1
0
mirror of https://github.com/libssh2/libssh2.git synced 2025-10-26 02:17:35 +03:00
Commit Graph

262 Commits

Author SHA1 Message Date
Uwe L. Korn
1f0fe7443a Use libssh2_EXPORTS as an alternative to _WINDLL (#470)
Files: libssh2.h

Notes:
`_WINDLL` is only defined when a Visual Studio CMake generator is used, `libssh2_EXPORTS` is used though for all CMake generator if a shared libssh2 library is being built.

Credit:
Uwe L. Korn
2021-10-26 09:21:56 -07:00
Daniel Stenberg
4bcf8415a7 libssh2.h: bump it to 1.10.1-dev 2021-09-16 12:56:20 +02:00
Paul Capron
b3a8a6d27c Fix _libssh2_random() silently discarding errors (#520)
Notes:
* Make _libssh2_random return code consistent

Previously, _libssh2_random was advertized in HACKING.CRYPTO as
returning `void` (and was implemented that way in os400qc3.c), but that
was in other crypto backends a lie; _libssh2_random is (a macro
expanding) to an int-value expression or function.

Moreover, that returned code was:
  — 0 or success, -1 on error for the MbedTLS & WinCNG crypto backends
But also:
  — 1 on success, -1 or 0 on error for the OpenSSL backend!
  – 1 on success, error cannot happen for libgcrypt!

This commit makes explicit that _libssh2_random can fail (because most of
the underlying crypto functions can indeed fail!), and it makes its result
code consistent: 0 on success, -1 on error.

This is related to issue #519 https://github.com/libssh2/libssh2/issues/519
It fixes the first half of it.

* Don't silent errors of _libssh2_random

Make sure to check the returned code of _libssh2_random(), and
propagates any failure.

A new LIBSSH_ERROR_RANDGEN constant is added to libssh2.h
None of the existing error constants seemed fit.

This commit is related to d74285b684
and to https://github.com/libssh2/libssh2/issues/519 (see the issue
for more info.)  It closes #519.

Credit:
Paul Capron
2021-05-11 14:06:18 -07:00
Will Cosgrove
f553dcc95d kex.c: group16-sha512 and group18-sha512 support #457 (#468)
Files: kex.c

Notes:
Added key exchange group16-sha512 and group18-sha512. As a result did the following:

Abstracted diffie_hellman_sha256() to diffie_hellman_sha_algo() which is now algorithm agnostic and takes the algorithm as a parameter since we needed sha512 support. Unfortunately it required some helper functions but they are simple.
Deleted diffie_hellman_sha1()
Deleted diffie_hellman_sha1 specific macro
Cleaned up some formatting
Defined sha384 in os400 and wincng backends
Defined LIBSSH2_DH_MAX_MODULUS_BITS to abort the connection if we receive too large of p from the server doing sha1 key exchange.
Reorder the default key exchange list to match OpenSSH and improve security

Credit:
Will Cosgrove
2020-09-23 13:20:00 -07:00
Will Cosgrove
1c3a03ebc3 libssh2.h: Update Diffie Hellman group values (#493)
File: libssh2.h

Notes:
Update the min, preferred and max DH group values based on RFC 8270.

Credit:
Will Cosgrove, noted from email list by Mitchell Holland
2020-07-01 11:37:20 -07:00
Daniel Stenberg
f1b6fca89b include/libssh2.h: fix comment: the known host key uses 4 bits (#438) 2019-12-17 15:01:08 -08:00
Panos
378ffa9ba8 Add agent forwarding implementation (#219)
files: channel.c, test_agent_forward_succeeds.c, libssh2_priv.h, libssh2.h, ssh2_agent_forwarding.c

notes:
* Adding SSH agent forwarding.
* Fix agent forwarding message, updated example.
Added integration test code and cmake target. Added example to cmake list.

credit: 
pkittenis
2019-08-12 14:23:19 -07:00
Pedro Monreal
f4663f9f12 Spelling corrections (#380)
Files : 
libssh2.h, libssh2_sftp.h, bcrypt_pbkdf.c, mbedtls.c, sftp.c, ssh2.c

Notes :
* Fixed misspellings

Credit :
Pedro Monreal
2019-07-01 10:00:09 -07:00
Will Cosgrove
dce4d8c742 Add agent functions libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() (#308)
File : agent.c

Notes : 
Libssh2 uses the SSH_AUTH_SOCK env variable to read the system agent location. However, when using a custom agent path you have to set this value using setenv which is not thread-safe. The new functions allow for a way to set a custom agent socket path in a thread safe manor.
2019-04-11 10:11:38 -07:00
Daniel Stenberg
452517d96c style: make includes and examples code style strict
make travis and the makefile rule verify them too

