Comply with RFC 4253 compliance section 4.2.
Allow data other than "SSH-" to be sent across prior to the actual
version striong.
Signed-off-by: Ken Reister <reister.kenneth@CIMCOR.COM>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In Cockpit we've seen this memory leak:
at 0x4C2A9C7: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5B76B03: ssh_userauth_agent (auth.c:778)
by 0x40DD5A: cockpit_ssh_authenticate (cockpitsshtransport.c:327)
BUG: https://red.libssh.org/issues/208
Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src/pki_gcrypt.c (pki_export_pubkey_rsa1): Rework to be more
idiomatic. Fix leaking MPIs.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src/pki_gcrypt.c (pki_publickey_to_blob): Rework using the new
helper 'ssh_sexp_extract_mpi'.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src/pki_gcrypt.c (pki_key_dup): Rework to be more idiomatic.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src/options.c (ssh_options_getopt): Only call 'ssh_options_set' if
a port has been given.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src/pki_gcrypt.c (asn1_get): Generalize from 'asn1_get_int'.
(asn1_get_int): New function simply calling 'asn1_get'.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Due to a byte/bit confusion, the DH secret was too short. This file was
completely reworked and will be commited in a future version.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Documentation now is congruent with the code:
- SSH_OK is returned on success,
- SSH_ERROR is returned on error.
Signed-off-by: Younes Serraj <younes.serraj@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Note that removing ssh_buffer_get_begin() doesn't break API
compatibility, as this functions has never been exposed (it only
has the LIBSSH_API prefix).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is a preparatory stage for removing ssh_buffer_get_begin().
Note that removing ssh_buffer_get_begin() doesn't break API
compatibility, as this functions has never been exposed (it only has the
LIBSSH_API prefix).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
As ssh_buffer_get_len() actually calls ssh_buffer_get_rest_len(), let's
just use the first one. This is a preparatory step for removing
ssh_buffer_get_rest_len().
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This is a preparatory step for having the behavior of
ssh_buffer_get_rest_len() in the ssh_buffer_get_len() and then remove
the ssh_buffer_rest_len()
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
/home/ffidenci/src/upstream/libssh/src/pki_gcrypt.c: In function
‘pki_key_compare’:
/home/ffidenci/src/upstream/libssh/src/pki_gcrypt.c:1082:5: warning:
enumeration value ‘SSH_KEYTYPE_DSS_CERT01’ not handled in switch
[-Wswitch]
switch (k1->type) {
^
/home/ffidenci/src/upstream/libssh/src/pki_gcrypt.c:1082:5: warning:
enumeration value ‘SSH_KEYTYPE_RSA_CERT01’ not handled in switch
[-Wswitch]
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
