The RFC 8308 clearly says, that the additional ext-info-c should
be added only to the first SSH_MSG_KEXINIT.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This was failing when I tried to run the testsuite without
gcrypt devel libraries installed.
Signed-off-by: Jakub Jelen <jakuje@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Valgrind detects many uninitialized memory false positives from
libcrypto's AES-NI internals. Roll back to software AES when running
tests.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
If nread is < 0 and no exception callback is set,
the following code block would cause a buffer overrun.
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
If the hostkey type was not in the list of acceptable hostkey
types, the function failed to set the error state. Due to the
fact that the calling function ssh_packet_process() does not
handle the SSH_ERROR return code, the newkeys packet from the
server was silently ignored, stalling the connection until a
timeout occurred.
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
ssh_send_keepalive() should use global_request() to properly configure
the state machine for packet filtering.
Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added missing bn.h include.
Made engine.h include conditional, otherwise it would fail.
DSA_generate_parameters was deprecated long before 1.1.0.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commit fixes a couple issues in the CMake configuration files and uses
native features from CMake:
* libssh-build-tree-settings.cmake is deleted. There was a typo that made
this file unusable, anyway.
* use the macros available in CMakePackageConfigHelpers.cmake to generate
the version file and check that the files exist
* Remove the LIBSSH_THREADS_LIBRARY variable, it used the non-existent
LIBSSH_THREADS_LIBRARY_NAME variable.
* Fix the in tree build. libssh can be used uninstalled again.
Test plan:
The values were tested after installing the new files and also without running
'make install'.
Signed-off-by: Christophe Giboudeaux <christophe@krop.fr>
This tests verifies that the only the first seen option is applied
throughout all the configuration files processed. It also verifies
that the configuration files are parsed automatically and that this
behavior can be overridden by configuration option.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This follows the OpenSSH behavior of parsing subseqent configuration
files, while applying only the first option.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This will allow to use the same configuration in client applications
including the users aliases or system wide cryptographic configuration.
As the configuration parsing is the last thing before doing the
actual connection, it might overwrite previously set options.
If this is not intended, the client application can
ask the configuration files to be parsed before setting some other
options that should not ve overwritten. The code ensures that
the configuration is not parsed again.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
If either one is missing at this point, fill it with default vaules in
ssh_options_apply().
Previously, when setting up only knownhosts, global_knownhosts file
was left pointing to NULL and the ssh_known_hosts_read_entries()
was trying to open NULL file which is invalid.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
