summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* cmake: Update doxygen module.Andreas Schneider2014-04-091-67/+111
|
* direct-tcpip and forwarded-tcpip callbacksLoïc Michaux2014-04-092-2/+64
|
* pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons2014-04-093-10/+158
| | | | | | | | | | | | | Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libsshpp: include required <string> header for std::stringPetar Koretic2014-04-091-0/+1
| | | | | Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* examples: Update ssh_server_fork for new SSH_BIND_OPTIONS_HOSTKEYAlan Dunn2014-04-091-4/+6
| | | | | | | | | | | | | | | | | Tested by ssh_server_fork -k <an ecdsa key> -k <an rsa key> ... and connection succeeded with OpenSSH clients both for ECDSA and RSA (the latter forced via -o HostKeyAlgorithms=ssh-rsa and some known hosts clearing was necessary). Also ssh_server_fork -k <an ecdsa key> -k <another ecdsa key> ... caused the second key to be used, as expected. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Document new meaning of SSH_BIND_OPTIONS_HOSTKEYAlan Dunn2014-04-091-2/+6
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* options: Repurpose SSH_BIND_OPTIONS_HOSTKEY to load host keysAlan Dunn2014-04-091-21/+51
| | | | | | | | | | | | | | | | | | | SSH_BIND_OPTIONS_HOSTKEY will now load host keys of any supported type rather than set the algorithms that the server permits (which seems like an unhelpful option anyway; it seems you can always control this by just loading the right keys). This option has slightly different semantics than the SSH_BIND_OPTIONS_<x>KEY options because it requires the key file to exist immediately rather than on ssh_bind_listen or ssh_bind_accept_fd. The semantics of this option makes more sense to me. We also eliminate ssh_bind_options_set_algo, since it is no longer used. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Enable creation of the compile command database by default.Andreas Schneider2014-04-041-0/+3
|
* packet: Fix function name.Andreas Schneider2014-03-271-1/+1
|
* style: be consistent when iterating over wanted_methodsLuka Perkov2014-03-272-2/+2
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: elide two buffer_prepend calls into oneJon Simons2014-03-271-8/+9
| | | | | | | | | | In packet_send2, rather than issue two separate buffer_prepend_data calls (each of which may entail realloc + memmove + memcpy), elide the prepend work into a single buffer_prepend_data: the header information is computed locally, and a single 5 byte prepend operation is now done instead of prepending 1, then 4 bytes. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Fix ssh_userauth_none() function signature.Andreas Schneider2014-03-271-2/+2
| | | | | | Thanks to David Tibbe! BUG: https://red.libssh.org/issues/151
* socket: Fix style of ssh_socket_pollcallbackAlan Dunn2014-03-271-108/+111
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Improve and consolidate ssh_bind_options_set docsAlan Dunn2014-03-272-111/+53
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libssh: libhpp: overload read function to support timeout parameterPetar Koretic2014-03-271-1/+19
| | | | | Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libssh: libhpp: avoid unnecessary call to ssh_channel_readPetar Koretic2014-03-271-1/+1
| | | | | | | | ssh_channel_read is a wrapper for ssh_channel_read_timeout with timeout -1 (infinite) so we call that directly. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libssh: libhpp: fix multiple definitions for acceptForward functionPetar Koretic2014-03-271-4/+3
| | | | | | | | | Defining a non inlined class function in a header will cause multiple definitions when header is included in more that one file since for each file function will get defined. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* channel: check for closed state in waitwindow loopsJon Simons2014-03-271-2/+4
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: enable more ECDSA hostkey algosJon Simons2014-03-271-1/+1
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: guard against NULL pubkey->rsa in signature extractionJon Simons2014-03-271-1/+7
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* session: fix comment typoLuka Perkov2014-03-271-1/+1
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* messages: use predefined macro for clearing sensitive dataLuka Perkov2014-03-271-2/+1
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* client: fix corner case when sockets are manually createdLuka Perkov2014-03-271-1/+4
| | | | | | | | | | If the sockets are created manually and passed to libssh the internal session state is set to SSH_SESSION_STATE_SOCKET_CONNECTED. Result of this fix can be verified by running torture_connect test (torture_connect_socket) with -vvvv flags. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* tests: torture_connect: add test for user provided socketLuka Perkov2014-03-271-0/+25
