OS/400 crypto library is unable to sign a precomputed SHA1 hash: however
it does support a procedure that hashes data fragments and rsa signs.
If defined, the new macro _libssh2_rsa_sha1_signv() implements this function
and disables use of _libssh2_rsa_sha1_sign().
The function described above requires that the struct iovec unused slacks are
cleared: for this reason, macro libssh2_prepare_iovec() has been introduced.
It should be defined as empty for crypto backends that are not sensitive
to struct iovec unused slack values.
* close https://github.com/libssh2/libssh2/issues/69
* sync a declaration with the rest of similar ones
* handle EVP_MD_CTX_new() returning NULL with OpenSSL 1.1.0
* fix potential memory leak with OpenSSL 1.1.0 in
_libssh2_*_init() functions, when EVP_MD_CTX_new() succeeds,
but EVP_DigestInit() fails.
_libssh2_wincng_hash_final was returning the internal BCRYPT
status code instead of a valid libssh2 return value (0 or -1).
This also means that _libssh2_wincng_hash never returned 0.
Net::SSH2, the Perl wrapping module for libssh2 implements several features*
on top of libssh2 that can fail and so need some mechanism to report the error
condition to the user.
Until now, besides the error state maintained internally by libssh2, another
error state was maintained at the Perl level for every session object and then
additional logic was used to merge both error states. That is a maintenance
nighmare, and actually there is no way to do it correctly and consistently.
In order to allow the high level language to add new features to the library
but still rely in its error reporting features the new function
libssh2_session_set_last_error (that just exposses _libssh2_error_flags) is
introduced.
*) For instance, connecting to a remote SSH service giving the hostname and
port.
Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
Signed-off-by: Salvador Fandiño <sfandino@yahoo.com>
Before this patch "_libssh2_error" required the error message to be a
static string.
This patch adds a new function "_libssh2_error_flags" accepting an
additional "flags" argument and specifically the flag
"LIBSSH2_ERR_FLAG_DUP" indicating that the passed string must be
duplicated into the heap.
Then, the method "_libssh2_error" has been rewritten to use that new
function under the hood.
Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
Signed-off-by: Salvador Fandiño <sfandino@yahoo.com>
After reading the public key from file the size was incorrectly
decremented by one.
This was usually a harmless error as the last character on the public
key file is an unimportant EOL. But if due to some error the public key
file is empty, the public key size becomes (uint)(0 - 1), resulting in
an unrecoverable out of memory error later.
Signed-off-by: Salvador Fandi??o <sfandino-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
A common novice programmer error (at least among those using the
wrapping Perl module Net::SSH2), is to try to reuse channels.
This patchs detects that incorrect usage and fails with a
LIBSSH2_ERROR_BAD_USE error instead of hanging.
Signed-off-by: Salvador Fandino <sfandino-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
Implement support for these algorithms and wire them up to the libgcrypt
and OpenSSL backends. Increase the maximum MAC buffer size to 64 bytes
to prevent buffer overflows. Prefer HMAC-SHA-256 over HMAC-SHA-512, and
that over HMAC-SHA-1, as OpenSSH does.
Closes#40
libssh2 equivalent of curl patch d21b66835f
This allows to build for the non-default target when using a multi-target mingw distro.
Also bump default OpenSSL dependency path to 1.0.2c.
VS2015 moved stdio functions to the header files as inline function. That means check_function_exists can't detect them because it doesn't use header files - just does a link check. Instead we need to use check_symbol_exists with the correct headers.
Despite we announced the CMake support in libssh2-1.6.0 release notes,
the files required by the CMake build system were not included in the
release tarballs. Hence, the only way to use CMake for build was the
upstream git repository.
This commit makes CMake actually supported in the release tarballs.
Do not create symbolic links off the build directory. Recent autotools
verify that out-of-source build works even if the source directory tree
is not writable.
The function sftp_read never return more then 2000 bytes (as it should
when I asked Daniel). I increased the MAX_SFTP_READ_SIZE to 30000 but
didn't get the same speed as a sftp read in SecureSSH. I analyzed the
code and found that a return always was dona when a chunk has been read.
I changed it to a sliding buffer and worked on all available chunks. I
got an increase in speed and non of the test I have done has failed
(both local net and over Internet). Please review and test. I think
30000 is still not the optimal MAX_SFTP_READ_SIZE, my next goal is to
make an API to enable changing this value (The SecureSSH sftp_read has
more complete filled packages when comparing the network traffic)
The error message returned by libssh2_channel_open in case of a server side channel open failure is now more detailed and includes the four standard error conditions in RFC 4254.
This reverts commit 2d2744efdd0497b72b3e1ff6e732aa4c0037fc43.
Autobuilds show that this did not solve the issue.
And it seems like RtlFillMemory is defined to memset,
which would be optimized out by some compilers.
This takes 22bd8d81d8fab956085e2079bf8c29872455ce59 and
b8289b625e291bbb785ed4add31f4759241067f3 into account,
but still makes it enabled by default if it is supported
and error out in case it is unsupported and was requested.
