libssh

mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-19 00:48:43 +09:00

Author	SHA1	Message	Date
Mike Frysinger	3526e02dee	use standard O_NONBLOCK naming Systems define O_NONBLOCK & O_NDELAY as the same thing. POSIX however only defines O_NONBLOCK. Rename the current define to be portable. Signed-off-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-12-12 18:18:02 +01:00
abdallah elhdad	ecea5b6052	Support new '-o' option parsing to client Signed-off-by: abdallah elhdad <abdallahselhdad@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-12-12 18:15:42 +01:00
abdallah elhdad	1833ce86f9	refactor auth options handler Signed-off-by: abdallah elhdad <abdallahselhdad@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-12-12 18:15:41 +01:00
abdallah elhdad	3938e5e850	set log level when debug option is increased Signed-off-by: abdallah elhdad <abdallahselhdad@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-12-12 18:15:40 +01:00
Norbert Pocs	dd80a56029	libcrypto.c: Use openssl const algorithm names Use the openssl constants algorithm names instead of string representations. They should not change, but it's clearer to have it this way. Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-12-12 18:12:13 +01:00
Jakub Jelen	9d6df9d0fa	ssh_known_hosts_get_algorithms: Simplify cleanup ... ... and prevent memory leak of host_port on memory allocation failure. Thanks Xiaoke Wang for the report! Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Pavol Žáčik <pzacik@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-12-12 18:06:47 +01:00
Jakub Jelen	ee180c660e	server: Check strdup allocation failure Thanks Xiaoke Wang for the report! Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Pavol Žáčik <pzacik@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-12-12 18:06:45 +01:00
abdallah elhdad	541cd39f14	zeroize sensitive buffers in ssh_sntrup761x25519_build_k Signed-off-by: abdallah elhdad <abdallahselhdad@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-12-12 18:03:21 +01:00
abdallah elhdad	64f72ed55f	Replace explicit_bzero with ssh_burn Signed-off-by: abdallah elhdad <abdallahselhdad@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-12-12 18:03:19 +01:00
Pavol Žáčik	0ef79018b3	kex: Implement remaining hybrid ML-KEM methods This builds on top of `a9c8f94`. The pure ML-KEM code is now separated from the hybrid parts, with the hybrid implementation generalized to support NIST curves. Signed-off-by: Pavol Žáčik <pzacik@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-11-25 17:57:42 +01:00
Pavol Žáčik	7911580304	ecdh: Factor out keypair generation This adds a new internal API function (ssh_ecdh_init), similar to how it's done in curve25519 implementation. The new function can be used in hybrid key exchange constructions. Signed-off-by: Pavol Žáčik <pzacik@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-11-25 17:57:41 +01:00
Andreas Schneider	e5108f2ffc	docs: Use a modern doxygen theme Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-11-21 17:49:52 +01:00
Andreas Schneider	5ce4b65abb	cmake: Add .cmake-format.yaml Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-11-21 17:49:52 +01:00
Andreas Schneider	b62675b435	chore(editorconfig): Put CMakeLists.txt in its own section This is read by neocmakelsp for formatting. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2025-11-21 17:49:52 +01:00
Jakub Jelen	f333d95013	ci: Avoid repetitive definitions Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-19 17:31:53 +01:00
Jakub Jelen	92d0f8aba6	ci: Remove GSSAPI from minimal build Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-19 17:31:37 +01:00
Jakub Jelen	66460578b1	ci: Remove marco from the whitelist Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-19 17:31:37 +01:00
Jakub Jelen	b93db6c3d1	ci: Replace ad-hoc exports with variables Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-19 17:31:37 +01:00
Jakub Jelen	1c3143ff00	ci: Add cmocka.cfg to avoid false positives reports from csbuild Based on cmocka changes: https://gitlab.com/cmocka/cmocka/-/blob/master/cppcheck/cmocka.cfg https://gitlab.com/cmocka/cmocka/-/blob/master/.gitlab-ci.yml#L148 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-19 17:31:31 +01:00
Praneeth Sarode	47305a2f72	docs(fido2): add FIDO2/U2F security key support chapter to documentation Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:28:23 +05:30
Praneeth Sarode	5bbaecfaa7	feat(pki): extend the sshsig API to support security keys along with tests Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:28:14 +05:30
Praneeth Sarode	6e5d0a935f	tests(fido2): add tests for SK ECDSA and SK Ed25519 public key authentication Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:27:48 +05:30
Praneeth Sarode	5d4d9f8208	tests(rsa): add test for RSA key generation using the newer ssh_pki_generate_key API Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:27:48 +05:30
Praneeth Sarode	c128cf8807	tests(pki): add torture tests for pki_sk functions Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:27:48 +05:30
