summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* pki: Add missing semi-colon.Andreas Schneider2014-05-071-1/+1
|
* pki: Move ssh_pki_key_ecdsa_name() to the correct file.Andreas Schneider2014-05-071-14/+0
|
* cmake: Fix doxygen.Andreas Schneider2014-05-073-1551/+1
|
* cmake: Update doxygen module.Andreas Schneider2014-05-071-67/+111
|
* pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons2014-05-073-10/+158
| | | | | | | | | | | | | Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* messages: Add missing ntohl on X11 request screen numberAlan Dunn2014-05-061-1/+3
| | | | | | | BUG: https://red.libssh.org/issues/160 Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Correctly update the ECDSA keytype.Andreas Schneider2014-05-061-1/+8
| | | | (cherry picked from commit 2884bbf5b1bfe915160a1dc03eddbcd000555ec1)
* pki: Move ssh_pki_key_ecdsa_name() to the correct file.Andreas Schneider2014-05-061-0/+14
| | | | (cherry picked from commit f48a99b97c399174ad35b83a91df922f106ade13)
* pki: Make pki_key_ecdsa_nid_to_name() a shared function.Andreas Schneider2014-05-062-1/+2
| | | | (cherry picked from commit 11cfb2903eb319d32a2432a015c61506f50dc78b)
* cmake: Install cmake config files to the correct directory.Andreas Schneider2014-04-221-1/+1
| | | | (cherry picked from commit 291312c5e4774307a79365623065764220a673e9)
* doc: Improve docs for ssh_channel_get_exit_status().Andreas Schneider2014-04-221-0/+5
| | | | | BUG: https://red.libssh.org/issues/154 (cherry picked from commit adf23533e02d997118d1732f91abf9f116a47cec)
* channels: Fix exit-signal request.Andreas Schneider2014-04-221-3/+3
| | | | | BUG: https://red.libssh.org/issues/153 (cherry picked from commit 927cd90dc171b7e7a400ab8c1c9474f627e89167)
* session: Fix a memory leak with custom banner.Andreas Schneider2014-04-221-0/+1
| | | | | BUG: https://red.libssh.org/issues/152 (cherry picked from commit b5efbe75cd7b3881618940f9508b313222176bd8)
* cmake: Enable creation of the compile command database by default.Andreas Schneider2014-04-221-0/+3
| | | | (cherry picked from commit 437a39c7988ae157e2171f57d8c0cfdcc99584f6)
* packet: elide two buffer_prepend calls into oneJon Simons2014-03-271-8/+9
| | | | | | | | | | | | | | In packet_send2, rather than issue two separate buffer_prepend_data calls (each of which may entail realloc + memmove + memcpy), elide the prepend work into a single buffer_prepend_data: the header information is computed locally, and a single 5 byte prepend operation is now done instead of prepending 1, then 4 bytes. Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit aa05248ca81e3bd9e949ad724d45518707446e2c) Conflicts: src/packet.c
* doc: Fix ssh_userauth_none() function signature.Andreas Schneider2014-03-271-2/+2
| | | | | | | Thanks to David Tibbe! BUG: https://red.libssh.org/issues/151 (cherry picked from commit 04543c9dbc2e7fb3d43985cd913a0b1225be43d5)
* doc: Improve and consolidate ssh_bind_options_set docsAlan Dunn2014-03-272-111/+53
| | | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 47bd0b6d1f3176a4539c22741848d37b9357175b)
* libssh: libhpp: overload read function to support timeout parameterPetar Koretic2014-03-271-1/+19
| | | | | | Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 8e2590b5353f800a2dd11045a1e7ff4848fc8c25)
* libssh: libhpp: avoid unnecessary call to ssh_channel_readPetar Koretic2014-03-271-1/+1
| | | | | | | | | ssh_channel_read is a wrapper for ssh_channel_read_timeout with timeout -1 (infinite) so we call that directly. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit c51f42a566879f61c2349066bc4e8dd35bc5c311)
* libssh: libhpp: fix multiple definitions for acceptForward functionPetar Koretic2014-03-271-2/+2
| | | | | | | | | | | | | Defining a non inlined class function in a header will cause multiple definitions when header is included in more that one file since for each file function will get defined. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 00d4fbe75336b66262fdca86430655094adb8322) Conflicts: include/libssh/libsshpp.hpp
* channel: check for closed state in waitwindow loopsJon Simons2014-03-271-2/+4
| | | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit dee8e5688b4395ee379fd7f36f4a488d57fd0d6c)
* kex: enable more ECDSA hostkey algosJon Simons2014-03-271-1/+1
| | | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 40d81bb7cafe528639cb201e893ba62db1e813bf)
