Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID 1323516
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID #1323517
|
|
- ssh_pki_import_cert_base64()
- ssh_pki_import_cert_file()
- ssh_pki_import_cert_blob()
Those functions are currently simple wrappers around their pubkey counterpart.
- ssh_pki_copy_cert_to_privkey()
This function copies the cert-specific data to a private key.
Signed-off-by: Axel Eppe <aeppe@google.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types.
- Add a cert_type member in the ssh_key struct.
Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This should fix the build on Windows and would not install pkg files.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
|
|
Thanks to Andreas Gutschick <andreas.gutschick@mitel.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Thanks to Kevin Haake <khaake@red-cocoa.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
|
|
BUG: https://red.libssh.org/issues/201
Return SSH_AUTH_DENIED instead of SSH_AUTH_ERROR when the provided agent
offers no public keys.
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Aris Adamantiadis <aris@badcode.be>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
ssh_userauth_publickey_auto().
Implicitly fixed unsafe return code handling that could result in use-after-free.
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Allow callers to specify their own socket
for an ssh agent.
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
The previous list is not freed. Since the new session just got
created, an identity list is already allocated and empty.
Signed-off-by: Sebastien Boving <seb@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
Signed-off-by: Tiamo Laitakari <tiamo.laitakari@cs.helsinki.fi>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
|
|
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
|
|
Also consider the host key type at hand when computing whether a
'first_kex_packet_follows' packet matches the current server settings.
Without this change libssh may incorrectly believe that guessed
settings which match by kex algorithm alone fully match: the host
key types must also match. Observed when testing with dropbear
clients.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be
ignored. That is, for the case that the initial 'first_kex_packet_follows'
guess is incorrect. Before this change sessions served with libssh can be
observed to error out unexpectedly early when testing with dropbear clients
that send an incompatible guess.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This fixes warnings for getaddrinfo() and freeaddrinfo().
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1296588
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1250106
This fixes a 1 byte output overflow for large key length (not reachable
in libssh). Pulled from OpenBSD BCrypt PBKDF implementation.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1238630
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1267977
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1278978
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1267980
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1267982
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This is an addition to CVE-2015-3146 to fix the null pointer
dereference. The patch is not required to fix the CVE but prevents
issues in future.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
The state validation in the packet handlers for SSH_MSG_NEWKEYS and
SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.
The issue has been found and reported by Mariusz Ziule.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Kevin Fan <kevinfan@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|