lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-28 01:41:48 +03:00
Code Activity

Deprecate SSH_BIND_OPTIONS_{RSA,ECDSA}KEY in favor of generic HOSTKEY

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
This commit is contained in:
Jakub Jelen
2023-06-26 15:00:44 +02:00
parent 1bd690d75f
commit 9847f3f638
13 changed files with 48 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
examples/proxy.c
View File

@ -147,7 +147,7 @@ static struct argp_option options[] = {
.key = 'r',
.arg = "FILE",
.flags = 0,
.doc = "Set the rsa key.",
.doc = "Set the rsa host key (deprecated alias to 'k').",
.group = 0
},
{
@ -172,12 +172,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
case 'p':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
break;
case 'r':
/* deprecated */
case 'k':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
break;
case 'v':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
break;
@ -226,7 +225,7 @@ int main(int argc, char **argv){
sshbind=ssh_bind_new();
session=ssh_new();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, "sshd_rsa");
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, "sshd_rsa");
#ifdef HAVE_ARGP_H
/*

8
examples/sample_sftpserver.c
View File

@ -70,12 +70,12 @@ static void set_default_keys(ssh_bind sshbind,
{
if (!rsa_already_set)
{
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_rsa_key");
}
if (!ecdsa_already_set)
{
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY,
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_ecdsa_key");
}
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
@ -165,11 +165,11 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state)
no_default_keys = 1;
break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
rsa_already_set = 1;
break;
case 'e':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg);
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
ecdsa_already_set = 1;
break;
case 'a':

8
examples/samplesshd-cb.c
View File

@ -177,7 +177,7 @@ static struct argp_option options[] = {
.key = 'r',
.arg = "FILE",
.flags = 0,
.doc = "Set the rsa key.",
.doc = "Set the rsa key (deprecated alias for 'k').",
.group = 0
},
{
@ -210,12 +210,10 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
case 'p':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
break;
case 'r':
case 'k':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
break;
case 'v':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
break;
@ -267,7 +265,7 @@ int main(int argc, char **argv){
sshbind=ssh_bind_new();
session=ssh_new();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key");
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key");
#ifdef HAVE_ARGP_H
/*

8
examples/samplesshd-kbdint.c
View File

@ -117,7 +117,7 @@ static struct argp_option options[] = {
.key = 'r',
.arg = "FILE",
.flags = 0,
.doc = "Set the rsa key.",
.doc = "Set the rsa key (deprecated alias for 'k').",
.group = 0
},
{
@ -143,12 +143,10 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
port = atoi(arg);
break;
case 'r':
case 'k':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
break;
case 'v':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
break;
@ -295,7 +293,7 @@ int main(int argc, char **argv){
sshbind=ssh_bind_new();
session=ssh_new();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_rsa_key");
#ifdef HAVE_ARGP_H

