aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2016-11-05known_hosts: Add ssh_dump_knownhost() functionStef Walter1-57/+84
This works similarly to ssh_write_knownhost(), but allows the caller to get a line with the known_hosts line. BUG: https://red.libssh.org/issues/207 Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03bignum: Use const in ssh_print_bignum()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03ecdh: Implement ECDH using libgcryptJustus Winter5-265/+632
* include/libssh/crypto.h (struct ssh_crypto_struct): Provide a suitable 'ecdh_privkey'. * include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using libgcrypt. (ecdh_build_k): New prototype. * src/CMakeLists.txt (libssh_SRCS): Add backend-specific files. * src/ecdh.c: Move backend-specific parts to... * src/ecdh_crypto.c: ... this file. * src/ecdh_gcrypt.c: New file. * src/wrapper.c (crypto_free): Free 'ecdh_privkey'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03pki_gcrypt: Handle ECDSA keys and signaturesJustus Winter2-7/+566
* ConfigureChecks.cmake: Set 'HAVE_ECC' and 'HAVE_GCRYPT_ECC' if applicable. * include/libssh/pki.h (struct ssh_key_struct): Fix type of field 'ecdsa'. (struct ssh_signature_struct): Likewise for 'ecdsa_sig'. * src/pki.c (ssh_pki_key_ecdsa_name): Relax guard now that the used function is also provided by the gcrypt backend. (ssh_signature_free): Free ecdsa signature. * src/pki_gcrypt.c (ECDSA_HEADER_{BEGIN,END}): New macros. (privatekey_string_to_buffer): Handle ECDSA keys. (pki_key_ecdsa_to_nid): New function. (pki_key_ecdsa_nid_to_gcrypt_name): Likewise. (pki_key_ecdsa_nid_to_name): Likewise. (pki_key_ecdsa_nid_to_char): Likewise. (pki_key_ecdsa_nid_from_name): Implement. (asn1_oi_to_nid): New function. (b64decode_ecdsa_privatekey): Likewise. (pki_private_key_from_base64): Handle ECDSA keys. (pki_pubkey_build_ecdsa): Implement. (pki_key_dup): Handle ECDSA keys. (pki_key_generate): Likewise. (pki_key_generate_ecdsa): Implement. (pki_key_compare): Handle ECDSA keys. (pki_publickey_to_blob): Likewise. (pki_signature_from_blob): Likewise. (pki_signature_verify): Likewise. (pki_do_sign): Likewise. (pki_do_sign_sessionid): Likewise. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03libgcrypt: Implement the 'evp' interfaceJustus Winter1-0/+53
* include/libssh/libgcrypt.h (EVPCTX): Fix type. (NID_gcrypt_nistp{256,384,521}): New constants. * src/libgcrypt.c (nid_to_md_algo): New function mapping curves to digest algorithms. (evp{,_init,_update,_final}): New functions. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-03pki_gcrypt: Add a little more ASN1 infrastructureJustus Winter1-0/+15
* src/pki_gcrypt.c (ASN1_OCTET_STRING): New macro. (ASN1_OBJECT_IDENTIFIER): Likewise. (asn1_check_tag): New function. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-02curve25519: Small libgcrypt bignum fixJustus Winter1-0/+7
* src/curve25519.c (ssh_client_curve25519_init): Make use of the gcrypt-variant of 'bignum_bin2bn'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-22Remove extra newlines from log/error messagesPino Toscano8-14/+14
Signed-off-by: Pino Toscano <ptoscano@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-22sftp: Fix memory leak in sftp_fstatPino Toscano1-1/+4
When parsing the result of a successful fstat call, make sure to free the resulting reply message. Signed-off-by: Pino Toscano <ptoscano@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-08session: Add missing ifdef that prevented Windows buildsTilo Eckert1-0/+2
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-08sftp: Add support for append in sftp_open()Tilo Eckert1-0/+20
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
2016-10-08sftp: Do not always set SSH_FXF_READTilo Eckert1-5/+6
Comparison ((flags & O_RDONLY) == O_RDONLY) is always true. Also, O_RDWR, O_WRONLY and O_RDONLY are mutually exclusive => no need to check all of them Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
2016-10-07sftp: Correctly check for EOF else keep spinning if there is no dataAndreas Schneider1-16/+17
This fixes an issue introduced with dbf72ffba2ad5b5694cd55aa1a7ca99053d20386 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-06gssapi: Use correct return code in ssh_gssapi_auth_mic()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-06gssapi: Print minor stat in error logging functionAndreas Schneider1-17/+91
This also releases the memory allocated for the messages. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-06sftp: Add sftp_fsync() functionAndreas Schneider1-1/+112
BUG: https://red.libssh.org/issues/141 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-09-09sftp: ensure sftp_packet_read recognizes channel EOF to avoid infinite loopJeremy Cross1-1/+1
Signed-off-by: Jeremy Cross <jcross@bomgar.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-10sftpserver: Fix SSH_FXP_FSTAT argumentsAndreas Schneider1-3/+2
Thanks to Игорь Коваленко <igor.a.kovalenko@gmail.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-04sftp: Use calloc() instead of malloc()/memset()Andreas Schneider1-26/+14
This is calloc() is faster then calling memset(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-04config: Fix build warningsAndreas Schneider1-2/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-03Make "Host" pattern list handling consistent with OpenSSHTravers Carter1-10/+14
https://red.libssh.org/issues/187 Signed-off-by: Travers Carter <tcarter@noggin.com.au> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-03client: If SSHv1 is disabled send the banner immediatelyAndreas Schneider1-1/+9