Closes #334
2019-03-21 13:04:07 +01:00
Zenju
c3d89b9720 libssh2.h: Fix Error C2371 'ssize_t': redefinition
Closes #331
2019-03-20 22:43:09 +01:00
Michael Buckley
31d0b1a853 Move fallback SIZE_MAX and UINT_MAX to libssh2_priv.h 2019-03-18 15:07:12 -07:00
Will Cosgrove
dc109a7f51 Security fixes (#315)
* Bounds checks

Fixes for CVEs
https://www.libssh2.org/CVE-2019-3863.html
https://www.libssh2.org/CVE-2019-3856.html

* Packet length bounds check

CVE
https://www.libssh2.org/CVE-2019-3855.html

* Response length check

CVE
https://www.libssh2.org/CVE-2019-3859.html

* Bounds check

CVE
https://www.libssh2.org/CVE-2019-3857.html

* Bounds checking

CVE
https://www.libssh2.org/CVE-2019-3859.html

and additional data validation

* Check bounds before reading into buffers

* Bounds checking

CVE
https://www.libssh2.org/CVE-2019-3859.html

* declare SIZE_MAX and UINT_MAX if needed
2019-03-14 15:22:13 -07:00
Will Cosgrove
bc00a288a8 Bumping version number for pending 1.8.1 release 2019-03-07 11:01:20 -08:00
Will Cosgrove
525c1973cf removed INT64_C define (#260)
No longer used.
2018-08-09 09:51:32 -07:00
Will Cosgrove
0309229259 ED25519 Key Support #39 (#248)
OpenSSH Key and ED25519 support #39
Added _libssh2_explicit_zero() to explicitly zero sensitive data in memory #120

* ED25519 Key file support - Requires OpenSSL 1.1.1 or later
* OpenSSH Key format reading support - Supports RSA/DSA/ECDSA/ED25519 types
* New string buffer reading functions - These add build-in bounds checking and convenance methods. Used for OpenSSL PEM file reading.
* Added new tests for OpenSSH formatted Keys
2018-08-02 14:00:25 -07:00
Will Cosgrove
62b825c8af ECDSA key types are now explicit (#251)
* ECDSA key types are now explicit

Issue was brough up in pull request #248
2018-05-04 13:03:15 -07:00
Viktor Szakats
e54ef175d4 src: fix checksrc warnings
Use checksrc.pl from the curl project, with (for now)
suppressed long line warnings and indentation set to
4 spaces. Fixes are whitespace for the most part.

Warning count went down from 2704 to 12.

Also fix codespell typos, two non-ANSI C89 comments
and a stray tab in include/libssh2.h.

Ref: https://github.com/libssh2/libssh2/pull/235
2018-03-12 11:08:21 +00:00
Will Cosgrove
aba34f5f56 Add support for ECDSA keys and host keys (#41)
This commit lands full ECDSA key support when using the OpenSSL
backend. Which includes:

New KEX methods:
ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521

Can now read OpenSSL formatted ECDSA key files.

Now supports known host keys of type ecdsa-sha2-nistp256.

New curve types:
NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1

Default host key preferred ordering is now nistp256, nistp384,
nistp521, rsa, dss.

Ref: https://github.com/libssh2/libssh2/issues/41

Closes https://github.com/libssh2/libssh2/pull/206
2018-03-09 19:28:38 +00:00
Sune Bredahl
bbc43cb333 Add support for SHA256 hostkey fingerprints (#180)
Looks good, thanks!
2017-05-24 10:15:53 -07:00
Salvador Fandino
84172e5188 LIBSSH2_ERROR_CHANNEL_WINDOW_FULL: add new error code
In order to signal that the requested operation can not succeed
because the receiving window had been exhausted, the error code
LIBSSH2_ERROR_BUFFER_TOO_SMALL has been reused but I have found
that in certain context it may be ambigous.

This patch introduces a new error code,
LIBSSH2_ERROR_CHANNEL_WINDOW_FULL, exclusive to signal that condition.
2016-11-05 19:45:33 +00:00
Daniel Stenberg
d75e9c5c0d libssh2.h: start working on 1.8.1 2016-10-25 08:50:06 +02:00
Craig A. Berry
f6a4ccf22b VMS can't use %zd for off_t format.
%z is a C99-ism that VMS doesn't currently have; even though the
compiler is C99-compliant, the library isn't quite.  The off_t used
for the st_size element of the stat can be 32-bit or 64-bit, so
detect what we've got and pick a format accordingly.
2016-03-15 21:56:47 +00:00
Daniel Stenberg
996b04ecec include/libssh2.h: next version is 1.7.0 2016-02-12 16:19:06 +01:00
Patrick Monnerat
0fbf8f3c7e Fold long lines in include files 2016-01-18 13:35:28 +01:00
Salvador Fandino
b83c3e056e libssh2_session_set_last_error: Add function
Net::SSH2, the Perl wrapping module for libssh2 implements several features*
on top of libssh2 that can fail and so need some mechanism to report the error
condition to the user.