20
examples/ssh_server.c
View File

@ -60,11 +60,11 @@ static void set_default_keys(ssh_bind sshbind,
int rsa_already_set,
int ecdsa_already_set) {
if (!rsa_already_set) {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_rsa_key");
}
if (!ecdsa_already_set) {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY,
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_ecdsa_key");
}
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
@ -109,7 +109,7 @@ static struct argp_option options[] = {
.key = 'r',
.arg = "FILE",
.flags = 0,
.doc = "Set the rsa key.",
.doc = "Set the rsa key (deprecated alias for 'k').",
.group = 0
},
{
@ -117,7 +117,7 @@ static struct argp_option options[] = {
.key = 'e',
.arg = "FILE",
.flags = 0,
.doc = "Set the ecdsa key.",
.doc = "Set the ecdsa key (deprecated alias for 'k').",
.group = 0
},
{
@ -186,11 +186,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
no_default_keys = 1;
break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
rsa_already_set = 1;
break;
case 'e':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg);
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
ecdsa_already_set = 1;
break;
case 'a':
@ -253,10 +253,10 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) {
by just not setting the default keys */
no_default_keys = 1;
} else if (key == 'r') {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, optarg);
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg);
rsa_already_set = 1;
} else if (key == 'e') {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, optarg);
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg);
ecdsa_already_set = 1;
} else if (key == 'a') {
strncpy(authorizedkeys, optarg, DEF_STR_SIZE-1);
@ -277,13 +277,13 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) {
"libssh %s -- a Secure Shell protocol implementation\n"
"\n"
" -a, --authorizedkeys=FILE Set the authorized keys file.\n"
" -e, --ecdsakey=FILE Set the ecdsa key.\n"
" -e, --ecdsakey=FILE Set the ecdsa key (deprecated alias for 'k').\n"
" -k, --hostkey=FILE Set a host key. Can be used multiple times.\n"
" Implies no default keys.\n"
" -n, --no-default-keys Do not set default key locations.\n"
" -p, --port=PORT Set the port to bind.\n"
" -P, --pass=PASSWORD Set expected password.\n"
" -r, --rsakey=FILE Set the rsa key.\n"
" -r, --rsakey=FILE Set the rsa key (deprecated alias for 'k').\n"
" -u, --user=USERNAME Set expected username.\n"
" -v, --verbose Get verbose output.\n"
" -?, --help Give this help list\n"

8
examples/sshd_direct-tcpip.c
View File

@ -591,7 +591,7 @@ static struct argp_option options[] = {
.key = 'r',
.arg = "FILE",
.flags = 0,
.doc = "Set the rsa key.",
.doc = "Set the rsa key (deprecated alias for 'k').",
.group = 0
},
{
@ -618,12 +618,10 @@ parse_opt (int key, char *arg, struct argp_state *state)
case 'p':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
break;
case 'r':
case 'k':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
break;
case 'v':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "1");
break;
@ -674,7 +672,7 @@ main(int argc, char **argv)
session = ssh_new();
mainloop = ssh_event_new();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key");
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key");
#ifdef HAVE_ARGP_H
/*

4
include/libssh/server.h
View File

@ -41,11 +41,11 @@ enum ssh_bind_options_e {
SSH_BIND_OPTIONS_BINDPORT_STR,
SSH_BIND_OPTIONS_HOSTKEY,
SSH_BIND_OPTIONS_DSAKEY, /* deprecated */
SSH_BIND_OPTIONS_RSAKEY,
SSH_BIND_OPTIONS_RSAKEY, /* deprecated */
SSH_BIND_OPTIONS_BANNER,
SSH_BIND_OPTIONS_LOG_VERBOSITY,
SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
SSH_BIND_OPTIONS_ECDSAKEY,
SSH_BIND_OPTIONS_ECDSAKEY, /* deprecated */
SSH_BIND_OPTIONS_IMPORT_KEY,
SSH_BIND_OPTIONS_KEY_EXCHANGE,
SSH_BIND_OPTIONS_CIPHERS_C_S,

