Relax the cases where `ssh_analyze_banner` fails to extract a
major and minor version from banners which appear like OpenSSH
banners.
Update the tests to demonstrate that now a banner as might be
sent by `ssh-keyscan(1)` ("SSH-2.0-OpenSSH-keyscan") no longer
returns failure.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
With this change, a HAVE_LIBCRYPTO #ifdef is removed from wrapper.c.
Now, the libcrypto-specific logic for EVP_CIPHER_CTX_free is moved
into the ssh_cipher_struct cleanup callback handler for those
ciphers.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix a gcrypt build error introduced with
48e7b098f8.
The ssh_cipher_struct only contains a `ctx` field on
the libcrypto builds, so it can't be referenced unless
within HAVE_LIBCRYPTO.
This build fix preserves the original spirit of the
change in 48e7b098f8:
only call `EVP_CIPHER_CTX_free` when `cipher->ctx`
is non-NULL.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix error-checking for `strtoul` in `ssh_analyze_banner`, and
enable some tests which demonstrate the fix before-and-after.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
No changes to code, only whitespace indentation and
an update to the function docs.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix a resource leak in `hmac_final`: say `HMAC_CTX_free` instead
of `HMAC_CTX_reset`. This matches the error handling as done in
`hmac_init`. Introduced with cf1e808e2f.
The problem is reproducible running the `pkd_hello` test with:
valgrind --leak-check=full ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default
Resolves https://red.libssh.org/issues/252.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
On older OpenSSL versions, the EVP_MD_CTX fields within an HMAC_CTX
structure are contained inlined (change here [1]): be sure to not
try to free those fields on those builds.
Found running the `pkd_hello` test with:
valgrind ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default
^ valgrind will cite "Invalid free() ..." errors which are present
before this fix and absent after, when building with OpenSSL 1.0.1.
[1] 6e59a892db
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
libssh fails to read the configuration from a config file due to a
wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
effectively skipping every opcode (and therefore every option) from
the file. The change fixes that behaviour.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Makes sure we free pending keyboard auth prompts
so prompts that have not be replied to do not leak.
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Check if the size the other party sent is a valid size in the
transmitted buffer.
Thanks to Alex Gaynor for finding and reporting the issue.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Check if the size the other party sent is a valid size in the
transmitted buffer.
Thanks to Alex Gaynor for finding and reporting the issue.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
ssh_config's manpage says:
"For each parameter, the first obtained value will be used."
Make libssh adhere to this rule.
BUG: https://red.libssh.org/issues/256
Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Tokens are not allowed (according to the manpage).
Expansion was introduced by a wrong fix for #127.
This commit reverts part of 6eea08a9ef
Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
BUG: https://red.libssh.org/issues/127
The original "fix" for 127 was expanding the wrong variable: Host instead
of HostName.
Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This sets the bind private key directly from an ssh_key struct instead
of reading a file.
Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src/pki.c (ssh_signature_free): Fix test for ECC using gcrypt.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
