Age | Commit message (Collapse) | Author | Files | Lines |
|
* include/libssh/libgcrypt.h (EVPCTX): Fix type.
(NID_gcrypt_nistp{256,384,521}): New constants.
* src/libgcrypt.c (nid_to_md_algo): New function mapping curves to
digest algorithms.
(evp{,_init,_update,_final}): New functions.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
* include/libssh/libgcrypt.h (ssh_sexp_extract_mpi): New prototype.
* src/libgcrypt.c (ssh_sexp_extract_mpi): New function.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Reviewed-By: Aris Adamantiadis <aris@0xbadc0de.be>
|
|
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
|
|
BUG: https://red.libssh.org/issues/91
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
|
|
|
|
|
|
|
|
|
|
Works with openssl
Still requires work for libgcrypt and other modes
|
|
|