summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* buffers: adapt ecdh.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-23/+9
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt packet.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-13/+12
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt messages.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-425/+161
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt gssapi.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-133/+47
|
* buffers: adapt curve25519.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-15/+8
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt client.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-28/+14
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt channels.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-406/+201
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffer: adapt dh.c to new ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-96/+40
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffer: adapt kex.c to new ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-11/+13
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffer: adapt auth.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-451/+91
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* tests: test for ssh_buffer_(un)packAris Adamantiadis2014-08-061-0/+98
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* Buffer: add ssh_buffer_(un)pack()Aris Adamantiadis2014-08-062-0/+301
| | | | | | | That function permits chaining of buffer values to minimize buffer handling in packet sending code. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* examples: cast arguments of connect(2)Aris Adamantiadis2014-07-061-1/+1
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* log: Add check for return value.Andreas Schneider2014-06-101-0/+4
| | | | | For some reason I got a segfault in gdb here. Make sure it works correctly.
* tests: Add test for the logging function.Andreas Schneider2014-06-101-0/+40
|
* session: fix ssh_session->srv.ecdsa_key leakJon Simons2014-05-281-0/+4
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Fix the build on Windows.Andreas Schneider2014-05-271-66/+68
|
* cmake: Fix libssh cmake-config files.Andreas Schneider2014-05-222-7/+13
|
* Set the correct version in CMakeLists.txtHani Benhabiles2014-05-201-2/+2
| | | | | Signed-off-by: Hani Benhabiles <hani@linux.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Fix build without ECC support.Andreas Schneider2014-05-091-0/+5
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* pki: Add missing semi-colon.Andreas Schneider2014-05-071-1/+1
|
* kex: NULL checks for 'first_kex_packet_follows'Jon Simons2014-05-061-11/+17
| | | | | | | | Add NULL checks to 'is_first_kex_packet_follows_guess_wrong' to ensure that a 'strdup(NULL)' path can not be taken. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* messages: Add missing ntohl on X11 request screen numberAlan Dunn2014-05-061-1/+3
| | | | | | | BUG: https://red.libssh.org/issues/160 Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Small documentation fix.Hani Benhabiles2014-05-061-2/+2
| | | | | Signed-off-by: Hani Benhabiles <hani@linux.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Correctly update the ECDSA keytype.Andreas Schneider2014-04-231-1/+8
|
* pki: Move ssh_pki_key_ecdsa_name() to the correct file.Andreas Schneider2014-04-232-14/+14
|
* pki: Make pki_key_ecdsa_nid_to_name() a shared function.Andreas Schneider2014-04-232-1/+2
|
* Add tests for SHA2 HMAC algorithmsDirkjan Bussink2014-04-221-25/+111
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add options support for setting and getting HMAC algorithmsDirkjan Bussink2014-04-225-1/+66
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add negotiation for SHA2 HMAC algorithmsDirkjan Bussink2014-04-223-4/+96
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add logic to support SHA2 HMAC algorithmsDirkjan Bussink2014-04-227-75/+100
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add SHA2 algorithms for HMACDirkjan Bussink2014-04-225-4/+178
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* log: Fix log levels.Gangadhar Sandrani2014-04-225-9/+14
| | | | | Signed-off-by: Gangadhar Sandrani <gangadhar.sandrani@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: server fix for first_kex_packet_followsJon Simons2014-04-224-235/+356
| | | | | | | | | | | | | | | | | | | | | | | | | Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Patch adjusted from original to ensure that client tests remain passing (ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit' only for the 'server_kex' case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* build: Do not link against libssl, only libcryptoAlan Dunn2014-04-221-3/+3
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Install cmake config files to the correct directory.Andreas Schneider2014-04-161-1/+1
|
* Revert "kex: server fix for first_kex_packet_follows"Andreas Schneider2014-04-154-354/+235
| | | | | | The patch breaks the client with ECDSA. This reverts commit 5865b9436fda96ac9fc7c18e4dffe5fb12dcc515.
* examples: Fix a bad shift if ssh_get_fd() returns -1.Andreas Schneider2014-04-141-2/+12
| | | | | | Found by Coverity. CID: #1199454
* doc: Improve docs for ssh_channel_get_exit_status().Andreas Schneider2014-04-101-0/+5
| | | | BUG: https://red.libssh.org/issues/154
* channels: Fix exit-signal request.Andreas Schneider2014-04-101-3/+3
| | | | BUG: https://red.libssh.org/issues/153
* session: Fix a memory leak with custom banner.Andreas Schneider2014-04-101-0/+1
| | | | BUG: https://red.libssh.org/issues/152
* cmake: Fix doxygen.Andreas Schneider2014-04-103-1551/+1
|
* kex: server fix for first_kex_packet_followsJon Simons2014-04-104-235/+354
| | | | | | | | | | | | | | | | | | | | | Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Revert "direct-tcpip and forwarded-tcpip callbacks"Andreas Schneider2014-04-092-64/+2
| | | | | | | This reverts commit efe785e711e1fe8c66dc120b741d1e560ef556db. We need a Signed-off version. I didn't have the Certificate of Origin yet.
* cmake: Update doxygen module.Andreas Schneider2014-04-091-67/+111
|
* direct-tcpip and forwarded-tcpip callbacksLoïc Michaux2014-04-092-2/+64
|
* pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons2014-04-093-10/+158
| | | | | | | | | | | | | Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libsshpp: include required <string> header for std::stringPetar Koretic2014-04-091-0/+1
| | | | | Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* examples: Update ssh_server_fork for new SSH_BIND_OPTIONS_HOSTKEYAlan Dunn2014-04-091-4/+6
| | | | | | | | | | | | | | | | | Tested by ssh_server_fork -k <an ecdsa key> -k <an rsa key> ... and connection succeeded with OpenSSH clients both for ECDSA and RSA (the latter forced via -o HostKeyAlgorithms=ssh-rsa and some known hosts clearing was necessary). Also ssh_server_fork -k <an ecdsa key> -k <another ecdsa key> ... caused the second key to be used, as expected. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Document new meaning of SSH_BIND_OPTIONS_HOSTKEYAlan Dunn2014-04-091-2/+6
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit (git 2.34.1) at 2025-08-29 10:39:38 +0000