Jiří Ševčík | 13 Apr 22:36 2014
Picon

Channel timeout

Hi, We are dealing with problem during parallel creation of several channels and creation of direct tcp ip channel for a server that is unavailable. The whole program runs in a main loop using epoll. For testing we use dropped packets of forward server (ssh server refuses connection after three minutes). In case of induced event on server, all channels are tried out in framework of operation by a method in accordance for a given state of the channel. Our problems follow as such. 1. Parallel creation of channels within a framework of a single non-blocking session. Is there any effective way how to achieve that? 2. The activity on an active channel cancels the creation of re-routed channel. 3. According to a trace listing it was found out, that after minute of attempting to create a re-routed channel within a libssh2 framework an internal timeout is initiated, the creation is cancelled and a new channel is created internally. This does not propagate itself into the application. In attachment you can find a testing code and trace listing where: -lines in the listing in a form '09.04.2014 10:35:13.912' are listings of the program itself. - A debug trace listing [libssh2] 60.908507 Conn: Packet requirev retval' is added for observing of return value
Attachment (connect.c): text/x-csrc, 12 KiB
Attachment (output.log): text/x-log, 144 KiB
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
libssh2 Trac | 11 Apr 21:21 2014
Picon

#287: LIBSSH2_FX_PERMISSION_DENIED on reading file from other user

#287: LIBSSH2_FX_PERMISSION_DENIED on reading file from other user
---------------------------------------+--------------------
 Reporter:  pschultz                   |       Owner:
     Type:  defect                     |      Status:  new
 Priority:  normal                     |   Milestone:  1.4.3
Component:  SFTP                       |     Version:  1.4.2
 Keywords:  sftp open file permission  |  Blocked By:
   Blocks:                             |
---------------------------------------+--------------------
 Hi,

 I used the libssh2 examples "sftp.c" and "sftpdir.c", lightly modified to
 get more information on the errors.

 I have to get files from several subdirectories on a SFTP Server.
 Some of these subdirectories ar written by other users, one is written by
 the user which I use as login with user and password.
 All users are in the same group.

 Getting files which are created by "my" user works fine.

 But when I try to get the other files then libssh2_sftp_open fails,
 libssh2_session_last_error returns -31 (= LIBSSH2_ERROR_SFTP_PROTOCOL) and
 libssh2_sftp_last_error returns 3 (= LIBSSH2_FX_PERMISSION_DENIED).

 I have no problems reading the directories (libssh2_sftp_opendir /
 libssh2_sftp_readdir_ex).

 Examples:
 My directory on the server:
 -rw-rw-r--    1 My_User    Group1   7923 Apr  9 13:49 file1   (ok)

 Another directory:
 -rw-r--r--    1 Other_User Group1   1229 Apr  9 00:59 file2   (fails)

 The system I work on is SUSE Linux Enterprise Server 11 (i586).
 The version of libssh2 is 1.4.3.

 /usr/bin/sftp  has no problems, I can get all files; same on windows with
 WinSCP.
 The problem must be on my side.

 What could I make better? Are there more steps to do than coded in the
 examples?

 Thanks

 Peter

--

-- 
Ticket URL: <https://trac.libssh2.org/ticket/287>
libssh2 <https://trac.libssh2.org/>
C library for writing portable SSH2 clients

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

libssh2 Trac | 11 Apr 21:19 2014
Picon

#286: LibSSH2-HEAD can't be used with OpenBSD 5.5

#286: LibSSH2-HEAD can't be used with OpenBSD 5.5
-------------------------+--------------------
 Reporter:  jamesmoore   |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  1.4.3
Component:  crypto       |     Version:  1.4.2
 Keywords:               |  Blocked By:
   Blocks:               |
-------------------------+--------------------
 OpenBSD 5.5 is changing the default MACs available to sshd. Libssh2
 supplies the following

 hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-
 ripemd160@...

 while OpenBSD 5.5 expects

 umac-64-etm@...,umac-128-etm@...,hmac-
 sha2-256-etm@...,hmac-
 sha2-512-etm@...,umac-64@...,umac-128@...,hmac-
 sha2-256,hmac-sha2-512

 It appears libssh2's MAC support needs to be updated.

--

-- 
Ticket URL: <https://trac.libssh2.org/ticket/286>
libssh2 <https://trac.libssh2.org/>
C library for writing portable SSH2 clients

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

James Moore | 11 Apr 01:56 2014

libssh2 incompatible with OpenBSD 5.5

Hi all, we recently received a report that our iOS app Prompt isn’t working with OpenBSD 5.5. Sure enough,
the MAC list that’s sent by libssh2 is incompatible with their new defaults. I logged a bug on this in Trac
but it appears it has not been moderated yet.

For reference here’s the list of MACs

libssh2
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160 <at> openssh.com 

OpenBSD 5.5
umac-64-etm@...,umac-128-etm@...,hmac-sha2-256-etm <at> openssh.com,hmac-sha2-512-etm@...,umac-64@...,umac-128@...,hmac-sha2-256,hmac-sha2-512

If we decide to add these ourselves will it just be a matter of creating the necessary openssl wrappers?