Until now, besides the error state maintained internally by libssh2, another
error state was maintained at the Perl level for every session object and then
additional logic was used to merge both error states. That is a maintenance
nighmare, and actually there is no way to do it correctly and consistently.

In order to allow the high level language to add new features to the library
but still rely in its error reporting features the new function
libssh2_session_set_last_error (that just exposses _libssh2_error_flags) is
introduced.

*) For instance, connecting to a remote SSH service giving the hostname and
port.

Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
Signed-off-by: Salvador Fandiño <sfandino@yahoo.com>
2015-11-02 14:50:15 +01:00
Alexander Lamaison
92fff06e27 Prefixed new #defines to prevent collisions.
Other libraries might have their own USE_WIN32_*FILES.
2015-09-21 18:44:48 +01:00
David Byron
6c84a426be add libssh2_scp_recv2 to support large (> 2GB) files on windows 2015-09-21 18:01:23 +01:00
Daniel Stenberg
6c14cc003a bump: start working on 1.6.1 2015-06-12 09:15:47 +02:00
Daniel Stenberg
56f7c0e2a4 libssh2: next version will be called 1.6.0
... since we just added a new function.
2015-03-15 12:03:40 +01:00
David Calavera
18cfec8336 Allow authentication keys to be passed in memory.
All credits go to Joe Turpin, I'm just reaplying and cleaning his patch:
http://www.libssh2.org/mail/libssh2-devel-archive-2012-01/0015.shtml

* Use an unimplemented error for extracting keys from memory with libgcrypt.
2015-03-14 23:54:49 +00:00
Alexander Lamaison
6bf8983368 CMake build system.
Tested:
 - Windows:
    - Visual C++ 2005/2008/2010/2012/2013/MinGW-w64
    - static/shared
    - 32/64-bit
    - OpenSSL/WinCNG
    - Without zlib
 - Linux:
    - GCC 4.6.3/Clang 3.4
    - static/shared
    - 32/64-bit
    - OpenSSL/Libgcrypt
    - With/Without zlib
 - MacOS X
    - AppleClang 6.0.0
    - static
    - 64-bit
    - OpenSSL
    - Without zlib

Conflicts:
	README
2015-03-12 22:48:38 +00:00
Daniel Stenberg
6ada234c62 bump: start working toward 1.5.1 now 2015-03-11 08:21:09 +01:00
Guenter Knauf
12adbc28b8 Updated copyright year. 2014-11-30 15:48:55 +01:00
Bob Kast
c355d31ff9 windows build: do not export externals from static library
If you are building a DLL, then you need to explicitly export each
entry point. When building a static library, you should not.

libssh2 was exporting the entry points whether it was building a DLL or a
static library. To elaborate further, if libssh2 was used as a static
library, which was being linked into a DLL, the libssh2 API would be
exported from that separate DLL.
2014-05-19 19:17:30 +02:00
Bob Kast
23dec383f7 libssh2.h: on Windows, a socket is of type SOCKET, not int 2014-05-18 00:25:47 +02:00
Salvador Fandino
85a827d1bc Set default window size to 2MB
The default channel window size used until now was 256KB. This value is
too small and results on a bottleneck on real-life networks where
round-trip delays can easily reach 300ms.

The issue was not visible because the configured channel window size
was being ignored and a hard-coded value of ~22MB being used instead,
but that was fixed on a previous commit.

This patch just changes the default window size
(LIBSSH2_CHANNEL_WINDOW_DEFAULT) to 2MB. It is the same value used by
OpenSSH and in our opinion represents a good compromise between memory
used and transfer speed.

Performance tests were run to determine the optimum value. The details
and related discussion are available from the following thread on the
libssh2 mailing-list:

http://www.libssh2.org/mail/libssh2-devel-archive-2013-10/0018.shtml
http://article.gmane.org/gmane.network.ssh.libssh2.devel/6543

An excerpt follows:

"I have been running some transfer test and measuring their speed.

My setup was composed of a quad-core Linux machine running Ubuntu 13.10
x86_64 with a LXC container inside. The data transfers were performed
from the container to the host (never crossing through a physical
network device).

Network delays were simulated using the tc tool. And ping was used to
verify that they worked as intended during the tests.

