summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* messages: Add missing ntohl on X11 request screen numberAlan Dunn2014-05-061-1/+3
| | | | | | | BUG: https://red.libssh.org/issues/160 Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Small documentation fix.Hani Benhabiles2014-05-061-2/+2
| | | | | Signed-off-by: Hani Benhabiles <hani@linux.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Correctly update the ECDSA keytype.Andreas Schneider2014-04-231-1/+8
|
* pki: Move ssh_pki_key_ecdsa_name() to the correct file.Andreas Schneider2014-04-232-14/+14
|
* pki: Make pki_key_ecdsa_nid_to_name() a shared function.Andreas Schneider2014-04-232-1/+2
|
* Add tests for SHA2 HMAC algorithmsDirkjan Bussink2014-04-221-25/+111
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add options support for setting and getting HMAC algorithmsDirkjan Bussink2014-04-225-1/+66
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add negotiation for SHA2 HMAC algorithmsDirkjan Bussink2014-04-223-4/+96
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add logic to support SHA2 HMAC algorithmsDirkjan Bussink2014-04-227-75/+100
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add SHA2 algorithms for HMACDirkjan Bussink2014-04-225-4/+178
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* log: Fix log levels.Gangadhar Sandrani2014-04-225-9/+14
| | | | | Signed-off-by: Gangadhar Sandrani <gangadhar.sandrani@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: server fix for first_kex_packet_followsJon Simons2014-04-224-235/+356
| | | | | | | | | | | | | | | | | | | | | | | | | Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Patch adjusted from original to ensure that client tests remain passing (ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit' only for the 'server_kex' case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* build: Do not link against libssl, only libcryptoAlan Dunn2014-04-221-3/+3
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Install cmake config files to the correct directory.Andreas Schneider2014-04-161-1/+1
|
* Revert "kex: server fix for first_kex_packet_follows"Andreas Schneider2014-04-154-354/+235
| | | | | | The patch breaks the client with ECDSA. This reverts commit 5865b9436fda96ac9fc7c18e4dffe5fb12dcc515.
* examples: Fix a bad shift if ssh_get_fd() returns -1.Andreas Schneider2014-04-141-2/+12
| | | | | | Found by Coverity. CID: #1199454
* doc: Improve docs for ssh_channel_get_exit_status().Andreas Schneider2014-04-101-0/+5
| | | | BUG: https://red.libssh.org/issues/154
* channels: Fix exit-signal request.Andreas Schneider2014-04-101-3/+3
| | | | BUG: https://red.libssh.org/issues/153
* session: Fix a memory leak with custom banner.Andreas Schneider2014-04-101-0/+1
| | | | BUG: https://red.libssh.org/issues/152
* cmake: Fix doxygen.Andreas Schneider2014-04-103-1551/+1
|
* kex: server fix for first_kex_packet_followsJon Simons2014-04-104-235/+354
| | | | | | | | | | | | | | | | | | | | | Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Revert "direct-tcpip and forwarded-tcpip callbacks"Andreas Schneider2014-04-092-64/+2
| | | | | | | This reverts commit efe785e711e1fe8c66dc120b741d1e560ef556db. We need a Signed-off version. I didn't have the Certificate of Origin yet.