* pki_crypto: guard against NULL pubkey->rsa in signature extractionJon Simons2014-03-271-1/+7
| | | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 10bc5ac203a428699508293f91faa460358ca6dc)
* session: fix comment typoLuka Perkov2014-03-271-1/+1
| | | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 8ba94022824dadfec2b6650324a06106abaeac13)
* messages: use predefined macro for clearing sensitive dataLuka Perkov2014-03-271-2/+1
| | | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit a2fe341da558d27c348d55b1fbf9824f42ff2432)
* client: fix corner case when sockets are manually createdLuka Perkov2014-03-271-1/+4
| | | | | | | | | | | If the sockets are created manually and passed to libssh the internal session state is set to SSH_SESSION_STATE_SOCKET_CONNECTED. Result of this fix can be verified by running torture_connect test (torture_connect_socket) with -vvvv flags. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit dbb2de272b57c7327204adb7b7bdef5c98bfbfd6)
* tests: torture_connect: add test for user provided socketLuka Perkov2014-03-271-0/+25
| | | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 9423a3a065c947ed5ff89da615fbd6ad7f61f60a)
* tests: torture_connect: fix coding styleLuka Perkov2014-03-271-8/+7
| | | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 0c5d4954a78714c35e18fef9ef1010b3f53ee094)
* pki_crypto: Replace deprecated RSA_generate_key() with RSA_generate_key_ex()Petar Koretic2014-03-271-4/+14
| | | | | | | | | | | | | | | | | | On Mar 16, 09:41, Aris Adamantiadis wrote: > Hi Petar, > I agree with the principle, but I don't think this code can work... > RSA_generate_key takes an RSA* as parameter and in our code we probably > have key->rsa==NULL. (if we don't then the old code had a memory leak). > > Does the test case work ? > > Aris > Yes, you are right. This works, tested with tests/unittests/torture_pki Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> (cherry picked from commit 0b8d24f800bae5f4f86c0eaca41c609f40d7baef)
* update gitignore fileLuka Perkov2014-03-271-0/+1
| | | | | | | | | | | The libssh library by default does not allow in-source build (with cmake MacroEnsureOutOfSourceBuild macro). The INSTALL file (implicitly) suggests creating a build directory. So lets add build to list of git ignore files to avoid complaints from git. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 48354f56ec86bcd23b0947e2eb4ce85b9cdebd0f)
* doc: Add ECDSA keys to docs, make key docs consistentAlan Dunn2014-03-271-1/+4
| | | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit f6276fe73940dd35bbd4f95d3cf902bcf69f23f3)
* options: Allow use of host ECDSA keyAlan Dunn2014-03-272-24/+33
| | | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 2a1089d6079c14da8d24c996402e24a689a9f5d3)
* tests: Check the the ecdsa_nid is the same.Andreas Schneider2014-03-271-0/+2
| | | | (cherry picked from commit fbf73ede1eb4226ebe54698fefffb38ecd8f090b)
* tests: Add test case for bug #147Alan Dunn2014-03-271-0/+34
| | | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 577840d7f72a3c69c09f2cb477b2c46eb2831f81)
* pki_crypto: Always copy ecdsa_nid into duplicated ECDSA keysAlan Dunn2014-03-121-2/+2
| | | | | | BUG: https://red.libssh.org/issues/147 Signed-off-by: Alan Dunn <amdunn@gmail.com>
* pki: Use SHA-2 for session ID signing with ECDSA keysAlan Dunn2014-03-121-12/+42
| | | | | | | | | Previously, SHA-1 was used always. BUG: https://red.libssh.org/issues/148 Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: silence build warningLuka Perkov2014-03-121-0/+1
| | | | | | | | | | | | | | | The commit fixes this build warning: ==== src/server.c:223:8: warning: ‘privkey’ may be used uninitialized in this function [-Wmaybe-uninitialized] rc = ssh_pki_export_privkey_to_pubkey(*privkey, &pubkey); ^ src/server.c:243:11: note: ‘privkey’ was declared here ssh_key privkey; ==== Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: log disconnect code in host byte orderJon Simons2014-03-121-13/+19
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bind: only set bindfd after successful listenJon Simons2014-03-121-1/+2
| | | | | | | | In 'ssh_bind_listen', move setting of 'sshbind->bindfd' to only happen after the listen call: otherwise 'bindfd' can be set to a bogus descriptor for the case that listen fails. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Prepare libssh-0.6.3.libssh-0.6.3Andreas Schneider2014-03-043-3/+7
| | | | We messed up some thing, so we release 0.6.3.
