Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
__typeof__ is GCC specific
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
BUG: https://red.libssh.org/issues/210
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This works similarly to ssh_write_knownhost(), but allows the caller
to get a line with the known_hosts line.
BUG: https://red.libssh.org/issues/207
Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* include/libssh/crypto.h (struct ssh_crypto_struct): Provide a
suitable 'ecdh_privkey'.
* include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using
libgcrypt.
(ecdh_build_k): New prototype.
* src/CMakeLists.txt (libssh_SRCS): Add backend-specific files.
* src/ecdh.c: Move backend-specific parts to...
* src/ecdh_crypto.c: ... this file.
* src/ecdh_gcrypt.c: New file.
* src/wrapper.c (crypto_free): Free 'ecdh_privkey'.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* ConfigureChecks.cmake: Set 'HAVE_ECC' and 'HAVE_GCRYPT_ECC' if
applicable.
* include/libssh/pki.h (struct ssh_key_struct): Fix type of field
'ecdsa'.
(struct ssh_signature_struct): Likewise for 'ecdsa_sig'.
* src/pki.c (ssh_pki_key_ecdsa_name): Relax guard now that the used
function is also provided by the gcrypt backend.
(ssh_signature_free): Free ecdsa signature.
* src/pki_gcrypt.c (ECDSA_HEADER_{BEGIN,END}): New macros.
(privatekey_string_to_buffer): Handle ECDSA keys.
(pki_key_ecdsa_to_nid): New function.
(pki_key_ecdsa_nid_to_gcrypt_name): Likewise.
(pki_key_ecdsa_nid_to_name): Likewise.
(pki_key_ecdsa_nid_to_char): Likewise.
(pki_key_ecdsa_nid_from_name): Implement.
(asn1_oi_to_nid): New function.
(b64decode_ecdsa_privatekey): Likewise.
(pki_private_key_from_base64): Handle ECDSA keys.
(pki_pubkey_build_ecdsa): Implement.
(pki_key_dup): Handle ECDSA keys.
(pki_key_generate): Likewise.
(pki_key_generate_ecdsa): Implement.
(pki_key_compare): Handle ECDSA keys.
(pki_publickey_to_blob): Likewise.
(pki_signature_from_blob): Likewise.
(pki_signature_verify): Likewise.
(pki_do_sign): Likewise.
(pki_do_sign_sessionid): Likewise.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* include/libssh/libgcrypt.h (EVPCTX): Fix type.
(NID_gcrypt_nistp{256,384,521}): New constants.
* src/libgcrypt.c (nid_to_md_algo): New function mapping curves to
digest algorithms.
(evp{,_init,_update,_final}): New functions.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* src/pki_gcrypt.c (ASN1_OCTET_STRING): New macro.
(ASN1_OBJECT_IDENTIFIER): Likewise.
(asn1_check_tag): New function.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* src/curve25519.c (ssh_client_curve25519_init): Make use of the
gcrypt-variant of 'bignum_bin2bn'.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
When parsing the result of a successful fstat call, make sure to free
the resulting reply message.
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
|
|
Comparison ((flags & O_RDONLY) == O_RDONLY) is always true.
Also, O_RDWR, O_WRONLY and O_RDONLY are mutually exclusive => no need to check all of them
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
|
|
This fixes an issue introduced with
dbf72ffba2ad5b5694cd55aa1a7ca99053d20386
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This also releases the memory allocated for the messages.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
BUG: https://red.libssh.org/issues/141
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Jeremy Cross <jcross@bomgar.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Thanks to Игорь Коваленко <igor.a.kovalenko@gmail.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This is calloc() is faster then calling memset().
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
https://red.libssh.org/issues/187
Signed-off-by: Travers Carter <tcarter@noggin.com.au>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This saves a round-trip with SSHv2 connecting to the server. See RFC
4253 section 5.2 (New Client, Old Server).
Thanks to Yang Yubo <yang@yangyubo.com> for the suggestion.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
According to RFC 4253 the max banner length is 255.
Thanks to Saju Panikulam <spanikulam@ipswitch.com> for the report.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
The function is hard to read as the indentation is not correctly
applied.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Comply with RFC 4253 compliance section 4.2.
Allow data other than "SSH-" to be sent across prior to the actual
version striong.
Signed-off-by: Ken Reister <reister.kenneth@CIMCOR.COM>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Kohei Suzuki <eagletmt@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
various places
BUG: https://red.libssh.org/issues/230
Signed-off-by: David Kedves <kedazo@severalnines.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
In Cockpit we've seen this memory leak:
at 0x4C2A9C7: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5B76B03: ssh_userauth_agent (auth.c:778)
by 0x40DD5A: cockpit_ssh_authenticate (cockpitsshtransport.c:327)
BUG: https://red.libssh.org/issues/208
Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
BUG: https://red.libssh.org/issues/232
Thanks to Fengyu Gao.
TODO: Add SSHv1 tests to our testsuite.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* src/pki_gcrypt.c (ASN1_BIT_STRING): New macro.
(asn1_get_bit_string): New function.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* src/pki.c (ssh_pki_signature_verify_blob): Fix debug message.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* src/dh.c (ssh_print_hexa): Print to stderr.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* src/pki_gcrypt.c (pki_export_pubkey_rsa1): Rework to be more
idiomatic. Fix leaking MPIs.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* src/pki_gcrypt.c (pki_publickey_to_blob): Rework using the new
helper 'ssh_sexp_extract_mpi'.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|