--
James

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Bob Kast | 8 Apr 23:36 2014
Picon

Patches for Windows, Wincng, Visual Studio

Attached are all of the mods I've made to libssh2 for use in Windows and
Visual Studio.

I hope most of them should be pretty clear, but I have a couple of notes:

0001-Add-Visual-Studio-2013-solution-project-files.patch:

I understand that you are working on a cmake system that will create Visual
Studio project files. Until that time, I have a patch that includes project
files for VS2013. It can be something temporary or it can be something used
as a model for creating the cmake files.

0001-Use-secure-versions-of-CRT-library.patch:

Libssh2 uses deprecated versions of the run-time library. This patch updates
that so they use the secure versions. For my changes to correctly compile on
non-Windows systems, you need to add the following defines. I was not sure
where these should be added:

#define SNPRINTF snprintf
#define VSNPRINTF vsnprintf

Thanks for all your help,
Bob
Attachment (0001-Remove-redundant-inline-define.patch): application/octet-stream, 862 bytes
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Clemens Gruber | 2 Apr 21:06 2014
Picon

ed25519 and curve25519 for key exchange

Hi,

I am currently playing around with Daniel J. Bernstein's public-key
signature system. It looks great in comparison to ECDSA and it is very
fast, which would be a benefit on all embedded systems. Besides that
is's also not using the NIST curves..

OpenSSH introduced support for ed25519 public keys with version 6.5:
http://www.openssh.com/txt/release-6.5
libssh supports using curve25519 for key exchange, see:
http://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256-rGZ8IkEZvIqu6nxgttAqaA <at> public.gmane.org

More info about Ed25519: http://ed25519.cr.yp.to
There is also a paper: http://ed25519.cr.yp.to/ed25519-20110926.pdf

So my question is: Did anyone already think about implementing support
for ed25519 keys and curve25519 key exchange in libssh2 to be compatible
with OpenSSH >= 6.5 ?

In the process of that, implementing Salsa-20 / ChaCha (djbs stream
cipher) and Poly1305-AES (a MAC) could also be useful.

Please share your opinion about adding those to libssh2. As far as I
know, neither OpenSSL nor libgcrypt support them (yet), but using djb's
NaCl library for that purpose might be an option:
http://nacl.cace-project.eu

Happy Hacking!

Clemens
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Eben Shapiro | 31 Mar 23:03 2014

verify libssh2 download

Hello,

How do I verify the libssh2 download? I see there's a gpg signature next
to the link to download, but I can't find the public key to go along
with it.

Thank you,

Eben

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Marc Hoersken | 22 Mar 23:43 2014
Picon

[PATCH 2/2] win32: Added WinCNG targets to generated Visual Studio, project

Hello everyone,

another set of patches inspired by Bob Kast's reports. These patches
allow the compilation of libssh2 with WinCNG using the generated Visual
Studio project files.
This patch adds WinCNG support to parts of the existing Win32 build
infrastructure, until new build systems, like pre-defined VS project
files or CMake files may be added.

The patches probably raise one main question: How to handle build
systems, like VS project files, that need to include all source files
regardless of the desired target, including all supported crypto backends?
For now I added a check for LIBSSH2_OPENSSL to openssl.c and hardcoded
the supported crypto backends within Makefile.am.

Best regards,
Marc
From 93f69ae580641da9c28caecdeb9d355f578a0682 Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info@...>
Date: Sat, 22 Mar 2014 23:33:56 +0100
Subject: [PATCH 1/2] openssl: Check for LIBSSH2_OPENSSL in order to compile
 with openssl

---
 src/openssl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/openssl.c b/src/openssl.c
index b26842b..056b0b7 100644
--- a/src/openssl.c
+++ b/src/openssl.c
 <at>  <at>  -40,6 +40,8  <at>  <at> 

 #include "libssh2_priv.h"

+#ifdef LIBSSH2_OPENSSL /* compile only if we build with openssl */
+
 #include <string.h>

 #ifndef EVP_MAX_BLOCK_LENGTH
 <at>  <at>  -814,3 +816,5  <at>  <at>  _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
     EVP_PKEY_free(pk);
     return st;
 }
+
+#endif /* LIBSSH2_OPENSSL */
-- 
1.8.1.msysgit.1

From 3ed83def3e73520886839ded729a09a713d8a467 Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info <at> marc-hoersken.de>
Date: Sat, 22 Mar 2014 23:34:55 +0100
Subject: [PATCH 2/2] win32: Added WinCNG targets to generated Visual Studio
 project

---
 Makefile.am            |   5 +-
 win32/libssh2_config.h |   1 +
 win32/msvcproj.head    | 138 ++++++++++++++++++++++++++++++++++++++++++++-----
 3 files changed, 128 insertions(+), 16 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index e0a74c7..1489be3 100644
--- a/Makefile.am
+++ b/Makefile.am
 <at>  <at>  -75,8 +75,9  <at>  <at>  gen-coverage:
 coverage: init-coverage build-coverage gen-coverage

