* os400: minimum supported OS version is now V6R1.
Do not log compiler informational messages.
* Implement crypto backend specific Diffie-Hellman computation.
This feature is now needed on os400 because the QC3 library does not
implement bn_mod_exp() natively. Up to now, this function was emulated using
an RSA encryption, but commits ca5222ea819cc5ed797860070b4c6c1aeeb28420 and
7934c9ce2a029c43e3642a492d3b9e494d1542be (CVE-2016-0787) broke the emulation
because QC3 only supports RSA exponents up to 512 bits.
Happily, QC3 supports a native API for Diffie-Hellman computation, with
opaque random value: this commit implements the use of this API and, as a
side effect, enables support of this feature for any other crypto backend that
would use it.
A "generic" Diffie-Hellman computation internal API supports crypto backends
not implementing their own: this generic API uses the same functions as before.
* Fix typos in docs/HACKING.CRYPTO.
The new --with-crypto option replaces the previous backend-specific
--with-{openssl,libgcrypt,mbedtls,wincng} options and fixes some issues.
* libgcrypt or mbedtls would previously be used whenever found, even
if configure was passed --without-libgcrypt or --without-mbedtls.
* If --with-$backend was specified then configure would not fail even
if that library could not be found, and would instead use whichever
crypto library was found first.
The new option defaults to `auto`, which makes configure check for all
supported crypto libraries in turn, choosing the first one found, or
exiting with an error if none can be found.
Most of libssh2 already has conditional support for RSA according to
the LIBSSH2_RSA crypto backend #define, but crypto.h and userauth.c
needed a few small fixes.
The problem is that the original if statement simply returns NULL, but does not set the session last error code. The consequence is that libssh2_sftp_init() also returns NULL and libssh2_session_last_errno(sshSession) == LIBSSH2_ERROR_NONE.
In my test the LIBSSH2_ERROR_EAGAIN is coming from sftp.c row 337:
if(4 != sftp->partial_size_len)
/* we got a short read for the length part */
return LIBSSH2_ERROR_EAGAIN;
with "partial_size_len == 0". Not sure if this is expected.
1> sftp.c
1>libssh2-files\src\sftp.c(3393): warning C4456: declaration of 'retcode' hides previous local declaration
1> libssh2-files\src\sftp.c(3315): note: see declaration of 'retcode'
In order to signal that the requested operation can not succeed
because the receiving window had been exhausted, the error code
LIBSSH2_ERROR_BUFFER_TOO_SMALL has been reused but I have found
that in certain context it may be ambigous.
This patch introduces a new error code,
LIBSSH2_ERROR_CHANNEL_WINDOW_FULL, exclusive to signal that condition.
Until now, in blocking mode, if the remote receiving window is
exhausted this function hangs forever as data is not read and the
remote side just keeps waiting for the window to grow before sending
more data.
This patch, makes this function check for that condition and abort
with an error when it happens.
This function was calling channel_wait_eof to ensure that the EOF
packet has already been received, but that function also checks that
the read data queue is empty before reporting the EOF. That caused
channel_wait_closed to fail with a LIBSSH2_ERROR_INVAL when some data
was queued even after a successful call to libssh2_channel_wait_eof.
This patch changes libssh2_channel_wait_closed to look directly into
channel->remote.eof so that both libssh2_channel_wait_eof and
libssh2_channel_wait_closed bahave consistently.
This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864
because it caused the compatibility code to call initialization routines
redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl
test-suite in Fedora:
88 bytes in 1 blocks are definitely lost in loss record 5 of 8
at 0x4C2DB8D: malloc (vg_replace_malloc.c:299)
by 0x72C607D: CRYPTO_zalloc (mem.c:100)
by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18)
by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407)
by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471)
by 0x4E5BB5A: libssh2_init (global.c:49)
This commit adds a simple check to see if the offset of the read
request matches the expected file offset.
We could try to recover, from this condition at some point in the future.
Right now it is better to return an error instead of corrupted data.
This commit ensures that we have sent at least one read request before
we try to read data in sftp_read().
Otherwise sftp_read() would return 0 bytes (indicating EOF) if the
socket is not ready for writing.
Since we can only store data from a single chunk in filep,
we have to stop receiving data as soon as the buffer is full.
This adresses the following bug report:
https://github.com/libssh2/libssh2/issues/50
"agent_disconnect_unix", called by "libssh2_agent_disconnect", was
leaving the file descriptor in the agent structure unchanged. Later,
"libssh2_agent_free" would call again "libssh2_agent_disconnect" under
the hood and it would try to close again the same file descriptor. In
most cases that resulted in just a harmless error, but it is also
possible that the file descriptor had been reused between the two
calls resulting in the closing of an unrelated file descriptor.
This patch sets agent->fd to LIBSSH2_INVALID_SOCKET avoiding that
issue.
Signed-off-by: Salvador Fandiño <sfandino@yahoo.com>
The Qc3 library is not able to handle PKCS#8 EncryptedPrivateKeyInfo structures
by itself. It is only capable of decrypting the (encrypted) PrivateKeyInfo
part, providing a key encryption key and an encryption algorithm are given.
Since the encryption key and algorithm description part in a PKCS#8
EncryptedPrivateKeyInfo is a PKCS#5 structure, such a decoder is needed to
get the derived key method and hash, as well as encryption algorith and
initialisation vector.
The Qc3 library requires a minimum key length depending on the target
hash algorithm. Append binary zeroes to the given key if not long enough.
This matches RFC 2104 specifications.
The Qc3 library requires the key encryption key to exist as long as
the encrypted key is used. Its descriptor token is then kept as an
"encrypted key slave" for recursive release.
Some structure fields holding callback addresses have the same name as the
underlying system function (connect, send, recv). Set parentheses around
their reference to suppress a possible macro substitution.
Use a macro for connect() on OS/400 to resolve a const/nonconst parameter
problem.
