search for: sshbuf

On Thu, 25 Jun 2015, Michael Felt wrote: > Just running a standard make, and then a make install to a packaging > directory. It seems to be complaining about missing keys - not sure yet if > this is a show stopper For packaging you want the install-nokeys rule not install. -- Tim Rice Multitalents tim at multitalents.net

--- sshbuf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshbuf.h b/sshbuf.h index 78e32264..4b71405a 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -140,7 +140,7 @@ int sshbuf_allocate(struct sshbuf *buf, size_t len); /* * Reserve len bytes in buf. * Returns 0 on success and a pointer t...

Hello! I have a minor observation about code in sshbuf.c, not sure if it would be useful, but here it is. sshbuf_reset() is currently implemented like this: void sshbuf_reset(struct sshbuf *buf) { u_char *d; if (buf->readonly || buf->refcount > 1) { /* Nonsensical. Just make buffer appear empty */ buf->off = buf->size; return;...

...please excuse me if something is wrong with this message... I'm pretty interested in the OpenSSH codebase, and a couple of questions arose while I was investigating it, and I guess this is the place where I can find answers. 1. There are a lot of allocations, even for short lived objects like sshbufs and sshkeys. Creating an sshbuf always requires at least one allocation, two allocations if it is created with sshbuf_new(). There are a lot of times when they are allocated and freed within the same function. Same thing with bitmaps. What is the reason behind not allocating them on the stack? 2....

...regress/unittests/test_helper/fuzz.o ar: Creating an archive file regress/unittests/test_helper/libtest_helper.a. a - regress/unittests/test_helper/test_helper.o a - regress/unittests/test_helper/fuzz.o ranlib regress/unittests/test_helper/libtest_helper.a xlc -o regress/unittests/sshbuf/test_sshbuf -L. -Lopenbsd-compat/ -blibpath:/usr/lib:/lib regress/unittests/sshbuf/tests.o regress/unittests/sshbuf/test_sshbuf.o regress/unittests/sshbuf/test_sshbuf_getput_basic.o regress/unittests/sshbuf/test_sshbuf_getput_crypto.o regress/unittests/sshbuf/test_sshbuf_misc.o regress/unitte...

...regress/unittests/test_helper/fuzz.o ar: Creating an archive file regress/unittests/test_helper/libtest_helper.a. a - regress/unittests/test_helper/test_helper.o a - regress/unittests/test_helper/fuzz.o ranlib regress/unittests/test_helper/libtest_helper.a xlc -o regress/unittests/sshbuf/test_sshbuf -L. -Lopenbsd-compat/ -blibpath:/usr/lib:/lib regress/unittests/sshbuf/tests.o regress/unittests/sshbuf/test_sshbuf.o regress/unittests/sshbuf/test_sshbuf_getput_basic.o regress/unittests/sshbuf/test_sshbuf_getput_crypto.o regress/unittests/sshbuf/test_sshbuf_misc.o regress/unitte...

https://bugzilla.mindrot.org/show_bug.cgi?id=3539 Bug ID: 3539 Summary: sshbuf memory leak in recv_rexec_state() Product: Portable OpenSSH Version: 9.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org...

...========================= ================ ============= ====== ================= *RHEL 3.4 i386-redhat-linux gcc 3.2.3-47 1.0.1i**a OK*1 all tests passed* *AIX 5300-12-04 powerpc-ibm-aix5.3.0.0 gcc 4.2.0-3 0.9.8k FAIL*1 * *FAIL*1 missing e.h in test_sshbuf_getput_crypto* gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -I. -I. -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_...

https://bugzilla.mindrot.org/show_bug.cgi?id=2370 Bug ID: 2370 Summary: make fails with "rmd160.c", line 35.10: 1506-296 (S) #include file <endian.h> not found. when using --without-openssl on AIX Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: AIX

...++++++++++++++++++++++++++++++------ readconf.c | 8 +- servconf.c | 14 +-- ssh.c | 4 +- 9 files changed, 300 insertions(+), 46 deletions(-) diff --git a/cipher.c b/cipher.c index 02aea4089ff91..1634bb4019c86 100644 --- a/cipher.c +++ b/cipher.c @@ -48,6 +48,7 @@ #include "sshbuf.h" #include "ssherr.h" #include "digest.h" +#include "kex.h" #include "openbsd-compat/openssl-compat.h" @@ -142,12 +143,33 @@ cipher_alg_list(char sep, int auth_only) const char * compression_alg_list(int compression) { -#ifdef WITH_ZLIB - retu...

...me, passphrase, -?? ???? keyp, commentp); +?? ???? keyp, commentp, vault_infop); ?} ? ?int ?sshkey_load_private_type_fd(int fd, int type, const char *passphrase, -??? struct sshkey **keyp, char **commentp) +??? struct sshkey **keyp, char **commentp, struct sshkey_vault **vault_infop) ?{ ??? ?struct sshbuf *buffer = NULL; ??? ?int r; @@ -159,7 +161,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase, ??? ??? ?*keyp = NULL; ??? ?if ((r = sshbuf_load_fd(fd, &buffer)) != 0 || ??? ???? (r = sshkey_parse_private_fileblob_type(buffer, type, -?? ???? passphrase, keyp, commentp)) !=...

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

...expected[i].l.key, NULL), 0); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c61e2bd..cf35f09 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -141,13 +141,16 @@ do_kex_with_key(char *kex, int keytype, int bits) sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ +#ifdef WITH_OPENSSL server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; s...

On Wed, 17 Feb 2016, Tom G. Christensen wrote: > On 12/02/16 04:56, Damien Miller wrote: > > Portable OpenSSH is available via Git at > > https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at > > https://github.com/openssh/openssh-portable > > > > I'm seeing a hang in the testsuite on Solaris: > run test transfer.sh ... > transfer data:

...x064:[/data/prj/openbsd/openssh/snap/openssh]make tests [ -d `pwd`/regress ] || mkdir -p `pwd`/regress [ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests [ -d `pwd`/regress/unittests/test_helper ] || \ mkdir -p `pwd`/regress/unittests/test_helper [ -d `pwd`/regress/unittests/sshbuf ] || \ mkdir -p `pwd`/regress/unittests/sshbuf [ -d `pwd`/regress/unittests/sshkey ] || \ mkdir -p `pwd`/regress/unittests/sshkey [ -d `pwd`/regress/unittests/bitmap ] || \ mkdir -p `pwd`/regress/unittests/bitmap [ -d `pwd`/regress/unittests/hostkeys ] || \ mkdir -p...

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker

https://bugzilla.mindrot.org/show_bug.cgi?id=2301 Bug ID: 2301 Summary: test_sshbuf_misc.c:44 ASSERT_INT_NE(feof(out), 0) failed Product: Portable OpenSSH Version: 6.7p1 Hardware: MIPS OS: IRIX Status: NEW Severity: enhancement Priority: P5 Component: Regression tests...

I added ZSTD support to OpenSSH roughly over a year and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

..._H -c bufec.c -o bufec.o bufec.c:30: warning: type defaults to 'int' in declaration of 'EC_GROUP' bufec.c:30: error: parse error before '*' token bufec.c: In function 'buffer_put_ecpoint_ret': bufec.c:35: warning: implicit declaration of function 'sshbuf_put_ec' bufec.c:35: error: 'buffer' undeclared (first use in this function) bufec.c:35: error: (Each undeclared identifier is reported only once bufec.c:35: error: for each function it appears in.) bufec.c:35: error: 'point' undeclared (first use in this function...