This changes the private API by adding one more argument to function
pki_signature_from_blob()
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
When ed25519 was introduced in commit 93c7b81b4e,
the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to
have relied on falling through to report an error, when HAVE_ECC is not defined.
If HAVE_ECC is not defined, but ecdsa keys are used, with for example,
ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan: Unit tests passed. No memory leaks found with valgrind.
Reviewers: asn
Differential Revision: https://bugs.libssh.org/D13
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems. It is loosely coupled and has a low memory
footprint. mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.
Reviewers: asn, aris
Subscribers: simonsj
Differential Revision: https://bugs.libssh.org/D1
* src/pki.c (ssh_signature_free): Fix test for ECC using gcrypt.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Documentation now is congruent with the code:
- SSH_OK is returned on success,
- SSH_ERROR is returned on error.
Signed-off-by: Younes Serraj <younes.serraj@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is a preparatory stage for removing ssh_buffer_get_begin().
Note that removing ssh_buffer_get_begin() doesn't break API
compatibility, as this functions has never been exposed (it only has the
LIBSSH_API prefix).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
As ssh_buffer_get_len() actually calls ssh_buffer_get_rest_len(), let's
just use the first one. This is a preparatory step for removing
ssh_buffer_get_rest_len().
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
- ssh_pki_import_cert_base64()
- ssh_pki_import_cert_file()
- ssh_pki_import_cert_blob()
Those functions are currently simple wrappers around their pubkey counterpart.
- ssh_pki_copy_cert_to_privkey()
This function copies the cert-specific data to a private key.
Signed-off-by: Axel Eppe <aeppe@google.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Check the 'ssh_buffer_pack' return in ssh_pki_do_sign for the ED25519 case.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fail fast in 'pki_import_pubkey_buffer' for the ED25519 case if a buffer
sized ED25519_PK_LEN can not be retrieved. Before, the 'memcpy' could
have read beyond the bounds of 'ssh_string_data(pubkey)'.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
