md5: allow disabling old-style encrypted private keys at build-time

Before this patch, this happened at runtime when using an old (pre-3.0), FIPS-enabled OpenSSL backend. This patch makes it possible to disable this via the build-time option `LIBSSH2_NO_MD5_PEM`. Also: - make sure to exclude all MD5 internal APIs when both the above and `LIBSSH2_NO_MD5` are enabled. - fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM` and `LIBSSH2_NO_3DES`. - add FIXME to apply this change to `os400qc3.*`. Old-style encrypted private keys require MD5 and they look like this: ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,<MD5-hex> <base64> -----END RSA PRIVATE KEY----- ``` E.g.: `tests/key_rsa_encrypted` Ref: https://github.com/libssh2/www/issues/20 Closes #1181
2025-08-08 19:02:07 +03:00 · 2023-08-26 21:56:23 +00:00
parent 4a64ca1430
commit eb9f9de2c1
15 changed files with 170 additions and 79 deletions
--- a/tests/test_auth_pubkey_ok_rsa_encrypted.c
+++ b/tests/test_auth_pubkey_ok_rsa_encrypted.c
@@ -7,7 +7,7 @@

 int test(LIBSSH2_SESSION *session)
 {
-#if LIBSSH2_RSA_SHA1
+#if LIBSSH2_RSA_SHA1 && LIBSSH2_MD5_PEM
    /* set in Dockerfile */
    return test_auth_pubkey(session, 0,
                            "libssh2",