* cmake: Update doxygen module.Andreas Schneider2014-04-091-67/+111
|
* direct-tcpip and forwarded-tcpip callbacksLoïc Michaux2014-04-092-2/+64
|
* pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons2014-04-093-10/+158
| | | | | | | | | | | | | Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libsshpp: include required <string> header for std::stringPetar Koretic2014-04-091-0/+1
| | | | | Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* examples: Update ssh_server_fork for new SSH_BIND_OPTIONS_HOSTKEYAlan Dunn2014-04-091-4/+6
| | | | | | | | | | | | | | | | | Tested by ssh_server_fork -k <an ecdsa key> -k <an rsa key> ... and connection succeeded with OpenSSH clients both for ECDSA and RSA (the latter forced via -o HostKeyAlgorithms=ssh-rsa and some known hosts clearing was necessary). Also ssh_server_fork -k <an ecdsa key> -k <another ecdsa key> ... caused the second key to be used, as expected. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Document new meaning of SSH_BIND_OPTIONS_HOSTKEYAlan Dunn2014-04-091-2/+6
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* options: Repurpose SSH_BIND_OPTIONS_HOSTKEY to load host keysAlan Dunn2014-04-091-21/+51
| | | | | | | | | | | | | | | | | | | SSH_BIND_OPTIONS_HOSTKEY will now load host keys of any supported type rather than set the algorithms that the server permits (which seems like an unhelpful option anyway; it seems you can always control this by just loading the right keys). This option has slightly different semantics than the SSH_BIND_OPTIONS_<x>KEY options because it requires the key file to exist immediately rather than on ssh_bind_listen or ssh_bind_accept_fd. The semantics of this option makes more sense to me. We also eliminate ssh_bind_options_set_algo, since it is no longer used. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Enable creation of the compile command database by default.Andreas Schneider2014-04-041-0/+3
|
* packet: Fix function name.Andreas Schneider2014-03-271-1/+1
|
* style: be consistent when iterating over wanted_methodsLuka Perkov2014-03-272-2/+2
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: elide two buffer_prepend calls into oneJon Simons2014-03-271-8/+9
| | | | | | | | | | In packet_send2, rather than issue two separate buffer_prepend_data calls (each of which may entail realloc + memmove + memcpy), elide the prepend work into a single buffer_prepend_data: the header information is computed locally, and a single 5 byte prepend operation is now done instead of prepending 1, then 4 bytes. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Fix ssh_userauth_none() function signature.Andreas Schneider2014-03-271-2/+2
| | | | | | Thanks to David Tibbe! BUG: https://red.libssh.org/issues/151
* socket: Fix style of ssh_socket_pollcallbackAlan Dunn2014-03-271-108/+111
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Improve and consolidate ssh_bind_options_set docsAlan Dunn2014-03-272-111/+53
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libssh: libhpp: overload read function to support timeout parameterPetar Koretic2014-03-271-1/+19
| | | | | Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libssh: libhpp: avoid unnecessary call to ssh_channel_readPetar Koretic2014-03-271-1/+1
| | | | | | | | ssh_channel_read is a wrapper for ssh_channel_read_timeout with timeout -1 (infinite) so we call that directly. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libssh: libhpp: fix multiple definitions for acceptForward functionPetar Koretic2014-03-271-4/+3
| | | | | | | | | Defining a non inlined class function in a header will cause multiple definitions when header is included in more that one file since for each file function will get defined. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* channel: check for closed state in waitwindow loopsJon Simons2014-03-271-2/+4
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: enable more ECDSA hostkey algosJon Simons2014-03-271-1/+1
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: guard against NULL pubkey->rsa in signature extractionJon Simons2014-03-271-1/+7
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* session: fix comment typoLuka Perkov2014-03-271-1/+1
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* messages: use predefined macro for clearing sensitive dataLuka Perkov2014-03-271-2/+1
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* client: fix corner case when sockets are manually createdLuka Perkov2014-03-271-1/+4
| | | | | | | | | | If the sockets are created manually and passed to libssh the internal session state is set to SSH_SESSION_STATE_SOCKET_CONNECTED. Result of this fix can be verified by running torture_connect test (torture_connect_socket) with -vvvv flags. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* tests: torture_connect: add test for user provided socketLuka Perkov2014-03-271-0/+25
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* tests: torture_connect: fix coding styleLuka Perkov2014-03-271-8/+7
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: Replace deprecated RSA_generate_key() with RSA_generate_key_ex()Petar Koretic2014-03-271-4/+14
| | | | | | | | | | | | | | | | | On Mar 16, 09:41, Aris Adamantiadis wrote: > Hi Petar, > I agree with the principle, but I don't think this code can work... > RSA_generate_key takes an RSA* as parameter and in our code we probably > have key->rsa==NULL. (if we don't then the old code had a memory leak). > > Does the test case work ? > > Aris > Yes, you are right. This works, tested with tests/unittests/torture_pki Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
* update gitignore fileLuka Perkov2014-03-271-0/+1
| | | | | | | | | | The libssh library by default does not allow in-source build (with cmake MacroEnsureOutOfSourceBuild macro). The INSTALL file (implicitly) suggests creating a build directory. So lets add build to list of git ignore files to avoid complaints from git. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* examples: Add ECDSA key option to ssh_server_forkAlan Dunn2014-03-271-4/+22
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit (git 2.34.1) at 2025-09-03 23:14:09 +0000