-10/+0
2014-02-01server: allow custom server banners (bug #83)Aris Adamantiadis1-0/+1
2014-02-01known_hosts: add ssh_knownhosts_algorithms()Aris Adamantiadis1-0/+1
Goal of that function is to test the preferred key exchange methods based on what's available in the known_hosts file
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 23:57:34 +0000