 # DSP/VCPROJ generation adapted from libcurl
-# only OpenSSL is supported with this build system
-include Makefile.OpenSSL.inc
+# only OpenSSL and WinCNG are supported with this build system
+CRYPTO_CSOURCES = openssl.c wincng.c
+CRYPTO_HHEADERS = openssl.h wincng.h
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc

diff --git a/win32/libssh2_config.h b/win32/libssh2_config.h
index 4e2ae29..56646da 100644
--- a/win32/libssh2_config.h
+++ b/win32/libssh2_config.h
 <at>  <at>  -18,6 +18,7  <at>  <at> 
 #define HAVE_GETTIMEOFDAY
 #endif

+#define HAVE_LIBCRYPT32
 #define HAVE_WINSOCK2_H
 #define HAVE_IOCTLSOCKET
 #define HAVE_SELECT
diff --git a/win32/msvcproj.head b/win32/msvcproj.head
index 6b39740..eb82020 100644
--- a/win32/msvcproj.head
+++ b/win32/msvcproj.head
 <at>  <at>  -1,12 +1,12  <at>  <at> 
 # Microsoft Developer Studio Project File - Name="libssh2" - Package Owner=<4>
 # Microsoft Developer Studio Generated Build File, Format Version 6.00
 # ** DO NOT EDIT **
-# only OpenSSL is supported with this build system
+# only OpenSSL and WinCNG are supported with this build system
 
 # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
 # TARGTYPE "Win32 (x86) Static Library" 0x0104
 
-CFG=libssh2 - Win32 Debug
+CFG=libssh2 - Win32 OpenSSL Debug
 !MESSAGE This is not a valid makefile. To build this project using NMAKE,
 !MESSAGE use the Export Makefile command and run
 !MESSAGE
 <at>  <at>  -19,10 +19,14  <at>  <at>  CFG=libssh2 - Win32 Debug
 !MESSAGE
 !MESSAGE Possible choices for configuration are:
 !MESSAGE
-!MESSAGE "libssh2 - Win32 DLL Release" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE "libssh2 - Win32 DLL Debug" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE "libssh2 - Win32 LIB Release" (based on "Win32 (x86) Static Library")
-!MESSAGE "libssh2 - Win32 LIB Debug" (based on "Win32 (x86) Static Library")
+!MESSAGE "libssh2 - Win32 OpenSSL DLL Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "libssh2 - Win32 OpenSSL DLL Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "libssh2 - Win32 OpenSSL LIB Release" (based on "Win32 (x86) Static Library")
+!MESSAGE "libssh2 - Win32 OpenSSL LIB Debug" (based on "Win32 (x86) Static Library")
+!MESSAGE "libssh2 - Win32 WinCNG DLL Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "libssh2 - Win32 WinCNG DLL Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "libssh2 - Win32 WinCNG LIB Release" (based on "Win32 (x86) Static Library")
+!MESSAGE "libssh2 - Win32 WinCNG LIB Debug" (based on "Win32 (x86) Static Library")
 !MESSAGE
 
 # Begin Project
 <at>  <at>  -33,7 +37,7  <at>  <at>  CPP=cl.exe
 MTL=midl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "libssh2 - Win32 DLL Release"
+!IF  "$(CFG)" == "libssh2 - Win32 OpenSSL DLL Release"
 
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 0
 <at>  <at>  -60,7 +64,7  <at>  <at>  LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib
shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
 # ADD LINK32 gdi32.lib advapi32.lib user32.lib kernel32.lib ws2_32.lib libeay32.lib zlib.lib /nologo
/dll /map /debug /machine:I386
 
-!ELSEIF  "$(CFG)" == "libssh2 - Win32 DLL Debug"
+!ELSEIF  "$(CFG)" == "libssh2 - Win32 OpenSSL DLL Debug"
 
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 1
 <at>  <at>  -88,7 +92,7  <at>  <at>  LINK32=link.exe
 # ADD LINK32 gdi32.lib advapi32.lib user32.lib kernel32.lib ws2_32.lib libeay32.lib zlib.lib /nologo
/dll /incremental:no /map /debug /machine:I386 /pdbtype:sept
 # SUBTRACT LINK32 /nodefaultlib
 
-!ELSEIF  "$(CFG)" == "libssh2 - Win32 LIB Release"
+!ELSEIF  "$(CFG)" == "libssh2 - Win32 OpenSSL LIB Release"
 
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 0
 <at>  <at>  -112,7 +116,7  <at>  <at>  LIB32=link.exe -lib
 # ADD LIB32 /nologo
 # ADD LIB32 /nologo /out:"Release_lib\libssh2.lib"
 
-!ELSEIF  "$(CFG)" == "libssh2 - Win32 LIB Debug"
+!ELSEIF  "$(CFG)" == "libssh2 - Win32 OpenSSL LIB Debug"
 
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 1
 <at>  <at>  -135,12 +139,118  <at>  <at>  LIB32=link.exe -lib
 # ADD BASE LIB32 /nologo
 # ADD LIB32 /nologo /out:"Debug_lib\libssh2d.lib"
 
