aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)AuthorFilesLines
2021-01-12packet_crypt: Move secure_memcmp() to a shared sourceAnderson Toshiyuki Sasaki1-0/+2
Move the secure_memcmp() function to a shared source to make it available internally for other crypto implementations. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-12include: Introduce secure SSH_SIGNATURE_FREE()Jakub Jelen1-0/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-01-11Move HMAC implementation to EVP APIDirkjan Bussink1-1/+1
Now that the minimum OpenSSL version is 1.0.1, we know that the EVP HMAC API is always available. This switches to this API. The existing API is deprecated for OpenSSL 3.0. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-01Happy new year 2021!Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-22Cleanup old OpenSSL 0.9.7 compatibility codeDirkjan Bussink1-4/+0
OpenSSL 0.9.7 is already not supported, so clean up the old legacy bits for that as well. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-10auth: Add ssh_userauth_publickey_auto_get_current_identity()Marius Vollmer1-0/+2
Signed-off-by: Marius Vollmer <mvollmer@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-11-03New API for parsing configuration from stringStanislav Zidek1-0/+1
Fixes T248 Signed-off-by: Stanislav Zidek <szidek@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-09-29priv.h: Fix typo in comment; “cound” → “count”Paul Capron1-1/+1
Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29priv.h: Fix “MAX_PACKAT_LEN” typo in #ifndef guardPaul Capron1-1/+1
The preprocessor guard was previously effectively inoperative; it used to read “MAX_PACKAT_LEN” (note the ‘A’!), now is ‘E’. Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-08-12sftp: Fix more typosJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-08-12sftp: fix documentation typosHarald Sitter1-8/+8
Signed-off-by: Harald Sitter <sitter@kde.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-05-06cmake: Add autogenerated libssh_version.hHeiko Thiery3-17/+49
Set the cmake project verision to the autogenerated file to have a single point to set the version. This will be included in the libssh.h file. Pair-Programmed-With: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05Add basic support for none cipher and MACsJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09init: Introduce internal is_ssh_initialized()Anderson Toshiyuki Sasaki1-0/+3
The introduced function returns whether the library is initialized or not. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-06kex: Add support for diffie-hellman-group14-sha256Anderson Toshiyuki Sasaki1-0/+2
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-03-23doc: Add SSH auth callback to libssh_auth doc groupAndreas Schneider1-1/+9
Fixes T217 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-12include: Remove PRIdS definitionsAndreas Schneider1-6/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-11pki: add support for sk-ecdsa and sk-ed25519Sebastian Kinne2-0/+10
This adds server-side support for the newly introduced OpenSSH keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com (including their corresponding certificates), which are backed by U2F/FIDO2 tokens. Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc Signed-off-by: Sebastian Kinne <skinne@google.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-01-23chacha: Create common file to avoid code duplicationJakub Jelen3-4/+55
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23misc: Make the src pointer const in ssh_strreplace()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-23legacy,keys: Fix the macro conditionsJakub Jelen1-6/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20src: Implements PKCS11 URI supportSahana Prasad2-1/+14
Imports private and public keys from the engine via PKCS11 URIs. Uses the imported keys to authenticate to the ssh server. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20src: Helper funtions to detect PKCS #11 URIsSahana Prasad1-0/+5
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20misc: Add ssh_strreplace()Andreas Schneider1-0/+1
Pair-Programmed-With: Sahana Prasad <sahana@redhat.com> Signed-Off-by: Sahana Prasad <sahana@redhat.com> Signed-Off-By: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-20misc: Add ssh_tmpname()Andreas Schneider1-0/+1
Signed-Off-By: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-11include: Rename __unused__ to __attr_unused__Andreas Schneider1-6/+6
This avoids a collision with valgrind.h Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09misc: Add a function to encode newlinesAnderson Toshiyuki Sasaki1-0/+1
Given a string, the added function encodes existing newline characters ('\n') as the string "\\n" and puts into a given output buffer. The output buffer must have at least 2 times the length of the input string plus 1 for the terminating '\0'. In the worst case, each character can be replaced by 2 characters. Fixes T189 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09socket: Pass port as uint16_t to ssh_socket_connect()Andreas Schneider1-1/+4
