1629 Commits

Author SHA1 Message Date
Dan Fandrich
7b80a188dd docs: added missing libssh2_session_handshake.3 file 2014-07-28 23:54:55 +02:00
Marc Hoersken
9d50d43a83 wincng.c: specify the required libraries for dependencies using MSVC
Initially reported by Bob Kast as "for MS VS builds, specify the
libraries that are required so they don't need to go into all
project files that may use this library". Thanks a lot.
2014-05-19 20:45:14 +02:00
Bob Kast
c355d31ff9 windows build: do not export externals from static library
If you are building a DLL, then you need to explicitly export each
entry point. When building a static library, you should not.

libssh2 was exporting the entry points whether it was building a DLL or a
static library. To elaborate further, if libssh2 was used as a static
library, which was being linked into a DLL, the libssh2 API would be
exported from that separate DLL.
2014-05-19 19:17:30 +02:00
Mikhail Gusarov
18fe507324 Fix typos in manpages 2014-05-19 10:24:58 +02:00
Marc Hoersken
d63e32dd30 wincng.c: Fixed memory leak in case of an error during ASN.1 decoding 2014-05-18 14:58:21 +02:00
Marc Hoersken
c32e82e97b configure: Display individual crypto backends on separate lines
This avoids line-wrapping in between parameters and makes the
error message look like the following:

configure: error: No crypto library found!
Try --with-libssl-prefix=PATH
 or --with-libgcrypt-prefix=PATH
 or --with-wincng on Windows
2014-05-18 12:47:42 +02:00
Bob Kast
7d4b5a8e07 libssh2_priv.h: a 1 bit bit-field should be unsigned
some compilers may not like this
2014-05-18 12:25:56 +02:00
Marc Hoersken
200784c4e7 knownhost.c: Fixed warning that pointer targets differ in signedness 2014-05-18 11:51:19 +02:00
Marc Hoersken
b22b23703c wincng.c: Fixed warning about pointer targets differing in signedness 2014-05-18 11:39:22 +02:00
Marc Hoersken
0e4e14109a tcpip-forward.c: Fixed warning that pointer targets differ in signedness
libssh2_channel_forward_listen_ex uses ints instead of unsigned ints.
2014-05-18 11:35:19 +02:00
Marc Hoersken
5bcc2d4629 misc.c: Fixed warning about mixed declarations and code 2014-05-18 11:15:49 +02:00
Marc Hoersken
33df559967 libgcrypt.h: Fixed warning about pointer targets differing in signedness 2014-05-18 10:57:36 +02:00
Marc Hoersken
26f6d71885 wincng.h: Fixed warning about pointer targets differing in signedness 2014-05-18 10:57:17 +02:00
Marc Hoersken
62c91e2cd4 misc.c: Fixed warning about unused parameter abstract 2014-05-18 10:23:18 +02:00
Marc Hoersken
b9dc6112d7 tcpip-forward.c: Removed unused variables shost, sport and sockopt 2014-05-18 10:16:24 +02:00
Marc Hoersken
106bacdebc wincng.h: Added forward declarations for all WinCNG functions
Initially reported by Bob Kast as "Wincng - define function
prototypes for wincng routines". Thanks a lot.

Also replaced structure definitions with type definitions.
2014-05-18 00:51:31 +02:00
Bob Kast
23dec383f7 libssh2.h: on Windows, a socket is of type SOCKET, not int 2014-05-18 00:25:47 +02:00
Marc Hoersken
fc94046e6e win32: Added WinCNG targets to generated Visual Studio project
Inspired by Bob Kast's reports, this commit enables the compilation
of libssh2 with WinCNG using the generated Visual Studio project files.
This commit adds WinCNG support to parts of the existing Win32 build
infrastructure, until new build systems, like pre-defined VS project
files or CMake files may be added.

