GUACAMOLE-2012: Fix SSH connection to FIPS servers which only offer AES GCM #572
+63
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eugen-keeper
commented
Jan 7, 2025
eugen-keeper
commented
- Added AES GCM ciphers to the FIPS compliant cipher list
- Added some code to check if the hardcoded FIPS compliant ciphers are really supported by libssh2
necouchman
requested changes
Jan 7, 2025
mike-jumper
requested changes
Jan 8, 2025
mike-jumper
requested changes
Jan 9, 2025
src/common-ssh/ssh.c
Outdated
| } | ||
| } | ||
| guac_mem_free(preferred_algs); | ||
| } else { |
There was a problem hiding this comment.
Please don't cuddle the else. See: https://cwiki.apache.org/confluence/display/GUAC/Contribution+and+Style+Guidelines#ContributionandStyleGuidelines-Braces
|
@eugen-keeper Please also:
|
eugen-keeper
force-pushed
the
fix-fips-ssh
branch
from
ea80b45 to
c9b341e
Compare
eugen-keeper
force-pushed
the
fix-fips-ssh
branch
from
c9b341e to
af6a5bb
Compare
mike-jumper
requested changes
Jan 10, 2025
Comment on lines
+455
to
+456
| "libssh2 reports that no ciphers/algorithms are supported. This may be a bug in libssh2." | ||
| "If the SSH connection fails, it may not be possible to log the cause here."); |
There was a problem hiding this comment.
A space is needed at the end of the first string literal here. Without that, the relevant portion of the resulting string will be libssh2.If and not the intended libssh2. If.
| /* Request the list of supported algorithms/cyphers from libssh2. */ | ||
| const char** supported_algs; | ||
| int supported_algs_count = | ||
| libssh2_session_supported_algs(session, method_type, &supported_algs); |
There was a problem hiding this comment.
Based on the example at https://libssh2.org/libssh2_session_supported_algs.html, the memory pointed to by supported_algs after a successful call to libssh2_session_supported_algs() must eventually be freed by a call to libssh2_free().
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.