lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-28 01:41:48 +03:00
Code Activity

kex: Make existing convenience features available

Browse Source 
Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
David Wedderwille
2025-03-28 00:26:52 +01:00
committed by Jakub Jelen
parent 0b91ba779c
commit 84d02e7440
7 changed files with 30 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh/libssh.h
View File

@ -875,6 +875,7 @@ LIBSSH_API const char* ssh_get_cipher_in(ssh_session session);
LIBSSH_API const char* ssh_get_cipher_out(ssh_session session); LIBSSH_API const char* ssh_get_cipher_out(ssh_session session);
LIBSSH_API const char* ssh_get_hmac_in(ssh_session session); LIBSSH_API const char* ssh_get_hmac_in(ssh_session session);
LIBSSH_API const char* ssh_get_hmac_out(ssh_session session); LIBSSH_API const char* ssh_get_hmac_out(ssh_session session);
LIBSSH_API const char *ssh_get_supported_methods(enum ssh_kex_types_e type);
LIBSSH_API ssh_buffer ssh_buffer_new(void); LIBSSH_API ssh_buffer ssh_buffer_new(void);
LIBSSH_API void ssh_buffer_free(ssh_buffer buffer); LIBSSH_API void ssh_buffer_free(ssh_buffer buffer);

19
src/kex.c
View File

@ -310,6 +310,25 @@ const char *ssh_kex_get_fips_methods(enum ssh_kex_types_e type)
return fips_methods[type]; return fips_methods[type];
} }
/**
* @brief Get a list of supported algorithms of a given type. This respects the
* FIPS mode status.
*
* @param[in] type The type of the algorithm to query (SSH_KEX, SSH_MAC_C_S,
* ...).
*
* @return The list of supported methods as comma-separated string, or NULL for
* unknown type.
*/
const char *ssh_get_supported_methods(enum ssh_kex_types_e type)
{
if (ssh_fips_mode()) {
return ssh_kex_get_fips_methods(type);
} else {
return ssh_kex_get_supported_method(type);
}
}
/** /**
* @internal * @internal
* @brief returns whether the first client key exchange algorithm or * @brief returns whether the first client key exchange algorithm or

2
tests/client/torture_auth.c
View File

@ -72,7 +72,7 @@ static int session_setup(void **state)
assert_ssh_return_code(s->ssh.session, rc); assert_ssh_return_code(s->ssh.session, rc);
/* Enable all hostkeys */ /* Enable all hostkeys */
all_keytypes = ssh_kex_get_supported_method(SSH_HOSTKEYS); all_keytypes = ssh_get_supported_methods(SSH_HOSTKEYS);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, all_keytypes); rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, all_keytypes);
assert_ssh_return_code(s->ssh.session, rc); assert_ssh_return_code(s->ssh.session, rc);

2
tests/client/torture_auth_cert.c
View File

@ -74,7 +74,7 @@ static int session_setup(void **state)
assert_ssh_return_code(s->ssh.session, rc); assert_ssh_return_code(s->ssh.session, rc);
/* Enable all hostkeys */ /* Enable all hostkeys */
all_keytypes = ssh_kex_get_supported_method(SSH_HOSTKEYS); all_keytypes = ssh_get_supported_methods(SSH_HOSTKEYS);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, all_keytypes); rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, all_keytypes);
assert_ssh_return_code(s->ssh.session, rc); assert_ssh_return_code(s->ssh.session, rc);

