search for: cipher_free

...called. First thing that cipher_init() does is setting *ccp= NULL; which is be equivalent to "state->send_context= NULL" (or "state->send_context= NULL"). These point to memory blocks already. The pointers are lost, the memory leaks. Proposal: move cipher_free(*ccp); *ccp = NULL; from the "rekeying" if-clause and place these two lines before calling cipher_init(). Alternately add if (*ccp!=NULL) { cipher_free(*ccp); *ccp = NULL; } before calling cipher_init(). -- You ar...

...<< (c->block_size * 2); +} + u_int cipher_keylen(const struct sshcipher *c) { diff --git a/cipher.h b/cipher.h index 1a591cd..68be9ed 100644 --- a/cipher.h +++ b/cipher.h @@ -63,6 +63,7 @@ int cipher_get_length(struct sshcipher_ctx *, u_int *, u_int, const u_char *, u_int); void cipher_free(struct sshcipher_ctx *); u_int cipher_blocksize(const struct sshcipher *); +uint64_t cipher_rekey_blocks(const struct sshcipher *); u_int cipher_keylen(const struct sshcipher *); u_int cipher_seclen(const struct sshcipher *); u_int cipher_authlen(const struct sshcipher *); diff --git a/pack...

...uint64_t)1 << (c->block_size * 2); +} + u_int cipher_keylen(const struct sshcipher *c) { diff --git a/cipher.h b/cipher.h index 1a591cd..68be9ed 100644 --- a/cipher.h +++ b/cipher.h @@ -63,6 +63,7 @@ int cipher_get_length(struct sshcipher_ctx *, u_int *, u_int, const u_char *, u_int); void cipher_free(struct sshcipher_ctx *); u_int cipher_blocksize(const struct sshcipher *); +uint64_t cipher_rekey_blocks(const struct sshcipher *); u_int cipher_keylen(const struct sshcipher *); u_int cipher_seclen(const struct sshcipher *); u_int cipher_authlen(const struct sshcipher *); diff --git a/packet.c b/p...

...gt;compress_zstd_in_raw, + (unsigned long long)state->compress_zstd_in_comp, + state->compress_zstd_in_raw == 0 ? 0.0 : + (double) state->compress_zstd_in_comp / + state->compress_zstd_in_raw); + } +#endif /* HAVE_LIBZSTD */ } -#endif /* WITH_ZLIB */ cipher_free(state->send_context); cipher_free(state->receive_context); state->send_context = state->receive_context = NULL; @@ -696,11 +727,11 @@ start_compression_out(struct ssh *ssh, int level) if (level < 1 || level > 9) return SSH_ERR_INVALID_ARGUMENT; debug("Enabling comp...

..._int > cipher_keylen(const struct sshcipher *c) > { > diff --git a/cipher.h b/cipher.h > index 1a591cd..68be9ed 100644 > --- a/cipher.h > +++ b/cipher.h > @@ -63,6 +63,7 @@ int cipher_get_length(struct sshcipher_ctx *, u_int *, > u_int, > const u_char *, u_int); > void cipher_free(struct sshcipher_ctx *); > u_int cipher_blocksize(const struct sshcipher *); > +uint64_t cipher_rekey_blocks(const struct sshcipher *); > u_int cipher_keylen(const struct sshcipher *); > u_int cipher_seclen(const struct sshcipher *); > u_int cipher_authlen(const struct sshcipher *);...

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);

..._int > cipher_keylen(const struct sshcipher *c) > { > diff --git a/cipher.h b/cipher.h > index 1a591cd..68be9ed 100644 > --- a/cipher.h > +++ b/cipher.h > @@ -63,6 +63,7 @@ int cipher_get_length(struct sshcipher_ctx *, u_int *, > u_int, > const u_char *, u_int); > void cipher_free(struct sshcipher_ctx *); > u_int cipher_blocksize(const struct sshcipher *); > +uint64_t cipher_rekey_blocks(const struct sshcipher *); > u_int cipher_keylen(const struct sshcipher *); > u_int cipher_seclen(const struct sshcipher *); > u_int cipher_authlen(const struct sshcipher *);...

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker

I added ZSTD support to OpenSSH roughly over a year and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

...R_INVALID_FORMAT; @@ -4155,6 +4216,10 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase, ??? ?decrypted = NULL; ??? ?*pubkeyp = pubkey; ??? ?pubkey = NULL; +?? ?if (vault_infop != NULL) { +?? ??? ?*vault_infop = vault_info; +?? ??? ?vault_info = NULL; +?? ?} ??? ?r = 0; ? out: ??? ?cipher_free(ciphercontext); @@ -4171,6 +4236,7 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase, ??? ?} ??? ?sshbuf_free(kdf); ??? ?sshbuf_free(decrypted); +?? ?sshkey_vault_free(vault_info); ??? ?return r; ?} ? @@ -4201,7 +4267,7 @@ private2_check_padding(struct sshbuf *decrypted) ? ?static...