This commit and b20bfeb3e519119a48509a1099c06d65aa7da1d7 raise one
question: How to handle build systems, like VS project files, that
need to include all source files regardless of the desired target,
including all supported crypto backends? For now the mentioned commit
added a check for LIBSSH2_OPENSSL to openssl.c and with this commit
the supported crypto backends are hardcoded within Makefile.am.
2014-05-18 00:07:59 +02:00
Marc Hoersken
ee547fe90d libssh2_priv msvc: Removed redundant definition of inline keyword
Initially reported by Bob Kast as "Remove redundant 'inline' define".
Thanks a lot.
2014-05-17 23:47:20 +02:00
Marc Hoersken
a58b0dacb4 wincng: Made data parameter to hash update function constant
Initially reported by Bob Kast as "formal parameter must be const
since it is used in contexts where the actual parameter may be const".
Thanks a lot.
2014-05-17 23:35:11 +02:00
Marc Hoersken
6e710d7fb6 wincng: fix cross-compilation against the w64 mingw-runtime package 2014-04-25 14:20:08 +02:00
Marc Hoersken
b20bfeb3e5 openssl: Check for LIBSSH2_OPENSSL in order to compile with openssl 2014-04-25 13:40:44 +02:00
Marc Hoersken
aba11380a1 wincng: Fixed use of possible uninitialized variable pPaddingInfo
Reported by Bob Kast, thanks a lot.
2014-03-22 23:23:18 +01:00
Marc Hoersken
2c46c4bf95 wincng: Added cast for double to unsigned long conversion 2014-03-22 23:12:59 +01:00
Marc Hoersken
160776d218 wincng: Cleaned up includes and check NTSTATUS using macro
Removed header file combination that is not supported on a real
Windows platform and can only be compiled using MinGW. Replaced
custom NTSTATUS return code checks with BCRYPT_SUCCESS macro.
2014-03-22 23:08:14 +01:00
Daniel Stenberg
ee2d61a48b userauth_hostbased_fromfile: zero assign to avoid uninitialized use
Detected by clang-analyze
2014-03-16 23:09:08 +01:00
Daniel Stenberg
fcb601da7b channel_receive_window_adjust: store windows size always
Avoid it sometimes returning without storing it, leaving calling
functions with unknown content!

Detected by clang-analyzer
2014-03-16 20:02:37 +01:00
Daniel Stenberg
55bae8dd07 publickey_packet_receive: avoid junk in returned pointers
clang-analyzer found this risk it would return a non-initialized pointer
in a success case
2014-03-16 19:44:17 +01:00
Marc Hoersken
4440e05d48 Added Windows Cryptography API: Next Generation based backend 2014-03-16 17:01:16 +01:00
Marc Hoersken
378d0a6676 knownhost.c: fixed that 'key_type_len' may be used uninitialized
../src/knownhost.c: In function 'libssh2_knownhost_readline':
../src/knownhost.c:651:16: warning: 'key_type_len' may be used
uninitialized in this function [-Wmaybe-uninitialized]
             rc = knownhost_add(hosts, hostbuf, NULL,
                ^
../src/knownhost.c:745:12: note: 'key_type_len' was declared here
     size_t key_type_len;
            ^
2014-03-16 16:38:55 +01:00
Marc Hoersken
21cb7bfb36 pem.c: always compile pem.c independently of crypto backend 2014-03-16 16:38:55 +01:00
Peter Stuge
e1a5d1bc77 Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro
Commit d512b25f69a1b6778881f6b4b5ff9cfc6023be42 introduced a crypto
library abstraction in the autotools build system, to allow us to more
easily support new crypto libraries. In that process it was found that
all other build system which we support are hard-coded to build with
OpenSSL. Commit f5c1a0d98bd51aeb24aca3d49c7c81dcf8bd858d fixes automake
introduced into non-autotools build systems but still overlooked the
CPP macro saying that we are using OpenSSL.

Thanks to Marc Hörsken for identifying this issue and proposing a fix
for win32/{GNUmakefile,config.mk}. This commit uses a slightly different
approach but the end result is the same.
2014-03-16 16:36:13 +01:00
Dan Fandrich
189cf86df0 channel_close: Close the channel even in the case of errors 2014-03-15 02:15:16 +01:00
Dan Fandrich
30e376773a sftp_close_handle: ensure the handle is always closed
Errors are reported on return, but otherwise the close path is
completed as much as possible and the handle is freed on exit.
2014-03-15 00:32:11 +01:00
Alexander Lamaison
38e210af0e knownhost: Restore behaviour of libssh2_knownhost_writeline with short buffer.
Commit 85c6627c changed the behaviour of `libssh2_knownhost_writeline` so that it stopped returning the number of bytes needed when the given buffer was too small.  Also, the function changed such that is might write to part of the buffer before realising it is too small.

