aboutsummaryrefslogtreecommitdiff
path: root/src/known_hosts.c
AgeCommit message (Collapse)AuthorFilesLines
2023-02-02Remove support for DSA KeysMohammad Shehar Yaar Tausif1-2/+2
Solving issue #110. The original work is at !231 Some changes were needed because the newly added features in master through time Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com> Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-07Update HMAC function parameter typeNorbert Pocs1-4/+16
New openssl API, libmbedtls, libgcrypt use size_t for HMAC len pameter. New helper functions were added in libcrypto.c to avoid code duplication. (the header pki.h is needed for this reason) Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-04Rewrite strerror to ssh_strerrorNorbert Pocs1-4/+8
Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-05-02Fix multiple spelling and grammar mistakesJunda Ai1-1/+1
Signed-off-by: Junda Ai <aijunda29@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-06-16Make the max file line length configurableXiang Xiao1-4/+7
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I0bc70f4459a6eaa6f4c87887a5ee7822faf22443
2019-09-16known_hosts: Avoid using deprecated functions (even from deprecated functions)Jakub Jelen1-6/+11
Fixes: T165 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-08-06knownhosts: Use ssh_mkdirs() instead of ssh_mkdir()Anderson Toshiyuki Sasaki1-19/+32
Previously, if the path to known_hosts file set through SSH_OPTIONS_KNOWNHOSTS included missing directories, ssh_session_update_known_hosts() would fail. The added test case checks that this is not the case anymore. The logic of checking if the directory is accessible before creating it was replaced by creating the directory if opening the file failed. This is to minimize the risk of TOCTOU race conditions. Fixes: T166 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-12kex, known_hosts: Use new tokens functionsAnderson Toshiyuki Sasaki1-169/+164
Replace the old tokens handling functions usage with the new implementation. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17libssh: deprecate SSH_KEYTYPE_ECDSABen Toews1-7/+1
This type is imprecise. We often need the ecdsa_nid in addition to the key type in order to do anything. We replace this singluar ECDSA type with one type per curve. Signed-off-by: Ben Toews <mastahyeti@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-01-24bignum: harmonize gcrypt, libcrypto and libmcrypt bignumAris Adamantiadis1-9/+0
Ensure most of the abstraction around the 3 libs are consistent. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-13knownhosts: Fix invalid read of known_hosts tokenTilo Eckert1-5/+1
Fixes invalid read introduced by commit 21962d. Accessing tokens[4] for a known_hosts line of three tokens led to randomly rejected host keys. This commit completely removes the check because the optional comments field may contain whitespace. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
2018-08-21known_hosts: Update documentation of deprecated knwon_hosts functionsAndreas Schneider1-16/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03known_hosts: Remove deprecated ssh_knownhosts_algorithms()Andreas Schneider1-108/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-30known_hosts: Simplify invalid tokens checkAndreas Schneider1-7/+1
CID 1393677 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-113/+16
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-28Remove vim modelines from all filesAndreas Schneider1-2/+0
If you want modelines use my vim plugin: https://github.com/cryptomilk/git-modeline.vim git config --add vim.modeline "ts=4 sw=4 et" Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04known_hosts: Mark ssh_is_server_known as deprecatedAndreas Schneider1-25/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-18known_hosts: Do not leak pubkey_buffer in check_public_key()Andreas Schneider1-0/+1
CID: 1388447 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21crypto: Change the type of server_pubkey to ssh_keyAndreas Schneider1-23/+31
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28add mbedtls crypto supportJuraj Vijtiuk1-0/+6
Summary: This patch adds support for mbedTLS as a crypto backend for libssh. mbedTLS is an SSL/TLS library that has been designed to mainly be used in embedded systems. It is loosely coupled and has a low memory footprint. mbedTLS also provides a cryptography library (libmbedcrypto) that can be used without the TLS modules. The patch is unfortunately quite big, since several new files had to be added. DSA is disabled at compile time, since mbedTLS doesn't support DSA Patch review and feedback would be appreciated, and if any issues or suggestions appear, I'm willing to work on them. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: * The patch has been tested with a Debug and MinSizeRel build, with libssh unit tests, client tests and the pkd tests. * All the tests have been run with valgrind's memcheck, drd and helgrind tools. * The examples/samplessh client works when built with the patch. Reviewers: asn, aris Subscribers: simonsj Differential Revision: https://bugs.libssh.org/D1
2017-12-15Add new optionsAris Adamantiadis1-7/+36
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-05known_hosts: Add ssh_dump_knownhost() functionStef Walter1-57/+84
This works similarly to ssh_write_knownhost(), but allows the caller to get a line with the known_hosts line. BUG: https://red.libssh.org/issues/207 Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: do not use ssh_buffer_get_rest_len()Fabiano Fidêncio1-4/+4
As ssh_buffer_get_len() actually calls ssh_buffer_get_rest_len(), let's just use the first one. This is a preparatory step for removing ssh_buffer_get_rest_len(). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: rename ssh_buffer_get_rest() to ssh_buffer_get()Fabiano Fidêncio1-3/+3
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the kex (non-static) functionsFabiano Fidêncio1-1/+1
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the buffer (non-static) functionsFabiano Fidêncio1-8/+8
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the bignum (non-static) functionsFabiano Fidêncio1-2/+2
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-25options: Fix setting the port.Andreas Schneider1-3/+3
Make sure we correctly read the port from the config file. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-05knownhosts: resolve leaks found by coverityAris Adamantiadis1-8/+5
2014-02-04knownhosts: detect variations of ecdsaAris Adamantiadis1-9/+31
2014-02-01known_hosts: add ssh_knownhosts_algorithms()Aris Adamantiadis1-0/+77
Goal of that function is to test the preferred key exchange methods based on what's available in the known_hosts file
2014-01-16src: Do not use deprecated functions.Andreas Schneider1-2/+2
2014-01-07src: Update my mail address.Andreas Schneider1-1/+1
2013-07-14src: Remove enter_function() and leave_function().Andreas Schneider1-30/+17
2013-07-14src: Migrate to SSH_LOG.Andreas Schneider1-3/+2
2013-06-13known_hosts: Fix readablity.Andreas Schneider1-1/+1
2012-10-12known_hosts: Don't leak memory in ssh_write_knownhost error paths.Andreas Schneider1-0/+8
Found by Coverity.
2012-07-17build: Fix missing struct in_addr warning.Andreas Schneider1-0/+1
2012-02-05session: Use a struct for all options.Andreas Schneider1-15/+18
2011-09-18priv: Move options and config prototypes to own header.Andreas Schneider1-0/+1
2011-09-08string: Use the struct and array for allocating the struct.Andreas Schneider1-3/+3
2011-09-08known_hosts: Fix a free before last use.Andreas Schneider1-1/+2
2011-09-07known_hosts: Fix a memleak.Andreas Schneider1-2/+4
2011-09-05known_hosts: Migrate ssh_write_knownhost() to new pki.Andreas Schneider1-172/+92
2011-06-15known_hosts: Added a log message for key type mismatch.Andreas Schneider1-0/+6
2011-06-13[crypto] initial support for ecdh-sha2-nistp256Aris Adamantiadis1-1/+1
Works with openssl Still requires work for libgcrypt and other modes
2010-10-03Removed references to ssh_buffer_get_beginAris Adamantiadis1-6/+6
2010-09-29known_hosts: Added missing include.Andreas Schneider1-0/+1
Thanks miloj ;)
2010-09-28pki: Create a file for known_hosts functions.Andreas Schneider1-0/+723
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-18 23:50:11 +0000