+!ELSEIF  "$(CFG)" == "libssh2 - Win32 WinCNG LIB Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release_dll"
+# PROP BASE Intermediate_Dir "Release_dll"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release_dll"
+# PROP Intermediate_Dir "Release_dll"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_WINCNG" /D
"_MBCS" /D "_LIB" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "..\win32" /I "..\include" /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32"
/D "LIBSSH2_WINCNG" /D "_MBCS" /D "_LIB" /YX /FD /c
+# SUBTRACT CPP /YX
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib
shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
+# ADD LINK32 gdi32.lib advapi32.lib user32.lib kernel32.lib ws2_32.lib crypt32.lib bcrypt.lib
/nologo /dll /map /debug /machine:I386
+
+!ELSEIF  "$(CFG)" == "libssh2 - Win32 WinCNG DLL Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug_dll"
+# PROP BASE Intermediate_Dir "Debug_dll"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug_dll"
+# PROP Intermediate_Dir "Debug_dll"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_WINCNG" /D
"_MBCS" /D "_LIB" /YX /FD /GZ /c
+# ADD CPP /nologo /MD /W3 /Gm /GX /ZI /Od /I "..\win32" /I "..\include" /D "WIN32" /D "_DEBUG" /D
"LIBSSH2_WIN32" /D "LIBSSH2_WINCNG" /D "_MBCS" /D "_LIB" /D "LIBSSH2DEBUG" /YX /FD /GZ /c
+# SUBTRACT CPP /WX /YX
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib
shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug
/machine:I386 /pdbtype:sept
+# ADD LINK32 gdi32.lib advapi32.lib user32.lib kernel32.lib ws2_32.lib crypt32.lib bcrypt.lib
/nologo /dll /incremental:no /map /debug /machine:I386 /pdbtype:sept
+# SUBTRACT LINK32 /nodefaultlib
+
+!ELSEIF  "$(CFG)" == "libssh2 - Win32 WinCNG LIB Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release_lib"
+# PROP BASE Intermediate_Dir "Release_lib"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release_lib"
+# PROP Intermediate_Dir "Release_lib"
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_WINCNG" /D
"_MBCS" /D "_LIB" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "..\win32" /I "..\include" /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32"
/D "LIBSSH2_WINCNG" /D "_MBCS" /D "_LIB" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LIB32=link.exe -lib
+# ADD BASE LIB32 /nologo
+# ADD LIB32 /nologo
+# ADD LIB32 /nologo /out:"Release_lib\libssh2.lib"
+
+!ELSEIF  "$(CFG)" == "libssh2 - Win32 WinCNG LIB Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug_lib"
+# PROP BASE Intermediate_Dir "Debug_lib"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug_lib"
+# PROP Intermediate_Dir "Debug_lib"
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_WINCNG" /D
"_MBCS" /D "_LIB" /YX /FD /GZ /c
+# ADD CPP /nologo /MD /W3 /Gm /GX /ZI /Od /I "..\win32" /I "..\include" /D "WIN32" /D "_DEBUG" /D
"LIBSSH2_WIN32" /D "LIBSSH2_WINCNG" /D "_MBCS" /D "_LIB" /D "LIBSSH2DEBUG" /YX /FD /GZ /c
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LIB32=link.exe -lib
+# ADD BASE LIB32 /nologo
+# ADD LIB32 /nologo /out:"Debug_lib\libssh2d.lib"
+
 !ENDIF
 
 # Begin Target
 
-# Name "libssh2 - Win32 DLL Release"
-# Name "libssh2 - Win32 DLL Debug"
-# Name "libssh2 - Win32 LIB Release"
-# Name "libssh2 - Win32 LIB Debug"
+# Name "libssh2 - Win32 OpenSSL DLL Release"
+# Name "libssh2 - Win32 OpenSSL DLL Debug"
+# Name "libssh2 - Win32 OpenSSL LIB Release"
+# Name "libssh2 - Win32 OpenSSL LIB Debug"
+# Name "libssh2 - Win32 WinCNG DLL Release"
+# Name "libssh2 - Win32 WinCNG DLL Debug"
+# Name "libssh2 - Win32 WinCNG LIB Release"
+# Name "libssh2 - Win32 WinCNG LIB Debug"
 
--

-- 
1.8.1.msysgit.1

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Bob Kast | 19 Mar 22:37 2014
Picon

Suggested patches for WinCNG

Attached are a set of suggested patches.

 

Brief explanation:

 

Libssh2.h:

In Windows, a socket is of type SOCKET, not int.

 

Libssh2_priv.h:

Redundant #define inline

A one bit bit-field should be unsigned

 

Openssl.c:

You shouldn’t need Openssl to compile if you aren’t selecting it.

 

Wincng.c:

Putting the #pragma for the libraries works for both DLL and LIB versions.

_libssh2_wincng_hash_update: the parameter needs to be const to match. It is interesting that C just gives a warning for that.

pPaddingInfo value is undefined. Doc says it must be NULL if not used.

 

Wincng.h:

STATUS_SUCCESS unfortunately not defined if using non-driver includes.