This commit restores the original behaviour, whilst keeping the unknown-key-type functionality that 85c6627c.  Instead of writing to the buffer piecemeal, the length of the various parts is calculated up front and the buffer written only if there is enough space.  The calculated necessary size is output in `outlen` regardless of whether the buffer was written to.

The main use-case for the original behaviour that this commit restores is to allow passing in a NULL buffer to get the actual buffer size needed, before calling the function again with the buffer allocated to the exact size required.
2014-03-06 23:34:28 +00:00
Alexander Lamaison
d145e04443 knownhost: Fix DSS keys being detected as unknown.
I missing `else` meant ssh-dss format keys were being re-detected as unknown format.
2014-03-06 23:10:58 +00:00
Dan Fandrich
feab568a7a knownhosts: Abort if the hosts buffer is too small
This could otherwise cause a match on the wrong host
2014-03-06 14:08:56 +01:00
Dan Fandrich
08973a00a1 agent_list_identities: Fixed memory leak on OOM 2014-02-28 22:34:29 +01:00
Dan Fandrich
c00efa5f93 Fixed a few typos 2014-02-24 23:23:13 +01:00
Dan Fandrich
adc5db29e3 userauth: Fixed an attempt to free from stack on error 2014-02-24 23:23:13 +01:00
Dan Fandrich
92d686fe19 Fixed a few memory leaks in error paths 2014-02-24 23:23:13 +01:00
Dan Fandrich
5559ad8fe1 Fixed two potential use-after-frees of the payload buffer
The first might occur if _libssh2_packet_add returns an error, as
fullpacket_state wasn't reset to idle so if it were possible for
fullpacket to be called again, it would return to the same state
handler and re-use the freed p->packet buffer.

The second could occur if decrypt returned an error, as it freed the
packet buffer but did not clear total_num, meaning that freed buffer
could be written into again later.
2014-02-24 23:23:13 +01:00
Alexander Lamaison
88366b5ec2 Fix missing _libssh2_error in _libssh2_channel_write.
In one case, the error code from `_libssh2_transport_read` was being returned from `_libssh2_channel_write` without setting it as the last error by calling `_libssh2_error`.  This commit fixes that.

Found when using a session whose socket had been inadvertently destroyed.  The calling code got confused because via `libssh2_session_last_error` it appeared no error had occurred, despite one being returned from the previous function.
2013-11-28 23:37:05 +00:00
Mark McPherson
61df22c460 openssl: initialise the digest context before calling EVP_DigestInit()
When using the OpenSSL libraries in FIPS mode, the function call
EVP_DigestInit() is actually #defined to FIPS_digestinit().
Unfortunately wheres EVP_DigestInit() initialises the context and then
calls EVP_DigestInit_ex(), this function assumes that the context has
been pre-initialised and crashes when it isn't.

Bug: https://trac.libssh2.org/ticket/279

Fixes #279
2013-11-21 11:35:12 +01:00
Marc Hörsken
d808080daf .gitignore: Ignore files like src/libssh2_config.h.in~ 2013-11-20 14:24:34 +01:00
Peter Stuge
f5c1a0d98b Move automake conditionals added by commit d512b25f out of Makefile.inc
Commit d512b25f69a1b6778881f6b4b5ff9cfc6023be42 added automake
conditionals to Makefile.inc but since Makefile.inc is included
from Makefile for all other build systems that does not work.

This commit instead adds Makefile.OpenSSL.inc and Makefile.libgcrypt.inc
and moves the automake conditional to its proper place, src/Makefile.am.

The automake conditional includes the correct Makefile.$name.inc per
the crypto library selection/detection done by configure.

All non-autotools build system files in libssh2 are hardcoded to use
OpenSSL and do not get a conditional but at least there is some reuse
because they can all include the new Makefile.OpenSSL.inc.
2013-11-13 02:37:06 +01:00
Salvador Fandino
85a827d1bc Set default window size to 2MB
The default channel window size used until now was 256KB. This value is
too small and results on a bottleneck on real-life networks where
round-trip delays can easily reach 300ms.

