summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* pki: Correctly update the ECDSA keytype.Andreas Schneider2014-04-231-1/+8
|
* pki: Move ssh_pki_key_ecdsa_name() to the correct file.Andreas Schneider2014-04-232-14/+14
|
* pki: Make pki_key_ecdsa_nid_to_name() a shared function.Andreas Schneider2014-04-231-1/+1
|
* Add options support for setting and getting HMAC algorithmsDirkjan Bussink2014-04-223-1/+61
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add negotiation for SHA2 HMAC algorithmsDirkjan Bussink2014-04-222-4/+89
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add logic to support SHA2 HMAC algorithmsDirkjan Bussink2014-04-224-73/+91
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add SHA2 algorithms for HMACDirkjan Bussink2014-04-222-3/+140
| | | | | | BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* log: Fix log levels.Gangadhar Sandrani2014-04-225-9/+14
| | | | | Signed-off-by: Gangadhar Sandrani <gangadhar.sandrani@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: server fix for first_kex_packet_followsJon Simons2014-04-223-235/+347
| | | | | | | | | | | | | | | | | | | | | | | | | Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Patch adjusted from original to ensure that client tests remain passing (ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit' only for the 'server_kex' case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* build: Do not link against libssl, only libcryptoAlan Dunn2014-04-221-3/+3
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Revert "kex: server fix for first_kex_packet_follows"Andreas Schneider2014-04-153-345/+235
| | | | | | The patch breaks the client with ECDSA. This reverts commit 5865b9436fda96ac9fc7c18e4dffe5fb12dcc515.
* doc: Improve docs for ssh_channel_get_exit_status().Andreas Schneider2014-04-101-0/+5
| | | | BUG: https://red.libssh.org/issues/154
* channels: Fix exit-signal request.Andreas Schneider2014-04-101-3/+3
| | | | BUG: https://red.libssh.org/issues/153
* session: Fix a memory leak with custom banner.Andreas Schneider2014-04-101-0/+1
| | | | BUG: https://red.libssh.org/issues/152
* kex: server fix for first_kex_packet_followsJon Simons2014-04-103-235/+345
| | | | | | | | | | | | | | | | | | | | | Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Revert "direct-tcpip and forwarded-tcpip callbacks"Andreas Schneider2014-04-091-32/+0
| | | | | | | This reverts commit efe785e711e1fe8c66dc120b741d1e560ef556db. We need a Signed-off version. I didn't have the Certificate of Origin yet.
* direct-tcpip and forwarded-tcpip callbacksLoïc Michaux2014-04-091-0/+32
|
* pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons2014-04-091-0/+14
| | | | | | | | | | | | | Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Document new meaning of SSH_BIND_OPTIONS_HOSTKEYAlan Dunn2014-04-091-2/+6
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* options: Repurpose SSH_BIND_OPTIONS_HOSTKEY to load host keysAlan Dunn2014-04-091-21/+51
| | | | | | | | | | | | | | | | | | | SSH_BIND_OPTIONS_HOSTKEY will now load host keys of any supported type rather than set the algorithms that the server permits (which seems like an unhelpful option anyway; it seems you can always control this by just loading the right keys). This option has slightly different semantics than the SSH_BIND_OPTIONS_<x>KEY options because it requires the key file to exist immediately rather than on ssh_bind_listen or ssh_bind_accept_fd. The semantics of this option makes more sense to me. We also eliminate ssh_bind_options_set_algo, since it is no longer used. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: Fix function name.Andreas Schneider2014-03-271-1/+1
|
* style: be consistent when iterating over wanted_methodsLuka Perkov2014-03-272-2/+2
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: elide two buffer_prepend calls into oneJon Simons2014-03-271-8/+9
| | | | | | | | | | In packet_send2, rather than issue two separate buffer_prepend_data calls (each of which may entail realloc + memmove + memcpy), elide the prepend work into a single buffer_prepend_data: the header information is computed locally, and a single 5 byte prepend operation is now done instead of prepending 1, then 4 bytes. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* socket: Fix style of ssh_socket_pollcallbackAlan Dunn2014-03-271-108/+111
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: Improve and consolidate ssh_bind_options_set docsAlan Dunn2014-03-271-48/+53
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* channel: check for closed state in waitwindow loopsJon Simons2014-03-271-2/+4
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: enable more ECDSA hostkey algosJon Simons2014-03-271-1/+1
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: guard against NULL pubkey->rsa in signature extractionJon Simons2014-03-271-1/+7
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* session: fix comment typoLuka Perkov2014-03-271-1/+1
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* messages: use predefined macro for clearing sensitive dataLuka Perkov2014-03-271-2/+1
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* client: fix corner case when sockets are manually createdLuka Perkov2014-03-271-1/+4
| | | | | | | | | | If the sockets are created manually and passed to libssh the internal session state is set to SSH_SESSION_STATE_SOCKET_CONNECTED. Result of this fix can be verified by running torture_connect test (torture_connect_socket) with -vvvv flags. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: Replace deprecated RSA_generate_key() with RSA_generate_key_ex()Petar Koretic2014-03-271-4/+14
