When opening a PTY on the server, try to use the current TTY's settings
(i.e. based on STDIN). If that fails or STDIN isn't a TTY, use default
modes that avoid any character translation.
Don't rely on stdin to be a TTY (breaks CI). Instead, open a PTY and
temporarily use that as "fake" stdin.
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com)
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Imported targets are highly preferred over the individual variables
for includes and libs because they will be used in a coherent way
and any spelling mistakes or unavailability won't go unnoticed.
Also it will prevent bugs like conan-io/conan-center-index#16900
or using mismatching header/libs combinations.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Build binary dir contains the libssh_version.h file. By adding the binary dir to
the target include path, the include file can be found by projects which use
libssh as a sub-project by add_subdirectory().
Signed-off-by: Sven Fischer <sven@leiderfischer.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The existing sftp async read api has two problems :
1. sftp_async_read() assumes that the value of the third
parameter count is same as the number of bytes requested
to read in the corresponding call to sftp_async_read_begin().
But the documentation of sftp_async_read() allows the value of
count parameter to be more than that requested length. If value
of count parameter is more than that requested length then
sftp_async_read() updates the file->offset incorrectly which
leads to further read/writes occuring from incorrect offsets.
The problem here is that sftp_async_read() doesn't know about
the number of bytes requested to read specified in the call to
sftp_async_read_begin(), and it wrongly assumes the value
of its count parameter (which is actually the size of the buffer
to store the read data) to be the same as the number of bytes
requested to read.
2. sftp_async_read_begin() returns an uint32_t type value type
casted to int as a request identifier, whereas sftp_async_read()
expects an uint32_t type value as a request identifier. Due to this
the user has to typecast the identifier returned by sftp_async_read_begin()
from int to uint32_t and then pass it to sftp_async_read(). This
type casting is cumbersome for the user and hence the approach is
not user-friendly.
This commit solves the above two problems by introducing a new
sftp aio api.
The sftp_aio_begin_*() functions in the api send an i/o request to
the sftp server and provide the caller a dynamically allocated
structure storing information about the sent request. Information
like number of bytes requested for i/o, id of sent request etc is
stored in the structure.
That structure should be provided to the sftp_aio_wait_*() functions
in the api which wait for the response corresponding to the request whose
info is stored in the provided structure.
The libssh user is supposed to handle that structure through an
opaque type sftp_aio.
Since the structure stores the number of bytes requested for i/o,
sftp_aio_wait_*() knows about the number of bytes requested for i/o
(specified in the call to sftp_aio_begin_*()) and hence updates the
file->offset correctly solving problem #1 present in the existing
async api.
Since the structure provided by sftp_aio_begin_*() (containing the
request id) is supplied to sftp_aio_wait_*(), no casting of id's
needs to be done by the user solving problem #2 of the existing
async api.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Currently the sftp api code is limited to sftp.c, sftpserver.c
In future it can be required to add new sftp related APIs which
are present in their own separate source files instead of adding
their code to the already large sftp.c file.
Those new hypothetical or existing (in sftpserver.c) sftp API
functions present in the source files other than sftp.c will
need to call certain functions present in sftp.c which are not
provided in the public api as they are for internal use (by other
sftp related functions) only. Some of these sftp.c functions have
external linkage, some of them don't and cannot be currently accessed
outside sftp.c
This commit :
1. Moves such functions along with the functions they depend on
from sftp.c to a new file sftp_common.c, to seperate them out
from other sftp api functions.
2. Makes necessary changes to make required functions visible
outside sftp_common.c
3. Uses the header file sftp_priv.h for necessary declarations
(and not sftp.h) since these functions are not to be provided
in the public sftp api.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Removing support for older openssl versions than 1.1.1 makes some functions
implicitly included; we do not have to check the availability of these
functions.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Commit 8cf9c816 "Do not force GNU_SOURCE during build to fix#141" has broken support for CYGWIN.
