ssh_connector_free fails to remove the in/out channel callbacks
as ssh_connector_remove_event sets the in/out channel variables
to NULL.
Have ssh_connector_free, remove the channel callbacks first before
invoking ssh_connector_remove_event.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
POLLHUP needs to be checked on in_fd, which may be a pipe.
A pipe in Linux signals EOF through POLLHUP (see:
http://www.greenend.org.uk/rjk/tech/poll.html)
Without checking POLLHUP, a client could spin up indefinetely
doing ssh_event_dopoll.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
We need to specify a cipher when we generate a key with a password.
OpenSSH uses aes_128_cbc, so we should use the same.
Thanks to Julian Lunz for the report.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
When ed25519 was introduced in commit 93c7b81b4e,
the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to
have relied on falling through to report an error, when HAVE_ECC is not defined.
If HAVE_ECC is not defined, but ecdsa keys are used, with for example,
ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan: Unit tests passed. No memory leaks found with valgrind.
Reviewers: asn
Differential Revision: https://bugs.libssh.org/D13
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems. It is loosely coupled and has a low memory
footprint. mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.
Reviewers: asn, aris
Subscribers: simonsj
Differential Revision: https://bugs.libssh.org/D1
Summary:
Fix a typo for old libgcrypt builds `k_length` -> `k_len`.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Test Plan: * Spotted this last-minute typo bug in local testing.
Reviewers: asn
Reviewed By: asn
Differential Revision: https://bugs.libssh.org/D10
Summary:
Fix a typo for old libgcrypt builds `k_length` -> `k_len`.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Test Plan: * Spotted this last-minute typo bug in local testing.
Reviewers: asn
Differential Revision: https://bugs.libssh.org/D10
Expose an API 'ssh_server_init_kex' which allows one to change the set of
key exchange, hostkey, ciphers, MACs, and compression algorithms currently
configured for the ssh_session at hand, after having started the
'ssh_handle_key_exchange' process.
One can use this API from the already-existing 'connect_status_function'
callback to dynamically modify the set of algorithms used after having
received the client banner, but before sending out the initial KEXINIT
message.
For example, one might want to prevent advertising the curve25519 key
exchange algorithm for older OpenSSH clients due to interop bugs.
Fixes T25
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix a memory leak in the path where parsing returns early due
to seeing a repeated opcode. A testcase is added which
demonstrates the leak and fix with valgrind.
Resolves CID 1374267.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Summary:
Based on Dirkjan's original patch series here:
* https://www.libssh.org/archive/libssh/2015-08/0000029.html
Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.
Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com>
Signed-off-by: Jon Simons <jon@jonsimons.org>
Test Plan:
* Ran pkd tests for libcrypto and libgcrypt builds.
* Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
* Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").
Reviewers: aris, asn
Reviewed By: asn
Tags: #libssh
Differential Revision: https://bugs.libssh.org/D7
Summary:
Based on Dirkjan's original patch series here:
* https://www.libssh.org/archive/libssh/2015-08/0000029.html
Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.
Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com>
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Test Plan:
* Ran pkd tests for libcrypto and libgcrypt builds.
* Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
* Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").
Reviewers: aris, asn
Tags: #libssh
Differential Revision: https://bugs.libssh.org/D7
