aboutsummaryrefslogtreecommitdiff
path: root/src/pki_container_openssh.c
AgeCommit message (Collapse)AuthorFilesLines
2023-12-15pki: New API functions exporting (also ed25519 keys in different formats)Jakub Jelen1-52/+14
This also adds an fallback to OpenSSH file format in non-OpenSSL backends and OpenSSH-compatible private key export for writing OpenSSH private keys. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-05-04Add missing return value checkNorbert Pocs1-1/+5
This issue was detected by covscan Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-12change the format specifier of uint32_t from PRId32 to PRIu32Xiang Xiao1-4/+4
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-10-12fix printf format warningXiang Xiao1-4/+4
uint32_t should be formated by PRI?32 Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I811cfd764010f9e8bb599b370155ac065ee1905c
2022-10-07SSH_LOG_DEBUG: Recategorize loglevelsNorbert Pocs1-3/+3
Loglevel INFO is the default openssh configuration setting which does not print redundant information. On a system using openssh with loglevels set by the terms of openssh will cause unwanted log lines in the output. recategorized based on - SSH_LOG_DEBUG are informational debug logs (no error) Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-07SSH_LOG_TRACE: Recategorize loglevelsNorbert Pocs1-23/+23
Do not print out logs when no fatal error happens. This approach is similiar to openssh, when Error/Fatal does not print recoverable error logs. recategorized based on - SSH_LOG_TRACE are debug logs when error happens Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09Improve documentation by mentioning the free functionsJakub Jelen1-1/+1
Related: https://gitlab.com/libssh/libssh-mirror/-/issues/3 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09pki: Fix possible information leak via uninitialized stack bufferAndreas Schneider1-2/+2
Fixes T190 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09pki_container_openssh: Initialize pointers to NULLAndreas Schneider1-2/+2
Fixes T190 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09SSH-01-012: Fix information leak via uninitialized stack bufferAndreas Schneider1-2/+2
Fixes T190 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09pki_container_openssh: Use SSH_BUFFER_FREE()Andreas Schneider1-9/+9
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09pki_container_openssh: Use SSH_STRING_FREEAndreas Schneider1-1/+1
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_crypto: Use OpenSSL for Ed25519 signaturesAnderson Toshiyuki Sasaki1-5/+6
Use OpenSSL to generate and verify Ed25519 signatures, if supported. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-30pki_container_openssh: Avoid bogus newline in debug messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30pki_container_openssh: Reformat whitespaceJakub Jelen1-14/+14
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29doc: Update the description of the pki_private_key_decrypt() function to ↵Jakub Jelen1-1/+1
match reality Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07pki_container_openssh: Add padding to be compatible with OpenSSHJakub Jelen1-10/+14
OpenSSH has a block size of 8 so we need to always add padding. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24pki: Remove superfluous statementAndreas Schneider1-1/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24pki: Add log message on error in ssh_pki_openssh_import()Andreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18pki: Implement reading public key from OpenSSH private key containerJakub Jelen1-19/+45
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18pki: Allow reading keys in new OpenSSH formatJakub Jelen1-52/+4
This implements reading the OpenSSH key format accross the cryptographic backends. Most of the code is shared and moved to pki.c, just the building of the keys is implemented in pki_privkey_build_*() functions. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-04pki_container: Use string functions for cleanupAndreas Schneider1-5/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-07-05crytpo: Make sure we check return of ssh_get_random() correctlyAndreas Schneider1-2/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-02-16pki: Use explicit_bzero() to wipe privkey in memoryAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: use ssh_buffer_get() instead of ssh_buffer_get_begin()Fabiano Fidêncio1-6/+6
This commit is a preparatory stage for removing ssh_buffer_get_begin(). Note that removing ssh_buffer_get_begin() doesn't break API compatibility, as this functions has never been exposed (it only has the LIBSSH_API prefix). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: do not use ssh_buffer_get_rest_len()Fabiano Fidêncio1-1/+1
As ssh_buffer_get_len() actually calls ssh_buffer_get_rest_len(), let's just use the first one. This is a preparatory step for removing ssh_buffer_get_rest_len(). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the buffer (non-static) functionsFabiano Fidêncio1-5/+5
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19pki: Make sure checkint1 and checkint2 are not used uninitializedAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-07pki: Add rsa, dss certificate key type definitionsAxel Eppe1-0/+2
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types. - Add a cert_type member in the ssh_key struct. Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-07pki: Use the standard logging functionAndreas Schneider1-20/+27
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04pki_container: Fix a memory leakAndreas Schneider1-2/+9
CID: #1267980 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04pki_container: Add check for return valueAndreas Schneider1-1/+4
CID: #1267982 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: Add support for OpenSSH encrypted container exportAris Adamantiadis1-6/+153
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: ADd OpenSSH encrypted container importAris Adamantiadis1-7/+163
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: Add support to export OpenSSH container keysAris Adamantiadis1-4/+160
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02ed25519: Add support o import OpenSSH container keysAris Adamantiadis1-0/+254
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>