The operation performed was the equivalent to the following ssh command:

  $ ssh container "dd bs=16K count=8K if=/dev/zero" >/dev/null

Though, establishment and closing of the SSH connection was excluded
from the timings.

I run the tests several times transferring files of sizes up to 128MB
and the results were consistent between runs.

The results corresponding to the 128MB transfer are available here:

https://docs.google.com/spreadsheet/ccc?key=0Ao1yRmX6PQQzdG5wSFlrZl9HRWNET3ZyN0hnaGo5ZFE&usp=sharing

It clearly shows that 256KB is too small as the default window size.
Moving to a 512MB generates a great improvement and after the 1MB mark
the returns rapidly diminish. Other factors (TCP window size, probably)
become more limiting than the channel window size

For comparison I also performed the same transfers using OpenSSH. Its
speed is usually on par with that of libssh2 using a window size of 1MB
(even if it uses a 2MB window, maybe it is less aggressive sending the
window adjust msgs)."

Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
2013-10-27 13:50:20 +01:00
Salvador Fandino
85c6627c86 knownhosts: handle unknown key types
Store but don't use keys of unsupported types on the known_hosts file.

Currently, when libssh2 parses a known_host file containing keys of some
type it doesn't natively support, it stops reading the file and returns
an error.

That means, that the known_host file can not be safely shared with other
software supporting other key types (i.e. OpenSSH).

This patch adds support for handling keys of unknown type. It can read
and write them, even if they are never going to be matched.

At the source level the patch does the following things:

- add a new unknown key type LIBSSH2_KNOWNHOST_KEY_UNKNOWN

- add a new slot (key_type_name) on the known_host struct that is
used to store the key type in ascii form when it is not supported

- parse correctly known_hosts entries with unknown key types and
populate the key_type_name slot

- print correctly known_hosts entries of unknown type

- when checking a host key ignore keys that do not match the key

Fixes #276
2013-10-27 10:57:31 +01:00
Seth Willits
5aa7b29758 compiler warnings: typecast strlen in macros
... in macro parameters to avoid compiler warnings about lost precision.

Several macros in libssh2.h call strlen and pass the result directly to
unsigned int parameters of other functions, which warns about precision
loss because strlen returns size_t which is unsigned long on at least
some platforms (such as OS X). The fix is to simply typecast the
strlen() result to unsigned int.
2012-11-29 20:30:04 +01:00
Daniel Stenberg
a67ff056e6 libssh2.h: bump version to 1.4.4-DEV 2012-11-27 23:03:45 +01:00
Peter Krempa
6af85b6053 known_hosts: Fail when parsing unknown keys in known_hosts file.
libssh2_knownhost_readfile() silently ignored problems when reading keys
in unsupported formats from the known hosts file. When the file is
written again from the internal structures of libssh2 it gets truntcated
to the point where the first unknown key was located.

 * src/knownhost.c:libssh2_knownhost_readfile() - return error if key
                                                  parsing fails
2012-08-21 20:27:28 +02:00
Daniel Stenberg
e07b11b7df 1.4.3: towards the future 2012-05-18 23:44:07 +02:00
Guenter Knauf
7a87bba02a Fixed copyright year. 2012-04-17 17:29:49 +02:00
Daniel Stenberg
9b2bed22fc version: bump to 1.4.2
We're on the 1.4.2 track now (at least)
2012-04-06 15:28:18 +02:00
Peter Stuge
f28264c6a3 Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
INVALID_SOCKET is a special value in Windows representing a
non-valid socket identifier. We were #defining this to -1 on
non-Windows platforms, causing unneccessary namespace pollution.
Let's have our own identifier instead.

Thanks to Matt Lawson for pointing this out.
2012-03-02 17:36:52 +01:00
Peter Stuge
e95c7de453 libssh2.h: Add missing prototype for libssh2_session_banner_set() 2012-02-01 11:35:05 +01:00
Vincent Torri
a0e13cc828 Correct Windows include file name case, simplifying cross-compilation
When cross compiling to Windows, libssh2.h include Windows header files
with upper case filenames : BaseTsd.h and WinSock2.h.

These files have lowercase names with mingw-w64 (iirc, it's the same with
mingw). And as on Windows, being lowercase or uppercase does not matter.
2011-10-31 11:32:52 +01:00
Jernej Kovacic
f4e5ca2f14 libssh2_session_supported_algs: added 2011-10-25 23:50:44 +02:00
Daniel Stenberg
7d58994571 libssh2.h: bump the default window size to 256K 2011-09-13 11:21:23 +02:00
Guenter Knauf
0f9e81c6f3 Use predefined resource compiler macro. 2011-09-10 16:53:47 +02:00