The build hangs with this error message:
libssh-0.10.4/src/config.c: In function ‘local_parse_glob’:
libssh-0.10.4/src/config.c:252:25: error: ‘GLOB_TILDE’ undeclared (first use in this function)
252 | rt = glob(fileglob, GLOB_TILDE, NULL, &globbuf);
| ^~~~~~~~~~
I think that it would be better to re-add it, by using target_compile_definitions() rather than target_compile_options(), which is more appropriate in my opinion.
Signed-off-by: Carlo Bramini carlo_bramini@users.sourceforge.net
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The external ed25519 requires also the sha512 functions to work.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The curve25519 depends on ssh_get_random, which is normally built into libssh.
For the external override tests to build, we need to have them in separate
source file that can be included for this test.
For some reason, this did not happen on CI builds, but it did happen in koji
during RPM builds.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Calling set_target_properties directly overrides previously set flags,
so replace them with target_compile_definitions and target_link_options.
Signed-off-by: DDoSolitary <DDoSolitary@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Previously, the mbed TLS implementation wouldn't be use at all when
available, being the internal implementation always used instead.
This corrects few bugs and makes the mbed TLS implementation to be used
when ChaCha20 and Poly1305 are available.
This also makes the constant time comparison to be used when checking
the authentication tag.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Move the secure_memcmp() function to a shared source to make it
available internally for other crypto implementations.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The build currently breaks when attempting to link libssh.so using a statically-linked OpenSSL. -ldl and -lpthread are required when linking a binary with the static libcrypto.a. The OPENSSL_CRYPTO_LIBRARY does not include these dependencies when linking against static OpenSSL. OPENSSL_CRYPTO_LIBRARIES contains the correct dependencies in both static and shared configurations; -ldl and -lpthread are not required when linking against shared libcrypto.so.
This change changes all uses of OPENSSL_CRYPTO_LIBRARY to OPENSSL_CRYPTO_LIBRARIES to let the FindOpenSSL CMake module always provide the correct libraries at link time.
Signed-off-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The build currently breaks when attempting to link libssh.so using a
statically-linked OpenSSL. -ldl and -lpthread are required when linking
a binary with the static libcrypto.a. The OPENSSL_CRYPTO_LIBRARY does
not include these dependencies when linking against static OpenSSL.
OPENSSL_CRYPTO_LIBRARIES contains the correct dependencies in both
static and shared configurations; -ldl and -lpthread are not required
when linking against shared libcrypto.so.
This change changes all uses of OPENSSL_CRYPTO_LIBRARY to
OPENSSL_CRYPTO_LIBRARIES to let the FindOpenSSL CMake module always
provide the correct libraries at link time.
Signed-off-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Set the cmake project verision to the autogenerated file to have a single
point to set the version. This will be included in the libssh.h file.
Pair-Programmed-With: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This is only compiled for tests and fuzzers!
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
We will honor BUILD_SHARED_LIBS from cmake next.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This is already part of LIBSSH_REQUIRED_LIBRARIES
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Use OpenSSL to generate and verify Ed25519 signatures, if supported.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This is a preparation to use the Ed25519 implementation from OpenSSL.
The function pki_ed25519_sig_to_blob() was renamed to
pki_ed25519_signature_to_blob() and pki_ed25519_sig_from_blob() was
renamed to pki_signature_from_ed25519_blob() to follow the naming for
other algorithms.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The added functions allow splitting chains of tokens separated by a
given character (usually ','), and extracting matching parts between two
chains of tokens.
The previously existing functions in kex.c were replaced by the
introduced ones.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
In preparation for adding crypto-libraries specific backends.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Introduced the support to set options for a given ssh_bind through a
configuration file.
For options set more than once in a single file (or by files included in it
recursively) the first value set will be kept.
Differently from the session options configuration,
if an option previously set in one configuration file is redefined in a
later processed file, the latest will be kept.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This will allow the moved functions to be used in the server side
configuration parser implementation.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Cleanup the KDF function to use only one function per crypto backend.
Improve the KDF function to properly handle requested lenght and to
avoid unnecessarily reallocating buffers.
In OpenSSL use the new EVP_KDF API if available.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