This saves a round-trip with SSHv2 connecting to the server. See RFC 4253 section 5.2 (New Client, Old Server). Thanks to Yang Yubo <yang@yangyubo.com> for the suggestion. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-03client: Fix ssh_send_banner() to confirm with RFC 4253Andreas Schneider1-33/+62
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-03client: Fix maximum banner lengthAndreas Schneider1-1/+2
According to RFC 4253 the max banner length is 255. Thanks to Saju Panikulam <spanikulam@ipswitch.com> for the report. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-03client: Reformat callback_receive_banner()Andreas Schneider1-49/+63
The function is hard to read as the indentation is not correctly applied. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-03client: Receive the banner correctlyKen Reister1-0/+7
Comply with RFC 4253 compliance section 4.2. Allow data other than "SSH-" to be sent across prior to the actual version striong. Signed-off-by: Ken Reister <reister.kenneth@CIMCOR.COM> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02sockets: Fix callback registration bugAris Adamantiadis2-3/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02packet: Improve logging outputAris Adamantiadis2-0/+8
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02connector: Implement ssh_connector_except()Aris Adamantiadis4-5/+670
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02channels: Move ssh_channel_write_stderr out of server-onlyAris Adamantiadis1-1/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02callbacks: Implement list of callbacks for channelsAris Adamantiadis4-162/+245
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02packets: Handle flow control callbacksAris Adamantiadis1-1/+25
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02events: Add functions for poll objectsAris Adamantiadis1-0/+27
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02Add id_ed25519 to the default identity listKohei Suzuki1-0/+9
Signed-off-by: Kohei Suzuki <eagletmt@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02channels: Bugfix for a possible invalid pointer usage (channel->session) in ↵David Kedves1-4/+4
various places BUG: https://red.libssh.org/issues/230 Signed-off-by: David Kedves <kedazo@severalnines.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02auth: Cleanup memory leak when using SSH agentStef Walter2-7/+23
In Cockpit we've seen this memory leak: at 0x4C2A9C7: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x5B76B03: ssh_userauth_agent (auth.c:778) by 0x40DD5A: cockpit_ssh_authenticate (cockpitsshtransport.c:327) BUG: https://red.libssh.org/issues/208 Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02auth1: Fix non-blocking SSHv1 authAndreas Schneider1-4/+11
BUG: https://red.libssh.org/issues/232 Thanks to Fengyu Gao. TODO: Add SSHv1 tests to our testsuite. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02pki_gcrypt: Add primitive to read ASN.1 bit stringsJustus Winter1-0/+59
* src/pki_gcrypt.c (ASN1_BIT_STRING): New macro. (asn1_get_bit_string): New function. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02pki: Fix debug messageJustus Winter1-1/+5
* src/pki.c (ssh_pki_signature_verify_blob): Fix debug message. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02dh: Print hexadecimal data to stderrJustus Winter1-1/+1
* src/dh.c (ssh_print_hexa): Print to stderr. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02pki_gcrypt: Rework 'pki_export_pubkey_rsa1'Justus Winter1-23/+8
* src/pki_gcrypt.c (pki_export_pubkey_rsa1): Rework to be more idiomatic. Fix leaking MPIs. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02pki_gcrypt: Rework 'pki_publickey_to_blob'Justus Winter1-56/+36
* src/pki_gcrypt.c (pki_publickey_to_blob): Rework using the new helper 'ssh_sexp_extract_mpi'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02pki_gcrypt: Rework 'pki_key_dup'Justus Winter1-221/+66
* src/pki_gcrypt.c (pki_key_dup): Rework to be more idiomatic. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02libgcrypt: Add helper to extract MPIs into ssh_stringsJustus Winter1-0/+52
* include/libssh/libgcrypt.h (ssh_sexp_extract_mpi): New prototype. * src/libgcrypt.c (ssh_sexp_extract_mpi): New function. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02options: Check if a port has been givenJustus Winter1-1/+3
* src/options.c (ssh_options_getopt): Only call 'ssh_options_set' if a port has been given. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-05-02dh: Rename ssh_get_publickey() to ssh_get_server_publickey()Andreas Schneider1-1/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-03-21pki: Mention relevant RFC for EC key encodingJustus Winter1-0/+2
* src/pki.c (ssh_pki_export_pubkey_blob): Mention relevant RFC for EC key encoding. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-03-21pki_gcrypt: Fix memory leakJustus Winter1-5/+7
* src/pki_gcrypt.c (_bignum_cmp): Fix memory leak. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-03-21pki_gcrypt: Burn key materialJustus Winter1-0/+11
* src/pki_gcrypt.c (b64decode_rsa_privatekey): Burn key material. (b64decode_dsa_privatekey): Likewise. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-03-21pki_gcrypt: Generalize asn1_get_intJustus Winter1-2/+6
* src/pki_gcrypt.c (asn1_get): Generalize from 'asn1_get_int'. (asn1_get_int): New function simply calling 'asn1_get'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>