12
tests/pkd/pkd_daemon.c
View File

@ -297,7 +297,7 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
/* Add methods not enabled by default */ /* Add methods not enabled by default */
/* Enable all supported key exchange methods */ /* Enable all supported key exchange methods */
all_kex = ssh_kex_get_supported_method(SSH_KEX); all_kex = ssh_get_supported_methods(SSH_KEX);
rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_KEY_EXCHANGE, all_kex); rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_KEY_EXCHANGE, all_kex);
if (rc != 0) { if (rc != 0) {
pkderr("ssh_bind_options_set kex methods: %s\n", ssh_get_error(b)); pkderr("ssh_bind_options_set kex methods: %s\n", ssh_get_error(b));
@ -305,14 +305,14 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
} }
/* Enable all supported ciphers */ /* Enable all supported ciphers */
all_ciphers = ssh_kex_get_supported_method(SSH_CRYPT_C_S); all_ciphers = ssh_get_supported_methods(SSH_CRYPT_C_S);
rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_C_S, all_ciphers); rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_C_S, all_ciphers);
if (rc != 0) { if (rc != 0) {
pkderr("ssh_bind_options_set Ciphers C-S: %s\n", ssh_get_error(b)); pkderr("ssh_bind_options_set Ciphers C-S: %s\n", ssh_get_error(b));
goto outclose; goto outclose;
} }
all_ciphers = ssh_kex_get_supported_method(SSH_CRYPT_S_C); all_ciphers = ssh_get_supported_methods(SSH_CRYPT_S_C);
rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_S_C, all_ciphers); rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_S_C, all_ciphers);
if (rc != 0) { if (rc != 0) {
pkderr("ssh_bind_options_set Ciphers S-C: %s\n", ssh_get_error(b)); pkderr("ssh_bind_options_set Ciphers S-C: %s\n", ssh_get_error(b));
@ -320,7 +320,7 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
} }
/* Enable all hostkey algorithms */ /* Enable all hostkey algorithms */
all_hostkeys = ssh_kex_get_supported_method(SSH_HOSTKEYS); all_hostkeys = ssh_get_supported_methods(SSH_HOSTKEYS);
rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, all_hostkeys); rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, all_hostkeys);
if (rc != 0) { if (rc != 0) {
pkderr("ssh_bind_options_set Hostkeys: %s\n", ssh_get_error(b)); pkderr("ssh_bind_options_set Hostkeys: %s\n", ssh_get_error(b));
@ -328,14 +328,14 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
} }
/* Enable all message authentication codes */ /* Enable all message authentication codes */
all_macs = ssh_kex_get_supported_method(SSH_MAC_C_S); all_macs = ssh_get_supported_methods(SSH_MAC_C_S);
rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HMAC_C_S, all_macs); rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HMAC_C_S, all_macs);
if (rc != 0) { if (rc != 0) {
pkderr("ssh_bind_options_set MACs C-S: %s\n", ssh_get_error(b)); pkderr("ssh_bind_options_set MACs C-S: %s\n", ssh_get_error(b));
goto outclose; goto outclose;
} }
all_macs = ssh_kex_get_supported_method(SSH_MAC_S_C); all_macs = ssh_get_supported_methods(SSH_MAC_S_C);
rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HMAC_S_C, all_macs); rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HMAC_S_C, all_macs);
if (rc != 0) { if (rc != 0) {
pkderr("ssh_bind_options_set MACs S-C: %s\n", ssh_get_error(b)); pkderr("ssh_bind_options_set MACs S-C: %s\n", ssh_get_error(b));

2
tests/server/torture_server_config.c
View File

@ -226,7 +226,7 @@ static int session_setup(void **state)
struct test_server_st *tss = *state; struct test_server_st *tss = *state;
struct torture_state *s; struct torture_state *s;
int verbosity = torture_libssh_verbosity(); int verbosity = torture_libssh_verbosity();
const char *compat_hostkeys = ssh_kex_get_supported_method(SSH_HOSTKEYS); const char *compat_hostkeys = ssh_get_supported_methods(SSH_HOSTKEYS);
struct passwd *pwd; struct passwd *pwd;
bool b = false; bool b = false;
int rc; int rc;

2
tests/ssh_ping.c
View File

@ -61,7 +61,7 @@ int main(int argc, char **argv)
} }
/* Enable all supported algorithms */ /* Enable all supported algorithms */
hostkeys = ssh_kex_get_supported_method(SSH_HOSTKEYS); hostkeys = ssh_get_supported_methods(SSH_HOSTKEYS);
rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, hostkeys); rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, hostkeys);
if (rc < 0) { if (rc < 0) {
goto out; goto out;