The issue was not visible because the configured channel window size
was being ignored and a hard-coded value of ~22MB being used instead,
but that was fixed on a previous commit.

This patch just changes the default window size
(LIBSSH2_CHANNEL_WINDOW_DEFAULT) to 2MB. It is the same value used by
OpenSSH and in our opinion represents a good compromise between memory
used and transfer speed.

Performance tests were run to determine the optimum value. The details
and related discussion are available from the following thread on the
libssh2 mailing-list:

http://www.libssh2.org/mail/libssh2-devel-archive-2013-10/0018.shtml
http://article.gmane.org/gmane.network.ssh.libssh2.devel/6543

An excerpt follows:

"I have been running some transfer test and measuring their speed.

My setup was composed of a quad-core Linux machine running Ubuntu 13.10
x86_64 with a LXC container inside. The data transfers were performed
from the container to the host (never crossing through a physical
network device).

Network delays were simulated using the tc tool. And ping was used to
verify that they worked as intended during the tests.

The operation performed was the equivalent to the following ssh command:

  $ ssh container "dd bs=16K count=8K if=/dev/zero" >/dev/null

Though, establishment and closing of the SSH connection was excluded
from the timings.

I run the tests several times transferring files of sizes up to 128MB
and the results were consistent between runs.

The results corresponding to the 128MB transfer are available here:

https://docs.google.com/spreadsheet/ccc?key=0Ao1yRmX6PQQzdG5wSFlrZl9HRWNET3ZyN0hnaGo5ZFE&usp=sharing

It clearly shows that 256KB is too small as the default window size.
Moving to a 512MB generates a great improvement and after the 1MB mark
the returns rapidly diminish. Other factors (TCP window size, probably)
become more limiting than the channel window size

For comparison I also performed the same transfers using OpenSSH. Its
speed is usually on par with that of libssh2 using a window size of 1MB
(even if it uses a 2MB window, maybe it is less aggressive sending the
window adjust msgs)."

Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
2013-10-27 13:50:20 +01:00
Salvador
1b3307dda0 _libssh2_channel_read: Honour window_size_initial
_libssh2_channel_read was using an arbitrary hard-coded limit to trigger
the window adjusting code. The adjustment used was also hard-coded and
arbitrary, 15MB actually, which would limit the usability of libssh2 on
systems with little RAM.

This patch, uses the window_size parameter passed to
libssh2_channel_open_ex (stored as remote.window_size_initial) plus the
buflen as the base for the trigger and the adjustment calculation.

The memory usage when using the default window size is reduced from 22MB
to 256KB per channel (actually, if compression is used, these numbers
should be incremented by ~50% to account for the errors between the
decompressed packet sizes and the predicted sizes).

My tests indicate that this change does not impact the performance of
transfers across localhost or a LAN, being it on par with that of
OpenSSH. On the other hand, it will probably slow down transfers on
networks with high bandwidth*delay when the default window size
(LIBSSH2_CHANNEL_WINDOW_DEFAULT=256KB) is used.

Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
2013-10-27 13:49:33 +01:00
Salvador Fandino
85c6627c86 knownhosts: handle unknown key types
Store but don't use keys of unsupported types on the known_hosts file.

Currently, when libssh2 parses a known_host file containing keys of some
type it doesn't natively support, it stops reading the file and returns
an error.

That means, that the known_host file can not be safely shared with other
software supporting other key types (i.e. OpenSSH).

This patch adds support for handling keys of unknown type. It can read
and write them, even if they are never going to be matched.

At the source level the patch does the following things:

- add a new unknown key type LIBSSH2_KNOWNHOST_KEY_UNKNOWN

- add a new slot (key_type_name) on the known_host struct that is
used to store the key type in ascii form when it is not supported

- parse correctly known_hosts entries with unknown key types and
populate the key_type_name slot

- print correctly known_hosts entries of unknown type

- when checking a host key ignore keys that do not match the key

Fixes #276
2013-10-27 10:57:31 +01:00
Daniel Stenberg
c49cc8411f windows build: fix build errors
Fixes various link errors with VS2010

Reported-by: "kdekker"
Fixes #272
2013-10-16 23:23:26 +02:00