summaryrefslogtreecommitdiffstats
path: root/include/libssh
Commit message (Collapse)AuthorAgeFilesLines
* pki: Add certificate loading functionsAxel Eppe2015-09-072-0/+13
| | | | | | | | | | | | | - ssh_pki_import_cert_base64() - ssh_pki_import_cert_file() - ssh_pki_import_cert_blob() Those functions are currently simple wrappers around their pubkey counterpart. - ssh_pki_copy_cert_to_privkey() This function copies the cert-specific data to a private key. Signed-off-by: Axel Eppe <aeppe@google.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Add rsa, dss certificate key type definitionsAxel Eppe2015-09-072-1/+4
| | | | | | | | - Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types. - Add a cert_type member in the ssh_key struct. Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Use the standard logging functionAndreas Schneider2015-09-071-5/+0
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* crypto: Add OpenSSL EVP functions for FIPS compatibilityMichael Wilder2015-09-071-7/+5
| | | | Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
* define our own platform-independent S_IF macrosTilo Eckert2015-07-301-0/+10
| | | | | Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* client: handle agent forward open requests with callbacksFabiano Fidêncio2015-07-072-1/+18
| | | | | Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Aris Adamantiadis <aris@badcode.be>
* include: Add stdarg.h so we can check for va_copy macroAndreas Schneider2015-06-301-0/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* agent: Add ssh_set_agent_socketPeter Volpe2015-06-291-0/+1
| | | | | | | | Allow callers to specify their own socket for an ssh agent. Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* include: Add support for older MSVC versionsAndreas Schneider2015-06-241-0/+4
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* Bump version to 0.7.0Andreas Schneider2015-05-061-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* include: Fix variadic macro issues with MSVCAndreas Schneider2015-05-051-1/+9
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* bind: Correctly close sockets and invalidate them.Andreas Schneider2015-04-101-0/+6
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Use standard int typesAndreas Schneider2015-04-102-17/+23
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* include: Do not make x11 variables constAndreas Schneider2015-04-021-2/+2
| | | | | | | We allocate them and also free them after the callback has been executed. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Detect __func__ and __FUNCTION__ during configure stepAndreas Schneider2015-04-022-3/+7
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* include: We should use __func__ which is C99Andreas Schneider2015-04-021-8/+6
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: buffer_pack & unpack on non-gnu compilersAris Adamantiadis2015-02-081-0/+5
|
* buffer: buffer: Improve argument checking of in ssh_buffer_pack()Andreas Schneider2015-02-021-3/+9
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* buffer: Improve argument checking in ssh_buffer_pack()Andreas Schneider2015-02-022-3/+36
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* ed25519: ADd OpenSSH encrypted container importAris Adamantiadis2015-02-021-0/+1
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* external: Add OpenSSH bcrypt and blowfish implementationAris Adamantiadis2015-02-022-0/+92
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: Add support for ed25519 keys in the server.Aris Adamantiadis2015-02-022-1/+3
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: Add support to export OpenSSH container keysAris Adamantiadis2015-02-021-0/+2
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: Add support o import OpenSSH container keysAris Adamantiadis2015-02-021-0/+8
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki.h: Replace tabs with spacesAris Adamantiadis2015-02-021-2/+2
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Add libsshpp.hpp to the distributed headers list.Léo Peltier2015-01-201-0/+1
| | | | | | BUG: https://red.libssh.org/issues/163 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* session: add getter for kexalgoJon Simons2014-12-051-0/+1
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaksJon Simons2014-12-051-0/+1
| | | | | | | | | | | Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: Generate, sign and verify keys.Aris2014-09-072-0/+19
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* crypto: Add ed25519 implementation from OpenSSH.Aris Adamantiadis2014-09-076-1/+267
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: Add a secure buffer mechanism to avoid memory spillsAris Adamantiadis2014-09-071-0/+2
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bignums: detach bignum-related functions from dh.c.Aris Adamantiadis2014-08-062-4/+32
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* crypto: fix secure burning, structure members namingAris Adamantiadis2014-08-061-2/+2
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffer: add a hidden canary to detect format errorsAris Adamantiadis2014-08-061-2/+7
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt sftp.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-4/+4
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* Buffer: add ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-0/+6
| | | | | | | That function permits chaining of buffer values to minimize buffer handling in packet sending code. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Add missing semi-colon.Andreas Schneider2014-05-071-1/+1
|
* pki: Make pki_key_ecdsa_nid_to_name() a shared function.Andreas Schneider2014-04-231-0/+1
|
* Add options support for setting and getting HMAC algorithmsDirkjan Bussink2014-04-222-0/+5
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add negotiation for SHA2 HMAC algorithmsDirkjan Bussink2014-04-221-0/+7
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add logic to support SHA2 HMAC algorithmsDirkjan Bussink2014-04-223-2/+9
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add SHA2 algorithms for HMACDirkjan Bussink2014-04-223-1/+38
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: server fix for first_kex_packet_followsJon Simons2014-04-221-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Patch adjusted from original to ensure that client tests remain passing (ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit' only for the 'server_kex' case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Revert "kex: server fix for first_kex_packet_follows"Andreas Schneider2014-04-151-9/+0
| | | | | | The patch breaks the client with ECDSA. This reverts commit 5865b9436fda96ac9fc7c18e4dffe5fb12dcc515.
* kex: server fix for first_kex_packet_followsJon Simons2014-04-101-0/+9
| | | | | | | | | | | | | | | | | | | | | Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Revert "direct-tcpip and forwarded-tcpip callbacks"Andreas Schneider2014-04-091-32/+2
| | | | | | | This reverts commit efe785e711e1fe8c66dc120b741d1e560ef556db. We need a Signed-off version. I didn't have the Certificate of Origin yet.
* direct-tcpip and forwarded-tcpip callbacksLoïc Michaux2014-04-091-2/+32
|
* pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons2014-04-091-0/+2
| | | | | | | | | | | | | Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libsshpp: include required <string> header for std::stringPetar Koretic2014-04-091-0/+1
| | | | | Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Improve and consolidate ssh_bind_options_set docsAlan Dunn2014-03-271-63/+0
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit (git 2.34.1) at 2024-11-15 21:13:30 +0000