This commit ensures that we have sent at least one read request before
we try to read data in sftp_read().
Otherwise sftp_read() would return 0 bytes (indicating EOF) if the
socket is not ready for writing.
Since we can only store data from a single chunk in filep,
we have to stop receiving data as soon as the buffer is full.
This adresses the following bug report:
https://github.com/libssh2/libssh2/issues/50
"agent_disconnect_unix", called by "libssh2_agent_disconnect", was
leaving the file descriptor in the agent structure unchanged. Later,
"libssh2_agent_free" would call again "libssh2_agent_disconnect" under
the hood and it would try to close again the same file descriptor. In
most cases that resulted in just a harmless error, but it is also
possible that the file descriptor had been reused between the two
calls resulting in the closing of an unrelated file descriptor.
This patch sets agent->fd to LIBSSH2_INVALID_SOCKET avoiding that
issue.
Signed-off-by: Salvador Fandiño <sfandino@yahoo.com>
The Qc3 library is not able to handle PKCS#8 EncryptedPrivateKeyInfo structures
by itself. It is only capable of decrypting the (encrypted) PrivateKeyInfo
part, providing a key encryption key and an encryption algorithm are given.
Since the encryption key and algorithm description part in a PKCS#8
EncryptedPrivateKeyInfo is a PKCS#5 structure, such a decoder is needed to
get the derived key method and hash, as well as encryption algorith and
initialisation vector.
The Qc3 library requires a minimum key length depending on the target
hash algorithm. Append binary zeroes to the given key if not long enough.
This matches RFC 2104 specifications.
The Qc3 library requires the key encryption key to exist as long as
the encrypted key is used. Its descriptor token is then kept as an
"encrypted key slave" for recursive release.
Build procedure extproto() did not strip braces from header files, thus
possibly prepended them to true prototypes. This prevented the prototype to
be recognized as such.
The solution implemented here is to map braces to semicolons, effectively
considering them as potential prototype delimiters.
In addition, file os400/macros.h declares all procedures originally
defined as macros. It must not be used for real inclusion and is only
intended to be used as a `database' for macro wrapping procedures generation.
Some structure fields holding callback addresses have the same name as the
underlying system function (connect, send, recv). Set parentheses around
their reference to suppress a possible macro substitution.
Use a macro for connect() on OS/400 to resolve a const/nonconst parameter
problem.
OS/400 crypto library is unable to sign a precomputed SHA1 hash: however
it does support a procedure that hashes data fragments and rsa signs.
If defined, the new macro _libssh2_rsa_sha1_signv() implements this function
and disables use of _libssh2_rsa_sha1_sign().
The function described above requires that the struct iovec unused slacks are
cleared: for this reason, macro libssh2_prepare_iovec() has been introduced.
It should be defined as empty for crypto backends that are not sensitive
to struct iovec unused slack values.
* close https://github.com/libssh2/libssh2/issues/69
* sync a declaration with the rest of similar ones
* handle EVP_MD_CTX_new() returning NULL with OpenSSL 1.1.0
* fix potential memory leak with OpenSSL 1.1.0 in
_libssh2_*_init() functions, when EVP_MD_CTX_new() succeeds,
but EVP_DigestInit() fails.
_libssh2_wincng_hash_final was returning the internal BCRYPT
status code instead of a valid libssh2 return value (0 or -1).
This also means that _libssh2_wincng_hash never returned 0.
Net::SSH2, the Perl wrapping module for libssh2 implements several features*
on top of libssh2 that can fail and so need some mechanism to report the error
condition to the user.
Until now, besides the error state maintained internally by libssh2, another
error state was maintained at the Perl level for every session object and then
additional logic was used to merge both error states. That is a maintenance
nighmare, and actually there is no way to do it correctly and consistently.
In order to allow the high level language to add new features to the library
but still rely in its error reporting features the new function
libssh2_session_set_last_error (that just exposses _libssh2_error_flags) is
introduced.
*) For instance, connecting to a remote SSH service giving the hostname and
port.
Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
Signed-off-by: Salvador Fandiño <sfandino@yahoo.com>
Before this patch "_libssh2_error" required the error message to be a
static string.
This patch adds a new function "_libssh2_error_flags" accepting an
additional "flags" argument and specifically the flag
"LIBSSH2_ERR_FLAG_DUP" indicating that the passed string must be
duplicated into the heap.
Then, the method "_libssh2_error" has been rewritten to use that new
function under the hood.
Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
Signed-off-by: Salvador Fandiño <sfandino@yahoo.com>
After reading the public key from file the size was incorrectly
decremented by one.
This was usually a harmless error as the last character on the public
key file is an unimportant EOL. But if due to some error the public key
file is empty, the public key size becomes (uint)(0 - 1), resulting in
an unrecoverable out of memory error later.
Signed-off-by: Salvador Fandi??o <sfandino-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
A common novice programmer error (at least among those using the
wrapping Perl module Net::SSH2), is to try to reuse channels.
This patchs detects that incorrect usage and fails with a
LIBSSH2_ERROR_BAD_USE error instead of hanging.
Signed-off-by: Salvador Fandino <sfandino-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
Implement support for these algorithms and wire them up to the libgcrypt
and OpenSSL backends. Increase the maximum MAC buffer size to 64 bytes
to prevent buffer overflows. Prefer HMAC-SHA-256 over HMAC-SHA-512, and
that over HMAC-SHA-1, as OpenSSH does.
Closes#40