_libssh2_wincng_hash_ctx and _libssh2_wincng_key_ctx: I found this confusing. Kind of a circular #define. I think this is more of what was intended.

Forward declarations: without these the compiler complains for each call.

 

Libssh2_config.h:

Pragma to suppress “possible loss of data” warnings.

 

New Files:

-          Libssh2.sln – solution file

-          Libssh2.vcxproj, libssh2.vcxproj.filters – project files for libssh2

-          Tests.vcxproj, tests.vcxproj.filters – project files for tests – I haven’t tested this.

These are specifically for VS2013 and make it easy to create DLL/LIB, Debug/Release, 32/64 bit builds.

 

Thanks,

Bob

Attachment (wincng_minimal.patch): application/octet-stream, 56 KiB
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Marc Hoersken | 16 Mar 20:05 2014
Picon

[PATCH] wincng: Added explicit memory overwrite feature to WinCNG, backend

Hello everyone,

this feature was originally part of the WinCNG crypto backend, but was
dropped in order to get the backend merge-ready on its own.

Now that the WinCNG backend has been merged, I think that the feature is
open for discussion and improvement.
Attached you will find a slightly modified version of the initial
feature that matches the current WinCNG backend.

Best regards,
Marc
From abd5177ec1c1bb05c77bc6c6eb1a0d6bb61334f4 Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info@...>
Date: Sun, 16 Mar 2014 20:02:17 +0100
Subject: [PATCH] wincng: Added explicit memory overwrite feature to WinCNG
 backend

This re-introduces the original feature proposed during
the development of the WinCNG crypto backend. It still needs
to be added to libssh2 itself and probably other backends.
---
 configure.ac |   7 +++
 src/wincng.c | 174 +++++++++++++++++++++++++++++++++--------------------------
 2 files changed, 106 insertions(+), 75 deletions(-)

diff --git a/configure.ac b/configure.ac
index 8e52687..c0a9b91 100644
--- a/configure.ac
+++ b/configure.ac
 <at>  <at>  -197,6 +197,13  <at>  <at>  if test "$GEX_NEW" != "no"; then
   AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax])
 fi

+AC_ARG_ENABLE(memory-overwrite,
+  AC_HELP_STRING([--disable-memory-overwrite],[Disable memory overwrite before being freed]),
+  [MEMORY_OVERWRITE=$enableval])
+if test "$MEMORY_OVERWRITE" != "no"; then
+  AC_DEFINE(LIBSSH2_MEMORY_OVERWRITE, 1, [Enable memory overwrite before being freed])
+fi
+
 dnl ************************************************************
 dnl option to switch on compiler debug options
 dnl
diff --git a/src/wincng.c b/src/wincng.c
index 398fe89..6493f06 100644
--- a/src/wincng.c
+++ b/src/wincng.c
 <at>  <at>  -255,6 +255,22  <at>  <at>  _libssh2_wincng_random(void *buf, int len)
            == STATUS_SUCCESS ? 0 : -1;
 }

+static void
+_libssh2_wincng_mfree(void *buf, int len)
+{
+    if (!buf)
+        return;
+
+#ifdef LIBSSH2_MEMORY_OVERWRITE
+    if (len > 0)
+        _libssh2_wincng_random(buf, len);
+#else
+    (void)len;
+#endif
+
+    free(buf);
+}
+

 /*******************************************************************/
 /*
 <at>  <at>  -297,7 +313,7  <at>  <at>  _libssh2_wincng_hash_init(_libssh2_wincng_hash_ctx *ctx,
                            pbHashObject, dwHashObject,
                            key, keylen, 0);
     if (ret != STATUS_SUCCESS) {
-        free(pbHashObject);
+        _libssh2_wincng_mfree(pbHashObject, dwHashObject);
         return -1;
     }

 <at>  <at>  -327,11 +343,9  <at>  <at>  _libssh2_wincng_hash_final(_libssh2_wincng_hash_ctx *ctx,
     ret = BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0);

     BCryptDestroyHash(ctx->hHash);
+    ctx->hHash = 0;

-    if (ctx->pbHashObject)
-        free(ctx->pbHashObject);
-
-    memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx));
+    _libssh2_wincng_mfree(ctx->pbHashObject, ctx->dwHashObject);

     return ret;
 }
 <at>  <at>  -372,11 +386,9  <at>  <at>  void
 _libssh2_wincng_hmac_cleanup(_libssh2_wincng_hash_ctx *ctx)
 {
     BCryptDestroyHash(ctx->hHash);
+    ctx->hHash = 0;

-    if (ctx->pbHashObject)
-        free(ctx->pbHashObject);
-
-    memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx));
+    _libssh2_wincng_mfree(ctx->pbHashObject, ctx->dwHashObject);
 }

 
 <at>  <at>  -418,17 +430,17  <at>  <at>  _libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx,
                                _libssh2_wincng.hAlgHashSHA1,
                                hash, hashlen);