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* tests: torture_connect: fix coding styleLuka Perkov2014-03-271-8/+7
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: Replace deprecated RSA_generate_key() with RSA_generate_key_ex()Petar Koretic2014-03-271-4/+14
| | | | | | | | | | | | | | | | | On Mar 16, 09:41, Aris Adamantiadis wrote: > Hi Petar, > I agree with the principle, but I don't think this code can work... > RSA_generate_key takes an RSA* as parameter and in our code we probably > have key->rsa==NULL. (if we don't then the old code had a memory leak). > > Does the test case work ? > > Aris > Yes, you are right. This works, tested with tests/unittests/torture_pki Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
* update gitignore fileLuka Perkov2014-03-271-0/+1
| | | | | | | | | | The libssh library by default does not allow in-source build (with cmake MacroEnsureOutOfSourceBuild macro). The INSTALL file (implicitly) suggests creating a build directory. So lets add build to list of git ignore files to avoid complaints from git. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* examples: Add ECDSA key option to ssh_server_forkAlan Dunn2014-03-271-4/+22
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* examples: Add no default keys options to ssh_server_forkAlan Dunn2014-03-271-5/+40
| | | | | | | | | | | | It seems useful to be able to run ssh_server_fork without being required to load some key of RSA and DSA keytypes. However, with the current ssh_server_fork, you need to have some keys as some default value is set by default and you can't unset the value for a keytype (e.g. by using NULL as an argument). So the "no default keys" argument turns off the default key assignments. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Add ECDSA keys to docs, make key docs consistentAlan Dunn2014-03-271-1/+4
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* options: Allow use of host ECDSA keyAlan Dunn2014-03-272-24/+33
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* tests: Check the the ecdsa_nid is the same.Andreas Schneider2014-03-271-0/+2
|
* tests: Add test case for bug #147Alan Dunn2014-03-271-0/+34
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: Always copy ecdsa_nid into duplicated ECDSA keysAlan Dunn2014-03-121-2/+2
| | | | | | BUG: https://red.libssh.org/issues/147 Signed-off-by: Alan Dunn <amdunn@gmail.com>
* pki: Use SHA-2 for session ID signing with ECDSA keysAlan Dunn2014-03-121-12/+42
| | | | | | | | | Previously, SHA-1 was used always. BUG: https://red.libssh.org/issues/148 Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: silence build warningLuka Perkov2014-03-121-0/+1
| | | | | | | | | | | | | | | The commit fixes this build warning: ==== src/server.c:223:8: warning: ‘privkey’ may be used uninitialized in this function [-Wmaybe-uninitialized] rc = ssh_pki_export_privkey_to_pubkey(*privkey, &pubkey); ^ src/server.c:243:11: note: ‘privkey’ was declared here ssh_key privkey; ==== Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: log disconnect code in host byte orderJon Simons2014-03-121-13/+19
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bind: only set bindfd after successful listenJon Simons2014-03-121-1/+2
| | | | | | | | In 'ssh_bind_listen', move setting of 'sshbind->bindfd' to only happen after the listen call: otherwise 'bindfd' can be set to a bogus descriptor for the case that listen fails. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* security: fix for vulnerability CVE-2014-0017Aris Adamantiadis2014-03-044-0/+15
| | | | | | | | | | When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
* examples: Add missing include for stderr.Andreas Schneider2014-02-171-0/+1
| | | | This should fix the build on FreeBSD.
* cmake: Merge server examples.Andreas Schneider2014-02-161-7/+5
|
* examples: Remove old samplesshd-tty.Andreas Schneider2014-02-162-475/+0
|
* examples: Remove old samplesshd.Andreas Schneider2014-02-162-317/+0
|
* examples: Add ssh_server_fork exampleAudrius Butkevicius2014-02-164-0/+648
| | | | | Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* config: Add missing HAVE_LIBUTIL_H define in config.hAudrius Butkevicius2014-02-161-0/+3
| | | | | Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* examples: Add missing include on FreeBSD.Andreas Schneider2014-02-141-0/+3
|
* cmake: Check for libutil.h on FreeBSD.Andreas Schneider2014-02-141-0/+1
|
* pki: Fix build warning about unused variables.Andreas Schneider2014-02-141-2/+2
|
* Add session/channel byte/packet countersAudrius Butkevicius2014-02-128-0/+106
| | | | Signed-off-by: Audrius Butkevicius <audrius.butkevicius@elastichosts.com>
* pki: Fix the build on OpenSolaris.Andreas Schneider2014-02-121-1/+1
|
generated by cgit (git 2.34.1) at 2025-08-30 19:53:57 +0000