File: openssl.c, openssl.h, crypto.h, kex.c
Notes:
This cleans up a few things in the curve25519 implementation:
- There is no need to create X509_PUBKEYs or PKCS8_PRIV_KEY_INFOs to
extract key material. EVP_PKEY_get_raw_private_key and
EVP_PKEY_get_raw_public_key work fine.
- libssh2_x25519_ctx was never used (and occasionally mis-typedefed to
libssh2_ed25519_ctx). Remove it. The _libssh2_curve25519_new and
_libssh2_curve25519_gen_k interfaces use the bytes. Note, if it needs
to be added back, there is no need to roundtrip through
EVP_PKEY_new_raw_private_key. EVP_PKEY_keygen already generated an
EVP_PKEY.
- Add some missing error checks.
Credit:
David Benjamin
File: transport.c
Notes:
This is to fix#102, instead of continuing to attempt to read a disconnected socket, it will now error out.
Credit:
TDi-jonesds
Avoid the use of RtlGetVersion or similar Win32 functions,
since these depend on version information from manifests.
This commit makes the WinCNG backend first try to use the
new DH algorithm API with the raw secret derivation feature.
In case this feature is not available the WinCNG backend
will fallback to the classic approach of using RSA-encrypt
to perform the required modular exponentiation of BigNums.
The feature availability test is done during the first handshake
and the result is stored in the crypto backends global state.
Follow up to #397Closes#484
Notes:
The buildconf script is currently required, because we need to copy a
header around, because it is used both from the library and the examples
sources.
However, having a custom 'buildconf'-like script is not needed if we can
ensure that the header exists by the time it is needed. For that, we can
just append the src/ directory to the headers search path for the
examples.
And then it means we no longer need to generate the same header twice,
so we remove the second one from configure.ac.
Now, we can just call "autoreconf -fi" to generate the autotools files,
instead of relying on the canned sequence in "buildconf", since
autoreconf has now long known what to do at the correct moment (future
versions of autotools, automake, autopoint, autoheader etc... may
require an other ordering, or other intermediate steps, etc...).
Eventually, get rid of buildconf now it is no longer needed. In fact, we
really keep it for legacy, but have it just call autoreconf (and print a
nice user-friendly warning). Don't include it in the release tarballs,
though.
Update doc, gitignore, and travis-CI jobs accordingly.
Credit:
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Sam Voss <sam.voss@rockwellcollins.com>
File: libssh2.h
Notes:
Update the min, preferred and max DH group values based on RFC 8270.
Credit:
Will Cosgrove, noted from email list by Mitchell Holland
File: INSTALL_CMAKE.md
Notes:
Although the original text would be immediately clear to seasoned users of CMAKE and/or Unix shell, the lack of newlines may cause some confusion for newcomers. Hence, wrapping the texts in a md code-block such that the newlines appear as intended.
credit:
suryakalpo
file: transport.c
notes:
moving total_num zero length check from #476 up to the prior bounds check which already includes a total_num check. Makes it slightly more readable.
credit:
Will Cosgrove
File:
libssh2_sftp.h
Notes:
Error constants `LIBSSH2_FX_*` are only returned by `libssh2_sftp_last_error()` which returns `unsigned long`.
Therefore these constants should be defined as unsigned long literals, instead of int literals.
Credit:
Dr. Koutheir Attouchi
File: HACKING.CRYPTO
Notes:
This commit updates the HACKING.CRYPTO documentation file in an attempt to make it in sync with current code.
New documented features are:
SHA384
SHA512
ECDSA
ED25519
Credit:
monnerat
File: hostkey.c
Notes:
These types are the same size so most compilers are fine with it, but CodeWarrior (on classic MacOS) throws an ‘illegal implicit conversion’ error
Credit: Brendan Shanks
file: Makefile.am
Notes:
The POSIX comparison operator for test(1) is =; bash supports == but not even test from GNU coreutils does.
Credit:
Thomas Klausner
File:
Openssl.c
Notes:
* Fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression from #439
Credit:
Hans Meirer, Tseng Jun
File: Session.c
Notes:
With gcc 9, libssh2, libcurl and LTO enabled for all binaries I see this
warning (error with -Werror):
vssh/libssh2.c: In function ‘ssh_statemach_act’:
/data/mwrep/rgeissler/ospack/ssh2/BUILD/libssh2-libssh2-03c7c4a/src/session.c:579:9: error: ‘seconds_to_next’ is used uninitialized in this function [-Werror=uninitialized]
579 | int seconds_to_next;
| ^
lto1: all warnings being treated as errors
Gcc normally issues -Wuninitialized when it is sure there is a problem,
and -Wmaybe-uninitialized when it's not sure, but it's possible. Here
the compiler seems to have find a real case where this could happen. I
looked in your code and overall it seems you always check if the return
code is non null, not often that it's below zero. I think we should do
the same here. With this patch, gcc is fine.
Credit:
Romain-Geissler-1A
Files: openssl.c/h
Author: Zenju
Notes:
Adds support for PKIX key reading by fixing:
_libssh2_pub_priv_keyfile() is missing the code to extract the ed25519 public key from a given private key
_libssh2_ed25519_new_private_frommemory is only parsing the openssh key format but does not understand PKIX (as retrieved via PEM_read_bio_PrivateKey)
File: .travis.yml
Notes:
* Fix Chrome installing by using Travis build in directive
* Update to use libgcrypt20-dev package to fix 32 bit builds based on comments found here:
https://launchpad.net/ubuntu/xenial/i386/libgcrypt11-dev