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09bignum: Fix integer types for ssh_make_bignum_string()Andreas Schneider1-3/+3
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09base64: Fix size types of bin_to_base64()Andreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09include: Mark SSH_AUTH flags as unsignedAndreas Schneider1-7/+7
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09agent: Return uint32_t for ssh_agent_get_ident_count()Andreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09sftp: Fix integer types in sftp_write() and sftp_packet_write()Andreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09sftp: Remove internal function from sftp.hAndreas Schneider2-7/+32
Those are not marked as LIBSSH_API so not part of the public API and the symbols aren't exported! Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09fe25519: Fix integer types of fe25519_iszero()Andreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09include: Fix integer type of dh_pn and dh_pmaxAndreas Schneider1-1/+1
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09channels: Fix integer and bool argument of channel_default_bufferize()Andreas Schneider1-2/+3
Fixes T188 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09CVE-2019-14889: misc: Add function to quote file namesAnderson Toshiyuki Sasaki1-0/+8
The added function quote file names strings to be used in a shell. Special cases are treated for the charactes '\'' and '!'. Fixes T181 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-18Use only one variable denoting the size of methods arraysJakub Jelen2-2/+3
Previously, there was non-consistent usage of constans SSH_KEX_METHODS, KEX_METHODS_SIZE and of magic number 10 to reference the arrays used for algorithm negotiation by peers. This commit settles down to the single constant and its usage throughout the whole codebase. Fixes T195 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-18session: Use ssh_packet_state_e instead of intAnderson Toshiyuki Sasaki1-1/+1
Use the enum type instead of int in the ssh_session_struct Fixes T194 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-18messages: Use ssh_publickey_state_e instead of charAnderson Toshiyuki Sasaki1-1/+1
Use the enum type instead of char in the ssh_auth_request struct Fixes T194 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-07server: Use really the negotiated signature typeJakub Jelen4-10/+15
Generally, when the extension negotiation is enabled and client supports SHA2 algorithms for RSA, they are supposed to be prioritized against the old SHA1. If it is not (ssh-rsa is listed in front of rsa-sha2-* hostkey algorithms during negotiation), the server wrongly tries to provide the new typo of signature, ignoring the negotiated algirithm This commit propagates the digest algorithm from negotiation to the actual signature functions, which were previously responsible for decision about the hash algorithm based just on the negotiated extensions. Fixes T191 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-01callbacks: Improve documentation about callbacks handlingJakub Jelen1-1/+11
Fixes T103 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-24pki: Remove unused function pki_signature_verify()Anderson Toshiyuki Sasaki2-6/+1
This removes unused function pki_signature_verify() from pki_{crypto, mbedcrypto, gcrypt}. The function was also removed from include/libssh/pki_priv.h. The function ssh_pki_signature_verify() was changed to receive a const unsigned char *input. All tests calling pki_signature_verify() were changed to call ssh_pki_signature_verify() instead. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_crypto: Use OpenSSL for Ed25519 signaturesAnderson Toshiyuki Sasaki1-0/+15
Use OpenSSL to generate and verify Ed25519 signatures, if supported. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki: Move common Ed25519 functions to pki_ed25519_common.cAnderson Toshiyuki Sasaki1-2/+2
This is a preparation to use the Ed25519 implementation from OpenSSL. The function pki_ed25519_sig_to_blob() was renamed to pki_ed25519_signature_to_blob() and pki_ed25519_sig_from_blob() was renamed to pki_signature_from_ed25519_blob() to follow the naming for other algorithms. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-16sftp: Improve the documentation of sftp_init() and sftp_new()Jakub Jelen1-2/+10
Fixes: T137 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-08-08dh: Add ssh_dh_debug_crypto()Andreas Schneider1-0/+2
We should call it where we have access to the crypto structure. Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-08-07bignum: Pass const to ssh_print_bignum()Andreas Schneider3-3/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-08-06misc: Introduce internal function ssh_mkdirs()Anderson Toshiyuki Sasaki1-0/+3
If the given path includes missing directories, ssh_mkdirs() tries to create them recursively. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>