-    free(data);
+    _libssh2_wincng_mfree(data, datalen);

     if (ret) {
-        free(hash);
+        _libssh2_wincng_mfree(hash, hashlen);
         return -1;
     }

     datalen = sig_len;
     data = malloc(datalen);
     if (!data) {
-        free(hash);
+        _libssh2_wincng_mfree(hash, hashlen);
         return -1;
     }

 <at>  <at>  -442,8 +454,8  <at>  <at>  _libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx,
     ret = BCryptVerifySignature(ctx->hKey, pPaddingInfo,
                                 hash, hashlen, data, datalen, flags);

-    free(hash);
-    free(data);
+    _libssh2_wincng_mfree(hash, hashlen);
+    _libssh2_wincng_mfree(data, datalen);

     return ret == STATUS_SUCCESS ? 0 : -1;
 }
 <at>  <at>  -535,7 +547,7  <at>  <at>  _libssh2_wincng_asn_decode(unsigned char *pbEncoded,
                               pbEncoded, cbEncoded, 0, NULL,
                               pbDecoded, &cbDecoded);
     if (!ret) {
-        free(pbDecoded);
+        _libssh2_wincng_mfree(pbDecoded, cbDecoded);
         return -1;
     }

 <at>  <at>  -605,7 +617,7  <at>  <at>  _libssh2_wincng_asn_decode_bn(unsigned char *pbEncoded,
             *ppbDecoded = pbDecoded;
             *pcbDecoded = cbDecoded;
         }
-        free(pbInteger);
+        _libssh2_wincng_mfree(pbInteger, cbInteger);
     }

     return ret;
 <at>  <at>  -645,12 +657,9  <at>  <at>  _libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded,
                 }

                 if (ret) {
-                    for (length = 0; length < index; length++) {
-                        if (rpbDecoded[length]) {
-                            free(rpbDecoded[length]);
-                            rpbDecoded[length] = NULL;
-                        }
-                    }
+                    for (length = 0; length < index; length++)
+                        _libssh2_wincng_mfree(rpbDecoded[length],
+                                              rcbDecoded[length]);
                 } else {
                     *prpbDecoded = rpbDecoded;
                     *prcbDecoded = rcbDecoded;
 <at>  <at>  -665,7 +674,7  <at>  <at>  _libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded,
             ret = -1;
         }

-        free(pbDecoded);
+        _libssh2_wincng_mfree(pbDecoded, cbDecoded);
     }

     return ret;
 <at>  <at>  -811,7 +820,7  <at>  <at>  _libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa,
     ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, lpszBlobType,
                               &hKey, key, keylen, 0);
     if (ret != STATUS_SUCCESS) {
-        free(key);
+        _libssh2_wincng_mfree(key, keylen);
         return -1;
     }

 <at>  <at>  -819,7 +828,7  <at>  <at>  _libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa,
     *rsa = malloc(sizeof(libssh2_rsa_ctx));
     if (!(*rsa)) {
         BCryptDestroyKey(hKey);
-        free(key);
+        _libssh2_wincng_mfree(key, keylen);
         return -1;
     }

 <at>  <at>  -855,7 +864,7  <at>  <at>  _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
                                      PKCS_RSA_PRIVATE_KEY,
                                      &pbStructInfo, &cbStructInfo);

-    free(pbEncoded);
+    _libssh2_wincng_mfree(pbEncoded, cbEncoded);

     if (ret) {
         return -1;
 <at>  <at>  -866,7 +875,7  <at>  <at>  _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
                               LEGACY_RSAPRIVATE_BLOB, &hKey,
                               pbStructInfo, cbStructInfo, 0);
     if (ret != STATUS_SUCCESS) {
-        free(pbStructInfo);
+        _libssh2_wincng_mfree(pbStructInfo, cbStructInfo);
         return -1;
     }

 <at>  <at>  -874,7 +883,7  <at>  <at>  _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
     *rsa = malloc(sizeof(libssh2_rsa_ctx));
     if (!(*rsa)) {
         BCryptDestroyKey(hKey);
-        free(pbStructInfo);
+        _libssh2_wincng_mfree(pbStructInfo, cbStructInfo);
         return -1;
     }

 <at>  <at>  -948,7 +957,7  <at>  <at>  _libssh2_wincng_rsa_sha1_sign(LIBSSH2_SESSION *session,
             ret = STATUS_NO_MEMORY;
     }

-    free(data);
+    _libssh2_wincng_mfree(data, datalen);

     return ret == STATUS_SUCCESS ? 0 : -1;
 }
 <at>  <at>  -956,16 +965,10  <at>  <at>  _libssh2_wincng_rsa_sha1_sign(LIBSSH2_SESSION *session,
 void
 _libssh2_wincng_rsa_free(libssh2_rsa_ctx *rsa)
 {
-    if (!rsa)
-        return;
-
     BCryptDestroyKey(rsa->hKey);

-    if (rsa->pbKeyObject)
-        free(rsa->pbKeyObject);
-
-    memset(rsa, 0, sizeof(libssh2_rsa_ctx));
-    free(rsa);
+    _libssh2_wincng_mfree(rsa->pbKeyObject, rsa->cbKeyObject);
+    _libssh2_wincng_mfree(rsa, sizeof(libssh2_rsa_ctx));
 }