| | | | | | | | | | | | | | | | | On Mar 16, 09:41, Aris Adamantiadis wrote: > Hi Petar, > I agree with the principle, but I don't think this code can work... > RSA_generate_key takes an RSA* as parameter and in our code we probably > have key->rsa==NULL. (if we don't then the old code had a memory leak). > > Does the test case work ? > > Aris > Yes, you are right. This works, tested with tests/unittests/torture_pki Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
* doc: Add ECDSA keys to docs, make key docs consistentAlan Dunn2014-03-271-1/+4
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* options: Allow use of host ECDSA keyAlan Dunn2014-03-271-23/+31
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: Always copy ecdsa_nid into duplicated ECDSA keysAlan Dunn2014-03-121-2/+2
| | | | | | BUG: https://red.libssh.org/issues/147 Signed-off-by: Alan Dunn <amdunn@gmail.com>
* pki: Use SHA-2 for session ID signing with ECDSA keysAlan Dunn2014-03-121-12/+42
| | | | | | | | | Previously, SHA-1 was used always. BUG: https://red.libssh.org/issues/148 Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: silence build warningLuka Perkov2014-03-121-0/+1
| | | | | | | | | | | | | | | The commit fixes this build warning: ==== src/server.c:223:8: warning: ‘privkey’ may be used uninitialized in this function [-Wmaybe-uninitialized] rc = ssh_pki_export_privkey_to_pubkey(*privkey, &pubkey); ^ src/server.c:243:11: note: ‘privkey’ was declared here ssh_key privkey; ==== Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: log disconnect code in host byte orderJon Simons2014-03-121-13/+19
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bind: only set bindfd after successful listenJon Simons2014-03-121-1/+2
| | | | | | | | In 'ssh_bind_listen', move setting of 'sshbind->bindfd' to only happen after the listen call: otherwise 'bindfd' can be set to a bogus descriptor for the case that listen fails. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* security: fix for vulnerability CVE-2014-0017Aris Adamantiadis2014-03-043-0/+14
| | | | | | | | | | When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
* pki: Fix build warning about unused variables.Andreas Schneider2014-02-141-2/+2
|
* Add session/channel byte/packet countersAudrius Butkevicius2014-02-125-0/+90
| | | | Signed-off-by: Audrius Butkevicius <audrius.butkevicius@elastichosts.com>
* pki: Fix the build on OpenSolaris.Andreas Schneider2014-02-121-1/+1
|
* pki: Fix memory leak with ecdsa signatures.Andreas Schneider2014-02-111-0/+4
|
* packet: Improve readablity of packet decrypt.Andreas Schneider2014-02-061-6/+7
| | | | | | | After discussion with Aris and it was not obvious enough to understand the issue we decided to refactor it. Reviewd-by: Aris Adamantiadis <aris@0xbadc0de.be>
* packet_crypt: Make packet_{en,de}crypt fail consistently on len == 0Alan Dunn2014-02-061-0/+6
| | | | | | | | | | Right now the behavior of packet_{en,de}crypt on len == 0 depends on the behavior of malloc. Instead, make these consistently fail based on what I assume the desired behavior is due to the first error message in each. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet: Do not decrypt zero length rest of bufferAlan Dunn2014-02-062-13/+25
| | | | | | | | | | | | | | | | | | | | | | | If we receive a packet of length exactly blocksize, then packet_decrypt gets called on a buffer of size 0. The check at the beginning of packet_decrypt indicates that the function should be called on buffers of at least one blocksize, though the check allows through zero length. As is packet_decrypt can return -1 when len is 0 because malloc can return NULL in this case: according to the ISO C standard, malloc is free to return NULL or a pointer that can be freed when size == 0, and uclibc by default will return NULL here (in "non-glibc-compatible" mode). The net result is that when using uclibc connections with libssh can anomalously fail. Alternatively, packet_decrypt (and probably packet_encrypt for consistency) could be made to always succeed on len == 0 without depending on the behavior of malloc. Thanks to Josh Berlin for bringing conneciton failures with uclibc to my attention. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* build: Use Threads_FOUND to decide whether to build ssh_threads.Raphael Kubo da Costa2014-02-061-2/+2
| | | | | | | | | | | | | | | | Follow-up to 4e04ec8, which caused a regression on OS X. Checking the value of CMAKE_THREAD_LIBS_INIT to decide whether any threading library is present on a system turns out to be wrong -- in OS X, for example, usage of pthreads does not depend on any additional linker or compiler flags, so CMAKE_THREAD_LIBS_INIT is empty and our check in src/CMakeLists.txt failed (it used to work before 4e04ec8 because CMAKE_HAVE_THREADS_LIBRARY is set). Instead, just look for Threads_FOUND, which FindThreads sets just like any other Find module when it has found what it was looking for. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* session: skip timestamp init for non-blocking caseJon Simons2014-02-061-1/+5
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* session: add getters for session cipher namesJon Simons2014-02-061-0/+32
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit (git 2.34.1) at 2025-08-29 20:31:23 +0000