* bump version to 0.6.2Aris Adamantiadis2014-03-043-2/+5
|
* security: fix for vulnerability CVE-2014-0017Aris Adamantiadis2014-03-044-0/+15
| | | | | | | | | | When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
* pki: Fix the build on OpenSolaris.Andreas Schneider2014-02-121-1/+1
|
* pki: Fix memory leak with ecdsa signatures.Andreas Schneider2014-02-111-0/+4
|
* Update ChangeLog.libssh-0.6.1Andreas Schneider2014-02-101-0/+12
|
* cpack: Ignore obj directory.Andreas Schneider2014-02-101-1/+1
|
* packet: Improve readablity of packet decrypt.Andreas Schneider2014-02-061-6/+7
| | | | | | | After discussion with Aris and it was not obvious enough to understand the issue we decided to refactor it. Reviewd-by: Aris Adamantiadis <aris@0xbadc0de.be>
* packet_crypt: Make packet_{en,de}crypt fail consistently on len == 0Alan Dunn2014-02-061-0/+6
| | | | | | | | | | Right now the behavior of packet_{en,de}crypt on len == 0 depends on the behavior of malloc. Instead, make these consistently fail based on what I assume the desired behavior is due to the first error message in each. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: Do not decrypt zero length rest of bufferAlan Dunn2014-02-062-13/+25
| | | | | | | | | | | | | | | | | | | | | | | If we receive a packet of length exactly blocksize, then packet_decrypt gets called on a buffer of size 0. The check at the beginning of packet_decrypt indicates that the function should be called on buffers of at least one blocksize, though the check allows through zero length. As is packet_decrypt can return -1 when len is 0 because malloc can return NULL in this case: according to the ISO C standard, malloc is free to return NULL or a pointer that can be freed when size == 0, and uclibc by default will return NULL here (in "non-glibc-compatible" mode). The net result is that when using uclibc connections with libssh can anomalously fail. Alternatively, packet_decrypt (and probably packet_encrypt for consistency) could be made to always succeed on len == 0 without depending on the behavior of malloc. Thanks to Josh Berlin for bringing conneciton failures with uclibc to my attention. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* build: Use Threads_FOUND to decide whether to build ssh_threads.Raphael Kubo da Costa2014-02-061-2/+2
| | | | | | | | | | | | | | | | Follow-up to 4e04ec8, which caused a regression on OS X. Checking the value of CMAKE_THREAD_LIBS_INIT to decide whether any threading library is present on a system turns out to be wrong -- in OS X, for example, usage of pthreads does not depend on any additional linker or compiler flags, so CMAKE_THREAD_LIBS_INIT is empty and our check in src/CMakeLists.txt failed (it used to work before 4e04ec8 because CMAKE_HAVE_THREADS_LIBRARY is set). Instead, just look for Threads_FOUND, which FindThreads sets just like any other Find module when it has found what it was looking for. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit (git 2.34.1) at 2025-08-31 06:02:13 +0000