Add a new option SSH_OPTIONS_NODELAY to enable or disable the
Nagle Algorithm (TCP_NODELAY) on the session socket.
Improved performance can be achieved for some applications like
sftp servers by enabling SSH_OPTIONS_NODELAY as typically, the
next request won't arrive until the server replies, which are
typically small writes.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Useful on Windows platforms where SecureZeroMemory is available.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix OSX build error about embedding a directive within macro arguments.
Apparently, snprintf is implemented as a macro on that platform.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
ssh_connector_free fails to remove the in/out channel callbacks
as ssh_connector_remove_event sets the in/out channel variables
to NULL.
Have ssh_connector_free, remove the channel callbacks first before
invoking ssh_connector_remove_event.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
POLLHUP needs to be checked on in_fd, which may be a pipe.
A pipe in Linux signals EOF through POLLHUP (see:
http://www.greenend.org.uk/rjk/tech/poll.html)
Without checking POLLHUP, a client could spin up indefinetely
doing ssh_event_dopoll.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The stray semi-colon in sftp.h is flagged when using -pedantic
which affects clients that include the header and use -pedantic
and -Werror on their codebase.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
torture_rand and torture_server_x11 call ssh_init without checking
the return value. If mbedTLS is built without threading support
ssh_init fails but the tests continue and then segfault since threading
wasn't correctly initialised.
Add a section that documents requirements for mbedTLS usage in a
multi threaded environment to README.mbedtls.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
We need to specify a cipher when we generate a key with a password.
OpenSSH uses aes_128_cbc, so we should use the same.
Thanks to Julian Lunz for the report.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
When ed25519 was introduced in commit 93c7b81b4e,
the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to
have relied on falling through to report an error, when HAVE_ECC is not defined.
If HAVE_ECC is not defined, but ecdsa keys are used, with for example,
ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan: Unit tests passed. No memory leaks found with valgrind.
Reviewers: asn
Differential Revision: https://bugs.libssh.org/D13
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
