| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
|
| |
|
|
|
| |
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Aris Adamantiadis <aris@badcode.be>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
|
| |
Allow callers to specify their own socket
for an ssh agent.
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
| |
We allocate them and also free them after the callback has been
executed.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
| | |
|
| |
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
|
| |
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
|
| |
|
|
|
| |
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
| |
BUG: https://red.libssh.org/issues/163
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.
BUG: https://red.libssh.org/issues/175
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
| |
That function permits chaining of buffer values to minimize buffer handling
in packet sending code.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
BUG: https://red.libssh.org/issues/91
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
| |
BUG: https://red.libssh.org/issues/91
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
| |
BUG: https://red.libssh.org/issues/91
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
| |
BUG: https://red.libssh.org/issues/91
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure to honor the 'first_kex_packet_follow' field when processing
KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now
libssh would assume that this field is always unset (zero). But
some clients may set this (dropbear at or beyond version 2013.57),
and it needs to be included when computing the session ID.
Also include logic for handling wrongly-guessed key exchange algorithms.
Save whether a client's guess is wrong in a new field in the session
struct: when set, the next KEX_DHINIT message to be processed will be
ignored per RFC 4253, 7.1.
While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to
use softabs with a 4 space indent level throughout, and also convert
various error-checking to store intermediate values into an explicit
'rc'.
Patch adjusted from original to ensure that client tests remain passing
(ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit'
only for the 'server_kex' case.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
| |
The patch breaks the client with ECDSA.
This reverts commit 5865b9436fda96ac9fc7c18e4dffe5fb12dcc515.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure to honor the 'first_kex_packet_follow' field when processing
KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now
libssh would assume that this field is always unset (zero). But
some clients may set this (dropbear at or beyond version 2013.57),
and it needs to be included when computing the session ID.
Also include logic for handling wrongly-guessed key exchange algorithms.
Save whether a client's guess is wrong in a new field in the session
struct: when set, the next KEX_DHINIT message to be processed will be
ignored per RFC 4253, 7.1.
While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to
use softabs with a 4 space indent level throughout, and also convert
various error-checking to store intermediate values into an explicit
'rc'.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
| |
This reverts commit efe785e711e1fe8c66dc120b741d1e560ef556db.
We need a Signed-off version. I didn't have the Certificate of Origin
yet.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a
new 'ssh_pki_key_ecdsa_name' API. This gives more information than the
'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys.
The motivation is that this info is useful to have in a server context.
The torture_pki unit test is updated to include the new API, and a few
more passes are added to additionally test 384 and 521-bit keys.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
| |
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
|
| |
ssh_channel_read is a wrapper for ssh_channel_read_timeout with timeout
-1 (infinite) so we call that directly.
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
|
|
| |
Defining a non inlined class function in a header will cause multiple
definitions when header is included in more that one file since for each
file function will get defined.
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