25
src/options.c
View File

@ -1773,18 +1773,18 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
* char *).
*
* - SSH_BIND_OPTIONS_RSAKEY:
* Set the path to the ssh host rsa key, SSHv2
* only (const char *).
* Deprecated alias to SSH_BIND_OPTIONS_HOSTKEY
* (const char *).
*
* - SSH_BIND_OPTIONS_ECDSAKEY:
* Set the path to the ssh host ecdsa key,
* SSHv2 only (const char *).
* Deprecated alias to SSH_BIND_OPTIONS_HOSTKEY
* (const char *).
*
* - SSH_BIND_OPTIONS_BANNER:
* Set the server banner sent to clients (const char *).
*
* - SSH_BIND_OPTIONS_DSAKEY:
* This is DEPRECATED, please do not use
* This is DEPRECATED, please do not use.
*
* - SSH_BIND_OPTIONS_IMPORT_KEY:
* Set the Private Key for the server directly (ssh_key)
@ -1871,6 +1871,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
}
switch (type) {
case SSH_BIND_OPTIONS_RSAKEY:
case SSH_BIND_OPTIONS_ECDSAKEY:
/* deprecated */
case SSH_BIND_OPTIONS_HOSTKEY:
if (value == NULL) {
ssh_set_error_invalid(sshbind);
@ -2060,18 +2063,6 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
ssh_set_log_level(i & 0xffffU);
}
break;
case SSH_BIND_OPTIONS_RSAKEY:
rc = ssh_bind_set_key(sshbind, &sshbind->rsakey, value);
if (rc < 0) {
return -1;
}
break;
case SSH_BIND_OPTIONS_ECDSAKEY:
rc = ssh_bind_set_key(sshbind, &sshbind->ecdsakey, value);
if (rc < 0) {
return -1;
}
break;
case SSH_BIND_OPTIONS_BANNER:
if (value == NULL) {
ssh_set_error_invalid(sshbind);

2
tests/fuzz/ssh_server_fuzzer.c
View File

@ -177,7 +177,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
assert(rc == 0);
}
rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_RSAKEY,
SSH_BIND_OPTIONS_HOSTKEY,
"/tmp/libssh_fuzzer_private_key");
assert(rc == 0);
rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "none");

8
tests/pkd/pkd_daemon.c
View File

@ -263,12 +263,10 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
goto outclose;
}
if (type == PKD_RSA) {
opts = SSH_BIND_OPTIONS_RSAKEY;
} else if (type == PKD_ED25519) {
if (type == PKD_RSA ||
type == PKD_ED25519 ||
type == PKD_ECDSA) {
opts = SSH_BIND_OPTIONS_HOSTKEY;
} else if (type == PKD_ECDSA) {
opts = SSH_BIND_OPTIONS_ECDSAKEY;
} else {
pkderr("unknown hostkey type: %d\n", type);
rc = -1;

4
tests/server/test_server/test_server.c
View File

@ -201,7 +201,7 @@ int run_server(struct server_state_st *state)
if (state->rsa_key != NULL) {
rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_RSAKEY,
SSH_BIND_OPTIONS_HOSTKEY,
state->rsa_key);
if (rc != 0) {
fprintf(stderr,
@ -213,7 +213,7 @@ int run_server(struct server_state_st *state)
if (state->ecdsa_key != NULL) {
rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_ECDSAKEY,
SSH_BIND_OPTIONS_HOSTKEY,
state->ecdsa_key);
if (rc != 0) {
fprintf(stderr,

5
tests/torture.c
View File

@ -395,12 +395,11 @@ ssh_bind torture_ssh_bind(const char *addr,
switch (key_type) {
case SSH_KEYTYPE_RSA:
opts = SSH_BIND_OPTIONS_RSAKEY;
break;
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
opts = SSH_BIND_OPTIONS_ECDSAKEY;
case SSH_KEYTYPE_ED25519:
opts = SSH_BIND_OPTIONS_HOSTKEY;
break;
default:
goto out_free;

4
tests/unittests/torture_options.c
View File

@ -1802,7 +1802,7 @@ static void torture_bind_options_rsakey(void **state)
bind = test_state->bind;
rc = ssh_bind_options_set(bind,
SSH_BIND_OPTIONS_RSAKEY,
SSH_BIND_OPTIONS_HOSTKEY,
LIBSSH_RSA_TESTKEY);
assert_int_equal(rc, 0);
assert_non_null(bind->rsakey);
@ -1823,7 +1823,7 @@ static void torture_bind_options_ecdsakey(void **state)
bind = test_state->bind;
rc = ssh_bind_options_set(bind,
SSH_BIND_OPTIONS_ECDSAKEY,
SSH_BIND_OPTIONS_HOSTKEY,
LIBSSH_ECDSA_521_TESTKEY);
assert_int_equal(rc, 0);
assert_non_null(bind->ecdsakey);