 
 <at>  <at>  -1059,7 +1062,7  <at>  <at>  _libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa,
     ret = BCryptImportKeyPair(_libssh2_wincng.hAlgDSA, NULL, lpszBlobType,
                               &hKey, key, keylen, 0);
     if (ret != STATUS_SUCCESS) {
-        free(key);
+        _libssh2_wincng_mfree(key, keylen);
         return -1;
     }

 <at>  <at>  -1067,7 +1070,7  <at>  <at>  _libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa,
     *dsa = malloc(sizeof(libssh2_dsa_ctx));
     if (!(*dsa)) {
         BCryptDestroyKey(hKey);
-        free(key);
+        _libssh2_wincng_mfree(key, keylen);
         return -1;
     }

 <at>  <at>  -1101,7 +1104,7  <at>  <at>  _libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa,
     ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded,
                                          &rpbDecoded, &rcbDecoded, &length);

-    free(pbEncoded);
+    _libssh2_wincng_mfree(pbEncoded, cbEncoded);

     if (ret) {
         return -1;
 <at>  <at>  -1119,12 +1122,8  <at>  <at>  _libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa,
         ret = -1;
     }

-    for (index = 0; index < length; index++) {
-        if (rpbDecoded[index]) {
-            free(rpbDecoded[index]);
-            rpbDecoded[index] = NULL;
-        }
-    }
+    for (index = 0; index < length; index++)
+        _libssh2_wincng_mfree(rpbDecoded[index], rcbDecoded[index]);

     free(rpbDecoded);
     free(rcbDecoded);
 <at>  <at>  -1181,14 +1180,14  <at>  <at>  _libssh2_wincng_dsa_sha1_sign(libssh2_dsa_ctx *dsa,
                     memcpy(sig_fixed, sig, siglen);
                 }

-                free(sig);
+                _libssh2_wincng_mfree(sig, siglen);
             } else
                 ret = STATUS_NO_MEMORY;
         } else
             ret = STATUS_NO_MEMORY;
     }

-    free(data);
+    _libssh2_wincng_mfree(data, datalen);

     return ret == STATUS_SUCCESS ? 0 : -1;
 }
 <at>  <at>  -1196,16 +1195,10  <at>  <at>  _libssh2_wincng_dsa_sha1_sign(libssh2_dsa_ctx *dsa,
 void
 _libssh2_wincng_dsa_free(libssh2_dsa_ctx *dsa)
 {
-    if (!dsa)
-        return;
-
     BCryptDestroyKey(dsa->hKey);

-    if (dsa->pbKeyObject)
-        free(dsa->pbKeyObject);
-
-    memset(dsa, 0, sizeof(libssh2_dsa_ctx));
-    free(dsa);
+    _libssh2_wincng_mfree(dsa->pbKeyObject, dsa->cbKeyObject);
+    _libssh2_wincng_mfree(dsa, sizeof(libssh2_dsa_ctx));
 }
 #endif

 <at>  <at>  -1255,7 +1248,7  <at>  <at>  _libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,
     ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded,
                                          &rpbDecoded, &rcbDecoded, &length);

-    free(pbEncoded);
+    _libssh2_wincng_mfree(pbEncoded, cbEncoded);

     if (ret) {
         return -1;
 <at>  <at>  -1327,12 +1320,8  <at>  <at>  _libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,
     }

 
-    for (index = 0; index < length; index++) {
-        if (rpbDecoded[index]) {
-            free(rpbDecoded[index]);
-            rpbDecoded[index] = NULL;
-        }
-    }
+    for (index = 0; index < length; index++)
+        _libssh2_wincng_mfree(rpbDecoded[index], rcbDecoded[index]);

     free(rpbDecoded);
     free(rcbDecoded);
 <at>  <at>  -1427,10 +1416,10  <at>  <at>  _libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx,
     ret = BCryptImportKey(*type.phAlg, NULL, BCRYPT_KEY_DATA_BLOB, &hKey,
                           pbKeyObject, dwKeyObject, key, keylen, 0);

-    free(key);
+    _libssh2_wincng_mfree(key, keylen);

     if (ret != STATUS_SUCCESS) {
-        free(pbKeyObject);
+        _libssh2_wincng_mfree(pbKeyObject, dwKeyObject);
         return -1;
     }

 <at>  <at>  -1438,7 +1427,7  <at>  <at>  _libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx,
         pbIV = malloc(dwBlockLength);
         if (!pbIV) {
             BCryptDestroyKey(hKey);
-            free(pbKeyObject);
+            _libssh2_wincng_mfree(pbKeyObject, dwKeyObject);
             return -1;
         }
         dwIV = dwBlockLength;
 <at>  <at>  -1497,7 +1486,7  <at>  <at>  _libssh2_wincng_cipher_crypt(_libssh2_cipher_ctx *ctx,
                 memcpy(block, pbOutput, cbOutput);
             }

