search for: sshbuf_free

...till-existant the -> then Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13 Aug 2024 16:39:12 -0000 @@ -168,8 +168,8 @@ sshbuf_free(struct sshbuf *buf) return; /* - * If we are a parent with still-extant children, then don't free just - * yet. The last child's call to sshbuf_free should decrement our + * If we are a parent with still-existant children, then don't free + * just yet. The last child's cal...

...expected[i].l.key, NULL), 0); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c61e2bd..cf35f09 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -141,13 +141,16 @@ do_kex_with_key(char *kex, int keytype, int bits) sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ +#ifdef WITH_OPENSSL server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; server...

...cit_bzero followed by free. Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13 Aug 2024 16:54:20 -0000 @@ -183,10 +183,8 @@ sshbuf_free(struct sshbuf *buf) sshbuf_free(buf->parent); buf->parent = NULL; - if (!buf->readonly) { - explicit_bzero(buf->d, buf->alloc); - free(buf->d); - } + if (!buf->readonly) + freezero(buf->d, buf->alloc); freezero(buf, sizeof(*buf)); }

https://bugzilla.mindrot.org/show_bug.cgi?id=2948 Bug ID: 2948 Summary: implement "copy-data" sftp extension Product: Portable OpenSSH Version: -current Hardware: All URL: https://tools.ietf.org/html/draft-ietf-secsh-filexfer- extensions-00#section-7 OS: All Status: NEW

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

...out; - } - if ((r = sshkey_load_file(fd, buffer)) != 0 || - (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, - commentp)) != 0) - goto out; - if (keyp && *keyp && - (r = sshkey_set_filename(*keyp, filename)) != 0) - goto out; - r = 0; - out: - close(fd); - sshbuf_free(buffer); - return r; -} - static int sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) { diff --git a/authfile.h b/authfile.h index a6b9759c5ea..0279a89e2b4 100644 --- a/authfile.h +++ b/authfile.h @@ -38,7 +38,6 @@ int sshkey_save_private(struct sshkey *, const cha...

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

...pin); + if (r) + goto out; + if (constrained) { + r = encode_constraints(msg, lifetime, confirm, maxsign, NULL); + if (r) + goto out; + } + r = ssh_request_reply(sock, msg, msg); + if (r) + goto out; + r = sshbuf_get_u8(msg, &type); + if (r) + goto out; + r = (signed char)type; + out: + sshbuf_free(msg); + return r; +} + + /* * Add/remove an token-based identity from the authentication server. * This call is intended only for use by ssh-add(1) and like applications. diff --git a/authfd.h b/authfd.h index c3bf6259a..1dd1070cb 100644 --- a/authfd.h +++ b/authfd.h @@ -38,6 +38,9 @@ int ssh_...

https://bugzilla.mindrot.org/show_bug.cgi?id=3068 Bug ID: 3068 Summary: Duplicate code in sshkey_load_private() function Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Windows 10 Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=3167 Bug ID: 3167 Summary: Bugs found by static tests Product: Portable OpenSSH Version: 8.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used

I added ZSTD support to OpenSSH roughly over a year and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

...; ??? ?*pubkeyp = pubkey; ??? ?pubkey = NULL; +?? ?if (vault_infop != NULL) { +?? ??? ?*vault_infop = vault_info; +?? ??? ?vault_info = NULL; +?? ?} ??? ?r = 0; ? out: ??? ?cipher_free(ciphercontext); @@ -4171,6 +4236,7 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase, ??? ?} ??? ?sshbuf_free(kdf); ??? ?sshbuf_free(decrypted); +?? ?sshkey_vault_free(vault_info); ??? ?return r; ?} ? @@ -4201,7 +4267,7 @@ private2_check_padding(struct sshbuf *decrypted) ? ?static int ?sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, -??? struct sshkey **keyp, char **commentp) +...

...ssh_packet_close_internal(struct ssh *ssh, int do_close) state->newkeys[mode] = NULL; ssh_clear_newkeys(ssh, mode); /* next keys */ } -#ifdef WITH_ZLIB /* compression state is in shared mem, so we can only release it once */ if (do_close && state->compression_buffer) { sshbuf_free(state->compression_buffer); - if (state->compression_out_started) { +#ifdef WITH_ZLIB + if (state->compression_out_started == COMP_ZLIB) { z_streamp stream = &state->compression_out_stream; debug("compress outgoing: " "raw data %llu, compressed %llu,...

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port