Praneeth Sarode	5937b5ba4e	feat(torture_sk): add functions to validate security key signatures and to create PKI context Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:27:48 +05:30
Praneeth Sarode	1241a3a8c9	tests(fido2): add sk-dummy support to the testing infrastructure Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:27:48 +05:30
Praneeth Sarode	21d338737a	tests(fido2): add sk key files to the testing infrastructure Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:27:48 +05:30
Praneeth Sarode	d91630308d	pki: add security key identities to session options Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:27:48 +05:30
Praneeth Sarode	37f0e91814	feat(pki): add security key support with enrollment, signing, and resident key loading functions Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:27:36 +05:30
Praneeth Sarode	32a256e157	feat(pki): add ssh_key getters to retrieve security key flags, application, and user ID Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:11:53 +05:30
Praneeth Sarode	14bd26e71c	feat(pki): add support for user ID in ssh_key structure Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:11:53 +05:30
Praneeth Sarode	97e71606e0	feat(pki): add ssh_pki_ctx to ssh_session The session struct now contains an ssh_pki_ctx struct as its member to allow for passing user configured pki options across many functions. The ssh_options_set API has been extended to allow users to set this member. Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:11:53 +05:30
Praneeth Sarode	d4b0de702b	feat(pki): implement PKI context API A new generic struct is introduced which contains the various configuration options that can be used by pki operations. API functions have been provided to configure all the options. Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:11:53 +05:30
Praneeth Sarode	acc080ac03	tests(fido2): add tests for the usb-hid security key callbacks Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-13 15:11:46 +05:30
Praneeth Sarode	e56af9fa79	feat(torture_sk): add validation functions for security key callback responses and resident keys Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:52:48 +05:30
Praneeth Sarode	c4b2bd34a8	feat(torture): add torture_get_sk_pin function to retrieve PIN from environment Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:52:48 +05:30
Praneeth Sarode	50ee6411f2	fido2: implement the default sk_callbacks for FIDO2/U2F keys using the usb-hid protocol Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:52:45 +05:30
Praneeth Sarode	c1dd30b47b	fido2: add helper functions for writing FIDO2/U2F callbacks Add some common helper functions that can be used by any developer writing callbacks for interacting with FIDO2/U2F devices. Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:04:38 +05:30
Praneeth Sarode	8ba9e931e8	fido2: declare callbacks for sk operations Declare ssh_sk_callbacks_struct so that the users can define custom functions as callbacks for interacting with FIDO2/U2F devices. Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:04:38 +05:30
Praneeth Sarode	eda5c6576b	tests(torture_sk): validate sk_flags against allowed security key flags Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:04:38 +05:30
Praneeth Sarode	302d868875	fido2: add sk_api.h The sk_api.h file added is a copy of the sk-api.h file in openSSH, including only the struct and constant definitions. This has been done to ensure compatibility with any security key middleware developed for openSSH. Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:04:38 +05:30
Praneeth Sarode	7db75e8fd0	ci: enable FIDO2/U2F support in some images Build with WITH_FIDO2=ON in the default fedora, tumbleweed, centos, ubuntu, and visualstudio images. Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:04:38 +05:30
Praneeth Sarode	ebe632cf8f	cmake: add build option to enable FIDO2/U2F support Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:04:38 +05:30
Praneeth Sarode	150d606db7	cmake: add cmake module to find libfido2 Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>	2025-11-09 05:04:37 +05:30
Jakub Jelen	63fbf00efe	pki: Use constant for minimal RSA key size in FIPS Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	ae33ced0dc	coverage: Ignore parse errors again Without this, the gcov is crashing with some suspicious coverage reports on functions like `uint32_divmod_uint14()` from internal sntrup implementation. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	ee6e2c69e1	Bump minimal RSA key size to 1024 Fixes: #326 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	cefc4f8c97	pkd: Run tests with ecdsa and ed25519 keys with dropbear Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	b64e7f67d3	pkd: Run ed25519 tests with dropbear Resolves: #336 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	491cd81a32	kex: Place PQC KEX methods first The ML-KEMx25519 is now preferred algorithm in OpenSSH so follow the suit Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:24:47 +01:00

1 2 3 4 5 ...

6487 Commits