-            free(pbOutput);
+            _libssh2_wincng_mfree(pbOutput, cbOutput);
         } else
             ret = STATUS_NO_MEMORY;
     }
 <at>  <at>  -1510,12 +1499,11  <at>  <at>  _libssh2_wincng_cipher_dtor(_libssh2_cipher_ctx *ctx)
 {
     BCryptDestroyKey(ctx->hKey);

-    if (ctx->pbKeyObject) {
-        free(ctx->pbKeyObject);
-        ctx->pbKeyObject = NULL;
-    }
+    _libssh2_wincng_mfree(ctx->pbKeyObject, ctx->dwKeyObject);

-    memset(ctx, 0, sizeof(_libssh2_cipher_ctx));
+#ifdef LIBSSH2_MEMORY_OVERWRITE
+    _libssh2_wincng_random(ctx, sizeof(_libssh2_cipher_ctx));
+#endif
 }

 
 <at>  <at>  -1547,12 +1535,36  <at>  <at>  _libssh2_wincng_bignum_resize(_libssh2_bn *bn, unsigned long length)
     if (length == bn->length)
         return 0;

+#ifdef LIBSSH2_MEMORY_OVERWRITE
+    if (length == 0 && bn->bignum && bn->length > 0) {
+        _libssh2_wincng_mfree(bn->bignum, bn->length);
+
+        bn->bignum = NULL;
+        bn->length = 0;
+
+        return 0;
+    }
+
+    bignum = malloc(length);
+    if (!bignum)
+        return -1;
+
+    if (bn->bignum) {
+        memcpy(bignum, bn->bignum, min(length, bn->length));
+
+        _libssh2_wincng_mfree(bn->bignum, bn->length);
+    }
+
+    bn->bignum = bignum;
+    bn->length = length;
+#else
     bignum = realloc(bn->bignum, length);
     if (!bignum)
         return -1;

     bn->bignum = bignum;
     bn->length = length;
+#endif

     return 0;
 }
 <at>  <at>  -1654,7 +1666,7  <at>  <at>  _libssh2_wincng_bignum_mod_exp(_libssh2_bn *r,
                                         r->bignum, r->length, &offset,
                                         BCRYPT_PAD_NONE);

-                    free(bignum);
+                    _libssh2_wincng_mfree(bignum, length);

                     if (ret == STATUS_SUCCESS) {
                         _libssh2_wincng_bignum_resize(r, offset);
 <at>  <at>  -1668,7 +1680,7  <at>  <at>  _libssh2_wincng_bignum_mod_exp(_libssh2_bn *r,
         BCryptDestroyKey(hKey);
     }

-    free(key);
+    _libssh2_wincng_mfree(key, keylen);

     return ret == STATUS_SUCCESS ? 0 : -1;
 }
 <at>  <at>  -1738,6 +1750,17  <at>  <at>  _libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned long len,

             offset = bn->length - length;
             if (offset > 0) {
+#ifdef LIBSSH2_MEMORY_OVERWRITE
+                bignum = malloc(length);
+                if (bignum) {
+                    memcpy(bignum, bn->bignum + offset, length);
+
+                    _libssh2_wincng_mfree(bn->bignum, bn->length);
+
+                    bn->bignum = bignum;
+                    bn->length = length;
+                }
+#else
                 memmove(bn->bignum, bn->bignum + offset, length);

                 bignum = realloc(bn->bignum, length);
 <at>  <at>  -1745,6 +1768,7  <at>  <at>  _libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned long len,
                     bn->bignum = bignum;
                     bn->length = length;
                 }
+#endif
             }
         }
     }
 <at>  <at>  -1763,7 +1787,7  <at>  <at>  _libssh2_wincng_bignum_free(_libssh2_bn *bn)
 {
     if (bn) {
         if (bn->bignum) {
-            free(bn->bignum);
+            _libssh2_wincng_mfree(bn->bignum, bn->length);
             bn->bignum = NULL;
         }
         bn->length = 0;
--

-- 
1.8.1.msysgit.1

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Marc Hoersken | 16 Mar 19:40 2014
Picon

[PATCH] configure: Display individual crypto backends on separate


From 63512331bc4ed2da239211ccd444689688616722 Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info@...>
Date: Sun, 16 Mar 2014 19:39:41 +0100
Subject: [PATCH] configure: Display individual crypto backends on separate
 lines

This avoids line-wrapping in between parameters and makes the
error message look like the following:

configure: error: No crypto library found!
Try --with-libssl-prefix=PATH
 or --with-libgcrypt-prefix=PATH
 or --with-wincng on Windows
---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 8e52687..ba4dd7a 100644
--- a/configure.ac
+++ b/configure.ac
 <at>  <at>  -156,8 +156,8  <at>  <at>  AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes")
 # Check if crypto library was found
 if test "$found_crypto" = "none"; then
   AC_MSG_ERROR([No crypto library found!
-Try --with-libssl-prefix=PATH\
- or --with-libgcrypt-prefix=PATH\
+Try --with-libssl-prefix=PATH
+ or --with-libgcrypt-prefix=PATH
  or --with-wincng on Windows\
 ])
 fi
--

-- 
1.8.1.msysgit.1

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Gmane